Uploaded image for project: 'QuickFIX/J'
  1. QuickFIX/J
  2. QFJ-970

SSL hand shake failed

          Details

          • Type: Bug
          • Status: Closed
          • Priority: Major
          • Resolution: Not a bug
          • Affects Version/s: 2.0.0
          • Fix Version/s: None
          • Component/s: Networking
          • Labels:
          • Environment:
            JDK8

            Description

            Our side it's client side, we only receive the messages from the server side, not sending any mesages from our side. So server side give us one certificate to use the SSL encryption(we generate the trust store by our selfservles), in our dev env and UAT env is good. But for the production it's bad.

            Then we try to resolve the issue, we find when prod env validate the keyusage, client and server side decide to use RSA, RSA need to validate the 3 key usages, but our certification only have 1 key usage. The SSL hand shake failed.

            Error Class: X509TrustManagerWrapper, method: checkServerTrusted()

            Could you please help to check this issue? Thank you for your help.

            ERROR MESSAGE:
            adding as trusted cert:
            Subject: CN=Root Certification Authority, OU=Sysadmin Team, O=360 Treasury Systems AG, C=DE
            Issuer: CN=Root Certification Authority, OU=Sysadmin Team, O=360 Treasury Systems AG, C=DE
            Algorithm: RSA; Serial number: 0x2ec09da74e9247da
            Valid from Fri Dec 23 22:04:34 CST 2016 until Mon Dec 23 22:04:34 CST 2030

            adding as trusted cert:
            Subject: CN=Issuing Certification Authority, OU=Sysadmin Team, O=360 Treasury Systems AG, C=DE
            Issuer: CN=Root Certification Authority, OU=Sysadmin Team, O=360 Treasury Systems AG, C=DE
            Algorithm: RSA; Serial number: 0x4158dfbd6b0a96bb
            Valid from Fri Dec 23 22:05:53 CST 2016 until Sat Dec 23 22:05:53 CST 2023

            trigger seeding of SecureRandom
            done seeding SecureRandom
            Using SSLEngineImpl.
            Allow unsafe renegotiation: false
            Allow legacy hello messages: true
            Is initial handshake: true
            Is secure renegotiation: false
            %% No cached client session

                • ClientHello, TLSv1.2
                  RandomCookie: GMT: 1526460512 bytes = { 58, 213, 205, 241, 212, 73, 219, 161, 144, 98, 52, 91, 241, 165, 108, 180, 251, 112, 36, 206, 93, 44, 219, 44, 154, 111, 191, 171 }

                  Session ID: {}
                  Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
                  Compression Methods:

                  { 0 }

                  Extension elliptic_curves, curve names:

                  {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}

                  Extension ec_point_formats, formats: [uncompressed]
                  Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA224withECDSA, SHA224withRSA, SHA224withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA
                  ***
                  [write] MD5 and SHA1 hashes: len = 239
                  0000: 01 00 00 EB 03 03 5B FC F0 60 3A D5 CD F1 D4 49 ......[..`:....I
                  0010: DB A1 90 62 34 5B F1 A5 6C B4 FB 70 24 CE 5D 2C ...b4[..l..p$.],
                  0020: DB 2C 9A 6F BF AB 00 00 64 C0 24 C0 28 00 3D C0 .,.o....d.$.(.=.
                  0030: 26 C0 2A 00 6B 00 6A C0 0A C0 14 00 35 C0 05 C0 &.*.k.j.....5...
                  0040: 0F 00 39 00 38 C0 23 C0 27 00 3C C0 25 C0 29 00 ..9.8.#.'.<.%.).
                  0050: 67 00 40 C0 09 C0 13 00 2F C0 04 C0 0E 00 33 00 g.@...../.....3.
                  0060: 32 C0 2C C0 2B C0 30 00 9D C0 2E C0 32 00 9F 00 2.,.+.0.....2...
                  0070: A3 C0 2F 00 9C C0 2D C0 31 00 9E 00 A2 C0 08 C0 ../...-.1.......
                  0080: 12 00 0A C0 03 C0 0D 00 16 00 13 00 FF 01 00 00 ................
                  0090: 5E 00 0A 00 34 00 32 00 17 00 01 00 03 00 13 00 ^...4.2.........
                  00A0: 15 00 06 00 07 00 09 00 0A 00 18 00 0B 00 0C 00 ................
                  00B0: 19 00 0D 00 0E 00 0F 00 10 00 11 00 02 00 12 00 ................
                  00C0: 04 00 05 00 14 00 08 00 16 00 0B 00 02 01 00 00 ................
                  00D0: 0D 00 1C 00 1A 06 03 06 01 05 03 05 01 04 03 04 ................
                  00E0: 01 04 02 03 03 03 01 03 02 02 03 02 01 02 02 ...............
                  NioProcessor-2, WRITE: TLSv1.2 Handshake, length = 239
                  [Raw write]: length = 244
                  0000: 16 03 03 00 EF 01 00 00 EB 03 03 5B FC F0 60 3A ...........[..`:
                  0010: D5 CD F1 D4 49 DB A1 90 62 34 5B F1 A5 6C B4 FB ....I...b4[..l..
                  0020: 70 24 CE 5D 2C DB 2C 9A 6F BF AB 00 00 64 C0 24 p$.],.,.o....d.$
                  0030: C0 28 00 3D C0 26 C0 2A 00 6B 00 6A C0 0A C0 14 .(.=.&.*.k.j....
                  0040: 00 35 C0 05 C0 0F 00 39 00 38 C0 23 C0 27 00 3C .5.....9.8.#.'.<
                  0050: C0 25 C0 29 00 67 00 40 C0 09 C0 13 00 2F C0 04 .%.).g.@...../..
                  0060: C0 0E 00 33 00 32 C0 2C C0 2B C0 30 00 9D C0 2E ...3.2.,.+.0....
                  0070: C0 32 00 9F 00 A3 C0 2F 00 9C C0 2D C0 31 00 9E .2...../...-.1..
                  0080: 00 A2 C0 08 C0 12 00 0A C0 03 C0 0D 00 16 00 13 ................
                  0090: 00 FF 01 00 00 5E 00 0A 00 34 00 32 00 17 00 01 .....^...4.2....
                  00A0: 00 03 00 13 00 15 00 06 00 07 00 09 00 0A 00 18 ................
                  00B0: 00 0B 00 0C 00 19 00 0D 00 0E 00 0F 00 10 00 11 ................
                  00C0: 00 02 00 12 00 04 00 05 00 14 00 08 00 16 00 0B ................
                  00D0: 00 02 01 00 00 0D 00 1C 00 1A 06 03 06 01 05 03 ................
                  00E0: 05 01 04 03 04 01 04 02 03 03 03 01 03 02 02 03 ................
                  00F0: 02 01 02 02 ....
                  [Raw read]: length = 5
                  0000: 16 03 03 00 51 ....Q
                  [Raw read]: length = 81
                  0000: 02 00 00 4D 03 03 5B FC F0 60 AE 8D 17 B5 8E 84 ...M..[..`......
                  0010: CF D5 5C 73 E2 E2 9F 4C 6E DE 5A F6 70 84 DC 26 ..\s...Ln.Z.p..&
                  0020: BD 46 7C D7 F9 1B 20 B7 8F 74 A3 FE 3A 4A CA 76 .F.... ..t..:J.v
                  0030: 42 16 15 1C 42 05 DF 71 05 EC D2 19 06 51 B2 37 B...B..q.....Q.7
                  0040: D3 45 74 78 DA EE 45 00 3D 00 00 05 FF 01 00 01 .Etx..E.=.......
                  0050: 00 .
                  NioProcessor-2, READ: TLSv1.2 Handshake, length = 81

                • ServerHello, TLSv1.2
                  RandomCookie: GMT: 1526460512 bytes = { 174, 141, 23, 181, 142, 132, 207, 213, 92, 115, 226, 226, 159, 76, 110, 222, 90, 246, 112, 132, 220, 38, 189, 70, 124, 215, 249, 27 }

                  Session ID:

                  {183, 143, 116, 163, 254, 58, 74, 202, 118, 66, 22, 21, 28, 66, 5, 223, 113, 5, 236, 210, 25, 6, 81, 178, 55, 211, 69, 116, 120, 218, 238, 69}

                  Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA256
                  Compression Method: 0
                  Extension renegotiation_info, renegotiated_connection: <empty>
                  ***
                  %% Initialized: [Session-1, TLS_RSA_WITH_AES_256_CBC_SHA256]

              • TLS_RSA_WITH_AES_256_CBC_SHA256
                [read] MD5 and SHA1 hashes: len = 81
                0000: 02 00 00 4D 03 03 5B FC F0 60 AE 8D 17 B5 8E 84 ...M..[..`......
                0010: CF D5 5C 73 E2 E2 9F 4C 6E DE 5A F6 70 84 DC 26 ..\s...Ln.Z.p..&
                0020: BD 46 7C D7 F9 1B 20 B7 8F 74 A3 FE 3A 4A CA 76 .F.... ..t..:J.v
                0030: 42 16 15 1C 42 05 DF 71 05 EC D2 19 06 51 B2 37 B...B..q.....Q.7
                0040: D3 45 74 78 DA EE 45 00 3D 00 00 05 FF 01 00 01 .Etx..E.=.......
                0050: 00 .
                [Raw read]: length = 5
                0000: 16 03 03 06 17 .....
                [Raw read]: length = 1559
                0000: 0B 00 06 13 00 06 10 00 06 0D 30 82 06 09 30 82 ..........0...0.
                0010: 03 F1 A0 03 02 01 02 02 08 08 86 A7 7C 19 C2 57 ...............W
                0020: F7 30 0D 06 09 2A 86 48 86 F7 0D 01 01 0B 05 00 .0...*.H........
                0030: 30 71 31 0B 30 09 06 03 55 04 06 13 02 44 45 31 0q1.0...U....DE1
                0040: 20 30 1E 06 03 55 04 0A 0C 17 33 36 30 20 54 72 0...U....360 Tr
                0050: 65 61 73 75 72 79 20 53 79 73 74 65 6D 73 20 41 easury Systems A
                0060: 47 31 16 30 14 06 03 55 04 0B 0C 0D 53 79 73 61 G1.0...U....Sysa
                0070: 64 6D 69 6E 20 54 65 61 6D 31 28 30 26 06 03 55 dmin Team1(0&..U
                0080: 04 03 0C 1F 49 73 73 75 69 6E 67 20 43 65 72 74 ....Issuing Cert
                0090: 69 66 69 63 61 74 69 6F 6E 20 41 75 74 68 6F 72 ification Author
                00A0: 69 74 79 30 1E 17 0D 31 37 30 37 32 35 30 37 31 ity0...170725071
                00B0: 32 31 35 5A 17 0D 31 39 30 37 32 35 30 37 31 32 215Z..1907250712
                00C0: 31 35 5A 30 81 95 31 0B 30 09 06 03 55 04 06 13 15Z0..1.0...U...
                00D0: 02 44 45 31 0F 30 0D 06 03 55 04 08 0C 06 48 65 .DE1.0...U....He
                00E0: 73 73 65 6E 31 1A 30 18 06 03 55 04 07 0C 11 46 ssen1.0...U....F
                00F0: 72 61 6E 6B 66 75 72 74 20 61 6D 20 4D 61 69 6E rankfurt am Main
                0100: 31 20 30 1E 06 03 55 04 0A 0C 17 33 36 30 20 54 1 0...U....360 T
                0110: 72 65 61 73 75 72 79 20 53 79 73 74 65 6D 73 20 reasury Systems
                0120: 41 47 31 16 30 14 06 03 55 04 0B 0C 0D 53 79 73 AG1.0...U....Sys
                0130: 61 64 6D 69 6E 20 54 65 61 6D 31 1F 30 1D 06 03 admin Team1.0...
                0140: 55 04 03 0C 16 33 36 30 54 20 50 72 6F 64 20 53 U....360T Prod S
                0150: 53 4C 20 45 6E 64 70 6F 69 6E 74 30 82 01 22 30 SL Endpoint0.."0
                0160: 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 82 ...*.H..........
                0170: 01 0F 00 30 82 01 0A 02 82 01 01 00 BB D7 1C EE ...0............
                0180: 6B 4D F3 B8 25 8D 65 6E 92 FE 28 14 BE AA 07 BD kM..%.en..(.....
                0190: C1 96 96 74 14 29 75 EA 9E 8D 64 FF 76 A5 BB 51 ...t.)u...d.v..Q
                01A0: BC 47 F0 36 40 88 F9 8F 90 6C 98 F9 3B EA 6E 81 [email protected]..;.n.
                01B0: F2 08 EA AF 06 E1 01 5E 71 23 E7 86 E0 27 FB D5 .......^q#...'..
                01C0: E8 2F AF 08 6A F5 DF 99 2B CF E7 FC 03 34 31 6D ./..j...+....41m
                01D0: 2F BA CA 60 40 74 29 37 5A 0D A6 AC 9F 6B 54 86 /..`@t)7Z....kT.
                01E0: 59 21 05 8C 34 5D DC B0 F0 86 BB BA 93 8B 16 34 Y!..4].........4
                01F0: F6 65 51 12 E8 DE F1 7D F2 54 79 65 5F EC 41 CB .eQ......Tye_.A.
                0200: E8 9F BF 3E 34 CA A6 92 AC FE 5C 92 A7 7A 1D 52 ...>4.....\..z.R
                0210: B2 E9 82 DA CA D7 BA C4 73 85 1A 18 B9 A4 57 30 ........s.....W0
                0220: FD 77 9C AB 7C DE 5D 0B 03 78 6A 5D D2 C8 68 39 .w....]..xj]..h9
                0230: 19 F0 4E 4B C0 B1 84 D1 EE DE 9A A1 F0 4F E7 85 ..NK.........O..
                0240: 1A B5 C0 A6 C6 76 5C 31 F2 8B D6 EC DF 07 E7 05 .....v\1........
                0250: 2F 77 DC 9C 29 31 1C 01 ED 61 EE BF 1B DF BB 8C /w..)1...a......
                0260: 52 19 D6 A0 AB 77 04 FB 34 BF 76 D9 8F 55 BC C8 R....w..4.v..U..
                0270: 8E F5 46 1D 6E 2D 13 D1 B9 5E 90 91 02 03 01 00 ..F.n-...^......
                0280: 01 A3 82 01 7E 30 82 01 7A 30 0C 06 03 55 1D 13 .....0..z0...U..
                0290: 01 01 FF 04 02 30 00 30 1F 06 03 55 1D 23 04 18 .....0.0...U.#..
                02A0: 30 16 80 14 E4 4B DF C0 AA 47 AD B3 B9 4A A6 29 0....K...G...J.)
                02B0: E5 42 9C F3 3F E7 13 43 30 4C 06 08 2B 06 01 05 .B..?..C0L..+...
                02C0: 05 07 01 01 04 40 30 3E 30 3C 06 08 2B 06 01 05 .....@0>0<..+...
                02D0: 05 07 30 02 86 30 68 74 74 70 3A 2F 2F 70 6B 69 ..0..0http://pki
                02E0: 2E 33 36 30 74 2E 63 6F 6D 2F 63 65 72 74 73 2F .360t.com/certs/
                02F0: 33 36 30 74 2D 73 75 62 72 6F 6F 74 2D 63 61 2D 360t-subroot-ca-
                0300: 30 31 2E 63 65 72 30 3F 06 03 55 1D 20 04 38 30 01.cer0?..U. .80
                0310: 36 30 34 06 08 2A 82 14 82 68 01 02 04 30 28 30 604..*...h...0(0
                0320: 26 06 08 2B 06 01 05 05 07 02 01 16 1A 68 74 74 &..+.........htt
                0330: 70 3A 2F 2F 70 6B 69 2E 33 36 30 74 2E 63 6F 6D p://pki.360t.com
                0340: 2F 70 6F 6C 69 63 79 30 1D 06 03 55 1D 25 04 16 /policy0...U.%..
                0350: 30 14 06 08 2B 06 01 05 05 07 03 02 06 08 2B 06 0.............
                0360: 01 05 05 07 03 01 30 3F 06 03 55 1D 1F 04 38 30 ......0?..U...80
                0370: 36 30 34 A0 32 A0 30 86 2E 68 74 74 70 3A 2F 2F 604.2.0..http://
                0380: 70 6B 69 2E 33 36 30 74 2E 63 6F 6D 2F 63 72 6C pki.360t.com/crl
                0390: 2F 33 36 30 74 2D 73 75 62 72 6F 6F 74 2D 63 61 /360t-subroot-ca
                03A0: 2D 30 31 2E 63 72 6C 30 1D 06 03 55 1D 0E 04 16 -01.crl0...U....
                03B0: 04 14 50 6B 3A 75 C0 DE 02 2D 53 3D BF CD 09 84 ..Pk:u...-S=....
                03C0: 98 86 82 AE 30 10 30 2B 06 03 55 1D 10 04 24 30 ....0.0+..U...$0
                03D0: 22 80 0F 32 30 31 37 30 37 32 35 30 37 31 32 31 "..2017072507121
                03E0: 35 5A 81 0F 32 30 31 38 30 37 32 35 30 37 31 32 5Z..201807250712
                03F0: 31 35 5A 30 0E 06 03 55 1D 0F 01 01 FF 04 04 03 15Z0...U........
                0400: 02 07 80 30 0D 06 09 2A 86 48 86 F7 0D 01 01 0B ...0...*.H......
                0410: 05 00 03 82 02 01 00 13 50 BA 85 34 92 93 1D 22 ........P..4..."
                0420: 75 A9 FD 28 24 A7 47 17 90 0C 8B 59 05 2A F9 F0 u..($.G....Y.*..
                0430: F8 7D 99 4F 8F 75 BF D1 C4 3F E7 A7 98 CE D3 58 ...O.u...?.....X
                0440: 88 13 83 E5 EB 3E 60 4E 83 AA 80 FC 2E 7B 01 60 .....>`N.......`
                0450: 07 83 A6 C1 31 DB E1 0A C5 43 EE 27 17 08 8F 4F ....1....C.'...O
                0460: 8B AB 65 7A D7 C8 D3 AD A8 75 B7 62 E7 53 01 DC ..ez.....u.b.S..
                0470: 33 BB B7 2C 96 D5 3F 20 FC 69 FE 3D C1 5E CB 44 3..,..? .i.=.^.D
                0480: AB F8 BE 7B 99 01 79 BB 57 A4 94 D1 C5 11 04 65 ......y.W......e
                0490: 75 8D F8 F0 9F A6 2C E4 8A 51 B0 01 9D 2F DF 31 u.....,..Q.../.1
                04A0: 9A B8 8E D7 3C B4 62 76 3C DD 2A 0C 35 F2 C7 0B ....<.bv<.*.5...
                04B0: 20 D5 58 73 06 20 3C D1 6B 63 96 37 6E EA 1B 65 .Xs. <.kc.7n..e
                04C0: BF 6B 5E AB 4C CA D6 91 7E CD BC ED 84 CC B9 D9 .k^.L...........
                04D0: AB 25 80 93 28 FD 85 FE 21 8E 0F 2D 3D 22 91 05 .%..(...!..-="..
                04E0: A7 59 72 03 20 E8 D6 10 7E CF B0 34 7F 79 3B 47 .Yr. ......4.y;G
                04F0: C5 10 C1 09 EC FC 4A 3E BC 21 F0 FB 7F CF 4C C0 ......J>.!....L.
                0500: 4B 98 1B 7E 3B 06 92 51 73 F4 35 60 D8 7B 72 42 K...;..Qs.5`..rB
                0510: 87 3F BF 9D 4A 55 EB 40 24 57 F6 16 7B 4E 39 BB .?..JU.@$W...N9.
                0520: E5 61 40 C2 D9 2B A7 5B 81 09 C2 69 35 F8 A1 A2 .a@..+.[...i5...
                0530: A7 BA 67 42 7C A3 C5 E6 9E AC 3A C3 8C 6F EB 53 ..gB......:..o.S
                0540: 0A 65 39 67 64 C6 EC 7B 57 7B 9E 54 AE E4 2E A3 .e9gd...W..T....
                0550: 05 E9 0B 10 97 BF BC 47 CA F6 C7 1B 24 A6 CD D9 .......G....$...
                0560: B7 B7 6F A1 D0 31 21 F4 F7 1D E6 42 1C 53 E5 22 ..o..1!....B.S."
                0570: F6 D4 67 36 B0 0B 5C 69 7A B3 F3 31 F3 DA 48 DB ..g6..\iz..1..H.
                0580: EF 7A 1B 99 A4 AE 65 4E 5A 3D 5B 87 9D 1C A6 1A .z....eNZ=[.....
                0590: 1C 07 0D 8A 79 15 AD D1 8D 87 22 6A D2 2B D3 DC ....y....."j.+..
                05A0: 9C 55 05 FB 88 7B 91 15 ED EE 30 30 DE A6 79 B8 .U........00..y.
                05B0: E9 49 B7 AA DA CB 3C 4C 4E FE FB 44 93 F6 15 9A .I....<LN..D....
                05C0: 04 A9 18 E1 51 82 05 CE 43 4E 99 C7 14 FA 1B 8C ....Q...CN......
                05D0: F6 D8 2C 88 E7 33 98 02 4A 0E 41 C0 F5 88 6E 57 ..,..3..J.A...nW
                05E0: CF 59 F8 14 7F E0 51 DA 28 4E 39 C6 D1 0C B6 05 .Y....Q.(N9.....
                05F0: A1 72 9C 7D 68 6F E0 D5 F9 F3 0B 87 7E AF 79 EC .r..ho........y.
                0600: C1 46 68 BC CE 91 98 47 1C F8 9D 02 CF 82 27 D2 .Fh....G......'.
                0610: 64 1D FC C8 DC F2 C8 d......
                NioProcessor-2, READ: TLSv1.2 Handshake, length = 1559
                • Certificate chain
                  chain [0] = [
                  [
                  Version: V3
                  Subject: CN=360T Prod SSL Endpoint, OU=Sysadmin Team, O=360 Treasury Systems AG, L=Frankfurt am Main, ST=Hessen, C=DE
                  Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11

            Key: Sun RSA public key, 2048 bits
            modulus: 23712639208870547784934191030619387186574960001448184563206627792919596794770863916315542403970126901173207460879435287069014771623470331049929375045431124035167295456775590846384585558930676280801332442931483209242576237017576066124335085690849009132657890501481937293890660164877270727104316253459785959195876890654110642093619312253053142562293031483654484631881868891371699187919798922793667210760211106397007627967008550144244902921525222408109884089361945984512779871487391974953810469509555802158583127744803376858365706377038448938877003235243384520886173915777511443225158149320165300692093957485459943624849
            public exponent: 65537
            Validity: [From: Tue Jul 25 15:12:15 CST 2017,
            To: Thu Jul 25 15:12:15 CST 2019]
            Issuer: CN=Issuing Certification Authority, OU=Sysadmin Team, O=360 Treasury Systems AG, C=DE
            SerialNumber: [ 0886a77c 19c257f7]

            Certificate Extensions: 7
            [1]: ObjectId: 2.5.29.35 Criticality=false
            AuthorityKeyIdentifier [
            KeyIdentifier [
            0000: E4 4B DF C0 AA 47 AD B3 B9 4A A6 29 E5 42 9C F3 .K...G...J.).B..
            0010: 3F E7 13 43 ?..C
            ]
            ]

            [2]: ObjectId: 2.5.29.19 Criticality=true
            BasicConstraints:[
            CA:false
            PathLen: undefined
            ]

            [3]: ObjectId: 2.5.29.32 Criticality=false
            CertificatePolicies [
            [CertificatePolicyId: [1.2.276.360.1.2.4]
            [PolicyQualifierInfo: [
            qualifierID: 1.3.6.1.5.5.7.2.1
            qualifier: 0000: 16 1A 68 74 74 70 3A 2F 2F 70 6B 69 2E 33 36 30 ..http://pki.360
            0010: 74 2E 63 6F 6D 2F 70 6F 6C 69 63 79 t.com/policy

            ]] ]
            ]

            [4]: ObjectId: 2.5.29.37 Criticality=false
            ExtendedKeyUsages [
            clientAuth
            serverAuth
            ]

            [5]: ObjectId: 2.5.29.15 Criticality=true
            KeyUsage [
            DigitalSignature
            ]

            [6]: ObjectId: 2.5.29.16 Criticality=false
            PrivateKeyUsage: [
            From: Tue Jul 25 15:12:15 CST 2017, To: Wed Jul 25 15:12:15 CST 2018]

            [7]: ObjectId: 2.5.29.14 Criticality=false
            SubjectKeyIdentifier [
            KeyIdentifier [
            0000: 50 6B 3A 75 C0 DE 02 2D 53 3D BF CD 09 84 98 86 Pk:u...-S=......
            0010: 82 AE 30 10 ..0.
            ]
            ]

            Unparseable certificate extensions: 2
            [1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
            Unparseable AuthorityInfoAccess extension due to
            java.io.IOException: invalid URI name (host portion is not a valid DNS name, IPv4 address, or IPv6 address):http://pki.360t.com/certs/360t-subroot-ca-01.cer

            0000: 30 3E 30 3C 06 08 2B 06 01 05 05 07 30 02 86 30 0>0<..+.....0..0
            0010: 68 74 74 70 3A 2F 2F 70 6B 69 2E 33 36 30 74 2E http://pki.360t.
            0020: 63 6F 6D 2F 63 65 72 74 73 2F 33 36 30 74 2D 73 com/certs/360t-s
            0030: 75 62 72 6F 6F 74 2D 63 61 2D 30 31 2E 63 65 72 ubroot-ca-01.cer

            [2]: ObjectId: 2.5.29.31 Criticality=false
            Unparseable CRLDistributionPoints extension due to
            java.io.IOException: invalid URI name (host portion is not a valid DNS name, IPv4 address, or IPv6 address):http://pki.360t.com/crl/360t-subroot-ca-01.crl

            0000: 30 36 30 34 A0 32 A0 30 86 2E 68 74 74 70 3A 2F 0604.2.0..http:/
            0010: 2F 70 6B 69 2E 33 36 30 74 2E 63 6F 6D 2F 63 72 /pki.360t.com/cr
            0020: 6C 2F 33 36 30 74 2D 73 75 62 72 6F 6F 74 2D 63 l/360t-subroot-c
            0030: 61 2D 30 31 2E 63 72 6C a-01.crl

            ]
            Algorithm: [SHA256withRSA]
            Signature:
            0000: 13 50 BA 85 34 92 93 1D 22 75 A9 FD 28 24 A7 47 .P..4..."u..($.G
            0010: 17 90 0C 8B 59 05 2A F9 F0 F8 7D 99 4F 8F 75 BF ....Y.*.....O.u.
            0020: D1 C4 3F E7 A7 98 CE D3 58 88 13 83 E5 EB 3E 60 ..?.....X.....>`
            0030: 4E 83 AA 80 FC 2E 7B 01 60 07 83 A6 C1 31 DB E1 N.......`....1..
            0040: 0A C5 43 EE 27 17 08 8F 4F 8B AB 65 7A D7 C8 D3 ..C.'...O..ez...
            0050: AD A8 75 B7 62 E7 53 01 DC 33 BB B7 2C 96 D5 3F ..u.b.S..3..,..?
            0060: 20 FC 69 FE 3D C1 5E CB 44 AB F8 BE 7B 99 01 79 .i.=.^.D......y
            0070: BB 57 A4 94 D1 C5 11 04 65 75 8D F8 F0 9F A6 2C .W......eu.....,
            0080: E4 8A 51 B0 01 9D 2F DF 31 9A B8 8E D7 3C B4 62 ..Q.../.1....<.b
            0090: 76 3C DD 2A 0C 35 F2 C7 0B 20 D5 58 73 06 20 3C v<.*.5... .Xs. <
            00A0: D1 6B 63 96 37 6E EA 1B 65 BF 6B 5E AB 4C CA D6 .kc.7n..e.k^.L..
            00B0: 91 7E CD BC ED 84 CC B9 D9 AB 25 80 93 28 FD 85 ..........%..(..
            00C0: FE 21 8E 0F 2D 3D 22 91 05 A7 59 72 03 20 E8 D6 .!..-="...Yr. ..
            00D0: 10 7E CF B0 34 7F 79 3B 47 C5 10 C1 09 EC FC 4A ....4.y;G......J
            00E0: 3E BC 21 F0 FB 7F CF 4C C0 4B 98 1B 7E 3B 06 92 >.!....L.K...;..
            00F0: 51 73 F4 35 60 D8 7B 72 42 87 3F BF 9D 4A 55 EB Qs.5`..rB.?..JU.
            0100: 40 24 57 F6 16 7B 4E 39 BB E5 61 40 C2 D9 2B A7 @$W...N9..a@..+.
            0110: 5B 81 09 C2 69 35 F8 A1 A2 A7 BA 67 42 7C A3 C5 [...i5.....gB...
            0120: E6 9E AC 3A C3 8C 6F EB 53 0A 65 39 67 64 C6 EC ...:..o.S.e9gd..
            0130: 7B 57 7B 9E 54 AE E4 2E A3 05 E9 0B 10 97 BF BC .W..T...........
            0140: 47 CA F6 C7 1B 24 A6 CD D9 B7 B7 6F A1 D0 31 21 G....$.....o..1!
            0150: F4 F7 1D E6 42 1C 53 E5 22 F6 D4 67 36 B0 0B 5C ....B.S."..g6..\
            0160: 69 7A B3 F3 31 F3 DA 48 DB EF 7A 1B 99 A4 AE 65 iz..1..H..z....e
            0170: 4E 5A 3D 5B 87 9D 1C A6 1A 1C 07 0D 8A 79 15 AD NZ=[.........y..
            0180: D1 8D 87 22 6A D2 2B D3 DC 9C 55 05 FB 88 7B 91 ..."j.+...U.....
            0190: 15 ED EE 30 30 DE A6 79 B8 E9 49 B7 AA DA CB 3C ...00..y..I....<
            01A0: 4C 4E FE FB 44 93 F6 15 9A 04 A9 18 E1 51 82 05 LN..D........Q..
            01B0: CE 43 4E 99 C7 14 FA 1B 8C F6 D8 2C 88 E7 33 98 .CN........,..3.
            01C0: 02 4A 0E 41 C0 F5 88 6E 57 CF 59 F8 14 7F E0 51 .J.A...nW.Y....Q
            01D0: DA 28 4E 39 C6 D1 0C B6 05 A1 72 9C 7D 68 6F E0 .(N9......r..ho.
            01E0: D5 F9 F3 0B 87 7E AF 79 EC C1 46 68 BC CE 91 98 .......y..Fh....
            01F0: 47 1C F8 9D 02 CF 82 27 D2 64 1D FC C8 DC F2 C8 G......'.d......

            ]
            ***
            NioProcessor-2, fatal error: 46: General SSLEngine problem
            sun.security.validator.ValidatorException: KeyUsage does not allow key encipherment
            %% Invalidated: [Session-1, TLS_RSA_WITH_AES_256_CBC_SHA256]
            NioProcessor-2, SEND TLSv1.2 ALERT: fatal, description = certificate_unknown
            NioProcessor-2, WRITE: TLSv1.2 Alert, length = 2
            NioProcessor-2, fatal: engine already closed. Rethrowing javax.net.ssl.SSLHandshakeException: General SSLEngine problem
            NioProcessor-2, called closeOutbound()
            NioProcessor-2, closeOutboundInternal()
            [Raw write]: length = 7
            0000: 15 03 03 00 02 02 2E .......
            NioProcessor-2, called closeInbound()
            NioProcessor-2, fatal: engine already closed. Rethrowing javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?
            NioProcessor-2, called closeOutbound()
            NioProcessor-2, closeOutboundInternal()

              Attachments

                Activity

                  People

                  • Assignee:
                    Unassigned
                    Reporter:
                    Harry dai, lianjie
                  • Votes:
                    0 Vote for this issue
                    Watchers:
                    2 Start watching this issue

                    Dates

                    • Created:
                      Updated:
                      Resolved: