jetty ssl problems

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

jetty ssl problems

tterm
Hello,

we have a problem with firefox, jetty-6.1.4 and https. We use the
standard configuration from jetty and the SslSocketConnector.

If you start an https session the handshake works fine but after a
certain amount of time or clicks we get an handshake_failure.

If it works fine the clients sends the following: ClientHello, TLSv1

And when it goes wrong the client sends this: ClientHello, SSLv3

If attached the java debug log for ssl. The first one is the successfull
and the second one the failed handshake.

Is there anything we can do in jetty to avoid this problem?

Regards,
Thomas Termin

--------------------- SUCCESSFULL HANDSHAKE -------------------

INFO   | jvm 1    | 2007/11/13 10:37:07 | btpool0-1 - Acceptor0
SslSocketConnector@0.0.0.0:9663, setSoTimeout(30000) called
INFO   | jvm 1    | 2007/11/13 10:37:07 | btpool0-2, READ: TLSv1
Handshake, length = 134
INFO   | jvm 1    | 2007/11/13 10:37:07 | *** ClientHello, TLSv1
INFO   | jvm 1    | 2007/11/13 10:37:07 | RandomCookie:  GMT: 945719
bytes = { 34, 0, 240, 116, 148, 73, 156, 178, 159, 136, 247, 116, 37,
213, 123, 2, 119, 231, 165, 235, 248, 128, 182, 219, 30, 253, 128, 217 }
INFO   | jvm 1    | 2007/11/13 10:37:07 | Session ID:  {}
INFO   | jvm 1    | 2007/11/13 10:37:07 | Cipher Suites: [Unknown
0xc0:0xa, Unknown 0xc0:0x14, TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
TLS_DHE_DSS_WITH_AES_256_CBC_SHA, Unknown 0xc0:0xf, Unknown 0xc0:0x5,
TLS_RSA_WITH_AES_256_CBC_SHA, Unknown 0xc0:0x7, Unknown 0xc0:0x9,
Unknown 0xc0:0x11, Unknown 0xc0:0x13, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA, Unknown 0xc0:0xc, Unknown 0xc0:0xe,
Unknown 0xc0:0x2, Unknown 0xc0:0x4, SSL_RSA_WITH_RC4_128_MD5,
SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, Unknown
0xc0:0x8, Unknown 0xc0:0x12, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, Unknown 0xc0:0xd, Unknown 0xc0:0x3,
SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA]
INFO   | jvm 1    | 2007/11/13 10:37:07 | Compression Methods:  { 0 }
INFO   | jvm 1    | 2007/11/13 10:37:07 | ***
INFO   | jvm 1    | 2007/11/13 10:37:07 | %% Created:  [Session-1,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA]
INFO   | jvm 1    | 2007/11/13 10:37:07 | *** ServerHello, TLSv1
INFO   | jvm 1    | 2007/11/13 10:37:07 | RandomCookie:  GMT: 1194946627
bytes = { 202, 38, 26, 157, 107, 26, 9, 203, 97, 164, 80, 226, 78, 85,
125, 89, 179, 243, 250, 96, 198, 15, 6, 143, 206, 119, 118, 9 }
INFO   | jvm 1    | 2007/11/13 10:37:07 | Session ID:  {71, 57, 112, 67,
89, 141, 186, 23, 151, 98, 111, 198, 201, 252, 215, 147, 12, 21, 199,
126, 23, 93, 96, 218, 167, 240, 24, 108, 244, 92, 210, 185}
INFO   | jvm 1    | 2007/11/13 10:37:07 | Cipher Suite:
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
INFO   | jvm 1    | 2007/11/13 10:37:07 | Compression Method: 0
INFO   | jvm 1    | 2007/11/13 10:37:07 | ***
INFO   | jvm 1    | 2007/11/13 10:37:07 | Cipher suite:
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
INFO   | jvm 1    | 2007/11/13 10:37:07 | *** Certificate chain
INFO   | jvm 1    | 2007/11/13 10:37:07 | chain [0] = [
INFO   | jvm 1    | 2007/11/13 10:37:07 | [
INFO   | jvm 1    | 2007/11/13 10:37:07 |   Version: V1
INFO   | jvm 1    | 2007/11/13 10:37:07 |   Subject: CN=gibson
INFO   | jvm 1    | 2007/11/13 10:37:07 |   Signature Algorithm:
SHA1withDSA, OID = 1.2.840.10040.4.3
INFO   | jvm 1    | 2007/11/13 10:37:07 |
INFO   | jvm 1    | 2007/11/13 10:37:07 |   Key:  Sun DSA Public Key
INFO   | jvm 1    | 2007/11/13 10:37:07 |     Parameters:DSA
INFO   | jvm 1    | 2007/11/13 10:37:07 | p:     fd7f5381 1d751229
52df4a9c 2eece4e7 f611b752 3cef4400 c31e3f80 b6512669
INFO   | jvm 1    | 2007/11/13 10:37:07 |     455d4022 51fb593d 8d58fabf
c5f5ba30 f6cb9b55 6cd7813b 801d346f f26660b7
INFO   | jvm 1    | 2007/11/13 10:37:07 |     6b9950a5 a49f9fe8 047b1022
c24fbba9 d7feb7c6 1bf83b57 e7c6a8a6 150f04fb
INFO   | jvm 1    | 2007/11/13 10:37:07 |     83f6d3c5 1ec30235 54135a16
9132f675 f3ae2b61 d72aeff2 2203199d d14801c7
INFO   | jvm 1    | 2007/11/13 10:37:07 | q:     9760508f 15230bcc
b292b982 a2eb840b f0581cf5
INFO   | jvm 1    | 2007/11/13 10:37:07 | g:     f7e1a085 d69b3dde
cbbcab5c 36b857b9 7994afbb fa3aea82 f9574c0b 3d078267
INFO   | jvm 1    | 2007/11/13 10:37:07 |     5159578e bad4594f e6710710
8180b449 167123e8 4c281613 b7cf0932 8cc8a6e1
INFO   | jvm 1    | 2007/11/13 10:37:07 |     3c167a8b 547c8d28 e0a3ae1e
2bb3a675 916ea37f 0bfa2135 62f1fb62 7a01243b
INFO   | jvm 1    | 2007/11/13 10:37:07 |     cca4f1be a8519089 a883dfe1
5ae59f06 928b665e 807b5525 64014c3b fecf492a
INFO   | jvm 1    | 2007/11/13 10:37:07 |
INFO   | jvm 1    | 2007/11/13 10:37:07 |   y:
INFO   | jvm 1    | 2007/11/13 10:37:07 |     cd6c71d2 1e09d704 f9105ef9
ce1dd1c4 64439928 00f577f4 682e43db 0b9165f6
INFO   | jvm 1    | 2007/11/13 10:37:07 |     8c1dbc80 463cabf1 acb0dc1f
d07e01a0 f672121d 9db13a3c 1f4e42f6 40e7fc75
INFO   | jvm 1    | 2007/11/13 10:37:07 |     f91d1f2a b59f2517 d5187074
56558fb2 14fe762e c9d8756f f76d3edf 4ea53389
INFO   | jvm 1    | 2007/11/13 10:37:07 |     18b49570 7b2e9f00 b8c1b067
22a62e2e 1f653c38 92abf821 8298fbac 7ca74759
INFO   | jvm 1    | 2007/11/13 10:37:07 |
INFO   | jvm 1    | 2007/11/13 10:37:07 |   Validity: [From: Tue Nov 13
10:14:23 CET 2007,
INFO   | jvm 1    | 2007/11/13 10:37:07 |                To: Fri Nov 10
10:14:23 CET 2017]
INFO   | jvm 1    | 2007/11/13 10:37:07 |   Issuer: CN=gibson
INFO   | jvm 1    | 2007/11/13 10:37:07 |   SerialNumber: [    47396aef]
INFO   | jvm 1    | 2007/11/13 10:37:07 |
INFO   | jvm 1    | 2007/11/13 10:37:07 | ]
INFO   | jvm 1    | 2007/11/13 10:37:07 |   Algorithm: [SHA1withDSA]
INFO   | jvm 1    | 2007/11/13 10:37:07 |   Signature:
INFO   | jvm 1    | 2007/11/13 10:37:07 | 0000: 30 2C 02 14 2C 26 2E E4
  30 03 F2 F9 DE C0 BA 27  0,..,&..0......'
INFO   | jvm 1    | 2007/11/13 10:37:07 | 0010: BA 74 19 42 A5 9E 99 C6
  02 14 7D 8B 0F 69 C1 CA  .t.B.........i..
INFO   | jvm 1    | 2007/11/13 10:37:07 | 0020: D6 48 EC F5 26 8D B0 1C
  8A 52 58 E5 F8 2E        .H..&....RX...
INFO   | jvm 1    | 2007/11/13 10:37:07 |
INFO   | jvm 1    | 2007/11/13 10:37:07 | ]
INFO   | jvm 1    | 2007/11/13 10:37:07 | ***
INFO   | jvm 1    | 2007/11/13 10:37:07 | *** Diffie-Hellman
ServerKeyExchange
INFO   | jvm 1    | 2007/11/13 10:37:07 | DH Modulus:  { 244, 136, 253,
88, 78, 73, 219, 205, 32, 180, 157, 228, 145, 7, 54, 107, 51, 108, 56,
13, 69, 29, 15, 124, 136, 179, 28, 124, 91, 45, 142, 246, 243, 201, 35,
192, 67, 240, 165, 91, 24, 141, 142, 187, 85, 140, 184, 93, 56, 211, 52,
253, 124, 23, 87, 67, 163, 29, 24, 108, 222, 51, 33, 44, 181, 42, 255,
60, 225, 177, 41, 64, 24, 17, 141, 124, 132, 167, 10, 114, 214, 134,
196, 3, 25, 200, 7, 41, 122, 202, 149, 12, 217, 150, 159, 171, 208, 10,
80, 155, 2, 70, 211, 8, 61, 102, 164, 93, 65, 159, 156, 124, 189, 137,
75, 34, 25, 38, 186, 171, 162, 94, 195, 85, 233, 47, 120, 199 }
INFO   | jvm 1    | 2007/11/13 10:37:07 | DH Base:  { 2 }
INFO   | jvm 1    | 2007/11/13 10:37:07 | Server DH Public Key:  { 243,
253, 177, 177, 151, 51, 167, 21, 242, 125, 193, 186, 222, 36, 173, 62,
208, 206, 235, 59, 75, 123, 131, 106, 2, 229, 22, 86, 75, 244, 21, 224,
151, 113, 118, 80, 224, 182, 37, 74, 176, 243, 57, 194, 71, 140, 134,
207, 198, 76, 63, 159, 195, 68, 9, 184, 29, 143, 252, 121, 124, 171, 37,
34, 246, 176, 1, 126, 5, 110, 191, 128, 35, 181, 128, 97, 64, 253, 46,
15, 208, 244, 63, 170, 61, 76, 61, 43, 82, 192, 56, 168, 251, 172, 71,
14, 72, 26, 151, 131, 181, 85, 205, 215, 32, 153, 148, 113, 46, 110,
136, 56, 202, 178, 43, 24, 1, 51, 165, 201, 253, 167, 77, 97, 93, 76,
25, 0 }
INFO   | jvm 1    | 2007/11/13 10:37:07 | Signed with a DSA or RSA
public key
INFO   | jvm 1    | 2007/11/13 10:37:07 | *** ServerHelloDone
INFO   | jvm 1    | 2007/11/13 10:37:07 | btpool0-2, WRITE: TLSv1
Handshake, length = 1006
INFO   | jvm 1    | 2007/11/13 10:37:09 | btpool0-2, READ: TLSv1
Handshake, length = 134
INFO   | jvm 1    | 2007/11/13 10:37:09 | *** ClientDiffieHellmanPublic
INFO   | jvm 1    | 2007/11/13 10:37:09 | DH Public key:  { 180, 156,
224, 176, 82, 33, 127, 196, 171, 160, 247, 100, 102, 103, 111, 226, 164,
119, 224, 108, 112, 188, 5, 8, 148, 113, 133, 145, 103, 223, 41, 6, 154,
243, 247, 202, 209, 32, 80, 118, 11, 100, 23, 118, 236, 156, 107, 147,
5, 201, 5, 145, 203, 57, 29, 229, 164, 99, 215, 204, 237, 16, 82, 185,
248, 47, 208, 203, 51, 83, 52, 3, 158, 228, 128, 1, 8, 86, 101, 229, 53,
80, 11, 30, 21, 134, 85, 151, 182, 74, 92, 237, 117, 241, 195, 149, 65,
28, 112, 20, 227, 132, 255, 189, 119, 51, 192, 202, 111, 210, 88, 112,
101, 36, 248, 48, 181, 39, 237, 92, 234, 234, 95, 245, 222, 252, 51, 26 }
INFO   | jvm 1    | 2007/11/13 10:37:09 | SESSION KEYGEN:
INFO   | jvm 1    | 2007/11/13 10:37:09 | PreMaster Secret:
INFO   | jvm 1    | 2007/11/13 10:37:09 | 0000: 5D 55 44 C6 42 0B 32 01
  5F 13 F5 FE C5 CB 3D 87  ]UD.B.2._.....=.
INFO   | jvm 1    | 2007/11/13 10:37:09 | 0010: 55 A9 08 D0 1A 7E 2A 41
  3D 5F E5 8E F7 EC 60 A1  U.....*A=_....`.
INFO   | jvm 1    | 2007/11/13 10:37:09 | 0020: 5A F9 C3 58 D8 EA 3E FA
  5A 6A C2 61 33 B6 0F 86  Z..X..>.Zj.a3...
INFO   | jvm 1    | 2007/11/13 10:37:09 | 0030: AF 6B 3E 03 87 7A 99 64
  4E 49 4C 68 01 91 CC 9B  .k>..z.dNILh....
INFO   | jvm 1    | 2007/11/13 10:37:09 | 0040: AF A4 13 49 01 4C CF D3
  A2 93 A9 82 F8 DD AD E3  ...I.L..........
INFO   | jvm 1    | 2007/11/13 10:37:09 | 0050: 3A 4B 4C 8B A9 84 F9 B0
  C7 AD 2A 20 D1 EE D0 19  :KL.......* ....
INFO   | jvm 1    | 2007/11/13 10:37:09 | 0060: D0 6A E9 A6 A7 54 08 51
  9C 2C 89 BD 59 A9 4F A8  .j...T.Q.,..Y.O.
INFO   | jvm 1    | 2007/11/13 10:37:09 | 0070: 9E 39 0C A6 3D E9 0F 2E
  13 BB 97 C0 AB B5 49 41  .9..=.........IA
INFO   | jvm 1    | 2007/11/13 10:37:09 | CONNECTION KEYGEN:
INFO   | jvm 1    | 2007/11/13 10:37:09 | Client Nonce:
INFO   | jvm 1    | 2007/11/13 10:37:09 | 0000: 00 0E 6E 37 22 00 F0 74
  94 49 9C B2 9F 88 F7 74  ..n7"..t.I.....t
INFO   | jvm 1    | 2007/11/13 10:37:09 | 0010: 25 D5 7B 02 77 E7 A5 EB
  F8 80 B6 DB 1E FD 80 D9  %...w...........
INFO   | jvm 1    | 2007/11/13 10:37:09 | Server Nonce:
INFO   | jvm 1    | 2007/11/13 10:37:09 | 0000: 47 39 70 43 CA 26 1A 9D
  6B 1A 09 CB 61 A4 50 E2  G9pC.&..k...a.P.
INFO   | jvm 1    | 2007/11/13 10:37:09 | 0010: 4E 55 7D 59 B3 F3 FA 60
  C6 0F 06 8F CE 77 76 09  NU.Y...`.....wv.
INFO   | jvm 1    | 2007/11/13 10:37:09 | Master Secret:
INFO   | jvm 1    | 2007/11/13 10:37:09 | 0000: B6 EA BD 51 F6 88 05 96
  6C 71 6F 13 7C 1B 76 8C  ...Q....lqo...v.
INFO   | jvm 1    | 2007/11/13 10:37:09 | 0010: DF 4F F0 99 55 2A 2C E7
  9F C4 EC C1 1B BB 30 1B  .O..U*,.......0.
INFO   | jvm 1    | 2007/11/13 10:37:09 | 0020: 5D 7D 11 3E F2 30 AC 7D
  F6 74 5E BB 17 81 E3 B1  ]..>.0...t^.....
INFO   | jvm 1    | 2007/11/13 10:37:09 | Client MAC write Secret:
INFO   | jvm 1    | 2007/11/13 10:37:09 | 0000: C1 FB EE 05 7C F6 20 A7
  3A DA 9A 21 FE BA 7F 48  ...... .:..!...H
INFO   | jvm 1    | 2007/11/13 10:37:09 | 0010: 72 F0 5B 41
                           r.[A
INFO   | jvm 1    | 2007/11/13 10:37:09 | Server MAC write Secret:
INFO   | jvm 1    | 2007/11/13 10:37:09 | 0000: EB 1B D4 B7 B2 F0 89 EC
  7D C1 17 37 FA 13 69 1F  ...........7..i.
INFO   | jvm 1    | 2007/11/13 10:37:09 | 0010: EF DC 41 B8
                           ..A.
INFO   | jvm 1    | 2007/11/13 10:37:09 | Client write key:
INFO   | jvm 1    | 2007/11/13 10:37:09 | 0000: AC 5C 3C 12 7E 00 3F 6F
  7E 5E 90 E1 AF DC F0 39  .\<...?o.^...
INFO   | jvm 1    | 2007/11/13 10:37:09 | ..9
INFO   | jvm 1    | 2007/11/13 10:37:09 | Server write key:
INFO   | jvm 1    | 2007/11/13 10:37:09 | 0000: 56 ED 02 58 FC 33 1D 7D
  A5 C7 FF 52 54 CD C9 B1  V..X.3.....RT...
INFO   | jvm 1    | 2007/11/13 10:37:09 | Client write IV:
INFO   | jvm 1    | 2007/11/13 10:37:09 | 0000: AB 6B B2 DF BE F1 B2 81
  F2 F7 C0 11 2E A9 6F EC  .k............o.
INFO   | jvm 1    | 2007/11/13 10:37:09 | Server write IV:
INFO   | jvm 1    | 2007/11/13 10:37:09 | 0000: 96 D0 C5 0F 6C E2 5E EF
  1F 47 AA E4 AD 4B A6 44  ....l.^..G...K.D
INFO   | jvm 1    | 2007/11/13 10:37:09 | btpool0-2, READ: TLSv1 Change
Cipher Spec, length = 1
INFO   | jvm 1    | 2007/11/13 10:37:09 | btpool0-2, READ: TLSv1
Handshake, length = 48
INFO   | jvm 1    | 2007/11/13 10:37:09 | *** Finished
INFO   | jvm 1    | 2007/11/13 10:37:09 | verify_data:  { 177, 54, 164,
111, 144, 139, 19, 43, 130, 58, 55, 103 }
INFO   | jvm 1    | 2007/11/13 10:37:09 | ***
INFO   | jvm 1    | 2007/11/13 10:37:09 | btpool0-2, WRITE: TLSv1 Change
Cipher Spec, length = 1
INFO   | jvm 1    | 2007/11/13 10:37:09 | *** Finished
INFO   | jvm 1    | 2007/11/13 10:37:09 | verify_data:  { 230, 107, 81,
197, 223, 211, 169, 122, 220, 184, 106, 71 }
INFO   | jvm 1    | 2007/11/13 10:37:09 | ***
INFO   | jvm 1    | 2007/11/13 10:37:09 | btpool0-2, WRITE: TLSv1
Handshake, length = 48
INFO   | jvm 1    | 2007/11/13 10:37:09 | %% Cached server session:
[Session-1, TLS_DHE_DSS_WITH_AES_128_CBC_SHA]


------------- FAILED HANDSHAKE --------------------

INFO   | jvm 1    | 2007/11/13 15:04:00 | btpool0-1 - Acceptor0
SslSocketConnector@0.0.0.0:9663, setSoTimeout(30000) called
INFO   | jvm 1    | 2007/11/13 15:04:00 | btpool0-20, READ:  SSL v2,
contentType = Handshake, translated length = 67
INFO   | jvm 1    | 2007/11/13 15:04:00 | *** ClientHello, SSLv3
INFO   | jvm 1    | 2007/11/13 15:04:00 | RandomCookie:  GMT: 0 bytes =
{ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 50, 150, 129, 239, 43, 252, 78,
255, 73, 68, 233, 6, 204, 172, 208, 248 }
INFO   | jvm 1    | 2007/11/13 15:04:00 | Session ID:  {}
INFO   | jvm 1    | 2007/11/13 15:04:00 | Cipher Suites:
[TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5,
SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA,
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA]
INFO   | jvm 1    | 2007/11/13 15:04:00 | Compression Methods:  { 0 }
INFO   | jvm 1    | 2007/11/13 15:04:00 | ***
INFO   | jvm 1    | 2007/11/13 15:04:00 | %% Created:  [Session-41,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA]
INFO   | jvm 1    | 2007/11/13 15:04:00 | *** ServerHello, SSLv3
INFO   | jvm 1    | 2007/11/13 15:04:00 | RandomCookie:  GMT: 1194896848
bytes = { 239, 60, 79, 208, 109, 42, 33, 116, 249, 80, 219, 192, 168,
157, 187, 247, 84, 133, 171, 86, 134, 171, 178, 125, 168, 6, 81, 254 }
INFO   | jvm 1    | 2007/11/13 15:04:00 | Session ID:  {71, 57, 174,
208, 132, 99, 36, 58, 153, 240, 13, 53, 136, 241, 169, 171, 108, 209,
192, 200, 1, 126, 234, 115, 202, 140, 65, 239, 31, 42, 151, 225}
INFO   | jvm 1    | 2007/11/13 15:04:00 | Cipher Suite:
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
INFO   | jvm 1    | 2007/11/13 15:04:00 | Compression Method: 0
INFO   | jvm 1    | 2007/11/13 15:04:00 | ***
INFO   | jvm 1    | 2007/11/13 15:04:00 | Cipher suite:
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
INFO   | jvm 1    | 2007/11/13 15:04:00 | *** Certificate chain
INFO   | jvm 1    | 2007/11/13 15:04:00 | chain [0] = [
INFO   | jvm 1    | 2007/11/13 15:04:00 | [
INFO   | jvm 1    | 2007/11/13 15:04:00 |   Version: V1
INFO   | jvm 1    | 2007/11/13 15:04:00 |   Subject: CN=gibson
INFO   | jvm 1    | 2007/11/13 15:04:00 |   Signature Algorithm:
SHA1withDSA, OID = 1.2.840.10040.4.3
INFO   | jvm 1    | 2007/11/13 15:04:00 |
INFO   | jvm 1    | 2007/11/13 15:04:00 |   Key:  Sun DSA Public Key
INFO   | jvm 1    | 2007/11/13 15:04:00 |     Parameters:DSA
INFO   | jvm 1    | 2007/11/13 15:04:00 | p:     fd7f5381 1d751229
52df4a9c 2eece4e7 f611b752 3cef4400 c31e3f80 b6512669
INFO   | jvm 1    | 2007/11/13 15:04:00 |     455d4022 51fb593d 8d58fabf
c5f5ba30 f6cb9b55 6cd7813b 801d346f f26660b7
INFO   | jvm 1    | 2007/11/13 15:04:00 |     6b9950a5 a49f9fe8 047b1022
c24fbba9 d7feb7c6 1bf83b57 e7c6a8a6 150f04fb
INFO   | jvm 1    | 2007/11/13 15:04:00 |     83f6d3c5 1ec30235 54135a16
9132f675 f3ae2b61 d72aeff2 2203199d d14801c7
INFO   | jvm 1    | 2007/11/13 15:04:00 | q:     9760508f 15230bcc
b292b982 a2eb840b f0581cf5
INFO   | jvm 1    | 2007/11/13 15:04:00 | g:     f7e1a085 d69b3dde
cbbcab5c 36b857b9 7994afbb fa3aea82 f9574c0b 3d078267
INFO   | jvm 1    | 2007/11/13 15:04:00 |     5159578e bad4594f e6710710
8180b449 167123e8 4c281613 b7cf0932 8cc8a6e1
INFO   | jvm 1    | 2007/11/13 15:04:00 |     3c167a8b 547c8d28 e0a3ae1e
2bb3a675 916ea37f 0bfa2135 62f1fb62 7a01243b
INFO   | jvm 1    | 2007/11/13 15:04:00 |     cca4f1be a8519089 a883dfe1
5ae59f06 928b665e 807b5525 64014c3b fecf492a
INFO   | jvm 1    | 2007/11/13 15:04:00 |
INFO   | jvm 1    | 2007/11/13 15:04:00 |   y:
INFO   | jvm 1    | 2007/11/13 15:04:00 |     cd6c71d2 1e09d704 f9105ef9
ce1dd1c4 64439928 00f577f4 682e43db 0b9165f6
INFO   | jvm 1    | 2007/11/13 15:04:00 |     8c1dbc80 463cabf1 acb0dc1f
d07e01a0 f672121d 9db13a3c 1f4e42f6 40e7fc75
INFO   | jvm 1    | 2007/11/13 15:04:00 |     f91d1f2a b59f2517 d5187074
56558fb2 14fe762e c9d8756f f76d3edf 4ea53389
INFO   | jvm 1    | 2007/11/13 15:04:00 |     18b49570 7b2e9f00 b8c1b067
22a62e2e 1f653c38 92abf821 8298fbac 7ca74759
INFO   | jvm 1    | 2007/11/13 15:04:00 |
INFO   | jvm 1    | 2007/11/13 15:04:00 |   Validity: [From: Tue Nov 13
10:14:23 CET 2007,
INFO   | jvm 1    | 2007/11/13 15:04:00 |                To: Fri Nov 10
10:14:23 CET 2017]
INFO   | jvm 1    | 2007/11/13 15:04:00 |   Issuer: CN=gibson
INFO   | jvm 1    | 2007/11/13 15:04:00 |   SerialNumber: [    47396aef]
INFO   | jvm 1    | 2007/11/13 15:04:00 |
INFO   | jvm 1    | 2007/11/13 15:04:00 | ]
INFO   | jvm 1    | 2007/11/13 15:04:00 |   Algorithm: [SHA1withDSA]
INFO   | jvm 1    | 2007/11/13 15:04:00 |   Signature:
INFO   | jvm 1    | 2007/11/13 15:04:00 | 0000: 30 2C 02 14 2C 26 2E E4
  30 03 F2 F9 DE C0 BA 27  0,..,&..0......'
INFO   | jvm 1    | 2007/11/13 15:04:00 | 0010: BA 74 19 42 A5 9E 99 C6
  02 14 7D 8B 0F 69 C1 CA  .t.B.........i..
INFO   | jvm 1    | 2007/11/13 15:04:00 | 0020: D6 48 EC F5 26 8D B0 1C
  8A 52 58 E5 F8 2E        .H..&....RX...
INFO   | jvm 1    | 2007/11/13 15:04:00 |
INFO   | jvm 1    | 2007/11/13 15:04:00 | ]
INFO   | jvm 1    | 2007/11/13 15:04:00 | ***
INFO   | jvm 1    | 2007/11/13 15:04:00 | *** Diffie-Hellman
ServerKeyExchange
INFO   | jvm 1    | 2007/11/13 15:04:00 | DH Modulus:  { 244, 136, 253,
88, 78, 73, 219, 205, 32, 180, 157, 228, 145, 7, 54, 107, 51, 108, 56,
13, 69, 29, 15, 124, 136, 179, 28, 124, 91, 45, 142, 246, 243, 201, 35,
192, 67, 240, 165, 91, 24, 141, 142, 187, 85, 140, 184, 93, 56, 211, 52,
253, 124, 23, 87, 67, 163, 29, 24, 108, 222, 51, 33, 44, 181, 42, 255,
60, 225, 177, 41, 64, 24, 17, 141, 124, 132, 167, 10, 114, 214, 134,
196, 3, 25, 200, 7, 41, 122, 202, 149, 12, 217, 150, 159, 171, 208, 10,
80, 155, 2, 70, 211, 8, 61, 102, 164, 93, 65, 159, 156, 124, 189, 137,
75, 34, 25, 38, 186, 171, 162, 94, 195, 85, 233, 47, 120, 199 }
INFO   | jvm 1    | 2007/11/13 15:04:00 | DH Base:  { 2 }
INFO   | jvm 1    | 2007/11/13 15:04:00 | Server DH Public Key:  { 163,
150, 206, 89, 30, 95, 234, 49, 13, 145, 68, 95, 158, 131, 94, 2, 136,
71, 92, 119, 74, 31, 230, 218, 209, 255, 39, 118, 104, 185, 92, 154,
167, 29, 244, 91, 133, 170, 41, 124, 23, 237, 234, 87, 43, 29, 229, 144,
55, 142, 231, 160, 223, 255, 129, 208, 224, 15, 249, 245, 85, 136, 249,
205, 186, 228, 244, 37, 28, 89, 128, 78, 43, 130, 126, 77, 72, 72, 160,
84, 62, 109, 14, 218, 181, 231, 126, 221, 196, 3, 233, 228, 107, 36,
165, 173, 36, 184, 171, 169, 203, 222, 69, 70, 8, 149, 196, 73, 59, 116,
202, 71, 106, 47, 235, 88, 128, 186, 43, 194, 56, 11, 152, 255, 129,
165, 17, 204 }
INFO   | jvm 1    | 2007/11/13 15:04:00 | Signed with a DSA or RSA
public key
INFO   | jvm 1    | 2007/11/13 15:04:00 | *** ServerHelloDone
INFO   | jvm 1    | 2007/11/13 15:04:00 | btpool0-20, WRITE: SSLv3
Handshake, length = 1006
INFO   | jvm 1    | 2007/11/13 15:04:00 | btpool0-20, READ: SSLv3 Alert,
length = 2
INFO   | jvm 1    | 2007/11/13 15:04:00 | btpool0-20, RECV SSLv3 ALERT:
 fatal, handshake_failure
INFO   | jvm 1    | 2007/11/13 15:04:00 | btpool0-20, called closeSocket()
INFO   | jvm 1    | 2007/11/13 15:04:00 | btpool0-20, handling
exception: javax.net.ssl.SSLHandshakeException: Received fatal alert:
handshake_failure


--
Thomas Termin
_______________________________
blue elephant systems GmbH
Wollgrasweg 49
D-70599 Stuttgart

Tel    :  (+49) 0711 - 45 10 17 676
Fax    :  (+49) 0711 - 45 10 17 573
WWW    :  http://www.blue-elephant-systems.com
Email  :  [hidden email]

blue elephant systems GmbH
Firmensitz      : Wollgrasweg 49, D-70599 Stuttgart
Registergericht : Amtsgericht Stuttgart, HRB 24106
Geschäftsführer : Holger Dietrich, Thomas Gentsch, Joachim Hoernle


-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
jetty-discuss mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/jetty-discuss
Reply | Threaded
Open this post in threaded view
|

Re: jetty ssl problems

Chris Haynes
Hmm...
Have you noticed the v2 /v3 discrepancy in the second and third lines of the bad handshake? Looks to me like a JVM problem, or even lower, a problem in the server's SSL implementation - but that would be most unusual.

It's a couple of years since I paddled around in here, but I seem to remember that that server first announces which SSL/TLS levels it will accept and the client selects the one to use. Are your two tests with the _same_ client_, or are you showing us traces from different instances of firefox?

If the different handshakes are coming from the _same_ instance of Firefox that's very strange indeed.

If it is from different Firefox instances (maybe even different versions) then it is quite possible that they have different settings.Set the browsers to the pseudo-url  'about:config' and look for the three entries:
security.enable_ssl2
security.enable_ssl3
security.enable_tls

mine are set to false, true, false.
 

Have you tried turning on the server JVM's SSL networking low-level trace?  I presume you are using a Sun JVM? If you hunt around in the Sun on-line documentation  on SSL you can find a command line option which enables really detailed logging of the SSL handshake itself, i.e. it dumps the bytes received and sent. You might be able to see what the real difference is then. Ask again if you can't find it - I've made a paper copy somewhere, but can't find it at the moment.

IIRC, there is a possible work-around: it is possible to set, either via Jetty or in the JVM's security properties file, the lowest level of transport encryption protocol acceptable to the server (i.e. the server equivalent of the above client settings). I can't remember if its a Jetty parameter or if you might have to fiddle around in either the code or the JVM security property file to change this.

HTH

Chris Haynes



On Tuesday, November 13, 2007 at 2:18:54 PM, Thomas Termin wrote:
> Hello,

> we have a problem with firefox, jetty-6.1.4 and https. We use the
> standard configuration from jetty and the SslSocketConnector.

> If you start an https session the handshake works fine but after a
> certain amount of time or clicks we get an handshake_failure.

> If it works fine the clients sends the following: ClientHello, TLSv1

> And when it goes wrong the client sends this: ClientHello, SSLv3

> If attached the java debug log for ssl. The first one is the successfull
> and the second one the failed handshake.

> Is there anything we can do in jetty to avoid this problem?

> Regards,
> Thomas Termin

> --------------------- SUCCESSFULL HANDSHAKE -------------------

> INFO   | jvm 1    | 2007/11/13 10:37:07 | btpool0-1 - Acceptor0
> SslSocketConnector@0.0.0.0:9663, setSoTimeout(30000) called
> INFO   | jvm 1    | 2007/11/13 10:37:07 | btpool0-2, READ: TLSv1
> Handshake, length = 134
> INFO   | jvm 1    | 2007/11/13 10:37:07 | *** ClientHello, TLSv1
> INFO   | jvm 1    | 2007/11/13 10:37:07 | RandomCookie:  GMT: 945719
> bytes = { 34, 0, 240, 116, 148, 73, 156, 178, 159, 136, 247, 116, 37,
> 213, 123, 2, 119, 231, 165, 235, 248, 128, 182, 219, 30, 253, 128, 217 }
> INFO   | jvm 1    | 2007/11/13 10:37:07 | Session ID:  {}
> INFO   | jvm 1    | 2007/11/13 10:37:07 | Cipher Suites: [Unknown
> 0xc0:0xa, Unknown 0xc0:0x14, TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
> TLS_DHE_DSS_WITH_AES_256_CBC_SHA, Unknown 0xc0:0xf, Unknown 0xc0:0x5,
> TLS_RSA_WITH_AES_256_CBC_SHA, Unknown 0xc0:0x7, Unknown 0xc0:0x9,
> Unknown 0xc0:0x11, Unknown 0xc0:0x13, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
> TLS_DHE_DSS_WITH_AES_128_CBC_SHA, Unknown 0xc0:0xc, Unknown 0xc0:0xe,
> Unknown 0xc0:0x2, Unknown 0xc0:0x4, SSL_RSA_WITH_RC4_128_MD5,
> SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, Unknown
> 0xc0:0x8, Unknown 0xc0:0x12, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
> SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, Unknown 0xc0:0xd, Unknown 0xc0:0x3,
> SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA]
> INFO   | jvm 1    | 2007/11/13 10:37:07 | Compression Methods:  { 0 }
> INFO   | jvm 1    | 2007/11/13 10:37:07 | ***
> INFO   | jvm 1    | 2007/11/13 10:37:07 | %% Created:  [Session-1,
> TLS_DHE_DSS_WITH_AES_128_CBC_SHA]
> INFO   | jvm 1    | 2007/11/13 10:37:07 | *** ServerHello, TLSv1
> INFO   | jvm 1    | 2007/11/13 10:37:07 | RandomCookie:  GMT: 1194946627
> bytes = { 202, 38, 26, 157, 107, 26, 9, 203, 97, 164, 80, 226, 78, 85,
> 125, 89, 179, 243, 250, 96, 198, 15, 6, 143, 206, 119, 118, 9 }
> INFO   | jvm 1    | 2007/11/13 10:37:07 | Session ID:  {71, 57, 112, 67,
> 89, 141, 186, 23, 151, 98, 111, 198, 201, 252, 215, 147, 12, 21, 199,
> 126, 23, 93, 96, 218, 167, 240, 24, 108, 244, 92, 210, 185}
> INFO   | jvm 1    | 2007/11/13 10:37:07 | Cipher Suite:
> TLS_DHE_DSS_WITH_AES_128_CBC_SHA
> INFO   | jvm 1    | 2007/11/13 10:37:07 | Compression Method: 0
> INFO   | jvm 1    | 2007/11/13 10:37:07 | ***
> INFO   | jvm 1    | 2007/11/13 10:37:07 | Cipher suite:
> TLS_DHE_DSS_WITH_AES_128_CBC_SHA
> INFO   | jvm 1    | 2007/11/13 10:37:07 | *** Certificate chain
> INFO   | jvm 1    | 2007/11/13 10:37:07 | chain [0] = [
> INFO   | jvm 1    | 2007/11/13 10:37:07 | [
> INFO   | jvm 1    | 2007/11/13 10:37:07 |   Version: V1
> INFO   | jvm 1    | 2007/11/13 10:37:07 |   Subject: CN=gibson
> INFO   | jvm 1    | 2007/11/13 10:37:07 |   Signature Algorithm:
> SHA1withDSA, OID = 1.2.840.10040.4.3
> INFO   | jvm 1    | 2007/11/13 10:37:07 |
> INFO   | jvm 1    | 2007/11/13 10:37:07 |   Key:  Sun DSA Public Key
> INFO   | jvm 1    | 2007/11/13 10:37:07 |     Parameters:DSA
> INFO   | jvm 1    | 2007/11/13 10:37:07 |       p:     fd7f5381 1d751229
> 52df4a9c 2eece4e7 f611b752 3cef4400 c31e3f80 b6512669
> INFO   | jvm 1    | 2007/11/13 10:37:07 |     455d4022 51fb593d 8d58fabf
> c5f5ba30 f6cb9b55 6cd7813b 801d346f f26660b7
> INFO   | jvm 1    | 2007/11/13 10:37:07 |     6b9950a5 a49f9fe8 047b1022
> c24fbba9 d7feb7c6 1bf83b57 e7c6a8a6 150f04fb
> INFO   | jvm 1    | 2007/11/13 10:37:07 |     83f6d3c5 1ec30235 54135a16
> 9132f675 f3ae2b61 d72aeff2 2203199d d14801c7
> INFO   | jvm 1    | 2007/11/13 10:37:07 |       q:     9760508f 15230bcc
> b292b982 a2eb840b f0581cf5
> INFO   | jvm 1    | 2007/11/13 10:37:07 |       g:     f7e1a085 d69b3dde
> cbbcab5c 36b857b9 7994afbb fa3aea82 f9574c0b 3d078267
> INFO   | jvm 1    | 2007/11/13 10:37:07 |     5159578e bad4594f e6710710
> 8180b449 167123e8 4c281613 b7cf0932 8cc8a6e1
> INFO   | jvm 1    | 2007/11/13 10:37:07 |     3c167a8b 547c8d28 e0a3ae1e
> 2bb3a675 916ea37f 0bfa2135 62f1fb62 7a01243b
> INFO   | jvm 1    | 2007/11/13 10:37:07 |     cca4f1be a8519089 a883dfe1
> 5ae59f06 928b665e 807b5525 64014c3b fecf492a
> INFO   | jvm 1    | 2007/11/13 10:37:07 |
> INFO   | jvm 1    | 2007/11/13 10:37:07 |   y:
> INFO   | jvm 1    | 2007/11/13 10:37:07 |     cd6c71d2 1e09d704 f9105ef9
> ce1dd1c4 64439928 00f577f4 682e43db 0b9165f6
> INFO   | jvm 1    | 2007/11/13 10:37:07 |     8c1dbc80 463cabf1 acb0dc1f
> d07e01a0 f672121d 9db13a3c 1f4e42f6 40e7fc75
> INFO   | jvm 1    | 2007/11/13 10:37:07 |     f91d1f2a b59f2517 d5187074
> 56558fb2 14fe762e c9d8756f f76d3edf 4ea53389
> INFO   | jvm 1    | 2007/11/13 10:37:07 |     18b49570 7b2e9f00 b8c1b067
> 22a62e2e 1f653c38 92abf821 8298fbac 7ca74759
> INFO   | jvm 1    | 2007/11/13 10:37:07 |
> INFO   | jvm 1    | 2007/11/13 10:37:07 |   Validity: [From: Tue Nov 13
> 10:14:23 CET 2007,
> INFO   | jvm 1    | 2007/11/13 10:37:07 |                To: Fri Nov 10
> 10:14:23 CET 2017]
> INFO   | jvm 1    | 2007/11/13 10:37:07 |   Issuer: CN=gibson
> INFO   | jvm 1    | 2007/11/13 10:37:07 |   SerialNumber: [    47396aef]
> INFO   | jvm 1    | 2007/11/13 10:37:07 |
> INFO   | jvm 1    | 2007/11/13 10:37:07 | ]
> INFO   | jvm 1    | 2007/11/13 10:37:07 |   Algorithm: [SHA1withDSA]
> INFO   | jvm 1    | 2007/11/13 10:37:07 |   Signature:
> INFO   | jvm 1    | 2007/11/13 10:37:07 | 0000: 30 2C 02 14 2C 26 2E E4
>   30 03 F2 F9 DE C0 BA 27  0,..,&..0......'
> INFO   | jvm 1    | 2007/11/13 10:37:07 | 0010: BA 74 19 42 A5 9E 99 C6
>   02 14 7D 8B 0F 69 C1 CA  .t.B.........i..
> INFO   | jvm 1    | 2007/11/13 10:37:07 | 0020: D6 48 EC F5 26 8D B0 1C
>   8A 52 58 E5 F8 2E        .H..&....RX...
> INFO   | jvm 1    | 2007/11/13 10:37:07 |
> INFO   | jvm 1    | 2007/11/13 10:37:07 | ]
> INFO   | jvm 1    | 2007/11/13 10:37:07 | ***
> INFO   | jvm 1    | 2007/11/13 10:37:07 | *** Diffie-Hellman
> ServerKeyExchange
> INFO   | jvm 1    | 2007/11/13 10:37:07 | DH Modulus:  { 244, 136, 253,
> 88, 78, 73, 219, 205, 32, 180, 157, 228, 145, 7, 54, 107, 51, 108, 56,
> 13, 69, 29, 15, 124, 136, 179, 28, 124, 91, 45, 142, 246, 243, 201, 35,
> 192, 67, 240, 165, 91, 24, 141, 142, 187, 85, 140, 184, 93, 56, 211, 52,
> 253, 124, 23, 87, 67, 163, 29, 24, 108, 222, 51, 33, 44, 181, 42, 255,
> 60, 225, 177, 41, 64, 24, 17, 141, 124, 132, 167, 10, 114, 214, 134,
> 196, 3, 25, 200, 7, 41, 122, 202, 149, 12, 217, 150, 159, 171, 208, 10,
> 80, 155, 2, 70, 211, 8, 61, 102, 164, 93, 65, 159, 156, 124, 189, 137,
> 75, 34, 25, 38, 186, 171, 162, 94, 195, 85, 233, 47, 120, 199 }
> INFO   | jvm 1    | 2007/11/13 10:37:07 | DH Base:  { 2 }
> INFO   | jvm 1    | 2007/11/13 10:37:07 | Server DH Public Key:  { 243,
> 253, 177, 177, 151, 51, 167, 21, 242, 125, 193, 186, 222, 36, 173, 62,
> 208, 206, 235, 59, 75, 123, 131, 106, 2, 229, 22, 86, 75, 244, 21, 224,
> 151, 113, 118, 80, 224, 182, 37, 74, 176, 243, 57, 194, 71, 140, 134,
> 207, 198, 76, 63, 159, 195, 68, 9, 184, 29, 143, 252, 121, 124, 171, 37,
> 34, 246, 176, 1, 126, 5, 110, 191, 128, 35, 181, 128, 97, 64, 253, 46,
> 15, 208, 244, 63, 170, 61, 76, 61, 43, 82, 192, 56, 168, 251, 172, 71,
> 14, 72, 26, 151, 131, 181, 85, 205, 215, 32, 153, 148, 113, 46, 110,
> 136, 56, 202, 178, 43, 24, 1, 51, 165, 201, 253, 167, 77, 97, 93, 76,
> 25, 0 }
> INFO   | jvm 1    | 2007/11/13 10:37:07 | Signed with a DSA or RSA
> public key
> INFO   | jvm 1    | 2007/11/13 10:37:07 | *** ServerHelloDone
> INFO   | jvm 1    | 2007/11/13 10:37:07 | btpool0-2, WRITE: TLSv1
> Handshake, length = 1006
> INFO   | jvm 1    | 2007/11/13 10:37:09 | btpool0-2, READ: TLSv1
> Handshake, length = 134
> INFO   | jvm 1    | 2007/11/13 10:37:09 | *** ClientDiffieHellmanPublic
> INFO   | jvm 1    | 2007/11/13 10:37:09 | DH Public key:  { 180, 156,
> 224, 176, 82, 33, 127, 196, 171, 160, 247, 100, 102, 103, 111, 226, 164,
> 119, 224, 108, 112, 188, 5, 8, 148, 113, 133, 145, 103, 223, 41, 6, 154,
> 243, 247, 202, 209, 32, 80, 118, 11, 100, 23, 118, 236, 156, 107, 147,
> 5, 201, 5, 145, 203, 57, 29, 229, 164, 99, 215, 204, 237, 16, 82, 185,
> 248, 47, 208, 203, 51, 83, 52, 3, 158, 228, 128, 1, 8, 86, 101, 229, 53,
> 80, 11, 30, 21, 134, 85, 151, 182, 74, 92, 237, 117, 241, 195, 149, 65,
> 28, 112, 20, 227, 132, 255, 189, 119, 51, 192, 202, 111, 210, 88, 112,
> 101, 36, 248, 48, 181, 39, 237, 92, 234, 234, 95, 245, 222, 252, 51, 26 }
> INFO   | jvm 1    | 2007/11/13 10:37:09 | SESSION KEYGEN:
> INFO   | jvm 1    | 2007/11/13 10:37:09 | PreMaster Secret:
> INFO   | jvm 1    | 2007/11/13 10:37:09 | 0000: 5D 55 44 C6 42 0B 32 01
>   5F 13 F5 FE C5 CB 3D 87  ]UD.B.2._.....=.
> INFO   | jvm 1    | 2007/11/13 10:37:09 | 0010: 55 A9 08 D0 1A 7E 2A 41
>   3D 5F E5 8E F7 EC 60 A1  U.....*A=_....`.
> INFO   | jvm 1    | 2007/11/13 10:37:09 | 0020: 5A F9 C3 58 D8 EA 3E FA
>   5A 6A C2 61 33 B6 0F 86  Z..X..>.Zj.a3...
> INFO   | jvm 1    | 2007/11/13 10:37:09 | 0030: AF 6B 3E 03 87 7A 99 64
>   4E 49 4C 68 01 91 CC 9B  .k>..z.dNILh....
> INFO   | jvm 1    | 2007/11/13 10:37:09 | 0040: AF A4 13 49 01 4C CF D3
>   A2 93 A9 82 F8 DD AD E3  ...I.L..........
> INFO   | jvm 1    | 2007/11/13 10:37:09 | 0050: 3A 4B 4C 8B A9 84 F9 B0
>   C7 AD 2A 20 D1 EE D0 19  :KL.......* ....
> INFO   | jvm 1    | 2007/11/13 10:37:09 | 0060: D0 6A E9 A6 A7 54 08 51
>   9C 2C 89 BD 59 A9 4F A8  .j...T.Q.,..Y.O.
> INFO   | jvm 1    | 2007/11/13 10:37:09 | 0070: 9E 39 0C A6 3D E9 0F 2E
>   13 BB 97 C0 AB B5 49 41  .9..=.........IA
> INFO   | jvm 1    | 2007/11/13 10:37:09 | CONNECTION KEYGEN:
> INFO   | jvm 1    | 2007/11/13 10:37:09 | Client Nonce:
> INFO   | jvm 1    | 2007/11/13 10:37:09 | 0000: 00 0E 6E 37 22 00 F0 74
>   94 49 9C B2 9F 88 F7 74  ..n7"..t.I.....t
> INFO   | jvm 1    | 2007/11/13 10:37:09 | 0010: 25 D5 7B 02 77 E7 A5 EB
>   F8 80 B6 DB 1E FD 80 D9  %...w...........
> INFO   | jvm 1    | 2007/11/13 10:37:09 | Server Nonce:
> INFO   | jvm 1    | 2007/11/13 10:37:09 | 0000: 47 39 70 43 CA 26 1A 9D
>   6B 1A 09 CB 61 A4 50 E2  G9pC.&..k...a.P.
> INFO   | jvm 1    | 2007/11/13 10:37:09 | 0010: 4E 55 7D 59 B3 F3 FA 60
>   C6 0F 06 8F CE 77 76 09  NU.Y...`.....wv.
> INFO   | jvm 1    | 2007/11/13 10:37:09 | Master Secret:
> INFO   | jvm 1    | 2007/11/13 10:37:09 | 0000: B6 EA BD 51 F6 88 05 96
>   6C 71 6F 13 7C 1B 76 8C  ...Q....lqo...v.
> INFO   | jvm 1    | 2007/11/13 10:37:09 | 0010: DF 4F F0 99 55 2A 2C E7
>   9F C4 EC C1 1B BB 30 1B  .O..U*,.......0.
> INFO   | jvm 1    | 2007/11/13 10:37:09 | 0020: 5D 7D 11 3E F2 30 AC 7D
>   F6 74 5E BB 17 81 E3 B1  ]..>.0...t^.....
> INFO   | jvm 1    | 2007/11/13 10:37:09 | Client MAC write Secret:
> INFO   | jvm 1    | 2007/11/13 10:37:09 | 0000: C1 FB EE 05 7C F6 20 A7
>   3A DA 9A 21 FE BA 7F 48  ...... .:..!...H
> INFO   | jvm 1    | 2007/11/13 10:37:09 | 0010: 72 F0 5B 41
>                            r.[A
> INFO   | jvm 1    | 2007/11/13 10:37:09 | Server MAC write Secret:
> INFO   | jvm 1    | 2007/11/13 10:37:09 | 0000: EB 1B D4 B7 B2 F0 89 EC
>   7D C1 17 37 FA 13 69 1F  ...........7..i.
> INFO   | jvm 1    | 2007/11/13 10:37:09 | 0010: EF DC 41 B8
>                            ..A.
> INFO   | jvm 1    | 2007/11/13 10:37:09 | Client write key:
> INFO   | jvm 1    | 2007/11/13 10:37:09 | 0000: AC 5C 3C 12 7E 00 3F 6F
>   7E 5E 90 E1 AF DC F0 39  .\<...?o.^...
> INFO   | jvm 1    | 2007/11/13 10:37:09 | ..9
> INFO   | jvm 1    | 2007/11/13 10:37:09 | Server write key:
> INFO   | jvm 1    | 2007/11/13 10:37:09 | 0000: 56 ED 02 58 FC 33 1D 7D
>   A5 C7 FF 52 54 CD C9 B1  V..X.3.....RT...
> INFO   | jvm 1    | 2007/11/13 10:37:09 | Client write IV:
> INFO   | jvm 1    | 2007/11/13 10:37:09 | 0000: AB 6B B2 DF BE F1 B2 81
>   F2 F7 C0 11 2E A9 6F EC  .k............o.
> INFO   | jvm 1    | 2007/11/13 10:37:09 | Server write IV:
> INFO   | jvm 1    | 2007/11/13 10:37:09 | 0000: 96 D0 C5 0F 6C E2 5E EF
>   1F 47 AA E4 AD 4B A6 44  ....l.^..G...K.D
> INFO   | jvm 1    | 2007/11/13 10:37:09 | btpool0-2, READ: TLSv1 Change
> Cipher Spec, length = 1
> INFO   | jvm 1    | 2007/11/13 10:37:09 | btpool0-2, READ: TLSv1
> Handshake, length = 48
> INFO   | jvm 1    | 2007/11/13 10:37:09 | *** Finished
> INFO   | jvm 1    | 2007/11/13 10:37:09 | verify_data:  { 177, 54, 164,
> 111, 144, 139, 19, 43, 130, 58, 55, 103 }
> INFO   | jvm 1    | 2007/11/13 10:37:09 | ***
> INFO   | jvm 1    | 2007/11/13 10:37:09 | btpool0-2, WRITE: TLSv1 Change
> Cipher Spec, length = 1
> INFO   | jvm 1    | 2007/11/13 10:37:09 | *** Finished
> INFO   | jvm 1    | 2007/11/13 10:37:09 | verify_data:  { 230, 107, 81,
> 197, 223, 211, 169, 122, 220, 184, 106, 71 }
> INFO   | jvm 1    | 2007/11/13 10:37:09 | ***
> INFO   | jvm 1    | 2007/11/13 10:37:09 | btpool0-2, WRITE: TLSv1
> Handshake, length = 48
> INFO   | jvm 1    | 2007/11/13 10:37:09 | %% Cached server session:
> [Session-1, TLS_DHE_DSS_WITH_AES_128_CBC_SHA]


> ------------- FAILED HANDSHAKE --------------------

> INFO   | jvm 1    | 2007/11/13 15:04:00 | btpool0-1 - Acceptor0
> SslSocketConnector@0.0.0.0:9663, setSoTimeout(30000) called
> INFO   | jvm 1    | 2007/11/13 15:04:00 | btpool0-20, READ:  SSL v2,
> contentType = Handshake, translated length = 67
> INFO   | jvm 1    | 2007/11/13 15:04:00 | *** ClientHello, SSLv3
> INFO   | jvm 1    | 2007/11/13 15:04:00 | RandomCookie:  GMT: 0 bytes =
> { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 50, 150, 129, 239, 43, 252, 78,
> 255, 73, 68, 233, 6, 204, 172, 208, 248 }
> INFO   | jvm 1    | 2007/11/13 15:04:00 | Session ID:  {}
> INFO   | jvm 1    | 2007/11/13 15:04:00 | Cipher Suites:
> [TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
> TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
> TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5,
> SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA,
> SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
> SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA]
> INFO   | jvm 1    | 2007/11/13 15:04:00 | Compression Methods:  { 0 }
> INFO   | jvm 1    | 2007/11/13 15:04:00 | ***
> INFO   | jvm 1    | 2007/11/13 15:04:00 | %% Created:  [Session-41,
> TLS_DHE_DSS_WITH_AES_128_CBC_SHA]
> INFO   | jvm 1    | 2007/11/13 15:04:00 | *** ServerHello, SSLv3
> INFO   | jvm 1    | 2007/11/13 15:04:00 | RandomCookie:  GMT: 1194896848
> bytes = { 239, 60, 79, 208, 109, 42, 33, 116, 249, 80, 219, 192, 168,
> 157, 187, 247, 84, 133, 171, 86, 134, 171, 178, 125, 168, 6, 81, 254 }
> INFO   | jvm 1    | 2007/11/13 15:04:00 | Session ID:  {71, 57, 174,
> 208, 132, 99, 36, 58, 153, 240, 13, 53, 136, 241, 169, 171, 108, 209,
> 192, 200, 1, 126, 234, 115, 202, 140, 65, 239, 31, 42, 151, 225}
> INFO   | jvm 1    | 2007/11/13 15:04:00 | Cipher Suite:
> TLS_DHE_DSS_WITH_AES_128_CBC_SHA
> INFO   | jvm 1    | 2007/11/13 15:04:00 | Compression Method: 0
> INFO   | jvm 1    | 2007/11/13 15:04:00 | ***
> INFO   | jvm 1    | 2007/11/13 15:04:00 | Cipher suite:
> TLS_DHE_DSS_WITH_AES_128_CBC_SHA
> INFO   | jvm 1    | 2007/11/13 15:04:00 | *** Certificate chain
> INFO   | jvm 1    | 2007/11/13 15:04:00 | chain [0] = [
> INFO   | jvm 1    | 2007/11/13 15:04:00 | [
> INFO   | jvm 1    | 2007/11/13 15:04:00 |   Version: V1
> INFO   | jvm 1    | 2007/11/13 15:04:00 |   Subject: CN=gibson
> INFO   | jvm 1    | 2007/11/13 15:04:00 |   Signature Algorithm:
> SHA1withDSA, OID = 1.2.840.10040.4.3
> INFO   | jvm 1    | 2007/11/13 15:04:00 |
> INFO   | jvm 1    | 2007/11/13 15:04:00 |   Key:  Sun DSA Public Key
> INFO   | jvm 1    | 2007/11/13 15:04:00 |     Parameters:DSA
> INFO   | jvm 1    | 2007/11/13 15:04:00 |       p:     fd7f5381 1d751229
> 52df4a9c 2eece4e7 f611b752 3cef4400 c31e3f80 b6512669
> INFO   | jvm 1    | 2007/11/13 15:04:00 |     455d4022 51fb593d 8d58fabf
> c5f5ba30 f6cb9b55 6cd7813b 801d346f f26660b7
> INFO   | jvm 1    | 2007/11/13 15:04:00 |     6b9950a5 a49f9fe8 047b1022
> c24fbba9 d7feb7c6 1bf83b57 e7c6a8a6 150f04fb
> INFO   | jvm 1    | 2007/11/13 15:04:00 |     83f6d3c5 1ec30235 54135a16
> 9132f675 f3ae2b61 d72aeff2 2203199d d14801c7
> INFO   | jvm 1    | 2007/11/13 15:04:00 |       q:     9760508f 15230bcc
> b292b982 a2eb840b f0581cf5
> INFO   | jvm 1    | 2007/11/13 15:04:00 |       g:     f7e1a085 d69b3dde
> cbbcab5c 36b857b9 7994afbb fa3aea82 f9574c0b 3d078267
> INFO   | jvm 1    | 2007/11/13 15:04:00 |     5159578e bad4594f e6710710
> 8180b449 167123e8 4c281613 b7cf0932 8cc8a6e1
> INFO   | jvm 1    | 2007/11/13 15:04:00 |     3c167a8b 547c8d28 e0a3ae1e
> 2bb3a675 916ea37f 0bfa2135 62f1fb62 7a01243b
> INFO   | jvm 1    | 2007/11/13 15:04:00 |     cca4f1be a8519089 a883dfe1
> 5ae59f06 928b665e 807b5525 64014c3b fecf492a
> INFO   | jvm 1    | 2007/11/13 15:04:00 |
> INFO   | jvm 1    | 2007/11/13 15:04:00 |   y:
> INFO   | jvm 1    | 2007/11/13 15:04:00 |     cd6c71d2 1e09d704 f9105ef9
> ce1dd1c4 64439928 00f577f4 682e43db 0b9165f6
> INFO   | jvm 1    | 2007/11/13 15:04:00 |     8c1dbc80 463cabf1 acb0dc1f
> d07e01a0 f672121d 9db13a3c 1f4e42f6 40e7fc75
> INFO   | jvm 1    | 2007/11/13 15:04:00 |     f91d1f2a b59f2517 d5187074
> 56558fb2 14fe762e c9d8756f f76d3edf 4ea53389
> INFO   | jvm 1    | 2007/11/13 15:04:00 |     18b49570 7b2e9f00 b8c1b067
> 22a62e2e 1f653c38 92abf821 8298fbac 7ca74759
> INFO   | jvm 1    | 2007/11/13 15:04:00 |
> INFO   | jvm 1    | 2007/11/13 15:04:00 |   Validity: [From: Tue Nov 13
> 10:14:23 CET 2007,
> INFO   | jvm 1    | 2007/11/13 15:04:00 |                To: Fri Nov 10
> 10:14:23 CET 2017]
> INFO   | jvm 1    | 2007/11/13 15:04:00 |   Issuer: CN=gibson
> INFO   | jvm 1    | 2007/11/13 15:04:00 |   SerialNumber: [    47396aef]
> INFO   | jvm 1    | 2007/11/13 15:04:00 |
> INFO   | jvm 1    | 2007/11/13 15:04:00 | ]
> INFO   | jvm 1    | 2007/11/13 15:04:00 |   Algorithm: [SHA1withDSA]
> INFO   | jvm 1    | 2007/11/13 15:04:00 |   Signature:
> INFO   | jvm 1    | 2007/11/13 15:04:00 | 0000: 30 2C 02 14 2C 26 2E E4
>   30 03 F2 F9 DE C0 BA 27  0,..,&..0......'
> INFO   | jvm 1    | 2007/11/13 15:04:00 | 0010: BA 74 19 42 A5 9E 99 C6
>   02 14 7D 8B 0F 69 C1 CA  .t.B.........i..
> INFO   | jvm 1    | 2007/11/13 15:04:00 | 0020: D6 48 EC F5 26 8D B0 1C
>   8A 52 58 E5 F8 2E        .H..&....RX...
> INFO   | jvm 1    | 2007/11/13 15:04:00 |
> INFO   | jvm 1    | 2007/11/13 15:04:00 | ]
> INFO   | jvm 1    | 2007/11/13 15:04:00 | ***
> INFO   | jvm 1    | 2007/11/13 15:04:00 | *** Diffie-Hellman
> ServerKeyExchange
> INFO   | jvm 1    | 2007/11/13 15:04:00 | DH Modulus:  { 244, 136, 253,
> 88, 78, 73, 219, 205, 32, 180, 157, 228, 145, 7, 54, 107, 51, 108, 56,
> 13, 69, 29, 15, 124, 136, 179, 28, 124, 91, 45, 142, 246, 243, 201, 35,
> 192, 67, 240, 165, 91, 24, 141, 142, 187, 85, 140, 184, 93, 56, 211, 52,
> 253, 124, 23, 87, 67, 163, 29, 24, 108, 222, 51, 33, 44, 181, 42, 255,
> 60, 225, 177, 41, 64, 24, 17, 141, 124, 132, 167, 10, 114, 214, 134,
> 196, 3, 25, 200, 7, 41, 122, 202, 149, 12, 217, 150, 159, 171, 208, 10,
> 80, 155, 2, 70, 211, 8, 61, 102, 164, 93, 65, 159, 156, 124, 189, 137,
> 75, 34, 25, 38, 186, 171, 162, 94, 195, 85, 233, 47, 120, 199 }
> INFO   | jvm 1    | 2007/11/13 15:04:00 | DH Base:  { 2 }
> INFO   | jvm 1    | 2007/11/13 15:04:00 | Server DH Public Key:  { 163,
> 150, 206, 89, 30, 95, 234, 49, 13, 145, 68, 95, 158, 131, 94, 2, 136,
> 71, 92, 119, 74, 31, 230, 218, 209, 255, 39, 118, 104, 185, 92, 154,
> 167, 29, 244, 91, 133, 170, 41, 124, 23, 237, 234, 87, 43, 29, 229, 144,
> 55, 142, 231, 160, 223, 255, 129, 208, 224, 15, 249, 245, 85, 136, 249,
> 205, 186, 228, 244, 37, 28, 89, 128, 78, 43, 130, 126, 77, 72, 72, 160,
> 84, 62, 109, 14, 218, 181, 231, 126, 221, 196, 3, 233, 228, 107, 36,
> 165, 173, 36, 184, 171, 169, 203, 222, 69, 70, 8, 149, 196, 73, 59, 116,
> 202, 71, 106, 47, 235, 88, 128, 186, 43, 194, 56, 11, 152, 255, 129,
> 165, 17, 204 }
> INFO   | jvm 1    | 2007/11/13 15:04:00 | Signed with a DSA or RSA
> public key
> INFO   | jvm 1    | 2007/11/13 15:04:00 | *** ServerHelloDone
> INFO   | jvm 1    | 2007/11/13 15:04:00 | btpool0-20, WRITE: SSLv3
> Handshake, length = 1006
> INFO   | jvm 1    | 2007/11/13 15:04:00 | btpool0-20, READ: SSLv3 Alert,
> length = 2
> INFO   | jvm 1    | 2007/11/13 15:04:00 | btpool0-20, RECV SSLv3 ALERT:
>  fatal, handshake_failure
> INFO   | jvm 1    | 2007/11/13 15:04:00 | btpool0-20, called closeSocket()
> INFO   | jvm 1    | 2007/11/13 15:04:00 | btpool0-20, handling
> exception: javax.net.ssl.SSLHandshakeException: Received fatal alert:
> handshake_failure



-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
jetty-discuss mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/jetty-discuss
Reply | Threaded
Open this post in threaded view
|

Re: jetty ssl problems

tterm
Hello Chris,

thanks for your fast response.

Yeah it is the same firefox instance all the time. After a certain
amount of time the second listed handshake comes in.

I tried some stuff but it comes always back to this problem.

Thomas Termin


Chris Haynes wrote:

> Hmm...
> Have you noticed the v2 /v3 discrepancy in the second and third lines of the bad handshake? Looks to me like a JVM problem, or even lower, a problem in the server's SSL implementation - but that would be most unusual.
>
> It's a couple of years since I paddled around in here, but I seem to remember that that server first announces which SSL/TLS levels it will accept and the client selects the one to use. Are your two tests with the _same_ client_, or are you showing us traces from different instances of firefox?
>
> If the different handshakes are coming from the _same_ instance of Firefox that's very strange indeed.
>
> If it is from different Firefox instances (maybe even different versions) then it is quite possible that they have different settings.Set the browsers to the pseudo-url  'about:config' and look for the three entries:
> security.enable_ssl2
> security.enable_ssl3
> security.enable_tls
>
> mine are set to false, true, false.
>  
>
> Have you tried turning on the server JVM's SSL networking low-level trace?  I presume you are using a Sun JVM? If you hunt around in the Sun on-line documentation  on SSL you can find a command line option which enables really detailed logging of the SSL handshake itself, i.e. it dumps the bytes received and sent. You might be able to see what the real difference is then. Ask again if you can't find it - I've made a paper copy somewhere, but can't find it at the moment.
>
> IIRC, there is a possible work-around: it is possible to set, either via Jetty or in the JVM's security properties file, the lowest level of transport encryption protocol acceptable to the server (i.e. the server equivalent of the above client settings). I can't remember if its a Jetty parameter or if you might have to fiddle around in either the code or the JVM security property file to change this.
>
> HTH
>
> Chris Haynes
>
>
>
> On Tuesday, November 13, 2007 at 2:18:54 PM, Thomas Termin wrote:
>
>>Hello,
>
>
>>we have a problem with firefox, jetty-6.1.4 and https. We use the
>>standard configuration from jetty and the SslSocketConnector.
>
>
>>If you start an https session the handshake works fine but after a
>>certain amount of time or clicks we get an handshake_failure.
>
>
>>If it works fine the clients sends the following: ClientHello, TLSv1
>
>
>>And when it goes wrong the client sends this: ClientHello, SSLv3
>
>
>>If attached the java debug log for ssl. The first one is the successfull
>>and the second one the failed handshake.
>
>
>>Is there anything we can do in jetty to avoid this problem?
>
>
>>Regards,
>>Thomas Termin
>
>
>>--------------------- SUCCESSFULL HANDSHAKE -------------------
>
>
>>INFO   | jvm 1    | 2007/11/13 10:37:07 | btpool0-1 - Acceptor0
>>SslSocketConnector@0.0.0.0:9663, setSoTimeout(30000) called
>>INFO   | jvm 1    | 2007/11/13 10:37:07 | btpool0-2, READ: TLSv1
>>Handshake, length = 134
>>INFO   | jvm 1    | 2007/11/13 10:37:07 | *** ClientHello, TLSv1
>>INFO   | jvm 1    | 2007/11/13 10:37:07 | RandomCookie:  GMT: 945719
>>bytes = { 34, 0, 240, 116, 148, 73, 156, 178, 159, 136, 247, 116, 37,
>>213, 123, 2, 119, 231, 165, 235, 248, 128, 182, 219, 30, 253, 128, 217 }
>>INFO   | jvm 1    | 2007/11/13 10:37:07 | Session ID:  {}
>>INFO   | jvm 1    | 2007/11/13 10:37:07 | Cipher Suites: [Unknown
>>0xc0:0xa, Unknown 0xc0:0x14, TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
>>TLS_DHE_DSS_WITH_AES_256_CBC_SHA, Unknown 0xc0:0xf, Unknown 0xc0:0x5,
>>TLS_RSA_WITH_AES_256_CBC_SHA, Unknown 0xc0:0x7, Unknown 0xc0:0x9,
>>Unknown 0xc0:0x11, Unknown 0xc0:0x13, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
>>TLS_DHE_DSS_WITH_AES_128_CBC_SHA, Unknown 0xc0:0xc, Unknown 0xc0:0xe,
>>Unknown 0xc0:0x2, Unknown 0xc0:0x4, SSL_RSA_WITH_RC4_128_MD5,
>>SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, Unknown
>>0xc0:0x8, Unknown 0xc0:0x12, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
>>SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, Unknown 0xc0:0xd, Unknown 0xc0:0x3,
>>SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA]
>>INFO   | jvm 1    | 2007/11/13 10:37:07 | Compression Methods:  { 0 }
>>INFO   | jvm 1    | 2007/11/13 10:37:07 | ***
>>INFO   | jvm 1    | 2007/11/13 10:37:07 | %% Created:  [Session-1,
>>TLS_DHE_DSS_WITH_AES_128_CBC_SHA]
>>INFO   | jvm 1    | 2007/11/13 10:37:07 | *** ServerHello, TLSv1
>>INFO   | jvm 1    | 2007/11/13 10:37:07 | RandomCookie:  GMT: 1194946627
>>bytes = { 202, 38, 26, 157, 107, 26, 9, 203, 97, 164, 80, 226, 78, 85,
>>125, 89, 179, 243, 250, 96, 198, 15, 6, 143, 206, 119, 118, 9 }
>>INFO   | jvm 1    | 2007/11/13 10:37:07 | Session ID:  {71, 57, 112, 67,
>>89, 141, 186, 23, 151, 98, 111, 198, 201, 252, 215, 147, 12, 21, 199,
>>126, 23, 93, 96, 218, 167, 240, 24, 108, 244, 92, 210, 185}
>>INFO   | jvm 1    | 2007/11/13 10:37:07 | Cipher Suite:
>>TLS_DHE_DSS_WITH_AES_128_CBC_SHA
>>INFO   | jvm 1    | 2007/11/13 10:37:07 | Compression Method: 0
>>INFO   | jvm 1    | 2007/11/13 10:37:07 | ***
>>INFO   | jvm 1    | 2007/11/13 10:37:07 | Cipher suite:
>>TLS_DHE_DSS_WITH_AES_128_CBC_SHA
>>INFO   | jvm 1    | 2007/11/13 10:37:07 | *** Certificate chain
>>INFO   | jvm 1    | 2007/11/13 10:37:07 | chain [0] = [
>>INFO   | jvm 1    | 2007/11/13 10:37:07 | [
>>INFO   | jvm 1    | 2007/11/13 10:37:07 |   Version: V1
>>INFO   | jvm 1    | 2007/11/13 10:37:07 |   Subject: CN=gibson
>>INFO   | jvm 1    | 2007/11/13 10:37:07 |   Signature Algorithm:
>>SHA1withDSA, OID = 1.2.840.10040.4.3
>>INFO   | jvm 1    | 2007/11/13 10:37:07 |
>>INFO   | jvm 1    | 2007/11/13 10:37:07 |   Key:  Sun DSA Public Key
>>INFO   | jvm 1    | 2007/11/13 10:37:07 |     Parameters:DSA
>>INFO   | jvm 1    | 2007/11/13 10:37:07 |       p:     fd7f5381 1d751229
>>52df4a9c 2eece4e7 f611b752 3cef4400 c31e3f80 b6512669
>>INFO   | jvm 1    | 2007/11/13 10:37:07 |     455d4022 51fb593d 8d58fabf
>>c5f5ba30 f6cb9b55 6cd7813b 801d346f f26660b7
>>INFO   | jvm 1    | 2007/11/13 10:37:07 |     6b9950a5 a49f9fe8 047b1022
>>c24fbba9 d7feb7c6 1bf83b57 e7c6a8a6 150f04fb
>>INFO   | jvm 1    | 2007/11/13 10:37:07 |     83f6d3c5 1ec30235 54135a16
>>9132f675 f3ae2b61 d72aeff2 2203199d d14801c7
>>INFO   | jvm 1    | 2007/11/13 10:37:07 |       q:     9760508f 15230bcc
>>b292b982 a2eb840b f0581cf5
>>INFO   | jvm 1    | 2007/11/13 10:37:07 |       g:     f7e1a085 d69b3dde
>>cbbcab5c 36b857b9 7994afbb fa3aea82 f9574c0b 3d078267
>>INFO   | jvm 1    | 2007/11/13 10:37:07 |     5159578e bad4594f e6710710
>>8180b449 167123e8 4c281613 b7cf0932 8cc8a6e1
>>INFO   | jvm 1    | 2007/11/13 10:37:07 |     3c167a8b 547c8d28 e0a3ae1e
>>2bb3a675 916ea37f 0bfa2135 62f1fb62 7a01243b
>>INFO   | jvm 1    | 2007/11/13 10:37:07 |     cca4f1be a8519089 a883dfe1
>>5ae59f06 928b665e 807b5525 64014c3b fecf492a
>>INFO   | jvm 1    | 2007/11/13 10:37:07 |
>>INFO   | jvm 1    | 2007/11/13 10:37:07 |   y:
>>INFO   | jvm 1    | 2007/11/13 10:37:07 |     cd6c71d2 1e09d704 f9105ef9
>>ce1dd1c4 64439928 00f577f4 682e43db 0b9165f6
>>INFO   | jvm 1    | 2007/11/13 10:37:07 |     8c1dbc80 463cabf1 acb0dc1f
>>d07e01a0 f672121d 9db13a3c 1f4e42f6 40e7fc75
>>INFO   | jvm 1    | 2007/11/13 10:37:07 |     f91d1f2a b59f2517 d5187074
>>56558fb2 14fe762e c9d8756f f76d3edf 4ea53389
>>INFO   | jvm 1    | 2007/11/13 10:37:07 |     18b49570 7b2e9f00 b8c1b067
>>22a62e2e 1f653c38 92abf821 8298fbac 7ca74759
>>INFO   | jvm 1    | 2007/11/13 10:37:07 |
>>INFO   | jvm 1    | 2007/11/13 10:37:07 |   Validity: [From: Tue Nov 13
>>10:14:23 CET 2007,
>>INFO   | jvm 1    | 2007/11/13 10:37:07 |                To: Fri Nov 10
>>10:14:23 CET 2017]
>>INFO   | jvm 1    | 2007/11/13 10:37:07 |   Issuer: CN=gibson
>>INFO   | jvm 1    | 2007/11/13 10:37:07 |   SerialNumber: [    47396aef]
>>INFO   | jvm 1    | 2007/11/13 10:37:07 |
>>INFO   | jvm 1    | 2007/11/13 10:37:07 | ]
>>INFO   | jvm 1    | 2007/11/13 10:37:07 |   Algorithm: [SHA1withDSA]
>>INFO   | jvm 1    | 2007/11/13 10:37:07 |   Signature:
>>INFO   | jvm 1    | 2007/11/13 10:37:07 | 0000: 30 2C 02 14 2C 26 2E E4
>>  30 03 F2 F9 DE C0 BA 27  0,..,&..0......'
>>INFO   | jvm 1    | 2007/11/13 10:37:07 | 0010: BA 74 19 42 A5 9E 99 C6
>>  02 14 7D 8B 0F 69 C1 CA  .t.B.........i..
>>INFO   | jvm 1    | 2007/11/13 10:37:07 | 0020: D6 48 EC F5 26 8D B0 1C
>>  8A 52 58 E5 F8 2E        .H..&....RX...
>>INFO   | jvm 1    | 2007/11/13 10:37:07 |
>>INFO   | jvm 1    | 2007/11/13 10:37:07 | ]
>>INFO   | jvm 1    | 2007/11/13 10:37:07 | ***
>>INFO   | jvm 1    | 2007/11/13 10:37:07 | *** Diffie-Hellman
>>ServerKeyExchange
>>INFO   | jvm 1    | 2007/11/13 10:37:07 | DH Modulus:  { 244, 136, 253,
>>88, 78, 73, 219, 205, 32, 180, 157, 228, 145, 7, 54, 107, 51, 108, 56,
>>13, 69, 29, 15, 124, 136, 179, 28, 124, 91, 45, 142, 246, 243, 201, 35,
>>192, 67, 240, 165, 91, 24, 141, 142, 187, 85, 140, 184, 93, 56, 211, 52,
>>253, 124, 23, 87, 67, 163, 29, 24, 108, 222, 51, 33, 44, 181, 42, 255,
>>60, 225, 177, 41, 64, 24, 17, 141, 124, 132, 167, 10, 114, 214, 134,
>>196, 3, 25, 200, 7, 41, 122, 202, 149, 12, 217, 150, 159, 171, 208, 10,
>>80, 155, 2, 70, 211, 8, 61, 102, 164, 93, 65, 159, 156, 124, 189, 137,
>>75, 34, 25, 38, 186, 171, 162, 94, 195, 85, 233, 47, 120, 199 }
>>INFO   | jvm 1    | 2007/11/13 10:37:07 | DH Base:  { 2 }
>>INFO   | jvm 1    | 2007/11/13 10:37:07 | Server DH Public Key:  { 243,
>>253, 177, 177, 151, 51, 167, 21, 242, 125, 193, 186, 222, 36, 173, 62,
>>208, 206, 235, 59, 75, 123, 131, 106, 2, 229, 22, 86, 75, 244, 21, 224,
>>151, 113, 118, 80, 224, 182, 37, 74, 176, 243, 57, 194, 71, 140, 134,
>>207, 198, 76, 63, 159, 195, 68, 9, 184, 29, 143, 252, 121, 124, 171, 37,
>>34, 246, 176, 1, 126, 5, 110, 191, 128, 35, 181, 128, 97, 64, 253, 46,
>>15, 208, 244, 63, 170, 61, 76, 61, 43, 82, 192, 56, 168, 251, 172, 71,
>>14, 72, 26, 151, 131, 181, 85, 205, 215, 32, 153, 148, 113, 46, 110,
>>136, 56, 202, 178, 43, 24, 1, 51, 165, 201, 253, 167, 77, 97, 93, 76,
>>25, 0 }
>>INFO   | jvm 1    | 2007/11/13 10:37:07 | Signed with a DSA or RSA
>>public key
>>INFO   | jvm 1    | 2007/11/13 10:37:07 | *** ServerHelloDone
>>INFO   | jvm 1    | 2007/11/13 10:37:07 | btpool0-2, WRITE: TLSv1
>>Handshake, length = 1006
>>INFO   | jvm 1    | 2007/11/13 10:37:09 | btpool0-2, READ: TLSv1
>>Handshake, length = 134
>>INFO   | jvm 1    | 2007/11/13 10:37:09 | *** ClientDiffieHellmanPublic
>>INFO   | jvm 1    | 2007/11/13 10:37:09 | DH Public key:  { 180, 156,
>>224, 176, 82, 33, 127, 196, 171, 160, 247, 100, 102, 103, 111, 226, 164,
>>119, 224, 108, 112, 188, 5, 8, 148, 113, 133, 145, 103, 223, 41, 6, 154,
>>243, 247, 202, 209, 32, 80, 118, 11, 100, 23, 118, 236, 156, 107, 147,
>>5, 201, 5, 145, 203, 57, 29, 229, 164, 99, 215, 204, 237, 16, 82, 185,
>>248, 47, 208, 203, 51, 83, 52, 3, 158, 228, 128, 1, 8, 86, 101, 229, 53,
>>80, 11, 30, 21, 134, 85, 151, 182, 74, 92, 237, 117, 241, 195, 149, 65,
>>28, 112, 20, 227, 132, 255, 189, 119, 51, 192, 202, 111, 210, 88, 112,
>>101, 36, 248, 48, 181, 39, 237, 92, 234, 234, 95, 245, 222, 252, 51, 26 }
>>INFO   | jvm 1    | 2007/11/13 10:37:09 | SESSION KEYGEN:
>>INFO   | jvm 1    | 2007/11/13 10:37:09 | PreMaster Secret:
>>INFO   | jvm 1    | 2007/11/13 10:37:09 | 0000: 5D 55 44 C6 42 0B 32 01
>>  5F 13 F5 FE C5 CB 3D 87  ]UD.B.2._.....=.
>>INFO   | jvm 1    | 2007/11/13 10:37:09 | 0010: 55 A9 08 D0 1A 7E 2A 41
>>  3D 5F E5 8E F7 EC 60 A1  U.....*A=_....`.
>>INFO   | jvm 1    | 2007/11/13 10:37:09 | 0020: 5A F9 C3 58 D8 EA 3E FA
>>  5A 6A C2 61 33 B6 0F 86  Z..X..>.Zj.a3...
>>INFO   | jvm 1    | 2007/11/13 10:37:09 | 0030: AF 6B 3E 03 87 7A 99 64
>>  4E 49 4C 68 01 91 CC 9B  .k>..z.dNILh....
>>INFO   | jvm 1    | 2007/11/13 10:37:09 | 0040: AF A4 13 49 01 4C CF D3
>>  A2 93 A9 82 F8 DD AD E3  ...I.L..........
>>INFO   | jvm 1    | 2007/11/13 10:37:09 | 0050: 3A 4B 4C 8B A9 84 F9 B0
>>  C7 AD 2A 20 D1 EE D0 19  :KL.......* ....
>>INFO   | jvm 1    | 2007/11/13 10:37:09 | 0060: D0 6A E9 A6 A7 54 08 51
>>  9C 2C 89 BD 59 A9 4F A8  .j...T.Q.,..Y.O.
>>INFO   | jvm 1    | 2007/11/13 10:37:09 | 0070: 9E 39 0C A6 3D E9 0F 2E
>>  13 BB 97 C0 AB B5 49 41  .9..=.........IA
>>INFO   | jvm 1    | 2007/11/13 10:37:09 | CONNECTION KEYGEN:
>>INFO   | jvm 1    | 2007/11/13 10:37:09 | Client Nonce:
>>INFO   | jvm 1    | 2007/11/13 10:37:09 | 0000: 00 0E 6E 37 22 00 F0 74
>>  94 49 9C B2 9F 88 F7 74  ..n7"..t.I.....t
>>INFO   | jvm 1    | 2007/11/13 10:37:09 | 0010: 25 D5 7B 02 77 E7 A5 EB
>>  F8 80 B6 DB 1E FD 80 D9  %...w...........
>>INFO   | jvm 1    | 2007/11/13 10:37:09 | Server Nonce:
>>INFO   | jvm 1    | 2007/11/13 10:37:09 | 0000: 47 39 70 43 CA 26 1A 9D
>>  6B 1A 09 CB 61 A4 50 E2  G9pC.&..k...a.P.
>>INFO   | jvm 1    | 2007/11/13 10:37:09 | 0010: 4E 55 7D 59 B3 F3 FA 60
>>  C6 0F 06 8F CE 77 76 09  NU.Y...`.....wv.
>>INFO   | jvm 1    | 2007/11/13 10:37:09 | Master Secret:
>>INFO   | jvm 1    | 2007/11/13 10:37:09 | 0000: B6 EA BD 51 F6 88 05 96
>>  6C 71 6F 13 7C 1B 76 8C  ...Q....lqo...v.
>>INFO   | jvm 1    | 2007/11/13 10:37:09 | 0010: DF 4F F0 99 55 2A 2C E7
>>  9F C4 EC C1 1B BB 30 1B  .O..U*,.......0.
>>INFO   | jvm 1    | 2007/11/13 10:37:09 | 0020: 5D 7D 11 3E F2 30 AC 7D
>>  F6 74 5E BB 17 81 E3 B1  ]..>.0...t^.....
>>INFO   | jvm 1    | 2007/11/13 10:37:09 | Client MAC write Secret:
>>INFO   | jvm 1    | 2007/11/13 10:37:09 | 0000: C1 FB EE 05 7C F6 20 A7
>>  3A DA 9A 21 FE BA 7F 48  ...... .:..!...H
>>INFO   | jvm 1    | 2007/11/13 10:37:09 | 0010: 72 F0 5B 41
>>                           r.[A
>>INFO   | jvm 1    | 2007/11/13 10:37:09 | Server MAC write Secret:
>>INFO   | jvm 1    | 2007/11/13 10:37:09 | 0000: EB 1B D4 B7 B2 F0 89 EC
>>  7D C1 17 37 FA 13 69 1F  ...........7..i.
>>INFO   | jvm 1    | 2007/11/13 10:37:09 | 0010: EF DC 41 B8
>>                           ..A.
>>INFO   | jvm 1    | 2007/11/13 10:37:09 | Client write key:
>>INFO   | jvm 1    | 2007/11/13 10:37:09 | 0000: AC 5C 3C 12 7E 00 3F 6F
>>  7E 5E 90 E1 AF DC F0 39  .\<...?o.^...
>>INFO   | jvm 1    | 2007/11/13 10:37:09 | ..9
>>INFO   | jvm 1    | 2007/11/13 10:37:09 | Server write key:
>>INFO   | jvm 1    | 2007/11/13 10:37:09 | 0000: 56 ED 02 58 FC 33 1D 7D
>>  A5 C7 FF 52 54 CD C9 B1  V..X.3.....RT...
>>INFO   | jvm 1    | 2007/11/13 10:37:09 | Client write IV:
>>INFO   | jvm 1    | 2007/11/13 10:37:09 | 0000: AB 6B B2 DF BE F1 B2 81
>>  F2 F7 C0 11 2E A9 6F EC  .k............o.
>>INFO   | jvm 1    | 2007/11/13 10:37:09 | Server write IV:
>>INFO   | jvm 1    | 2007/11/13 10:37:09 | 0000: 96 D0 C5 0F 6C E2 5E EF
>>  1F 47 AA E4 AD 4B A6 44  ....l.^..G...K.D
>>INFO   | jvm 1    | 2007/11/13 10:37:09 | btpool0-2, READ: TLSv1 Change
>>Cipher Spec, length = 1
>>INFO   | jvm 1    | 2007/11/13 10:37:09 | btpool0-2, READ: TLSv1
>>Handshake, length = 48
>>INFO   | jvm 1    | 2007/11/13 10:37:09 | *** Finished
>>INFO   | jvm 1    | 2007/11/13 10:37:09 | verify_data:  { 177, 54, 164,
>>111, 144, 139, 19, 43, 130, 58, 55, 103 }
>>INFO   | jvm 1    | 2007/11/13 10:37:09 | ***
>>INFO   | jvm 1    | 2007/11/13 10:37:09 | btpool0-2, WRITE: TLSv1 Change
>>Cipher Spec, length = 1
>>INFO   | jvm 1    | 2007/11/13 10:37:09 | *** Finished
>>INFO   | jvm 1    | 2007/11/13 10:37:09 | verify_data:  { 230, 107, 81,
>>197, 223, 211, 169, 122, 220, 184, 106, 71 }
>>INFO   | jvm 1    | 2007/11/13 10:37:09 | ***
>>INFO   | jvm 1    | 2007/11/13 10:37:09 | btpool0-2, WRITE: TLSv1
>>Handshake, length = 48
>>INFO   | jvm 1    | 2007/11/13 10:37:09 | %% Cached server session:
>>[Session-1, TLS_DHE_DSS_WITH_AES_128_CBC_SHA]
>
>
>
>>------------- FAILED HANDSHAKE --------------------
>
>
>>INFO   | jvm 1    | 2007/11/13 15:04:00 | btpool0-1 - Acceptor0
>>SslSocketConnector@0.0.0.0:9663, setSoTimeout(30000) called
>>INFO   | jvm 1    | 2007/11/13 15:04:00 | btpool0-20, READ:  SSL v2,
>>contentType = Handshake, translated length = 67
>>INFO   | jvm 1    | 2007/11/13 15:04:00 | *** ClientHello, SSLv3
>>INFO   | jvm 1    | 2007/11/13 15:04:00 | RandomCookie:  GMT: 0 bytes =
>>{ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 50, 150, 129, 239, 43, 252, 78,
>>255, 73, 68, 233, 6, 204, 172, 208, 248 }
>>INFO   | jvm 1    | 2007/11/13 15:04:00 | Session ID:  {}
>>INFO   | jvm 1    | 2007/11/13 15:04:00 | Cipher Suites:
>>[TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
>>TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
>>TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5,
>>SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA,
>>SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
>>SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA]
>>INFO   | jvm 1    | 2007/11/13 15:04:00 | Compression Methods:  { 0 }
>>INFO   | jvm 1    | 2007/11/13 15:04:00 | ***
>>INFO   | jvm 1    | 2007/11/13 15:04:00 | %% Created:  [Session-41,
>>TLS_DHE_DSS_WITH_AES_128_CBC_SHA]
>>INFO   | jvm 1    | 2007/11/13 15:04:00 | *** ServerHello, SSLv3
>>INFO   | jvm 1    | 2007/11/13 15:04:00 | RandomCookie:  GMT: 1194896848
>>bytes = { 239, 60, 79, 208, 109, 42, 33, 116, 249, 80, 219, 192, 168,
>>157, 187, 247, 84, 133, 171, 86, 134, 171, 178, 125, 168, 6, 81, 254 }
>>INFO   | jvm 1    | 2007/11/13 15:04:00 | Session ID:  {71, 57, 174,
>>208, 132, 99, 36, 58, 153, 240, 13, 53, 136, 241, 169, 171, 108, 209,
>>192, 200, 1, 126, 234, 115, 202, 140, 65, 239, 31, 42, 151, 225}
>>INFO   | jvm 1    | 2007/11/13 15:04:00 | Cipher Suite:
>>TLS_DHE_DSS_WITH_AES_128_CBC_SHA
>>INFO   | jvm 1    | 2007/11/13 15:04:00 | Compression Method: 0
>>INFO   | jvm 1    | 2007/11/13 15:04:00 | ***
>>INFO   | jvm 1    | 2007/11/13 15:04:00 | Cipher suite:
>>TLS_DHE_DSS_WITH_AES_128_CBC_SHA
>>INFO   | jvm 1    | 2007/11/13 15:04:00 | *** Certificate chain
>>INFO   | jvm 1    | 2007/11/13 15:04:00 | chain [0] = [
>>INFO   | jvm 1    | 2007/11/13 15:04:00 | [
>>INFO   | jvm 1    | 2007/11/13 15:04:00 |   Version: V1
>>INFO   | jvm 1    | 2007/11/13 15:04:00 |   Subject: CN=gibson
>>INFO   | jvm 1    | 2007/11/13 15:04:00 |   Signature Algorithm:
>>SHA1withDSA, OID = 1.2.840.10040.4.3
>>INFO   | jvm 1    | 2007/11/13 15:04:00 |
>>INFO   | jvm 1    | 2007/11/13 15:04:00 |   Key:  Sun DSA Public Key
>>INFO   | jvm 1    | 2007/11/13 15:04:00 |     Parameters:DSA
>>INFO   | jvm 1    | 2007/11/13 15:04:00 |       p:     fd7f5381 1d751229
>>52df4a9c 2eece4e7 f611b752 3cef4400 c31e3f80 b6512669
>>INFO   | jvm 1    | 2007/11/13 15:04:00 |     455d4022 51fb593d 8d58fabf
>>c5f5ba30 f6cb9b55 6cd7813b 801d346f f26660b7
>>INFO   | jvm 1    | 2007/11/13 15:04:00 |     6b9950a5 a49f9fe8 047b1022
>>c24fbba9 d7feb7c6 1bf83b57 e7c6a8a6 150f04fb
>>INFO   | jvm 1    | 2007/11/13 15:04:00 |     83f6d3c5 1ec30235 54135a16
>>9132f675 f3ae2b61 d72aeff2 2203199d d14801c7
>>INFO   | jvm 1    | 2007/11/13 15:04:00 |       q:     9760508f 15230bcc
>>b292b982 a2eb840b f0581cf5
>>INFO   | jvm 1    | 2007/11/13 15:04:00 |       g:     f7e1a085 d69b3dde
>>cbbcab5c 36b857b9 7994afbb fa3aea82 f9574c0b 3d078267
>>INFO   | jvm 1    | 2007/11/13 15:04:00 |     5159578e bad4594f e6710710
>>8180b449 167123e8 4c281613 b7cf0932 8cc8a6e1
>>INFO   | jvm 1    | 2007/11/13 15:04:00 |     3c167a8b 547c8d28 e0a3ae1e
>>2bb3a675 916ea37f 0bfa2135 62f1fb62 7a01243b
>>INFO   | jvm 1    | 2007/11/13 15:04:00 |     cca4f1be a8519089 a883dfe1
>>5ae59f06 928b665e 807b5525 64014c3b fecf492a
>>INFO   | jvm 1    | 2007/11/13 15:04:00 |
>>INFO   | jvm 1    | 2007/11/13 15:04:00 |   y:
>>INFO   | jvm 1    | 2007/11/13 15:04:00 |     cd6c71d2 1e09d704 f9105ef9
>>ce1dd1c4 64439928 00f577f4 682e43db 0b9165f6
>>INFO   | jvm 1    | 2007/11/13 15:04:00 |     8c1dbc80 463cabf1 acb0dc1f
>>d07e01a0 f672121d 9db13a3c 1f4e42f6 40e7fc75
>>INFO   | jvm 1    | 2007/11/13 15:04:00 |     f91d1f2a b59f2517 d5187074
>>56558fb2 14fe762e c9d8756f f76d3edf 4ea53389
>>INFO   | jvm 1    | 2007/11/13 15:04:00 |     18b49570 7b2e9f00 b8c1b067
>>22a62e2e 1f653c38 92abf821 8298fbac 7ca74759
>>INFO   | jvm 1    | 2007/11/13 15:04:00 |
>>INFO   | jvm 1    | 2007/11/13 15:04:00 |   Validity: [From: Tue Nov 13
>>10:14:23 CET 2007,
>>INFO   | jvm 1    | 2007/11/13 15:04:00 |                To: Fri Nov 10
>>10:14:23 CET 2017]
>>INFO   | jvm 1    | 2007/11/13 15:04:00 |   Issuer: CN=gibson
>>INFO   | jvm 1    | 2007/11/13 15:04:00 |   SerialNumber: [    47396aef]
>>INFO   | jvm 1    | 2007/11/13 15:04:00 |
>>INFO   | jvm 1    | 2007/11/13 15:04:00 | ]
>>INFO   | jvm 1    | 2007/11/13 15:04:00 |   Algorithm: [SHA1withDSA]
>>INFO   | jvm 1    | 2007/11/13 15:04:00 |   Signature:
>>INFO   | jvm 1    | 2007/11/13 15:04:00 | 0000: 30 2C 02 14 2C 26 2E E4
>>  30 03 F2 F9 DE C0 BA 27  0,..,&..0......'
>>INFO   | jvm 1    | 2007/11/13 15:04:00 | 0010: BA 74 19 42 A5 9E 99 C6
>>  02 14 7D 8B 0F 69 C1 CA  .t.B.........i..
>>INFO   | jvm 1    | 2007/11/13 15:04:00 | 0020: D6 48 EC F5 26 8D B0 1C
>>  8A 52 58 E5 F8 2E        .H..&....RX...
>>INFO   | jvm 1    | 2007/11/13 15:04:00 |
>>INFO   | jvm 1    | 2007/11/13 15:04:00 | ]
>>INFO   | jvm 1    | 2007/11/13 15:04:00 | ***
>>INFO   | jvm 1    | 2007/11/13 15:04:00 | *** Diffie-Hellman
>>ServerKeyExchange
>>INFO   | jvm 1    | 2007/11/13 15:04:00 | DH Modulus:  { 244, 136, 253,
>>88, 78, 73, 219, 205, 32, 180, 157, 228, 145, 7, 54, 107, 51, 108, 56,
>>13, 69, 29, 15, 124, 136, 179, 28, 124, 91, 45, 142, 246, 243, 201, 35,
>>192, 67, 240, 165, 91, 24, 141, 142, 187, 85, 140, 184, 93, 56, 211, 52,
>>253, 124, 23, 87, 67, 163, 29, 24, 108, 222, 51, 33, 44, 181, 42, 255,
>>60, 225, 177, 41, 64, 24, 17, 141, 124, 132, 167, 10, 114, 214, 134,
>>196, 3, 25, 200, 7, 41, 122, 202, 149, 12, 217, 150, 159, 171, 208, 10,
>>80, 155, 2, 70, 211, 8, 61, 102, 164, 93, 65, 159, 156, 124, 189, 137,
>>75, 34, 25, 38, 186, 171, 162, 94, 195, 85, 233, 47, 120, 199 }
>>INFO   | jvm 1    | 2007/11/13 15:04:00 | DH Base:  { 2 }
>>INFO   | jvm 1    | 2007/11/13 15:04:00 | Server DH Public Key:  { 163,
>>150, 206, 89, 30, 95, 234, 49, 13, 145, 68, 95, 158, 131, 94, 2, 136,
>>71, 92, 119, 74, 31, 230, 218, 209, 255, 39, 118, 104, 185, 92, 154,
>>167, 29, 244, 91, 133, 170, 41, 124, 23, 237, 234, 87, 43, 29, 229, 144,
>>55, 142, 231, 160, 223, 255, 129, 208, 224, 15, 249, 245, 85, 136, 249,
>>205, 186, 228, 244, 37, 28, 89, 128, 78, 43, 130, 126, 77, 72, 72, 160,
>>84, 62, 109, 14, 218, 181, 231, 126, 221, 196, 3, 233, 228, 107, 36,
>>165, 173, 36, 184, 171, 169, 203, 222, 69, 70, 8, 149, 196, 73, 59, 116,
>>202, 71, 106, 47, 235, 88, 128, 186, 43, 194, 56, 11, 152, 255, 129,
>>165, 17, 204 }
>>INFO   | jvm 1    | 2007/11/13 15:04:00 | Signed with a DSA or RSA
>>public key
>>INFO   | jvm 1    | 2007/11/13 15:04:00 | *** ServerHelloDone
>>INFO   | jvm 1    | 2007/11/13 15:04:00 | btpool0-20, WRITE: SSLv3
>>Handshake, length = 1006
>>INFO   | jvm 1    | 2007/11/13 15:04:00 | btpool0-20, READ: SSLv3 Alert,
>>length = 2
>>INFO   | jvm 1    | 2007/11/13 15:04:00 | btpool0-20, RECV SSLv3 ALERT:
>> fatal, handshake_failure
>>INFO   | jvm 1    | 2007/11/13 15:04:00 | btpool0-20, called closeSocket()
>>INFO   | jvm 1    | 2007/11/13 15:04:00 | btpool0-20, handling
>>exception: javax.net.ssl.SSLHandshakeException: Received fatal alert:
>>handshake_failure
>
>
>
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc.
> Still grepping through log files to find problems?  Stop.
> Now Search log events and configuration files using AJAX and a browser.
> Download your FREE copy of Splunk now >> http://get.splunk.com/
> _______________________________________________
> jetty-discuss mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/jetty-discuss
>


--
Thomas Termin
_______________________________
blue elephant systems GmbH
Wollgrasweg 49
D-70599 Stuttgart

Tel    :  (+49) 0711 - 45 10 17 676
Fax    :  (+49) 0711 - 45 10 17 573
WWW    :  http://www.blue-elephant-systems.com
Email  :  [hidden email]

blue elephant systems GmbH
Firmensitz      : Wollgrasweg 49, D-70599 Stuttgart
Registergericht : Amtsgericht Stuttgart, HRB 24106
Geschäftsführer : Holger Dietrich, Thomas Gentsch, Joachim Hoernle


-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
jetty-discuss mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/jetty-discuss
Reply | Threaded
Open this post in threaded view
|

Re: jetty ssl problems

Chris Haynes
... and is it only the one Firefox instance that has the problem?

What are its security settings in about:config?

All SSL sessions can time out and re-negotiate via a new handshake, so that, itself, is not unusual. What's curious is the change of security protocol when the session is re-negotiated.  Have you checked the Firefox support sites for related bug reports?



Chris



On Wednesday, November 14, 2007 at 1:01:30 PM, Thomas Termin wrote:
> Hello Chris,

> thanks for your fast response.

> Yeah it is the same firefox instance all the time. After a certain
> amount of time the second listed handshake comes in.

> I tried some stuff but it comes always back to this problem.

> Thomas Termin


> Chris Haynes wrote:
>> Hmm...
>> Have you noticed the v2 /v3 discrepancy in the second and third lines of the bad handshake? Looks to me like a JVM problem, or even lower, a problem in the server's SSL implementation - but that would be most unusual.

>> It's a couple of years since I paddled around in here, but I seem to remember that that server first announces which SSL/TLS levels it will accept and the client selects the one to use. Are your two tests with the _same_ client_, or are you showing us traces from different instances of firefox?

>> If the different handshakes are coming from the _same_ instance of Firefox that's very strange indeed.

>> If it is from different Firefox instances (maybe even different versions) then it is quite possible that they have different settings.Set the browsers to the pseudo-url  'about:config' and look for the three entries:
>> security.enable_ssl2
>> security.enable_ssl3
>> security.enable_tls

>> mine are set to false, true, false.
>>  

>> Have you tried turning on the server JVM's SSL networking low-level trace?  I presume you are using a Sun JVM? If you hunt around in the Sun on-line documentation  on SSL you can find a command line option which enables really detailed logging of the SSL handshake itself, i.e. it dumps the bytes received and sent. You might be able to see what the real difference is then. Ask again if you can't find it - I've made a paper copy somewhere, but can't find it at the moment.

>> IIRC, there is a possible work-around: it is possible to set, either via Jetty or in the JVM's security properties file, the lowest level of transport encryption protocol acceptable to the server (i.e. the server equivalent of the above client settings). I can't remember if its a Jetty parameter or if you might have to fiddle around in either the code or the JVM security property file to change this.

>> HTH

>> Chris Haynes



>> On Tuesday, November 13, 2007 at 2:18:54 PM, Thomas Termin wrote:

>>>Hello,


>>>we have a problem with firefox, jetty-6.1.4 and https. We use the
>>>standard configuration from jetty and the SslSocketConnector.


>>>If you start an https session the handshake works fine but after a
>>>certain amount of time or clicks we get an handshake_failure.


>>>If it works fine the clients sends the following: ClientHello, TLSv1


>>>And when it goes wrong the client sends this: ClientHello, SSLv3


>>>If attached the java debug log for ssl. The first one is the successfull
>>>and the second one the failed handshake.


>>>Is there anything we can do in jetty to avoid this problem?


>>>Regards,
>>>Thomas Termin


>>>--------------------- SUCCESSFULL HANDSHAKE -------------------


>>>INFO   | jvm 1    | 2007/11/13 10:37:07 | btpool0-1 - Acceptor0
>>>SslSocketConnector@0.0.0.0:9663, setSoTimeout(30000) called
>>>INFO   | jvm 1    | 2007/11/13 10:37:07 | btpool0-2, READ: TLSv1
>>>Handshake, length = 134
>>>INFO   | jvm 1    | 2007/11/13 10:37:07 | *** ClientHello, TLSv1
>>>INFO   | jvm 1    | 2007/11/13 10:37:07 | RandomCookie:  GMT: 945719
>>>bytes = { 34, 0, 240, 116, 148, 73, 156, 178, 159, 136, 247, 116, 37,
>>>213, 123, 2, 119, 231, 165, 235, 248, 128, 182, 219, 30, 253, 128, 217 }
>>>INFO   | jvm 1    | 2007/11/13 10:37:07 | Session ID:  {}
>>>INFO   | jvm 1    | 2007/11/13 10:37:07 | Cipher Suites: [Unknown
>>>0xc0:0xa, Unknown 0xc0:0x14, TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
>>>TLS_DHE_DSS_WITH_AES_256_CBC_SHA, Unknown 0xc0:0xf, Unknown 0xc0:0x5,
>>>TLS_RSA_WITH_AES_256_CBC_SHA, Unknown 0xc0:0x7, Unknown 0xc0:0x9,
>>>Unknown 0xc0:0x11, Unknown 0xc0:0x13, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
>>>TLS_DHE_DSS_WITH_AES_128_CBC_SHA, Unknown 0xc0:0xc, Unknown 0xc0:0xe,
>>>Unknown 0xc0:0x2, Unknown 0xc0:0x4, SSL_RSA_WITH_RC4_128_MD5,
>>>SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, Unknown
>>>0xc0:0x8, Unknown 0xc0:0x12, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
>>>SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, Unknown 0xc0:0xd, Unknown 0xc0:0x3,
>>>SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA]
>>>INFO   | jvm 1    | 2007/11/13 10:37:07 | Compression Methods:  { 0 }
>>>INFO   | jvm 1    | 2007/11/13 10:37:07 | ***
>>>INFO   | jvm 1    | 2007/11/13 10:37:07 | %% Created:  [Session-1,
>>>TLS_DHE_DSS_WITH_AES_128_CBC_SHA]
>>>INFO   | jvm 1    | 2007/11/13 10:37:07 | *** ServerHello, TLSv1
>>>INFO   | jvm 1    | 2007/11/13 10:37:07 | RandomCookie:  GMT: 1194946627
>>>bytes = { 202, 38, 26, 157, 107, 26, 9, 203, 97, 164, 80, 226, 78, 85,
>>>125, 89, 179, 243, 250, 96, 198, 15, 6, 143, 206, 119, 118, 9 }
>>>INFO   | jvm 1    | 2007/11/13 10:37:07 | Session ID:  {71, 57, 112, 67,
>>>89, 141, 186, 23, 151, 98, 111, 198, 201, 252, 215, 147, 12, 21, 199,
>>>126, 23, 93, 96, 218, 167, 240, 24, 108, 244, 92, 210, 185}
>>>INFO   | jvm 1    | 2007/11/13 10:37:07 | Cipher Suite:
>>>TLS_DHE_DSS_WITH_AES_128_CBC_SHA
>>>INFO   | jvm 1    | 2007/11/13 10:37:07 | Compression Method: 0
>>>INFO   | jvm 1    | 2007/11/13 10:37:07 | ***
>>>INFO   | jvm 1    | 2007/11/13 10:37:07 | Cipher suite:
>>>TLS_DHE_DSS_WITH_AES_128_CBC_SHA
>>>INFO   | jvm 1    | 2007/11/13 10:37:07 | *** Certificate chain
>>>INFO   | jvm 1    | 2007/11/13 10:37:07 | chain [0] = [
>>>INFO   | jvm 1    | 2007/11/13 10:37:07 | [
>>>INFO   | jvm 1    | 2007/11/13 10:37:07 |   Version: V1
>>>INFO   | jvm 1    | 2007/11/13 10:37:07 |   Subject: CN=gibson
>>>INFO   | jvm 1    | 2007/11/13 10:37:07 |   Signature Algorithm:
>>>SHA1withDSA, OID = 1.2.840.10040.4.3
>>>INFO   | jvm 1    | 2007/11/13 10:37:07 |
>>>INFO   | jvm 1    | 2007/11/13 10:37:07 |   Key:  Sun DSA Public Key
>>>INFO   | jvm 1    | 2007/11/13 10:37:07 |     Parameters:DSA
>>>INFO   | jvm 1    | 2007/11/13 10:37:07 |       p:     fd7f5381 1d751229
>>>52df4a9c 2eece4e7 f611b752 3cef4400 c31e3f80 b6512669
>>>INFO   | jvm 1    | 2007/11/13 10:37:07 |     455d4022 51fb593d 8d58fabf
>>>c5f5ba30 f6cb9b55 6cd7813b 801d346f f26660b7
>>>INFO   | jvm 1    | 2007/11/13 10:37:07 |     6b9950a5 a49f9fe8 047b1022
>>>c24fbba9 d7feb7c6 1bf83b57 e7c6a8a6 150f04fb
>>>INFO   | jvm 1    | 2007/11/13 10:37:07 |     83f6d3c5 1ec30235 54135a16
>>>9132f675 f3ae2b61 d72aeff2 2203199d d14801c7
>>>INFO   | jvm 1    | 2007/11/13 10:37:07 |       q:     9760508f 15230bcc
>>>b292b982 a2eb840b f0581cf5
>>>INFO   | jvm 1    | 2007/11/13 10:37:07 |       g:     f7e1a085 d69b3dde
>>>cbbcab5c 36b857b9 7994afbb fa3aea82 f9574c0b 3d078267
>>>INFO   | jvm 1    | 2007/11/13 10:37:07 |     5159578e bad4594f e6710710
>>>8180b449 167123e8 4c281613 b7cf0932 8cc8a6e1
>>>INFO   | jvm 1    | 2007/11/13 10:37:07 |     3c167a8b 547c8d28 e0a3ae1e
>>>2bb3a675 916ea37f 0bfa2135 62f1fb62 7a01243b
>>>INFO   | jvm 1    | 2007/11/13 10:37:07 |     cca4f1be a8519089 a883dfe1
>>>5ae59f06 928b665e 807b5525 64014c3b fecf492a
>>>INFO   | jvm 1    | 2007/11/13 10:37:07 |
>>>INFO   | jvm 1    | 2007/11/13 10:37:07 |   y:
>>>INFO   | jvm 1    | 2007/11/13 10:37:07 |     cd6c71d2 1e09d704 f9105ef9
>>>ce1dd1c4 64439928 00f577f4 682e43db 0b9165f6
>>>INFO   | jvm 1    | 2007/11/13 10:37:07 |     8c1dbc80 463cabf1 acb0dc1f
>>>d07e01a0 f672121d 9db13a3c 1f4e42f6 40e7fc75
>>>INFO   | jvm 1    | 2007/11/13 10:37:07 |     f91d1f2a b59f2517 d5187074
>>>56558fb2 14fe762e c9d8756f f76d3edf 4ea53389
>>>INFO   | jvm 1    | 2007/11/13 10:37:07 |     18b49570 7b2e9f00 b8c1b067
>>>22a62e2e 1f653c38 92abf821 8298fbac 7ca74759
>>>INFO   | jvm 1    | 2007/11/13 10:37:07 |
>>>INFO   | jvm 1    | 2007/11/13 10:37:07 |   Validity: [From: Tue Nov 13
>>>10:14:23 CET 2007,
>>>INFO   | jvm 1    | 2007/11/13 10:37:07 |                To: Fri Nov 10
>>>10:14:23 CET 2017]
>>>INFO   | jvm 1    | 2007/11/13 10:37:07 |   Issuer: CN=gibson
>>>INFO   | jvm 1    | 2007/11/13 10:37:07 |   SerialNumber: [    47396aef]
>>>INFO   | jvm 1    | 2007/11/13 10:37:07 |
>>>INFO   | jvm 1    | 2007/11/13 10:37:07 | ]
>>>INFO   | jvm 1    | 2007/11/13 10:37:07 |   Algorithm: [SHA1withDSA]
>>>INFO   | jvm 1    | 2007/11/13 10:37:07 |   Signature:
>>>INFO   | jvm 1    | 2007/11/13 10:37:07 | 0000: 30 2C 02 14 2C 26 2E E4
>>>  30 03 F2 F9 DE C0 BA 27  0,..,&..0......'
>>>INFO   | jvm 1    | 2007/11/13 10:37:07 | 0010: BA 74 19 42 A5 9E 99 C6
>>>  02 14 7D 8B 0F 69 C1 CA  .t.B.........i..
>>>INFO   | jvm 1    | 2007/11/13 10:37:07 | 0020: D6 48 EC F5 26 8D B0 1C
>>>  8A 52 58 E5 F8 2E        .H..&....RX...
>>>INFO   | jvm 1    | 2007/11/13 10:37:07 |
>>>INFO   | jvm 1    | 2007/11/13 10:37:07 | ]
>>>INFO   | jvm 1    | 2007/11/13 10:37:07 | ***
>>>INFO   | jvm 1    | 2007/11/13 10:37:07 | *** Diffie-Hellman
>>>ServerKeyExchange
>>>INFO   | jvm 1    | 2007/11/13 10:37:07 | DH Modulus:  { 244, 136, 253,
>>>88, 78, 73, 219, 205, 32, 180, 157, 228, 145, 7, 54, 107, 51, 108, 56,
>>>13, 69, 29, 15, 124, 136, 179, 28, 124, 91, 45, 142, 246, 243, 201, 35,
>>>192, 67, 240, 165, 91, 24, 141, 142, 187, 85, 140, 184, 93, 56, 211, 52,
>>>253, 124, 23, 87, 67, 163, 29, 24, 108, 222, 51, 33, 44, 181, 42, 255,
>>>60, 225, 177, 41, 64, 24, 17, 141, 124, 132, 167, 10, 114, 214, 134,
>>>196, 3, 25, 200, 7, 41, 122, 202, 149, 12, 217, 150, 159, 171, 208, 10,
>>>80, 155, 2, 70, 211, 8, 61, 102, 164, 93, 65, 159, 156, 124, 189, 137,
>>>75, 34, 25, 38, 186, 171, 162, 94, 195, 85, 233, 47, 120, 199 }
>>>INFO   | jvm 1    | 2007/11/13 10:37:07 | DH Base:  { 2 }
>>>INFO   | jvm 1    | 2007/11/13 10:37:07 | Server DH Public Key:  { 243,
>>>253, 177, 177, 151, 51, 167, 21, 242, 125, 193, 186, 222, 36, 173, 62,
>>>208, 206, 235, 59, 75, 123, 131, 106, 2, 229, 22, 86, 75, 244, 21, 224,
>>>151, 113, 118, 80, 224, 182, 37, 74, 176, 243, 57, 194, 71, 140, 134,
>>>207, 198, 76, 63, 159, 195, 68, 9, 184, 29, 143, 252, 121, 124, 171, 37,
>>>34, 246, 176, 1, 126, 5, 110, 191, 128, 35, 181, 128, 97, 64, 253, 46,
>>>15, 208, 244, 63, 170, 61, 76, 61, 43, 82, 192, 56, 168, 251, 172, 71,
>>>14, 72, 26, 151, 131, 181, 85, 205, 215, 32, 153, 148, 113, 46, 110,
>>>136, 56, 202, 178, 43, 24, 1, 51, 165, 201, 253, 167, 77, 97, 93, 76,
>>>25, 0 }
>>>INFO   | jvm 1    | 2007/11/13 10:37:07 | Signed with a DSA or RSA
>>>public key
>>>INFO   | jvm 1    | 2007/11/13 10:37:07 | *** ServerHelloDone
>>>INFO   | jvm 1    | 2007/11/13 10:37:07 | btpool0-2, WRITE: TLSv1
>>>Handshake, length = 1006
>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | btpool0-2, READ: TLSv1
>>>Handshake, length = 134
>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | *** ClientDiffieHellmanPublic
>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | DH Public key:  { 180, 156,
>>>224, 176, 82, 33, 127, 196, 171, 160, 247, 100, 102, 103, 111, 226, 164,
>>>119, 224, 108, 112, 188, 5, 8, 148, 113, 133, 145, 103, 223, 41, 6, 154,
>>>243, 247, 202, 209, 32, 80, 118, 11, 100, 23, 118, 236, 156, 107, 147,
>>>5, 201, 5, 145, 203, 57, 29, 229, 164, 99, 215, 204, 237, 16, 82, 185,
>>>248, 47, 208, 203, 51, 83, 52, 3, 158, 228, 128, 1, 8, 86, 101, 229, 53,
>>>80, 11, 30, 21, 134, 85, 151, 182, 74, 92, 237, 117, 241, 195, 149, 65,
>>>28, 112, 20, 227, 132, 255, 189, 119, 51, 192, 202, 111, 210, 88, 112,
>>>101, 36, 248, 48, 181, 39, 237, 92, 234, 234, 95, 245, 222, 252, 51, 26 }
>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | SESSION KEYGEN:
>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | PreMaster Secret:
>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | 0000: 5D 55 44 C6 42 0B 32 01
>>>  5F 13 F5 FE C5 CB 3D 87  ]UD.B.2._.....=.
>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | 0010: 55 A9 08 D0 1A 7E 2A 41
>>>  3D 5F E5 8E F7 EC 60 A1  U.....*A=_....`.
>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | 0020: 5A F9 C3 58 D8 EA 3E FA
>>>  5A 6A C2 61 33 B6 0F 86  Z..X..>.Zj.a3...
>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | 0030: AF 6B 3E 03 87 7A 99 64
>>>  4E 49 4C 68 01 91 CC 9B  .k>..z.dNILh....
>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | 0040: AF A4 13 49 01 4C CF D3
>>>  A2 93 A9 82 F8 DD AD E3  ...I.L..........
>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | 0050: 3A 4B 4C 8B A9 84 F9 B0
>>>  C7 AD 2A 20 D1 EE D0 19  :KL.......* ....
>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | 0060: D0 6A E9 A6 A7 54 08 51
>>>  9C 2C 89 BD 59 A9 4F A8  .j...T.Q.,..Y.O.
>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | 0070: 9E 39 0C A6 3D E9 0F 2E
>>>  13 BB 97 C0 AB B5 49 41  .9..=.........IA
>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | CONNECTION KEYGEN:
>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | Client Nonce:
>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | 0000: 00 0E 6E 37 22 00 F0 74
>>>  94 49 9C B2 9F 88 F7 74  ..n7"..t.I.....t
>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | 0010: 25 D5 7B 02 77 E7 A5 EB
>>>  F8 80 B6 DB 1E FD 80 D9  %...w...........
>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | Server Nonce:
>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | 0000: 47 39 70 43 CA 26 1A 9D
>>>  6B 1A 09 CB 61 A4 50 E2  G9pC.&..k...a.P.
>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | 0010: 4E 55 7D 59 B3 F3 FA 60
>>>  C6 0F 06 8F CE 77 76 09  NU.Y...`.....wv.
>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | Master Secret:
>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | 0000: B6 EA BD 51 F6 88 05 96
>>>  6C 71 6F 13 7C 1B 76 8C  ...Q....lqo...v.
>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | 0010: DF 4F F0 99 55 2A 2C E7
>>>  9F C4 EC C1 1B BB 30 1B  .O..U*,.......0.
>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | 0020: 5D 7D 11 3E F2 30 AC 7D
>>>  F6 74 5E BB 17 81 E3 B1  ]..>.0...t^.....
>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | Client MAC write Secret:
>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | 0000: C1 FB EE 05 7C F6 20 A7
>>>  3A DA 9A 21 FE BA 7F 48  ...... .:..!...H
>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | 0010: 72 F0 5B 41
>>>                           r.[A
>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | Server MAC write Secret:
>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | 0000: EB 1B D4 B7 B2 F0 89 EC
>>>  7D C1 17 37 FA 13 69 1F  ...........7..i.
>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | 0010: EF DC 41 B8
>>>                           ..A.
>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | Client write key:
>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | 0000: AC 5C 3C 12 7E 00 3F 6F
>>>  7E 5E 90 E1 AF DC F0 39  .\<...?o.^...
>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | ..9
>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | Server write key:
>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | 0000: 56 ED 02 58 FC 33 1D 7D
>>>  A5 C7 FF 52 54 CD C9 B1  V..X.3.....RT...
>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | Client write IV:
>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | 0000: AB 6B B2 DF BE F1 B2 81
>>>  F2 F7 C0 11 2E A9 6F EC  .k............o.
>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | Server write IV:
>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | 0000: 96 D0 C5 0F 6C E2 5E EF
>>>  1F 47 AA E4 AD 4B A6 44  ....l.^..G...K.D
>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | btpool0-2, READ: TLSv1 Change
>>>Cipher Spec, length = 1
>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | btpool0-2, READ: TLSv1
>>>Handshake, length = 48
>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | *** Finished
>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | verify_data:  { 177, 54, 164,
>>>111, 144, 139, 19, 43, 130, 58, 55, 103 }
>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | ***
>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | btpool0-2, WRITE: TLSv1 Change
>>>Cipher Spec, length = 1
>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | *** Finished
>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | verify_data:  { 230, 107, 81,
>>>197, 223, 211, 169, 122, 220, 184, 106, 71 }
>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | ***
>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | btpool0-2, WRITE: TLSv1
>>>Handshake, length = 48
>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | %% Cached server session:
>>>[Session-1, TLS_DHE_DSS_WITH_AES_128_CBC_SHA]



>>>------------- FAILED HANDSHAKE --------------------


>>>INFO   | jvm 1    | 2007/11/13 15:04:00 | btpool0-1 - Acceptor0
>>>SslSocketConnector@0.0.0.0:9663, setSoTimeout(30000) called
>>>INFO   | jvm 1    | 2007/11/13 15:04:00 | btpool0-20, READ:  SSL v2,
>>>contentType = Handshake, translated length = 67
>>>INFO   | jvm 1    | 2007/11/13 15:04:00 | *** ClientHello, SSLv3
>>>INFO   | jvm 1    | 2007/11/13 15:04:00 | RandomCookie:  GMT: 0 bytes =
>>>{ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 50, 150, 129, 239, 43, 252, 78,
>>>255, 73, 68, 233, 6, 204, 172, 208, 248 }
>>>INFO   | jvm 1    | 2007/11/13 15:04:00 | Session ID:  {}
>>>INFO   | jvm 1    | 2007/11/13 15:04:00 | Cipher Suites:
>>>[TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
>>>TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
>>>TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5,
>>>SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA,
>>>SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
>>>SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA]
>>>INFO   | jvm 1    | 2007/11/13 15:04:00 | Compression Methods:  { 0 }
>>>INFO   | jvm 1    | 2007/11/13 15:04:00 | ***
>>>INFO   | jvm 1    | 2007/11/13 15:04:00 | %% Created:  [Session-41,
>>>TLS_DHE_DSS_WITH_AES_128_CBC_SHA]
>>>INFO   | jvm 1    | 2007/11/13 15:04:00 | *** ServerHello, SSLv3
>>>INFO   | jvm 1    | 2007/11/13 15:04:00 | RandomCookie:  GMT: 1194896848
>>>bytes = { 239, 60, 79, 208, 109, 42, 33, 116, 249, 80, 219, 192, 168,
>>>157, 187, 247, 84, 133, 171, 86, 134, 171, 178, 125, 168, 6, 81, 254 }
>>>INFO   | jvm 1    | 2007/11/13 15:04:00 | Session ID:  {71, 57, 174,
>>>208, 132, 99, 36, 58, 153, 240, 13, 53, 136, 241, 169, 171, 108, 209,
>>>192, 200, 1, 126, 234, 115, 202, 140, 65, 239, 31, 42, 151, 225}
>>>INFO   | jvm 1    | 2007/11/13 15:04:00 | Cipher Suite:
>>>TLS_DHE_DSS_WITH_AES_128_CBC_SHA
>>>INFO   | jvm 1    | 2007/11/13 15:04:00 | Compression Method: 0
>>>INFO   | jvm 1    | 2007/11/13 15:04:00 | ***
>>>INFO   | jvm 1    | 2007/11/13 15:04:00 | Cipher suite:
>>>TLS_DHE_DSS_WITH_AES_128_CBC_SHA
>>>INFO   | jvm 1    | 2007/11/13 15:04:00 | *** Certificate chain
>>>INFO   | jvm 1    | 2007/11/13 15:04:00 | chain [0] = [
>>>INFO   | jvm 1    | 2007/11/13 15:04:00 | [
>>>INFO   | jvm 1    | 2007/11/13 15:04:00 |   Version: V1
>>>INFO   | jvm 1    | 2007/11/13 15:04:00 |   Subject: CN=gibson
>>>INFO   | jvm 1    | 2007/11/13 15:04:00 |   Signature Algorithm:
>>>SHA1withDSA, OID = 1.2.840.10040.4.3
>>>INFO   | jvm 1    | 2007/11/13 15:04:00 |
>>>INFO   | jvm 1    | 2007/11/13 15:04:00 |   Key:  Sun DSA Public Key
>>>INFO   | jvm 1    | 2007/11/13 15:04:00 |     Parameters:DSA
>>>INFO   | jvm 1    | 2007/11/13 15:04:00 |       p:     fd7f5381 1d751229
>>>52df4a9c 2eece4e7 f611b752 3cef4400 c31e3f80 b6512669
>>>INFO   | jvm 1    | 2007/11/13 15:04:00 |     455d4022 51fb593d 8d58fabf
>>>c5f5ba30 f6cb9b55 6cd7813b 801d346f f26660b7
>>>INFO   | jvm 1    | 2007/11/13 15:04:00 |     6b9950a5 a49f9fe8 047b1022
>>>c24fbba9 d7feb7c6 1bf83b57 e7c6a8a6 150f04fb
>>>INFO   | jvm 1    | 2007/11/13 15:04:00 |     83f6d3c5 1ec30235 54135a16
>>>9132f675 f3ae2b61 d72aeff2 2203199d d14801c7
>>>INFO   | jvm 1    | 2007/11/13 15:04:00 |       q:     9760508f 15230bcc
>>>b292b982 a2eb840b f0581cf5
>>>INFO   | jvm 1    | 2007/11/13 15:04:00 |       g:     f7e1a085 d69b3dde
>>>cbbcab5c 36b857b9 7994afbb fa3aea82 f9574c0b 3d078267
>>>INFO   | jvm 1    | 2007/11/13 15:04:00 |     5159578e bad4594f e6710710
>>>8180b449 167123e8 4c281613 b7cf0932 8cc8a6e1
>>>INFO   | jvm 1    | 2007/11/13 15:04:00 |     3c167a8b 547c8d28 e0a3ae1e
>>>2bb3a675 916ea37f 0bfa2135 62f1fb62 7a01243b
>>>INFO   | jvm 1    | 2007/11/13 15:04:00 |     cca4f1be a8519089 a883dfe1
>>>5ae59f06 928b665e 807b5525 64014c3b fecf492a
>>>INFO   | jvm 1    | 2007/11/13 15:04:00 |
>>>INFO   | jvm 1    | 2007/11/13 15:04:00 |   y:
>>>INFO   | jvm 1    | 2007/11/13 15:04:00 |     cd6c71d2 1e09d704 f9105ef9
>>>ce1dd1c4 64439928 00f577f4 682e43db 0b9165f6
>>>INFO   | jvm 1    | 2007/11/13 15:04:00 |     8c1dbc80 463cabf1 acb0dc1f
>>>d07e01a0 f672121d 9db13a3c 1f4e42f6 40e7fc75
>>>INFO   | jvm 1    | 2007/11/13 15:04:00 |     f91d1f2a b59f2517 d5187074
>>>56558fb2 14fe762e c9d8756f f76d3edf 4ea53389
>>>INFO   | jvm 1    | 2007/11/13 15:04:00 |     18b49570 7b2e9f00 b8c1b067
>>>22a62e2e 1f653c38 92abf821 8298fbac 7ca74759
>>>INFO   | jvm 1    | 2007/11/13 15:04:00 |
>>>INFO   | jvm 1    | 2007/11/13 15:04:00 |   Validity: [From: Tue Nov 13
>>>10:14:23 CET 2007,
>>>INFO   | jvm 1    | 2007/11/13 15:04:00 |                To: Fri Nov 10
>>>10:14:23 CET 2017]
>>>INFO   | jvm 1    | 2007/11/13 15:04:00 |   Issuer: CN=gibson
>>>INFO   | jvm 1    | 2007/11/13 15:04:00 |   SerialNumber: [    47396aef]
>>>INFO   | jvm 1    | 2007/11/13 15:04:00 |
>>>INFO   | jvm 1    | 2007/11/13 15:04:00 | ]
>>>INFO   | jvm 1    | 2007/11/13 15:04:00 |   Algorithm: [SHA1withDSA]
>>>INFO   | jvm 1    | 2007/11/13 15:04:00 |   Signature:
>>>INFO   | jvm 1    | 2007/11/13 15:04:00 | 0000: 30 2C 02 14 2C 26 2E E4
>>>  30 03 F2 F9 DE C0 BA 27  0,..,&..0......'
>>>INFO   | jvm 1    | 2007/11/13 15:04:00 | 0010: BA 74 19 42 A5 9E 99 C6
>>>  02 14 7D 8B 0F 69 C1 CA  .t.B.........i..
>>>INFO   | jvm 1    | 2007/11/13 15:04:00 | 0020: D6 48 EC F5 26 8D B0 1C
>>>  8A 52 58 E5 F8 2E        .H..&....RX...
>>>INFO   | jvm 1    | 2007/11/13 15:04:00 |
>>>INFO   | jvm 1    | 2007/11/13 15:04:00 | ]
>>>INFO   | jvm 1    | 2007/11/13 15:04:00 | ***
>>>INFO   | jvm 1    | 2007/11/13 15:04:00 | *** Diffie-Hellman
>>>ServerKeyExchange
>>>INFO   | jvm 1    | 2007/11/13 15:04:00 | DH Modulus:  { 244, 136, 253,
>>>88, 78, 73, 219, 205, 32, 180, 157, 228, 145, 7, 54, 107, 51, 108, 56,
>>>13, 69, 29, 15, 124, 136, 179, 28, 124, 91, 45, 142, 246, 243, 201, 35,
>>>192, 67, 240, 165, 91, 24, 141, 142, 187, 85, 140, 184, 93, 56, 211, 52,
>>>253, 124, 23, 87, 67, 163, 29, 24, 108, 222, 51, 33, 44, 181, 42, 255,
>>>60, 225, 177, 41, 64, 24, 17, 141, 124, 132, 167, 10, 114, 214, 134,
>>>196, 3, 25, 200, 7, 41, 122, 202, 149, 12, 217, 150, 159, 171, 208, 10,
>>>80, 155, 2, 70, 211, 8, 61, 102, 164, 93, 65, 159, 156, 124, 189, 137,
>>>75, 34, 25, 38, 186, 171, 162, 94, 195, 85, 233, 47, 120, 199 }
>>>INFO   | jvm 1    | 2007/11/13 15:04:00 | DH Base:  { 2 }
>>>INFO   | jvm 1    | 2007/11/13 15:04:00 | Server DH Public Key:  { 163,
>>>150, 206, 89, 30, 95, 234, 49, 13, 145, 68, 95, 158, 131, 94, 2, 136,
>>>71, 92, 119, 74, 31, 230, 218, 209, 255, 39, 118, 104, 185, 92, 154,
>>>167, 29, 244, 91, 133, 170, 41, 124, 23, 237, 234, 87, 43, 29, 229, 144,
>>>55, 142, 231, 160, 223, 255, 129, 208, 224, 15, 249, 245, 85, 136, 249,
>>>205, 186, 228, 244, 37, 28, 89, 128, 78, 43, 130, 126, 77, 72, 72, 160,
>>>84, 62, 109, 14, 218, 181, 231, 126, 221, 196, 3, 233, 228, 107, 36,
>>>165, 173, 36, 184, 171, 169, 203, 222, 69, 70, 8, 149, 196, 73, 59, 116,
>>>202, 71, 106, 47, 235, 88, 128, 186, 43, 194, 56, 11, 152, 255, 129,
>>>165, 17, 204 }
>>>INFO   | jvm 1    | 2007/11/13 15:04:00 | Signed with a DSA or RSA
>>>public key
>>>INFO   | jvm 1    | 2007/11/13 15:04:00 | *** ServerHelloDone
>>>INFO   | jvm 1    | 2007/11/13 15:04:00 | btpool0-20, WRITE: SSLv3
>>>Handshake, length = 1006
>>>INFO   | jvm 1    | 2007/11/13 15:04:00 | btpool0-20, READ: SSLv3 Alert,
>>>length = 2
>>>INFO   | jvm 1    | 2007/11/13 15:04:00 | btpool0-20, RECV SSLv3 ALERT:
>>> fatal, handshake_failure
>>>INFO   | jvm 1    | 2007/11/13 15:04:00 | btpool0-20, called closeSocket()
>>>INFO   | jvm 1    | 2007/11/13 15:04:00 | btpool0-20, handling
>>>exception: javax.net.ssl.SSLHandshakeException: Received fatal alert:
>>>handshake_failure




>> -------------------------------------------------------------------------
>> This SF.net email is sponsored by: Splunk Inc.
>> Still grepping through log files to find problems?  Stop.
>> Now Search log events and configuration files using AJAX and a browser.
>> Download your FREE copy of Splunk now >> http://get.splunk.com/
>> _______________________________________________
>> jetty-discuss mailing list
>> [hidden email]
>> https://lists.sourceforge.net/lists/listinfo/jetty-discuss




-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
jetty-discuss mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/jetty-discuss
Reply | Threaded
Open this post in threaded view
|

Re: jetty ssl problems

tterm
Chris Haynes wrote:
> ... and is it only the one Firefox instance that has the problem?
Yeah but I get the same resulte with an old mozilla browser 1.7.8 also
after a certain amount of time.


>
> What are its security settings in about:config?
As an overview: ssl3 is enabled and tls is enabled. The default settings
shipping with firefox.

>
> All SSL sessions can time out and re-negotiate via a new handshake, so that, itself, is not unusual. What's curious is the change of security protocol when the session is re-negotiated.  Have you checked the Firefox support sites for related bug reports?
I checked firefox but I could not find anything useful.

It happens also with jdk 1.4.

Thomas

>
>
>
> Chris
>
>
>
> On Wednesday, November 14, 2007 at 1:01:30 PM, Thomas Termin wrote:
>
>>Hello Chris,
>
>
>>thanks for your fast response.
>
>
>>Yeah it is the same firefox instance all the time. After a certain
>>amount of time the second listed handshake comes in.
>
>
>>I tried some stuff but it comes always back to this problem.
>
>
>>Thomas Termin
>
>
>
>>Chris Haynes wrote:
>>
>>>Hmm...
>>>Have you noticed the v2 /v3 discrepancy in the second and third lines of the bad handshake? Looks to me like a JVM problem, or even lower, a problem in the server's SSL implementation - but that would be most unusual.
>
>
>>>It's a couple of years since I paddled around in here, but I seem to remember that that server first announces which SSL/TLS levels it will accept and the client selects the one to use. Are your two tests with the _same_ client_, or are you showing us traces from different instances of firefox?
>
>
>>>If the different handshakes are coming from the _same_ instance of Firefox that's very strange indeed.
>
>
>>>If it is from different Firefox instances (maybe even different versions) then it is quite possible that they have different settings.Set the browsers to the pseudo-url  'about:config' and look for the three entries:
>>>security.enable_ssl2
>>>security.enable_ssl3
>>>security.enable_tls
>
>
>>>mine are set to false, true, false.
>>>
>
>
>>>Have you tried turning on the server JVM's SSL networking low-level trace?  I presume you are using a Sun JVM? If you hunt around in the Sun on-line documentation  on SSL you can find a command line option which enables really detailed logging of the SSL handshake itself, i.e. it dumps the bytes received and sent. You might be able to see what the real difference is then. Ask again if you can't find it - I've made a paper copy somewhere, but can't find it at the moment.
>
>
>>>IIRC, there is a possible work-around: it is possible to set, either via Jetty or in the JVM's security properties file, the lowest level of transport encryption protocol acceptable to the server (i.e. the server equivalent of the above client settings). I can't remember if its a Jetty parameter or if you might have to fiddle around in either the code or the JVM security property file to change this.
>
>
>>>HTH
>
>
>>>Chris Haynes
>
>
>
>
>>>On Tuesday, November 13, 2007 at 2:18:54 PM, Thomas Termin wrote:
>
>
>>>>Hello,
>
>
>
>>>>we have a problem with firefox, jetty-6.1.4 and https. We use the
>>>>standard configuration from jetty and the SslSocketConnector.
>
>
>
>>>>If you start an https session the handshake works fine but after a
>>>>certain amount of time or clicks we get an handshake_failure.
>
>
>
>>>>If it works fine the clients sends the following: ClientHello, TLSv1
>
>
>
>>>>And when it goes wrong the client sends this: ClientHello, SSLv3
>
>
>
>>>>If attached the java debug log for ssl. The first one is the successfull
>>>>and the second one the failed handshake.
>
>
>
>>>>Is there anything we can do in jetty to avoid this problem?
>
>
>
>>>>Regards,
>>>>Thomas Termin
>
>
>
>>>>--------------------- SUCCESSFULL HANDSHAKE -------------------
>
>
>
>>>>INFO   | jvm 1    | 2007/11/13 10:37:07 | btpool0-1 - Acceptor0
>>>>SslSocketConnector@0.0.0.0:9663, setSoTimeout(30000) called
>>>>INFO   | jvm 1    | 2007/11/13 10:37:07 | btpool0-2, READ: TLSv1
>>>>Handshake, length = 134
>>>>INFO   | jvm 1    | 2007/11/13 10:37:07 | *** ClientHello, TLSv1
>>>>INFO   | jvm 1    | 2007/11/13 10:37:07 | RandomCookie:  GMT: 945719
>>>>bytes = { 34, 0, 240, 116, 148, 73, 156, 178, 159, 136, 247, 116, 37,
>>>>213, 123, 2, 119, 231, 165, 235, 248, 128, 182, 219, 30, 253, 128, 217 }
>>>>INFO   | jvm 1    | 2007/11/13 10:37:07 | Session ID:  {}
>>>>INFO   | jvm 1    | 2007/11/13 10:37:07 | Cipher Suites: [Unknown
>>>>0xc0:0xa, Unknown 0xc0:0x14, TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
>>>>TLS_DHE_DSS_WITH_AES_256_CBC_SHA, Unknown 0xc0:0xf, Unknown 0xc0:0x5,
>>>>TLS_RSA_WITH_AES_256_CBC_SHA, Unknown 0xc0:0x7, Unknown 0xc0:0x9,
>>>>Unknown 0xc0:0x11, Unknown 0xc0:0x13, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
>>>>TLS_DHE_DSS_WITH_AES_128_CBC_SHA, Unknown 0xc0:0xc, Unknown 0xc0:0xe,
>>>>Unknown 0xc0:0x2, Unknown 0xc0:0x4, SSL_RSA_WITH_RC4_128_MD5,
>>>>SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, Unknown
>>>>0xc0:0x8, Unknown 0xc0:0x12, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
>>>>SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, Unknown 0xc0:0xd, Unknown 0xc0:0x3,
>>>>SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA]
>>>>INFO   | jvm 1    | 2007/11/13 10:37:07 | Compression Methods:  { 0 }
>>>>INFO   | jvm 1    | 2007/11/13 10:37:07 | ***
>>>>INFO   | jvm 1    | 2007/11/13 10:37:07 | %% Created:  [Session-1,
>>>>TLS_DHE_DSS_WITH_AES_128_CBC_SHA]
>>>>INFO   | jvm 1    | 2007/11/13 10:37:07 | *** ServerHello, TLSv1
>>>>INFO   | jvm 1    | 2007/11/13 10:37:07 | RandomCookie:  GMT: 1194946627
>>>>bytes = { 202, 38, 26, 157, 107, 26, 9, 203, 97, 164, 80, 226, 78, 85,
>>>>125, 89, 179, 243, 250, 96, 198, 15, 6, 143, 206, 119, 118, 9 }
>>>>INFO   | jvm 1    | 2007/11/13 10:37:07 | Session ID:  {71, 57, 112, 67,
>>>>89, 141, 186, 23, 151, 98, 111, 198, 201, 252, 215, 147, 12, 21, 199,
>>>>126, 23, 93, 96, 218, 167, 240, 24, 108, 244, 92, 210, 185}
>>>>INFO   | jvm 1    | 2007/11/13 10:37:07 | Cipher Suite:
>>>>TLS_DHE_DSS_WITH_AES_128_CBC_SHA
>>>>INFO   | jvm 1    | 2007/11/13 10:37:07 | Compression Method: 0
>>>>INFO   | jvm 1    | 2007/11/13 10:37:07 | ***
>>>>INFO   | jvm 1    | 2007/11/13 10:37:07 | Cipher suite:
>>>>TLS_DHE_DSS_WITH_AES_128_CBC_SHA
>>>>INFO   | jvm 1    | 2007/11/13 10:37:07 | *** Certificate chain
>>>>INFO   | jvm 1    | 2007/11/13 10:37:07 | chain [0] = [
>>>>INFO   | jvm 1    | 2007/11/13 10:37:07 | [
>>>>INFO   | jvm 1    | 2007/11/13 10:37:07 |   Version: V1
>>>>INFO   | jvm 1    | 2007/11/13 10:37:07 |   Subject: CN=gibson
>>>>INFO   | jvm 1    | 2007/11/13 10:37:07 |   Signature Algorithm:
>>>>SHA1withDSA, OID = 1.2.840.10040.4.3
>>>>INFO   | jvm 1    | 2007/11/13 10:37:07 |
>>>>INFO   | jvm 1    | 2007/11/13 10:37:07 |   Key:  Sun DSA Public Key
>>>>INFO   | jvm 1    | 2007/11/13 10:37:07 |     Parameters:DSA
>>>>INFO   | jvm 1    | 2007/11/13 10:37:07 |       p:     fd7f5381 1d751229
>>>>52df4a9c 2eece4e7 f611b752 3cef4400 c31e3f80 b6512669
>>>>INFO   | jvm 1    | 2007/11/13 10:37:07 |     455d4022 51fb593d 8d58fabf
>>>>c5f5ba30 f6cb9b55 6cd7813b 801d346f f26660b7
>>>>INFO   | jvm 1    | 2007/11/13 10:37:07 |     6b9950a5 a49f9fe8 047b1022
>>>>c24fbba9 d7feb7c6 1bf83b57 e7c6a8a6 150f04fb
>>>>INFO   | jvm 1    | 2007/11/13 10:37:07 |     83f6d3c5 1ec30235 54135a16
>>>>9132f675 f3ae2b61 d72aeff2 2203199d d14801c7
>>>>INFO   | jvm 1    | 2007/11/13 10:37:07 |       q:     9760508f 15230bcc
>>>>b292b982 a2eb840b f0581cf5
>>>>INFO   | jvm 1    | 2007/11/13 10:37:07 |       g:     f7e1a085 d69b3dde
>>>>cbbcab5c 36b857b9 7994afbb fa3aea82 f9574c0b 3d078267
>>>>INFO   | jvm 1    | 2007/11/13 10:37:07 |     5159578e bad4594f e6710710
>>>>8180b449 167123e8 4c281613 b7cf0932 8cc8a6e1
>>>>INFO   | jvm 1    | 2007/11/13 10:37:07 |     3c167a8b 547c8d28 e0a3ae1e
>>>>2bb3a675 916ea37f 0bfa2135 62f1fb62 7a01243b
>>>>INFO   | jvm 1    | 2007/11/13 10:37:07 |     cca4f1be a8519089 a883dfe1
>>>>5ae59f06 928b665e 807b5525 64014c3b fecf492a
>>>>INFO   | jvm 1    | 2007/11/13 10:37:07 |
>>>>INFO   | jvm 1    | 2007/11/13 10:37:07 |   y:
>>>>INFO   | jvm 1    | 2007/11/13 10:37:07 |     cd6c71d2 1e09d704 f9105ef9
>>>>ce1dd1c4 64439928 00f577f4 682e43db 0b9165f6
>>>>INFO   | jvm 1    | 2007/11/13 10:37:07 |     8c1dbc80 463cabf1 acb0dc1f
>>>>d07e01a0 f672121d 9db13a3c 1f4e42f6 40e7fc75
>>>>INFO   | jvm 1    | 2007/11/13 10:37:07 |     f91d1f2a b59f2517 d5187074
>>>>56558fb2 14fe762e c9d8756f f76d3edf 4ea53389
>>>>INFO   | jvm 1    | 2007/11/13 10:37:07 |     18b49570 7b2e9f00 b8c1b067
>>>>22a62e2e 1f653c38 92abf821 8298fbac 7ca74759
>>>>INFO   | jvm 1    | 2007/11/13 10:37:07 |
>>>>INFO   | jvm 1    | 2007/11/13 10:37:07 |   Validity: [From: Tue Nov 13
>>>>10:14:23 CET 2007,
>>>>INFO   | jvm 1    | 2007/11/13 10:37:07 |                To: Fri Nov 10
>>>>10:14:23 CET 2017]
>>>>INFO   | jvm 1    | 2007/11/13 10:37:07 |   Issuer: CN=gibson
>>>>INFO   | jvm 1    | 2007/11/13 10:37:07 |   SerialNumber: [    47396aef]
>>>>INFO   | jvm 1    | 2007/11/13 10:37:07 |
>>>>INFO   | jvm 1    | 2007/11/13 10:37:07 | ]
>>>>INFO   | jvm 1    | 2007/11/13 10:37:07 |   Algorithm: [SHA1withDSA]
>>>>INFO   | jvm 1    | 2007/11/13 10:37:07 |   Signature:
>>>>INFO   | jvm 1    | 2007/11/13 10:37:07 | 0000: 30 2C 02 14 2C 26 2E E4
>>>> 30 03 F2 F9 DE C0 BA 27  0,..,&..0......'
>>>>INFO   | jvm 1    | 2007/11/13 10:37:07 | 0010: BA 74 19 42 A5 9E 99 C6
>>>> 02 14 7D 8B 0F 69 C1 CA  .t.B.........i..
>>>>INFO   | jvm 1    | 2007/11/13 10:37:07 | 0020: D6 48 EC F5 26 8D B0 1C
>>>> 8A 52 58 E5 F8 2E        .H..&....RX...
>>>>INFO   | jvm 1    | 2007/11/13 10:37:07 |
>>>>INFO   | jvm 1    | 2007/11/13 10:37:07 | ]
>>>>INFO   | jvm 1    | 2007/11/13 10:37:07 | ***
>>>>INFO   | jvm 1    | 2007/11/13 10:37:07 | *** Diffie-Hellman
>>>>ServerKeyExchange
>>>>INFO   | jvm 1    | 2007/11/13 10:37:07 | DH Modulus:  { 244, 136, 253,
>>>>88, 78, 73, 219, 205, 32, 180, 157, 228, 145, 7, 54, 107, 51, 108, 56,
>>>>13, 69, 29, 15, 124, 136, 179, 28, 124, 91, 45, 142, 246, 243, 201, 35,
>>>>192, 67, 240, 165, 91, 24, 141, 142, 187, 85, 140, 184, 93, 56, 211, 52,
>>>>253, 124, 23, 87, 67, 163, 29, 24, 108, 222, 51, 33, 44, 181, 42, 255,
>>>>60, 225, 177, 41, 64, 24, 17, 141, 124, 132, 167, 10, 114, 214, 134,
>>>>196, 3, 25, 200, 7, 41, 122, 202, 149, 12, 217, 150, 159, 171, 208, 10,
>>>>80, 155, 2, 70, 211, 8, 61, 102, 164, 93, 65, 159, 156, 124, 189, 137,
>>>>75, 34, 25, 38, 186, 171, 162, 94, 195, 85, 233, 47, 120, 199 }
>>>>INFO   | jvm 1    | 2007/11/13 10:37:07 | DH Base:  { 2 }
>>>>INFO   | jvm 1    | 2007/11/13 10:37:07 | Server DH Public Key:  { 243,
>>>>253, 177, 177, 151, 51, 167, 21, 242, 125, 193, 186, 222, 36, 173, 62,
>>>>208, 206, 235, 59, 75, 123, 131, 106, 2, 229, 22, 86, 75, 244, 21, 224,
>>>>151, 113, 118, 80, 224, 182, 37, 74, 176, 243, 57, 194, 71, 140, 134,
>>>>207, 198, 76, 63, 159, 195, 68, 9, 184, 29, 143, 252, 121, 124, 171, 37,
>>>>34, 246, 176, 1, 126, 5, 110, 191, 128, 35, 181, 128, 97, 64, 253, 46,
>>>>15, 208, 244, 63, 170, 61, 76, 61, 43, 82, 192, 56, 168, 251, 172, 71,
>>>>14, 72, 26, 151, 131, 181, 85, 205, 215, 32, 153, 148, 113, 46, 110,
>>>>136, 56, 202, 178, 43, 24, 1, 51, 165, 201, 253, 167, 77, 97, 93, 76,
>>>>25, 0 }
>>>>INFO   | jvm 1    | 2007/11/13 10:37:07 | Signed with a DSA or RSA
>>>>public key
>>>>INFO   | jvm 1    | 2007/11/13 10:37:07 | *** ServerHelloDone
>>>>INFO   | jvm 1    | 2007/11/13 10:37:07 | btpool0-2, WRITE: TLSv1
>>>>Handshake, length = 1006
>>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | btpool0-2, READ: TLSv1
>>>>Handshake, length = 134
>>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | *** ClientDiffieHellmanPublic
>>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | DH Public key:  { 180, 156,
>>>>224, 176, 82, 33, 127, 196, 171, 160, 247, 100, 102, 103, 111, 226, 164,
>>>>119, 224, 108, 112, 188, 5, 8, 148, 113, 133, 145, 103, 223, 41, 6, 154,
>>>>243, 247, 202, 209, 32, 80, 118, 11, 100, 23, 118, 236, 156, 107, 147,
>>>>5, 201, 5, 145, 203, 57, 29, 229, 164, 99, 215, 204, 237, 16, 82, 185,
>>>>248, 47, 208, 203, 51, 83, 52, 3, 158, 228, 128, 1, 8, 86, 101, 229, 53,
>>>>80, 11, 30, 21, 134, 85, 151, 182, 74, 92, 237, 117, 241, 195, 149, 65,
>>>>28, 112, 20, 227, 132, 255, 189, 119, 51, 192, 202, 111, 210, 88, 112,
>>>>101, 36, 248, 48, 181, 39, 237, 92, 234, 234, 95, 245, 222, 252, 51, 26 }
>>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | SESSION KEYGEN:
>>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | PreMaster Secret:
>>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | 0000: 5D 55 44 C6 42 0B 32 01
>>>> 5F 13 F5 FE C5 CB 3D 87  ]UD.B.2._.....=.
>>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | 0010: 55 A9 08 D0 1A 7E 2A 41
>>>> 3D 5F E5 8E F7 EC 60 A1  U.....*A=_....`.
>>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | 0020: 5A F9 C3 58 D8 EA 3E FA
>>>> 5A 6A C2 61 33 B6 0F 86  Z..X..>.Zj.a3...
>>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | 0030: AF 6B 3E 03 87 7A 99 64
>>>> 4E 49 4C 68 01 91 CC 9B  .k>..z.dNILh....
>>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | 0040: AF A4 13 49 01 4C CF D3
>>>> A2 93 A9 82 F8 DD AD E3  ...I.L..........
>>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | 0050: 3A 4B 4C 8B A9 84 F9 B0
>>>> C7 AD 2A 20 D1 EE D0 19  :KL.......* ....
>>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | 0060: D0 6A E9 A6 A7 54 08 51
>>>> 9C 2C 89 BD 59 A9 4F A8  .j...T.Q.,..Y.O.
>>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | 0070: 9E 39 0C A6 3D E9 0F 2E
>>>> 13 BB 97 C0 AB B5 49 41  .9..=.........IA
>>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | CONNECTION KEYGEN:
>>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | Client Nonce:
>>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | 0000: 00 0E 6E 37 22 00 F0 74
>>>> 94 49 9C B2 9F 88 F7 74  ..n7"..t.I.....t
>>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | 0010: 25 D5 7B 02 77 E7 A5 EB
>>>> F8 80 B6 DB 1E FD 80 D9  %...w...........
>>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | Server Nonce:
>>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | 0000: 47 39 70 43 CA 26 1A 9D
>>>> 6B 1A 09 CB 61 A4 50 E2  G9pC.&..k...a.P.
>>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | 0010: 4E 55 7D 59 B3 F3 FA 60
>>>> C6 0F 06 8F CE 77 76 09  NU.Y...`.....wv.
>>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | Master Secret:
>>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | 0000: B6 EA BD 51 F6 88 05 96
>>>> 6C 71 6F 13 7C 1B 76 8C  ...Q....lqo...v.
>>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | 0010: DF 4F F0 99 55 2A 2C E7
>>>> 9F C4 EC C1 1B BB 30 1B  .O..U*,.......0.
>>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | 0020: 5D 7D 11 3E F2 30 AC 7D
>>>> F6 74 5E BB 17 81 E3 B1  ]..>.0...t^.....
>>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | Client MAC write Secret:
>>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | 0000: C1 FB EE 05 7C F6 20 A7
>>>> 3A DA 9A 21 FE BA 7F 48  ...... .:..!...H
>>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | 0010: 72 F0 5B 41
>>>>                          r.[A
>>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | Server MAC write Secret:
>>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | 0000: EB 1B D4 B7 B2 F0 89 EC
>>>> 7D C1 17 37 FA 13 69 1F  ...........7..i.
>>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | 0010: EF DC 41 B8
>>>>                          ..A.
>>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | Client write key:
>>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | 0000: AC 5C 3C 12 7E 00 3F 6F
>>>> 7E 5E 90 E1 AF DC F0 39  .\<...?o.^...
>>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | ..9
>>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | Server write key:
>>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | 0000: 56 ED 02 58 FC 33 1D 7D
>>>> A5 C7 FF 52 54 CD C9 B1  V..X.3.....RT...
>>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | Client write IV:
>>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | 0000: AB 6B B2 DF BE F1 B2 81
>>>> F2 F7 C0 11 2E A9 6F EC  .k............o.
>>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | Server write IV:
>>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | 0000: 96 D0 C5 0F 6C E2 5E EF
>>>> 1F 47 AA E4 AD 4B A6 44  ....l.^..G...K.D
>>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | btpool0-2, READ: TLSv1 Change
>>>>Cipher Spec, length = 1
>>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | btpool0-2, READ: TLSv1
>>>>Handshake, length = 48
>>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | *** Finished
>>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | verify_data:  { 177, 54, 164,
>>>>111, 144, 139, 19, 43, 130, 58, 55, 103 }
>>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | ***
>>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | btpool0-2, WRITE: TLSv1 Change
>>>>Cipher Spec, length = 1
>>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | *** Finished
>>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | verify_data:  { 230, 107, 81,
>>>>197, 223, 211, 169, 122, 220, 184, 106, 71 }
>>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | ***
>>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | btpool0-2, WRITE: TLSv1
>>>>Handshake, length = 48
>>>>INFO   | jvm 1    | 2007/11/13 10:37:09 | %% Cached server session:
>>>>[Session-1, TLS_DHE_DSS_WITH_AES_128_CBC_SHA]
>
>
>
>
>>>>------------- FAILED HANDSHAKE --------------------
>
>
>
>>>>INFO   | jvm 1    | 2007/11/13 15:04:00 | btpool0-1 - Acceptor0
>>>>SslSocketConnector@0.0.0.0:9663, setSoTimeout(30000) called
>>>>INFO   | jvm 1    | 2007/11/13 15:04:00 | btpool0-20, READ:  SSL v2,
>>>>contentType = Handshake, translated length = 67
>>>>INFO   | jvm 1    | 2007/11/13 15:04:00 | *** ClientHello, SSLv3
>>>>INFO   | jvm 1    | 2007/11/13 15:04:00 | RandomCookie:  GMT: 0 bytes =
>>>>{ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 50, 150, 129, 239, 43, 252, 78,
>>>>255, 73, 68, 233, 6, 204, 172, 208, 248 }
>>>>INFO   | jvm 1    | 2007/11/13 15:04:00 | Session ID:  {}
>>>>INFO   | jvm 1    | 2007/11/13 15:04:00 | Cipher Suites:
>>>>[TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
>>>>TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
>>>>TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5,
>>>>SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA,
>>>>SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
>>>>SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA]
>>>>INFO   | jvm 1    | 2007/11/13 15:04:00 | Compression Methods:  { 0 }
>>>>INFO   | jvm 1    | 2007/11/13 15:04:00 | ***
>>>>INFO   | jvm 1    | 2007/11/13 15:04:00 | %% Created:  [Session-41,
>>>>TLS_DHE_DSS_WITH_AES_128_CBC_SHA]
>>>>INFO   | jvm 1    | 2007/11/13 15:04:00 | *** ServerHello, SSLv3
>>>>INFO   | jvm 1    | 2007/11/13 15:04:00 | RandomCookie:  GMT: 1194896848
>>>>bytes = { 239, 60, 79, 208, 109, 42, 33, 116, 249, 80, 219, 192, 168,
>>>>157, 187, 247, 84, 133, 171, 86, 134, 171, 178, 125, 168, 6, 81, 254 }
>>>>INFO   | jvm 1    | 2007/11/13 15:04:00 | Session ID:  {71, 57, 174,
>>>>208, 132, 99, 36, 58, 153, 240, 13, 53, 136, 241, 169, 171, 108, 209,
>>>>192, 200, 1, 126, 234, 115, 202, 140, 65, 239, 31, 42, 151, 225}
>>>>INFO   | jvm 1    | 2007/11/13 15:04:00 | Cipher Suite:
>>>>TLS_DHE_DSS_WITH_AES_128_CBC_SHA
>>>>INFO   | jvm 1    | 2007/11/13 15:04:00 | Compression Method: 0
>>>>INFO   | jvm 1    | 2007/11/13 15:04:00 | ***
>>>>INFO   | jvm 1    | 2007/11/13 15:04:00 | Cipher suite:
>>>>TLS_DHE_DSS_WITH_AES_128_CBC_SHA
>>>>INFO   | jvm 1    | 2007/11/13 15:04:00 | *** Certificate chain
>>>>INFO   | jvm 1    | 2007/11/13 15:04:00 | chain [0] = [
>>>>INFO   | jvm 1    | 2007/11/13 15:04:00 | [
>>>>INFO   | jvm 1    | 2007/11/13 15:04:00 |   Version: V1
>>>>INFO   | jvm 1    | 2007/11/13 15:04:00 |   Subject: CN=gibson
>>>>INFO   | jvm 1    | 2007/11/13 15:04:00 |   Signature Algorithm:
>>>>SHA1withDSA, OID = 1.2.840.10040.4.3
>>>>INFO   | jvm 1    | 2007/11/13 15:04:00 |
>>>>INFO   | jvm 1    | 2007/11/13 15:04:00 |   Key:  Sun DSA Public Key
>>>>INFO   | jvm 1    | 2007/11/13 15:04:00 |     Parameters:DSA
>>>>INFO   | jvm 1    | 2007/11/13 15:04:00 |       p:     fd7f5381 1d751229
>>>>52df4a9c 2eece4e7 f611b752 3cef4400 c31e3f80 b6512669
>>>>INFO   | jvm 1    | 2007/11/13 15:04:00 |     455d4022 51fb593d 8d58fabf
>>>>c5f5ba30 f6cb9b55 6cd7813b 801d346f f26660b7
>>>>INFO   | jvm 1    | 2007/11/13 15:04:00 |     6b9950a5 a49f9fe8 047b1022
>>>>c24fbba9 d7feb7c6 1bf83b57 e7c6a8a6 150f04fb
>>>>INFO   | jvm 1    | 2007/11/13 15:04:00 |     83f6d3c5 1ec30235 54135a16
>>>>9132f675 f3ae2b61 d72aeff2 2203199d d14801c7
>>>>INFO   | jvm 1    | 2007/11/13 15:04:00 |       q:     9760508f 15230bcc
>>>>b292b982 a2eb840b f0581cf5
>>>>INFO   | jvm 1    | 2007/11/13 15:04:00 |       g:     f7e1a085 d69b3dde
>>>>cbbcab5c 36b857b9 7994afbb fa3aea82 f9574c0b 3d078267
>>>>INFO   | jvm 1    | 2007/11/13 15:04:00 |     5159578e bad4594f e6710710
>>>>8180b449 167123e8 4c281613 b7cf0932 8cc8a6e1
>>>>INFO   | jvm 1    | 2007/11/13 15:04:00 |     3c167a8b 547c8d28 e0a3ae1e
>>>>2bb3a675 916ea37f 0bfa2135 62f1fb62 7a01243b
>>>>INFO   | jvm 1    | 2007/11/13 15:04:00 |     cca4f1be a8519089 a883dfe1
>>>>5ae59f06 928b665e 807b5525 64014c3b fecf492a
>>>>INFO   | jvm 1    | 2007/11/13 15:04:00 |
>>>>INFO   | jvm 1    | 2007/11/13 15:04:00 |   y:
>>>>INFO   | jvm 1    | 2007/11/13 15:04:00 |     cd6c71d2 1e09d704 f9105ef9
>>>>ce1dd1c4 64439928 00f577f4 682e43db 0b9165f6
>>>>INFO   | jvm 1    | 2007/11/13 15:04:00 |     8c1dbc80 463cabf1 acb0dc1f
>>>>d07e01a0 f672121d 9db13a3c 1f4e42f6 40e7fc75
>>>>INFO   | jvm 1    | 2007/11/13 15:04:00 |     f91d1f2a b59f2517 d5187074
>>>>56558fb2 14fe762e c9d8756f f76d3edf 4ea53389
>>>>INFO   | jvm 1    | 2007/11/13 15:04:00 |     18b49570 7b2e9f00 b8c1b067
>>>>22a62e2e 1f653c38 92abf821 8298fbac 7ca74759
>>>>INFO   | jvm 1    | 2007/11/13 15:04:00 |
>>>>INFO   | jvm 1    | 2007/11/13 15:04:00 |   Validity: [From: Tue Nov 13
>>>>10:14:23 CET 2007,
>>>>INFO   | jvm 1    | 2007/11/13 15:04:00 |                To: Fri Nov 10
>>>>10:14:23 CET 2017]
>>>>INFO   | jvm 1    | 2007/11/13 15:04:00 |   Issuer: CN=gibson
>>>>INFO   | jvm 1    | 2007/11/13 15:04:00 |   SerialNumber: [    47396aef]
>>>>INFO   | jvm 1    | 2007/11/13 15:04:00 |
>>>>INFO   | jvm 1    | 2007/11/13 15:04:00 | ]
>>>>INFO   | jvm 1    | 2007/11/13 15:04:00 |   Algorithm: [SHA1withDSA]
>>>>INFO   | jvm 1    | 2007/11/13 15:04:00 |   Signature:
>>>>INFO   | jvm 1    | 2007/11/13 15:04:00 | 0000: 30 2C 02 14 2C 26 2E E4
>>>> 30 03 F2 F9 DE C0 BA 27  0,..,&..0......'
>>>>INFO   | jvm 1    | 2007/11/13 15:04:00 | 0010: BA 74 19 42 A5 9E 99 C6
>>>> 02 14 7D 8B 0F 69 C1 CA  .t.B.........i..
>>>>INFO   | jvm 1    | 2007/11/13 15:04:00 | 0020: D6 48 EC F5 26 8D B0 1C
>>>> 8A 52 58 E5 F8 2E        .H..&....RX...
>>>>INFO   | jvm 1    | 2007/11/13 15:04:00 |
>>>>INFO   | jvm 1    | 2007/11/13 15:04:00 | ]
>>>>INFO   | jvm 1    | 2007/11/13 15:04:00 | ***
>>>>INFO   | jvm 1    | 2007/11/13 15:04:00 | *** Diffie-Hellman
>>>>ServerKeyExchange
>>>>INFO   | jvm 1    | 2007/11/13 15:04:00 | DH Modulus:  { 244, 136, 253,
>>>>88, 78, 73, 219, 205, 32, 180, 157, 228, 145, 7, 54, 107, 51, 108, 56,
>>>>13, 69, 29, 15, 124, 136, 179, 28, 124, 91, 45, 142, 246, 243, 201, 35,
>>>>192, 67, 240, 165, 91, 24, 141, 142, 187, 85, 140, 184, 93, 56, 211, 52,
>>>>253, 124, 23, 87, 67, 163, 29, 24, 108, 222, 51, 33, 44, 181, 42, 255,
>>>>60, 225, 177, 41, 64, 24, 17, 141, 124, 132, 167, 10, 114, 214, 134,
>>>>196, 3, 25, 200, 7, 41, 122, 202, 149, 12, 217, 150, 159, 171, 208, 10,
>>>>80, 155, 2, 70, 211, 8, 61, 102, 164, 93, 65, 159, 156, 124, 189, 137,
>>>>75, 34, 25, 38, 186, 171, 162, 94, 195, 85, 233, 47, 120, 199 }
>>>>INFO   | jvm 1    | 2007/11/13 15:04:00 | DH Base:  { 2 }
>>>>INFO   | jvm 1    | 2007/11/13 15:04:00 | Server DH Public Key:  { 163,
>>>>150, 206, 89, 30, 95, 234, 49, 13, 145, 68, 95, 158, 131, 94, 2, 136,
>>>>71, 92, 119, 74, 31, 230, 218, 209, 255, 39, 118, 104, 185, 92, 154,
>>>>167, 29, 244, 91, 133, 170, 41, 124, 23, 237, 234, 87, 43, 29, 229, 144,
>>>>55, 142, 231, 160, 223, 255, 129, 208, 224, 15, 249, 245, 85, 136, 249,
>>>>205, 186, 228, 244, 37, 28, 89, 128, 78, 43, 130, 126, 77, 72, 72, 160,
>>>>84, 62, 109, 14, 218, 181, 231, 126, 221, 196, 3, 233, 228, 107, 36,
>>>>165, 173, 36, 184, 171, 169, 203, 222, 69, 70, 8, 149, 196, 73, 59, 116,
>>>>202, 71, 106, 47, 235, 88, 128, 186, 43, 194, 56, 11, 152, 255, 129,
>>>>165, 17, 204 }
>>>>INFO   | jvm 1    | 2007/11/13 15:04:00 | Signed with a DSA or RSA
>>>>public key
>>>>INFO   | jvm 1    | 2007/11/13 15:04:00 | *** ServerHelloDone
>>>>INFO   | jvm 1    | 2007/11/13 15:04:00 | btpool0-20, WRITE: SSLv3
>>>>Handshake, length = 1006
>>>>INFO   | jvm 1    | 2007/11/13 15:04:00 | btpool0-20, READ: SSLv3 Alert,
>>>>length = 2
>>>>INFO   | jvm 1    | 2007/11/13 15:04:00 | btpool0-20, RECV SSLv3 ALERT:
>>>>fatal, handshake_failure
>>>>INFO   | jvm 1    | 2007/11/13 15:04:00 | btpool0-20, called closeSocket()
>>>>INFO   | jvm 1    | 2007/11/13 15:04:00 | btpool0-20, handling
>>>>exception: javax.net.ssl.SSLHandshakeException: Received fatal alert:
>>>>handshake_failure
>
>
>
>
>
>>>-------------------------------------------------------------------------
>>>This SF.net email is sponsored by: Splunk Inc.
>>>Still grepping through log files to find problems?  Stop.
>>>Now Search log events and configuration files using AJAX and a browser.
>>>Download your FREE copy of Splunk now >> http://get.splunk.com/
>>>_______________________________________________
>>>jetty-discuss mailing list
>>>[hidden email]
>>>https://lists.sourceforge.net/lists/listinfo/jetty-discuss
>
>
>
>
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc.
> Still grepping through log files to find problems?  Stop.
> Now Search log events and configuration files using AJAX and a browser.
> Download your FREE copy of Splunk now >> http://get.splunk.com/
> _______________________________________________
> jetty-discuss mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/jetty-discuss
>


--
Thomas Termin
_______________________________
blue elephant systems GmbH
Wollgrasweg 49
D-70599 Stuttgart

Tel    :  (+49) 0711 - 45 10 17 676
Fax    :  (+49) 0711 - 45 10 17 573
WWW    :  http://www.blue-elephant-systems.com
Email  :  [hidden email]

blue elephant systems GmbH
Firmensitz      : Wollgrasweg 49, D-70599 Stuttgart
Registergericht : Amtsgericht Stuttgart, HRB 24106
Geschäftsführer : Holger Dietrich, Thomas Gentsch, Joachim Hoernle


-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
jetty-discuss mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/jetty-discuss
Reply | Threaded
Open this post in threaded view
|

Re: jetty ssl problems

Greg Wilkins
In reply to this post by tterm

Hi Thomas,

this is a very strange problem?   I can only think that it is within
the JVM or firefox as I fail to see how Jetty could be influencing the
SSL handshake at this level.

But you have tried different JVMs and different versions of firefox, so
that does suggest Jetty to be the common element?????

Could you try 6.1.5 and use the SslSelectChannelConnector?
This is a totally different implementation of SSL that is not bound
to the socket (it uses the SslEngine in Java 1.5).
Also the way Jetty interacts with it is totally different.

Can you also try a browser on a different machine, just in case there
is something strange about your machine.

cheers




Thomas Termin wrote:

> Hello,
>
> we have a problem with firefox, jetty-6.1.4 and https. We use the
> standard configuration from jetty and the SslSocketConnector.
>
> If you start an https session the handshake works fine but after a
> certain amount of time or clicks we get an handshake_failure.
>
> If it works fine the clients sends the following: ClientHello, TLSv1
>
> And when it goes wrong the client sends this: ClientHello, SSLv3
>
> If attached the java debug log for ssl. The first one is the successfull
> and the second one the failed handshake.
>
> Is there anything we can do in jetty to avoid this problem?
>
> Regards,
> Thomas Termin



--
Greg Wilkins<[hidden email]>                       US:  +1  3104915462
http://www.webtide.com           UK: +44(0)2079932589 AU: +61(0)417786631

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
jetty-discuss mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/jetty-discuss
Reply | Threaded
Open this post in threaded view
|

Re: jetty ssl problems

tterm
Hello,

so we tried it with the new jetty version and it still doesn't work. We
tried it also on HPUX Itanium. It doesn't also work with jdk1.6.

I have no idea why this protocol change always happens.

Cheers
Thomas

Greg Wilkins wrote:

> Hi Thomas,
>
> this is a very strange problem?   I can only think that it is within
> the JVM or firefox as I fail to see how Jetty could be influencing the
> SSL handshake at this level.
>
> But you have tried different JVMs and different versions of firefox, so
> that does suggest Jetty to be the common element?????
>
> Could you try 6.1.5 and use the SslSelectChannelConnector?
> This is a totally different implementation of SSL that is not bound
> to the socket (it uses the SslEngine in Java 1.5).
> Also the way Jetty interacts with it is totally different.
>
> Can you also try a browser on a different machine, just in case there
> is something strange about your machine.
>
> cheers
>
>
>
>
> Thomas Termin wrote:
>
>>Hello,
>>
>>we have a problem with firefox, jetty-6.1.4 and https. We use the
>>standard configuration from jetty and the SslSocketConnector.
>>
>>If you start an https session the handshake works fine but after a
>>certain amount of time or clicks we get an handshake_failure.
>>
>>If it works fine the clients sends the following: ClientHello, TLSv1
>>
>>And when it goes wrong the client sends this: ClientHello, SSLv3
>>
>>If attached the java debug log for ssl. The first one is the successfull
>>and the second one the failed handshake.
>>
>>Is there anything we can do in jetty to avoid this problem?
>>
>>Regards,
>>Thomas Termin
>
>
>
>


--
Thomas Termin
_______________________________
blue elephant systems GmbH
Wollgrasweg 49
D-70599 Stuttgart

Tel    :  (+49) 0711 - 45 10 17 676
Fax    :  (+49) 0711 - 45 10 17 573
WWW    :  http://www.blue-elephant-systems.com
Email  :  [hidden email]

blue elephant systems GmbH
Firmensitz      : Wollgrasweg 49, D-70599 Stuttgart
Registergericht : Amtsgericht Stuttgart, HRB 24106
Geschäftsführer : Holger Dietrich, Thomas Gentsch, Joachim Hoernle


-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
jetty-discuss mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/jetty-discuss
Reply | Threaded
Open this post in threaded view
|

Re: jetty ssl problems

Greg Wilkins
Thomas Termin wrote:
> Hello,
>
> so we tried it with the new jetty version and it still doesn't work. We
> tried it also on HPUX Itanium. It doesn't also work with jdk1.6.
>
> I have no idea why this protocol change always happens.


Neither do I.

I have opened http://jira.codehaus.org/browse/JETTY-484
so we can track this.

I'll try to spend some time on this over the coming break.

cheers


> Cheers
> Thomas
>
> Greg Wilkins wrote:
>> Hi Thomas,
>>
>> this is a very strange problem?   I can only think that it is within
>> the JVM or firefox as I fail to see how Jetty could be influencing the
>> SSL handshake at this level.
>>
>> But you have tried different JVMs and different versions of firefox, so
>> that does suggest Jetty to be the common element?????
>>
>> Could you try 6.1.5 and use the SslSelectChannelConnector?
>> This is a totally different implementation of SSL that is not bound
>> to the socket (it uses the SslEngine in Java 1.5).
>> Also the way Jetty interacts with it is totally different.
>>
>> Can you also try a browser on a different machine, just in case there
>> is something strange about your machine.
>>
>> cheers
>>
>>
>>
>>
>> Thomas Termin wrote:
>>
>>> Hello,
>>>
>>> we have a problem with firefox, jetty-6.1.4 and https. We use the
>>> standard configuration from jetty and the SslSocketConnector.
>>>
>>> If you start an https session the handshake works fine but after a
>>> certain amount of time or clicks we get an handshake_failure.
>>>
>>> If it works fine the clients sends the following: ClientHello, TLSv1
>>>
>>> And when it goes wrong the client sends this: ClientHello, SSLv3
>>>
>>> If attached the java debug log for ssl. The first one is the successfull
>>> and the second one the failed handshake.
>>>
>>> Is there anything we can do in jetty to avoid this problem?
>>>
>>> Regards,
>>> Thomas Termin
>>
>>
>>
>
>


--
Greg Wilkins<[hidden email]>                       US:  +1  3104915462
http://www.webtide.com           UK: +44(0)2079932589 AU: +61(0)417786631


-------------------------------------------------------------------------
SF.Net email is sponsored by:
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services
for just about anything Open Source.
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
_______________________________________________
jetty-discuss mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/jetty-discuss