Certificat auto-signé de serveur Java + certificat client et échec de prise de contact SSL
Je me connecte à un service Web qui a déjà été utilisé avec succès, mais maintenant ils ont changé de nom d'hôte et m'en ont envoyé deux .pem fichiers; l'un est CA, et l'autre est mon nouveau certificat client.
(J'utilise Java 1.5, Spring + Spring Web Services avec Apache httpclient, mais je soupçonne que mon problème concerne les certificats, les clés et SSL lui-même.)
J'ai importé les deux .fichiers pem ,ainsi que les hôtes.crt que j'ai exporté de Firefox dans mes cacerts. Cependant, je fais évidemment quelque chose faux puisque j'obtiens cette exception:
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:117)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1542)
...
Lorsque j'active la journalisation SSL avec System.setProperty("javax.net.debug", "all"), je vois que le certificat de serveur est accepté, puis cela se produit après ou quelque part pendant l'échange de clés client:
setting up default SSLSocketFactory
use default SunJSSE impl class: com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl
class com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl is loaded
keyStore is :
keyStore type is : jks
keyStore provider is :
init keystore
init keymanager of type SunX509
trustStore is: D:\Central\.metadata\.plugins\org.eclipse.wst.server.core\tmp0\wtpwebapps\CentraServer\WEB-INF\classes\cacerts
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
Subject: [email protected], CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
Issuer: [email protected], CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
Algorithm: RSA; Serial number: 0x1
Valid from Sat Jun 26 02:19:54 CEST 1999 until Wed Jun 26 02:19:54 CEST 2019
adding as trusted cert:
Subject: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust, O=Baltimore, C=IE
Issuer: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust, O=Baltimore, C=IE
Algorithm: RSA; Serial number: 0x20000bf
Valid from Wed May 17 16:01:00 CEST 2000 until Sun May 18 01:59:00 CEST 2025
adding as trusted cert:
Subject: CN=Entrust.net Secure Server Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), O=Entrust.net, C=US
Issuer: CN=Entrust.net Secure Server Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), O=Entrust.net, C=US
Algorithm: RSA; Serial number: 0x374ad243
Valid from Tue May 25 18:09:40 CEST 1999 until Sat May 25 18:39:40 CEST 2019
adding as trusted cert:
Subject: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Issuer: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Algorithm: RSA; Serial number: 0x20000b9
Valid from Fri May 12 20:46:00 CEST 2000 until Tue May 13 01:59:00 CEST 2025
adding as trusted cert:
Subject: [email protected], CN=enxi.norrisdata.net, OU=enxi.norrisdata.net, O=ypsilon.net ag, L=Frankfurt, C=DE
Issuer: [email protected], CN=enxi.norrisdata.net-ca, OU=Certificate Authority, O=ypsilon.net ag, L=Frankfurt, C=DE
Algorithm: RSA; Serial number: 0x2
Valid from Fri Mar 26 11:37:00 CET 2010 until Mon Mar 23 11:37:00 CET 2020
adding as trusted cert:
Subject: [email protected], OU=TC TrustCenter Class 3 CA, O=TC TrustCenter for Security in Data Networks GmbH, L=Hamburg, ST=Hamburg, C=DE
Issuer: [email protected], OU=TC TrustCenter Class 3 CA, O=TC TrustCenter for Security in Data Networks GmbH, L=Hamburg, ST=Hamburg, C=DE
Algorithm: RSA; Serial number: 0x3eb
Valid from Mon Mar 09 12:59:59 CET 1998 until Sat Jan 01 12:59:59 CET 2011
adding as trusted cert:
Subject: [email protected], CN=enxi.norrisdata.net-ca, OU=Certificate Authority, O=ypsilon.net ag, L=Frankfurt, C=DE
Issuer: [email protected], CN=enxi.norrisdata.net-ca, OU=Certificate Authority, O=ypsilon.net ag, L=Frankfurt, C=DE
Algorithm: RSA; Serial number: 0x94778886f4ca92c2
Valid from Fri Mar 26 13:14:36 CET 2010 until Mon Mar 23 13:14:36 CET 2020
adding as trusted cert:
Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x9b7e0649a33e62b9d5ee90487129ef57
Valid from Fri Oct 01 02:00:00 CEST 1999 until Thu Jul 17 01:59:59 CEST 2036
adding as trusted cert:
Subject: [email protected], CN=Thawte Personal Basic CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Issuer: [email protected], CN=Thawte Personal Basic CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x0
Valid from Mon Jan 01 01:00:00 CET 1996 until Fri Jan 01 00:59:59 CET 2021
adding as trusted cert:
Subject: OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Issuer: OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Algorithm: RSA; Serial number: 0x0
Valid from Tue Jun 29 19:39:16 CEST 2004 until Thu Jun 29 19:39:16 CEST 2034
adding as trusted cert:
Subject: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x70bae41d10d92934b638ca7b03ccbabf
Valid from Mon Jan 29 01:00:00 CET 1996 until Wed Aug 02 01:59:59 CEST 2028
adding as trusted cert:
Subject: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
Issuer: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
Algorithm: RSA; Serial number: 0x35def4cf
Valid from Sat Aug 22 18:41:51 CEST 1998 until Wed Aug 22 18:41:51 CEST 2018
adding as trusted cert:
Subject: OU=Equifax Secure eBusiness CA-2, O=Equifax Secure, C=US
Issuer: OU=Equifax Secure eBusiness CA-2, O=Equifax Secure, C=US
Algorithm: RSA; Serial number: 0x3770cfb5
Valid from Wed Jun 23 14:14:45 CEST 1999 until Sun Jun 23 14:14:45 CEST 2019
adding as trusted cert:
Subject: [email protected], CN=Thawte Personal Freemail CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Issuer: [email protected], CN=Thawte Personal Freemail CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x0
Valid from Mon Jan 01 01:00:00 CET 1996 until Fri Jan 01 00:59:59 CET 2021
adding as trusted cert:
Subject: CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US
Issuer: CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US
Algorithm: RSA; Serial number: 0x4
Valid from Mon Jun 21 06:00:00 CEST 1999 until Sun Jun 21 06:00:00 CEST 2020
adding as trusted cert:
Subject: [email protected], CN=Thawte Personal Premium CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Issuer: [email protected], CN=Thawte Personal Premium CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x0
Valid from Mon Jan 01 01:00:00 CET 1996 until Fri Jan 01 00:59:59 CET 2021
adding as trusted cert:
Subject: CN=GTE CyberTrust Root 5, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US
Issuer: CN=GTE CyberTrust Root 5, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US
Algorithm: RSA; Serial number: 0x1b6
Valid from Fri Aug 14 16:50:00 CEST 1998 until Thu Aug 15 01:59:00 CEST 2013
adding as trusted cert:
Subject: OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Issuer: OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0xcdba7f56f0dfe4bc54fe22acb372aa55
Valid from Mon Jan 29 01:00:00 CET 1996 until Wed Aug 02 01:59:59 CEST 2028
adding as trusted cert:
Subject: [email protected], OU=TC TrustCenter Class 2 CA, O=TC TrustCenter for Security in Data Networks GmbH, L=Hamburg, ST=Hamburg, C=DE
Issuer: [email protected], OU=TC TrustCenter Class 2 CA, O=TC TrustCenter for Security in Data Networks GmbH, L=Hamburg, ST=Hamburg, C=DE
Algorithm: RSA; Serial number: 0x3ea
Valid from Mon Mar 09 12:59:59 CET 1998 until Sat Jan 01 12:59:59 CET 2011
adding as trusted cert:
Subject: CN=GTE CyberTrust Root, O=GTE Corporation, C=US
Issuer: CN=GTE CyberTrust Root, O=GTE Corporation, C=US
Algorithm: RSA; Serial number: 0x1a3
Valid from Sat Feb 24 00:01:00 CET 1996 until Fri Feb 24 00:59:00 CET 2006
adding as trusted cert:
Subject: CN=Entrust.net Secure Server Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/SSL_CPS incorp. by ref. (limits liab.), O=Entrust.net
Issuer: CN=Entrust.net Secure Server Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/SSL_CPS incorp. by ref. (limits liab.), O=Entrust.net
Algorithm: RSA; Serial number: 0x389b113c
Valid from Fri Feb 04 18:20:00 CET 2000 until Tue Feb 04 18:50:00 CET 2020
adding as trusted cert:
Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x7dd9fe07cfa81eb7107967fba78934c6
Valid from Mon May 18 02:00:00 CEST 1998 until Wed Aug 02 01:59:59 CEST 2028
adding as trusted cert:
Subject: [email protected], CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Issuer: [email protected], CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x1
Valid from Thu Aug 01 02:00:00 CEST 1996 until Fri Jan 01 00:59:59 CET 2021
adding as trusted cert:
Subject: CN=Emporion CA, DC=emporion, DC=hr
Issuer: CN=Emporion CA, DC=emporion, DC=hr
Algorithm: RSA; Serial number: 0x52fbeae95112b2aa48647da355f35330
Valid from Thu Dec 14 08:53:07 CET 2006 until Wed Dec 14 08:55:04 CET 2011
adding as trusted cert:
Subject: OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US
Issuer: OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US
Algorithm: RSA; Serial number: 0x2ad667e4e45fe5e576f3c98195eddc0
Valid from Wed Nov 09 01:00:00 CET 1994 until Fri Jan 08 00:59:59 CET 2010
adding as trusted cert:
Subject: [email protected], CN=adriatic, O=ypsilon.net ag, L=Frankfurt, C=DE
Issuer: [email protected], CN=enxi.norrisdata.net-ca, OU=Certificate Authority, O=ypsilon.net ag, L=Frankfurt, C=DE
Algorithm: RSA; Serial number: 0x3c
Valid from Thu Jan 13 16:07:12 CET 2011 until Sun Jan 12 16:07:12 CET 2014
adding as trusted cert:
Subject: CN=Entrust.net Client Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/Client_CA_Info/CPS incorp. by ref. limits liab., O=Entrust.net, C=US
Issuer: CN=Entrust.net Client Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/Client_CA_Info/CPS incorp. by ref. limits liab., O=Entrust.net, C=US
Algorithm: RSA; Serial number: 0x380391ee
Valid from Tue Oct 12 21:24:30 CEST 1999 until Sat Oct 12 21:54:30 CEST 2019
adding as trusted cert:
Subject: CN=Entrust.net Client Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/GCCA_CPS incorp. by ref. (limits liab.), O=Entrust.net
Issuer: CN=Entrust.net Client Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/GCCA_CPS incorp. by ref. (limits liab.), O=Entrust.net
Algorithm: RSA; Serial number: 0x389ef6e4
Valid from Mon Feb 07 17:16:40 CET 2000 until Fri Feb 07 17:46:40 CET 2020
[snip more irrelevant cerificates]
adding as trusted cert:
Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 1 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 1 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x4cc7eaaa983e71d39310f83d3a899192
Valid from Mon May 18 02:00:00 CEST 1998 until Wed Aug 02 01:59:59 CEST 2028
init context
trigger seeding of SecureRandom
done seeding SecureRandom
instantiated an instance of class com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl
http-8080-Processor25, setSoTimeout(90000) called
http-8080-Processor25, setSoTimeout(90000) called
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1295536786 bytes = { 74, 39, 25, 138, 201, 29, 231, 172, 208, 86, 159, 87, 97, 159, 118, 69, 60, 76, 126, 1, 3, 113, 32, 74, 124, 197, 227, 100 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
***
[write] MD5 and SHA1 hashes: len = 73
0000: 01 00 00 45 03 01 4D 38 53 92 4A 27 19 8A C9 1D ...E..M8S.J'....
...
0040: 03 00 08 00 14 00 11 01 00 .........
http-8080-Processor25, WRITE: TLSv1 Handshake, length = 73
[write] MD5 and SHA1 hashes: len = 98
0000: 01 03 01 00 39 00 00 00 20 00 00 04 01 00 80 00 ....9... .......
...
0060: E3 64 .d
http-8080-Processor25, WRITE: SSLv2 client hello message, length = 98
[Raw write]: length = 100
0000: 80 62 01 03 01 00 39 00 00 00 20 00 00 04 01 00 .b....9... .....
...
0060: 7C C5 E3 64 ...d
[Raw read]: length = 5
0000: 16 03 01 00 4A ....J
[Raw read]: length = 74
0000: 02 00 00 46 03 01 4D 38 53 92 91 2B 9B 04 40 75 ...F..M8S..+..@u
...
0040: CF 80 63 11 83 EF 78 00 04 00 ..c...x...
http-8080-Processor25, READ: TLSv1 Handshake, length = 74
*** ServerHello, TLSv1
RandomCookie: GMT: 1295536786 bytes = { 145, 43, 155, 4, 64, 117, 29, 20, 155, 104, 148, 67, 38, 191, 176, 32, 226, 210, 15, 208, 38, 62, 186, 93, 161, 102, 98, 43 }
Session ID: {170, 186, 169, 17, 103, 4, 99, 63, 183, 238, 23, 232, 183, 145, 193, 146, 7, 27, 157, 237, 100, 139, 163, 244, 30, 207, 128, 99, 17, 131, 239, 120}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
***
%% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
[read] MD5 and SHA1 hashes: len = 74
0000: 02 00 00 46 03 01 4D 38 53 92 91 2B 9B 04 40 75 ...F..M8S..+..@u
...
0040: CF 80 63 11 83 EF 78 00 04 00 ..c...x...
[Raw read]: length = 5
0000: 16 03 01 05 62 ....b
[Raw read]: length = 1378
0000: 0B 00 05 5E 00 05 5B 00 02 A4 30 82 02 A0 30 82 ...^..[...0...0.
...
0550: 62 FB DE A4 74 87 D9 2A 2B 2F AF 31 22 97 4A F6 b...t..*+/.1".J.
0560: B8 9F ..
http-8080-Processor25, READ: TLSv1 Handshake, length = 1378
*** Certificate chain
chain [0] = [
[
Version: V1
Subject: [email protected], CN=enxi.norrisdata.net, OU=enxi.norrisdata.net, O=ypsilon.net ag, L=Frankfurt, C=DE
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 105158323961649143261675059370957210288137897982882368398075567460896421730512351351129218695072925445303830065152794594929017968110838209795249871435238567060656353603426816451022832577131638028495007888967083020723809918589055189033188525472465535607293377867184162059586888049098196531889988723950292830313
public exponent: 65537
Validity: [From: Fri Mar 26 11:37:00 CET 2010,
To: Mon Mar 23 11:37:00 CET 2020]
Issuer: [email protected], CN=enxi.norrisdata.net-ca, OU=Certificate Authority, O=ypsilon.net ag, L=Frankfurt, C=DE
SerialNumber: [ 02]
]
Algorithm: [SHA1withRSA]
Signature:
0000: 3A F3 91 84 EA B1 CF 28 7B 52 EC 50 34 56 CB A5 :......(.R.P4V..
...
]
chain [1] = [
[
Version: V1
Subject: [email protected], CN=enxi.norrisdata.net-ca, OU=Certificate Authority, O=ypsilon.net ag, L=Frankfurt, C=DE
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 103786554737956184369138386227517475430156404603922533481712260490997247291004352385079204978431207687092828117962473600295977103686791448953158848873575487907656378655168840104433047747570602454550203304683174555325033654946526304210710782190667961616217273402229863778090825217190222869236148684215668636483
public exponent: 65537
Validity: [From: Fri Mar 26 13:14:36 CET 2010,
To: Mon Mar 23 13:14:36 CET 2020]
Issuer: [email protected], CN=enxi.norrisdata.net-ca, OU=Certificate Authority, O=ypsilon.net ag, L=Frankfurt, C=DE
SerialNumber: [ 94778886 f4ca92c2]
]
Algorithm: [SHA1withRSA]
Signature:
0000: 86 EE 6C 03 20 76 E5 0C C7 1D E5 44 60 C0 D0 40 ..l. v.....D`..@
...
]
***
Found trusted certificate:
[
[
Version: V1
Subject: [email protected], CN=enxi.norrisdata.net, OU=enxi.norrisdata.net, O=ypsilon.net ag, L=Frankfurt, C=DE
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 105158323961649143261675059370957210288137897982882368398075567460896421730512351351129218695072925445303830065152794594929017968110838209795249871435238567060656353603426816451022832577131638028495007888967083020723809918589055189033188525472465535607293377867184162059586888049098196531889988723950292830313
public exponent: 65537
Validity: [From: Fri Mar 26 11:37:00 CET 2010,
To: Mon Mar 23 11:37:00 CET 2020]
Issuer: [email protected], CN=enxi.norrisdata.net-ca, OU=Certificate Authority, O=ypsilon.net ag, L=Frankfurt, C=DE
SerialNumber: [ 02]
]
Algorithm: [SHA1withRSA]
Signature:
0000: 3A F3 91 84 EA B1 CF 28 7B 52 EC 50 34 56 CB A5 :......(.R.P4V..
...
]
[read] MD5 and SHA1 hashes: len = 1378
0000: 0B 00 05 5E 00 05 5B 00 02 A4 30 82 02 A0 30 82 ...^..[...0...0.
...
[Raw read]: length = 5
0000: 16 03 01 00 0E .....
[Raw read]: length = 14
0000: 0D 00 00 06 03 01 02 40 00 00 0E 00 00 00 .......@......
http-8080-Processor25, READ: TLSv1 Handshake, length = 14
*** CertificateRequest
Cert Types: RSA, DSS, Type-64,
Cert Authorities:
[read] MD5 and SHA1 hashes: len = 10
0000: 0D 00 00 06 03 01 02 40 00 00 .......@..
*** ServerHelloDone
[read] MD5 and SHA1 hashes: len = 4
0000: 0E 00 00 00 ....
*** Certificate chain
***
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
Random Secret: { 3, 1, 171, 173, 40, 115, 135, 189, 1, 133, 123, 112, 14, 101, 81, 12, 110, 67, 184, 222, 191, 39, 146, 61, 195, 70, 149, 67, 178, 129, 141, 29, 160, 92, 198, 213, 71, 6, 35, 92, 141, 155, 111, 161, 88, 150, 14, 217 }
[write] MD5 and SHA1 hashes: len = 141
0000: 0B 00 00 03 00 00 00 10 00 00 82 00 80 2F 50 23 ............./P#
...
0080: 32 A0 09 CB 0E AE 42 4F 25 7A AE 41 DF 2.....BO%z.A.
http-8080-Processor25, WRITE: TLSv1 Handshake, length = 141
[Raw write]: length = 146
0000: 16 03 01 00 8D 0B 00 00 03 00 00 00 10 00 00 82 ................
...
0090: 41 DF A.
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 AB AD 28 73 87 BD 01 85 7B 70 0E 65 51 0C ....(s.....p.eQ.
0010: 6E 43 B8 DE BF 27 92 3D C3 46 95 43 B2 81 8D 1D nC...'.=.F.C....
0020: A0 5C C6 D5 47 06 23 5C 8D 9B 6F A1 58 96 0E D9 .\..G.#\..o.X...
CONNECTION KEYGEN:
Client Nonce:
0000: 4D 38 53 92 4A 27 19 8A C9 1D E7 AC D0 56 9F 57 M8S.J'.......V.W
0010: 61 9F 76 45 3C 4C 7E 01 03 71 20 4A 7C C5 E3 64 a.vE<L...q J...d
Server Nonce:
0000: 4D 38 53 92 91 2B 9B 04 40 75 1D 14 9B 68 94 43 [email protected]
0010: 26 BF B0 20 E2 D2 0F D0 26 3E BA 5D A1 66 62 2B &.. ....&>.].fb+
Master Secret:
0000: 13 9A 7A E6 A0 60 FA 39 20 54 B1 5B 11 C0 1C 8E ..z..`.9 T.[....
0010: 0C 1E DD 6D 81 F3 87 BB 55 C5 04 5E EF 92 9D 56 ...m....U..^...V
0020: F8 A5 BE 3C 63 41 49 5D 28 C6 CB 39 2B AC 2B 01 ...<cAI](..9+.+.
Client MAC write Secret:
0000: C6 9B B2 39 8A B2 0D 8E D2 4F ED 8B 41 2A 5E 24 ...9.....O..A*^$
Server MAC write Secret:
0000: 0F EC E3 F0 A0 23 B0 06 3A E1 27 17 51 D5 63 D4 .....#..:.'.Q.c.
Client write key:
0000: 84 00 3C F3 A6 64 8B FC EC 24 34 E5 98 37 2D 4B ..<..d...$4..7-K
Server write key:
0000: 15 71 17 98 7F BF 96 CF B5 84 0D 27 53 92 FA D6 .q.........'S...
... no IV for cipher
http-8080-Processor25, WRITE: TLSv1 Change Cipher Spec, length = 1
[Raw write]: length = 6
0000: 14 03 01 00 01 01 ......
*** Finished
verify_data: { 242, 229, 163, 78, 24, 68, 97, 187, 238, 159, 79, 121 }
***
[write] MD5 and SHA1 hashes: len = 16
0000: 14 00 00 0C F2 E5 A3 4E 18 44 61 BB EE 9F 4F 79 .......N.Da...Oy
Padded plaintext before ENCRYPTION: len = 32
0000: 14 00 00 0C F2 E5 A3 4E 18 44 61 BB EE 9F 4F 79 .......N.Da...Oy
0010: 7D 95 FF FE 93 4D C5 18 4B C0 DD 31 EB 12 39 DF .....M..K..1..9.
http-8080-Processor25, WRITE: TLSv1 Handshake, length = 32
[Raw write]: length = 37
0000: 16 03 01 00 20 43 6D 0D E1 CD D5 D7 7A 9C 25 61 .... Cm.....z.%a
0010: 1A 58 2C E4 3E 18 EB B1 C9 80 9C C5 E7 30 E5 23 .X,.>........0.#
0020: 6E 10 C9 2A AE n..*.
[Raw read]: length = 5
0000: 15 03 01 00 02 .....
[Raw read]: length = 2
0000: 02 28 .(
http-8080-Processor25, READ: TLSv1 Alert, length = 2
http-8080-Processor25, RECV TLSv1 ALERT: fatal, handshake_failure
http-8080-Processor25, called closeSocket()
http-8080-Processor25, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
http-8080-Processor25, called close()
http-8080-Processor25, called closeInternal(true)
http-8080-Processor25, called close()
http-8080-Processor25, called closeInternal(true)
http-8080-Processor25, called close()
http-8080-Processor25, called closeInternal(true)
Qu'est-ce que cela signifie? Quelle est la signification du message "non IV pour le chiffrement"?
EDIT: Après un peu d'enquête, j'ai trouvé une erreur stupide-keystore n'était pas chargé du tout car la propriété javax.net.ssl.keyStore n'était pas définie correctement. Cependant, maintenant je reçois une exception de réinitialisation de connexion et je reçois toujours "pas d'IV pour le chiffrement"... donc, je pose fondamentalement la même question à nouveau ici.
2
1 answers
no IV pour le chiffrement indique que le chiffrement utilisé ne nécessite pas d'IV (RC4 est l'un de ces chiffrement, et probablement celui choisi ici).
Edit Selon le commentaire de GregS, ce a handshake_failure pourrait être causé par le serveur demandant l'authentification du client et le client ne fournissant pas de certificat.
3
Author: Jumbogram, 2011-01-20 02:40:00