users@grizzly.java.net

Re: Trying to establish SSL connection - Fails in handshake

From: Oleksiy Stashok <oleksiy.stashok_at_oracle.com>
Date: Wed, 21 Jan 2015 21:57:53 -0800

Hi,

unfortunately I can't reproduce the problem locally.
How do you run the sample server, do you use maven?
Can you pls. share the entire server SSL log, not only handshake.

Thank you.

WBR,
Alexey.

On 21.01.15 01:58, Siman Tov Gal wrote:
>
> Hi Alexey.
>
> I have run the SSLEchoServer along with the SSLEchoClient (As taken
> from the Grizzly samples).
>
> I have added to the SSLEchoServer runtime execution the
> -Djavax.net.debug=all .
>
> I got the following output during the handshake :
>
> trustStore is: C:\jdk1.7.0_72\jre\lib\security\cacerts
>
> trustStore type is : jks
>
> trustStore provider is :
>
> init truststore
>
> trigger seeding of SecureRandom
>
> done seeding SecureRandom
>
> Press any key to stop the server...
>
> Using SSLEngineImpl.
>
> Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
>
> Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
>
> Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
>
> Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
>
> Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
>
> Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
>
> Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
>
> Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
>
> Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
>
> Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
>
> Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
>
> Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
>
> Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
>
> Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
>
> Allow unsafe renegotiation: false
>
> Allow legacy hello messages: true
>
> Is initial handshake: true
>
> Is secure renegotiation: false
>
> Ignoring unsupported cipher suite:
> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
>
> Ignoring unsupported cipher suite:
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
>
> Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for
> SSLv2Hello
>
> Ignoring unsupported cipher suite:
> TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
>
> Ignoring unsupported cipher suite:
> TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
>
> Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
> for SSLv2Hello
>
> Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
> for SSLv2Hello
>
> Ignoring unsupported cipher suite:
> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv3
>
> Ignoring unsupported cipher suite:
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
>
> Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for
> SSLv3
>
> Ignoring unsupported cipher suite:
> TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv3
>
> Ignoring unsupported cipher suite:
> TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
>
> Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
> for SSLv3
>
> Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
> for SSLv3
>
> Ignoring unsupported cipher suite:
> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
>
> Ignoring unsupported cipher suite:
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
>
> Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for
> TLSv1
>
> Ignoring unsupported cipher suite:
> TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
>
> Ignoring unsupported cipher suite:
> TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
>
> Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
> for TLSv1
>
> Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
> for TLSv1
>
> Ignoring unsupported cipher suite:
> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
>
> Ignoring unsupported cipher suite:
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
>
> Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for
> TLSv1.1
>
> Ignoring unsupported cipher suite:
> TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
>
> Ignoring unsupported cipher suite:
> TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
>
> Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
> for TLSv1.1
>
> Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
> for TLSv1.1
>
> [Raw read]: length = 5
>
> 0000: 16 03 01 00 95 .....
>
> [Raw read]: length = 149
>
> 0000: 01 00 00 91 03 01 54 BF 77 2F A6 34 EF B4 AD CA ......T.w/.4....
>
> 0010: 49 27 25 DD 7A CA 3E EF A9 9E 60 33 15 0C 81 A0 I'%.z.>...`3....
>
> 0020: 8B 12 9D B1 B4 7C 00 00 2A C0 09 C0 13 00 2F C0 ........*...../.
>
> 0030: 04 C0 0E 00 33 00 32 C0 08 C0 12 00 0A C0 03 C0 ....3.2.........
>
> 0040: 0D 00 16 00 13 C0 07 C0 11 00 05 C0 02 C0 0C 00 ................
>
> 0050: 04 00 FF 01 00 00 3E 00 0A 00 34 00 32 00 17 00 ......>...4.2...
>
> 0060: 01 00 03 00 13 00 15 00 06 00 07 00 09 00 0A 00 ................
>
> 0070: 18 00 0B 00 0C 00 19 00 0D 00 0E 00 0F 00 10 00 ................
>
> 0080: 11 00 02 00 12 00 04 00 05 00 14 00 08 00 16 00 ................
>
> 0090: 0B 00 02 01 00 .....
>
> Grizzly-worker(1), READ: TLSv1 Handshake, length = 149
>
> *** ClientHello, TLSv1
>
> RandomCookie: GMT: 1405056815 bytes = { 166, 52, 239, 180, 173, 202,
> 73, 39, 37, 221, 122, 202, 62, 239, 169, 158, 96, 51, 21, 12, 129,
> 160, 139, 18, 157, 177, 180, 124 }
>
> Session ID: {}
>
> Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA,
> TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
> TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
> TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
> TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
> TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA,
> TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
> TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
> SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
> TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA,
> TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA,
> SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
>
> Compression Methods: { 0 }
>
> Extension elliptic_curves, curve names: {secp256r1, sect163k1,
> sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1,
> sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1,
> sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1,
> sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
>
> Extension ec_point_formats, formats: [uncompressed]
>
> ***
>
> [read] MD5 and SHA1 hashes: len = 149
>
> 0000: 01 00 00 91 03 01 54 BF 77 2F A6 34 EF B4 AD CA ......T.w/.4....
>
> 0010: 49 27 25 DD 7A CA 3E EF A9 9E 60 33 15 0C 81 A0 I'%.z.>...`3....
>
> 0020: 8B 12 9D B1 B4 7C 00 00 2A C0 09 C0 13 00 2F C0 ........*...../.
>
> 0030: 04 C0 0E 00 33 00 32 C0 08 C0 12 00 0A C0 03 C0 ....3.2.........
>
> 0040: 0D 00 16 00 13 C0 07 C0 11 00 05 C0 02 C0 0C 00 ................
>
> 0050: 04 00 FF 01 00 00 3E 00 0A 00 34 00 32 00 17 00 ......>...4.2...
>
> 0060: 01 00 03 00 13 00 15 00 06 00 07 00 09 00 0A 00 ................
>
> 0070: 18 00 0B 00 0C 00 19 00 0D 00 0E 00 0F 00 10 00 ................
>
> 0080: 11 00 02 00 12 00 04 00 05 00 14 00 08 00 16 00 ................
>
> 0090: 0B 00 02 01 00 .....
>
> %% Initialized: [Session-1, SSL_NULL_WITH_NULL_NULL]
>
> Grizzly-worker(1), fatal error: 40: no cipher suites in common
>
> javax.net.ssl.SSLHandshakeException: no cipher suites in common
>
> %% Invalidated: [Session-1, SSL_NULL_WITH_NULL_NULL]
>
> Grizzly-worker(1), SEND TLSv1 ALERT: fatal, description =
> handshake_failure
>
> Grizzly-worker(1), WRITE: TLSv1 Alert, length = 2
>
> Grizzly-worker(1), fatal: engine already closed. Rethrowing
> javax.net.ssl.SSLHandshakeException: no cipher suites in common
>
> Please advise,
>
> Thanks Gal Siman-Tov
>
> *From:*Oleksiy Stashok [mailto:oleksiy.stashok_at_oracle.com]
> *Sent:* Wednesday, January 21, 2015 3:27 AM
> *To:* Siman Tov Gal
> *Cc:* Meltser Tiran; Broide Uri; 'users_at_grizzly.java.net'
> *Subject:* Re: Trying to establish SSL connection - Fails in handshake
>
> Hi,
>
> are you running SSLEchoServer?
> If yes, there is SSLEchoClient, does it work with the server?
>
> Thank you.
>
> WBR,
> Alexey.
>
> On 19.01.15 06:17, Siman Tov Gal wrote:
>
> Hi Alexey,
>
> Thanks for the prompt reply.
>
> I took a step back and tried to launch the SSL sample from the
> Grizzly repository (*grizzly-framework-samples-2.3.18.jar*).
>
> I used an openssl client and on handshake I got the following error:
>
> 30720:error:140790E5:SSL routines:SSL23_WRITE:*ssl handshake
> failure*:s23_lib.c:188:
>
> Note that I did not perform any setup on the SSLEngineConfigurator.
>
> As far as I’ve seen other examples they should work as is, but
> this does not happen here.
>
> Am I missing something?
>
> 10x,
>
> Gal
>
> *From:*Oleksiy Stashok [mailto:oleksiy.stashok_at_oracle.com]
> *Sent:* Monday, January 19, 2015 6:58 AM
> *To:* Siman Tov Gal; users_at_grizzly.java.net
> <mailto:users_at_grizzly.java.net>
> *Cc:* Meltser Tiran; Broide Uri
> *Subject:* Re: Trying to establish SSL connection - Fails in handshake
>
> Hi,
>
> can you pls. share the test case so we can reproduce the problem?
>
> Thank you.
>
> WBR,
> Alexey.
>
> On 18.01.15 00:13, Siman Tov Gal wrote:
>
> Hi
>
> I am trying to establish a SSL handshake with my Grizzly
> server and an openssl client.
>
> I’ve configured the SSLEngineConfigurator with the following
> setup:
>
> sslContextConfig.setKeyStoreFile(keyStoreLocation);
>
> sslContextConfig.setKeyStorePass(keyStorePassword);
>
> // Create SSLEngine _configurator_
>
> SSLEngineConfigurator sslEngineConfigurator =
> *new*SSLEngineConfigurator(sslContextConfig.createSSLContext(),*false*,*false*,*false*);
>
> SSLSocketFactory sf =
> sslEngineConfigurator.getSslContext().getSocketFactory();
>
> String[] supportedProtocols =
> {"TLSv1","SSLv3","TLSv1.1","TLSv1.2","SSLv2Hello"};
>
> sslEngineConfigurator.setEnabledProtocols(supportedProtocols);
>
> sslEngineConfigurator.setProtocolConfigured(*true*);
>
> String[] cipherSuites = sf.getSupportedCipherSuites();
>
> sslEngineConfigurator.setEnabledCipherSuites(cipherSuites);
>
> sslEngineConfigurator.setCipherConfigured(*true*);
>
> sslEngineConfigurator.setNeedClientAuth(*false*);
>
> sslEngineConfigurator.setWantClientAuth(*false*);
>
> *When debugging the handshake code, the point of failure was
> in the SSLBaseFilter:doHandshakeStep() method.*
>
> */When entering the case of NEED_UNWRAP/**/, the handshake
> failed due to the fact that the /**inputBuffer**was set to null.*
>
> The openssl client send the following command :
>
> */openssl.exe s_client -debug -msg -connect localhost:50443/*
>
> I am getting the following response :
>
> */8392:error:140770FC:SSL
> routines:SSL23_GET_SERVER_HELLO:unknown
> protocol:.\ssl\s23_clnt.c:601/*
>
> Thanks in advance
>
> Gal S.T
>
> P.S: I open the SSL debug info (using : -Djavax.net.debug=all)
>
> Here is the output :
>
> chain [0] = [
>
> [
>
> Version: V3
>
> Subject: CN=mist mist, OU=VI, O=Comverse, L=Raanana,
> ST=Israel, C=IL
>
> Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
>
> Key: Sun RSA public key, 2048 bits
>
> modulus:
> 24414085473144772337919323012074107190618816754963514243080255494571539528736844619038076143491962690817977116723664346553272438908433680538048087195422831263971167306175278902944331875961609798287166241724881538546675318900905485132685167634098012392607384655817306725746127194856379390873270494744745754705873786404248972196545665264863541650881792842260766824580673229124863089563730094213195521617379221251195145200022967368062802615057847357727486054056179317815221853820588458878995885198226082418443238912098038011785005029767939039988128318928941102946178680941872945325579621419106798984545238312478653261279
>
> public exponent: 65537
>
> Validity: [From: Thu Jan 15 15:47:10 IST 2015,
>
> To: Wed Aug 10 16:47:10 IDT 2044]
>
> Issuer: CN=mist mist, OU=VI, O=Comverse, L=Raanana,
> ST=Israel, C=IL
>
> SerialNumber: [ 5606fc55]
>
> Certificate Extensions: 1
>
> [1]: ObjectId: 2.5.29.14 Criticality=false
>
> SubjectKeyIdentifier [
>
> KeyIdentifier [
>
> 0000: 27 D1 11 CB 8B AF EB 5E D8 67 A5 58 88 CE 39 72
> '......^.g.X..9r
>
> 0010: 74 DA 48 65 t.He
>
> ]
>
> ]
>
> ]
>
> Algorithm: [SHA1withRSA]
>
> Signature:
>
> 0000: 56 82 F0 A4 A6 56 A8 F8 37 3D E6 A5 1F 87 E3 9D
> V....V..7=......
>
> 0010: 45 33 C6 C6 DB 5E A5 46 C7 EB 6D 12 FD 12 38 F3
> E3...^.F..m...8.
>
> 0020: 0F 80 99 A6 B7 1D 1F 84 22 5E E6 B8 FA DE 7F 68
> ........"^.....h
>
> 0030: 7B 0D D0 24 53 D0 DA CB 13 F3 38 E3 EA 3B 69 C1
> ...$S.....8..;i.
>
> 0040: 1E 6B BB AA 32 4F CF AF 42 91 52 C5 07 49 99 AB
> .k..2O..B.R..I..
>
> 0050: C5 48 29 64 17 2A 23 AF 74 B0 2C 90 01 C1 7E BE
> .H)d.*#.t.,.....
>
> 0060: 37 ED DC 2E F3 59 E7 6C 0B B0 6B DF 20 5C 61 24
> 7....Y.l..k. \a$
>
> 0070: FB BA EB 4E 35 BD 6A AE DB 98 59 27 D4 C1 6D 81
> ...N5.j...Y'..m.
>
> 0080: 50 8A 7B 45 9C ED 73 20 74 78 6E 45 44 54 E3 3E
> P..E..s txnEDT.>
>
> 0090: B8 B6 86 98 EE 3D 65 36 D8 F2 96 67 9B BD DC DE
> .....=e6...g....
>
> 00A0: CF 6B 12 51 2F D3 5E B6 E4 87 9C E5 2C 91 E6 70
> .k.Q/.^.....,..p
>
> 00B0: F4 2F 19 A0 08 19 BF BF 0B 25 87 16 AE 98 76 94
> ./.......%....v.
>
> 00C0: 22 DD 36 99 0A FB 41 53 0D 46 C6 18 33 36 A7 4F
> ".6...AS.F..36.O
>
> 00D0: DF 45 71 46 3B 02 DA 55 58 E8 65 9F 70 E6 E1 F9
> .EqF;..UX.e.p...
>
> 00E0: 6D A3 B9 6D 56 01 F8 B8 E1 A0 47 E5 76 EA 25 BE
> m..mV.....G.v.%.
>
> 00F0: 6B 64 1A AA 04 1D A2 61 D9 CB 3F 2C 06 FC 24 37
> kd.....a..?,..$7
>
> ]
>
> ***
>
> trustStore is: C:\jdk1.7.0_72\jre\lib\security\cacerts
>
> trustStore type is : jks
>
> trustStore provider is :
>
> init truststore
>
> adding as trusted cert:
>
> Subject: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH
>
> Issuer: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH
>
> Algorithm: RSA; Serial number: 0x4eb200670c035d4f
>
> Valid from Wed Oct 25 10:36:00 IST 2006 until Sat Oct 25
> 11:36:00 IDT 2036
>
> adding as trusted cert:
>
> Subject: EMAILADDRESS=info_at_valicert.com
> <mailto:EMAILADDRESS=info_at_valicert.com>,
> CN=http://www.valicert.com/
> <http://cp.mcafee.com/d/FZsSd6Qm4Qn66m7TztPqqbdQSkkkTzqqbdQSknQTzqqbdSknxPP9J6XOarb2bapIzF_kAHI9RcwFsPYqvOVJsPYqvOVKZLuIgovW_9EETosvWZOWqqb7cIef9TLORQX8FGT7csG7DR8OJMddECQPtPtPo08PFYHv6vbUrGvVmAyTkDJ2tiEaH7r7_OVIQsLnupdwLQzh02oBFg8Cy2tjh1Z9WgfBgCq81wo2FEwJm4fJelo6y0Kq81vp7Qd44E6y0DI4a4Za-rvd79JPJ9>,
> OU=ValiCert Class 1 Policy Validation Authority, O="ValiCert,
> Inc.", L=ValiCert Validation Network
>
> Issuer: EMAILADDRESS=info_at_valicert.com
> <mailto:EMAILADDRESS=info_at_valicert.com>,
> CN=http://www.valicert.com/
> <http://cp.mcafee.com/d/FZsSd3gsrhojhsopovudTdFEITjphhjudFEITjphvjudFEITphu7fcCQrL8FII8IFCOeDZiiKMDkO2BPfNF_bCRPfNF_bCXSZWN1x_HYCyztxN_HTbFFEIsOMUYDu_bnjIyCHssNOEuvkzaT0QSCrjdTdTdw0zeDOJYpYLxKF_BqibtiuQ9RawGItIv_bCPhOZtVAS2_id409ymB0yq89Rd47QDF0-l2pEw61waCy2Rog-QVlwq82VEw5ZAvgQgiwq82uMgEjQHVJYQsCNzAKfob6>,
> OU=ValiCert Class 1 Policy Validation Authority, O="ValiCert,
> Inc.", L=ValiCert Validation Network
>
> Algorithm: RSA; Serial number: 0x1
>
> Valid from Sat Jun 26 01:23:48 IDT 1999 until Wed Jun 26
> 01:23:48 IDT 2019
>
> trigger seeding of SecureRandom
>
> done seeding SecureRandom
>
> Ignoring unavailable cipher suite:
> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
>
> Ignoring unavailable cipher suite:
> TLS_DHE_RSA_WITH_AES_256_CBC_SHA
>
> Ignoring unavailable cipher suite:
> TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
>
> Ignoring unavailable cipher suite:
> TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
>
> Ignoring unavailable cipher suite:
> TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
>
> Ignoring unavailable cipher suite:
> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
>
> Ignoring unavailable cipher suite:
> TLS_ECDH_anon_WITH_AES_256_CBC_SHA
>
> Ignoring unavailable cipher suite:
> TLS_DH_anon_WITH_AES_256_CBC_SHA
>
> Ignoring unavailable cipher suite:
> TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
>
> Ignoring unavailable cipher suite:
> TLS_DH_anon_WITH_AES_256_CBC_SHA256
>
> Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
>
> Ignoring unavailable cipher suite:
> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
>
> Ignoring unavailable cipher suite:
> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
>
> Ignoring unavailable cipher suite:
> TLS_DHE_DSS_WITH_AES_256_CBC_SHA
>
> Ignoring unavailable cipher suite:
> TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
>
> Ignoring unavailable cipher suite:
> TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
>
> Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
>
> ***** MIST started in 10092 ms *****
>
> Using SSLEngineImpl.
>
> Ignoring unavailable cipher suite:
> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
>
> Ignoring unavailable cipher suite:
> TLS_DHE_RSA_WITH_AES_256_CBC_SHA
>
> Ignoring unavailable cipher suite:
> TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
>
> Ignoring unavailable cipher suite:
> TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
>
> Ignoring unavailable cipher suite:
> TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
>
> Ignoring unavailable cipher suite:
> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
>
> Ignoring unavailable cipher suite:
> TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
>
> Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
>
> Ignoring unavailable cipher suite:
> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
>
> Ignoring unavailable cipher suite:
> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
>
> Ignoring unavailable cipher suite:
> TLS_DHE_DSS_WITH_AES_256_CBC_SHA
>
> Ignoring unavailable cipher suite:
> TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
>
> Ignoring unavailable cipher suite:
> TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
>
> Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
>
> Allow unsafe renegotiation: false
>
> Allow legacy hello messages: true
>
> Is initial handshake: true
>
> Is secure renegotiation: false
>
> Ignoring unsupported cipher suite:
> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
>
> Ignoring unsupported cipher suite:
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
>
> Ignoring unsupported cipher suite:
> TLS_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
>
> Ignoring unsupported cipher suite:
> TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
>
> Ignoring unsupported cipher suite:
> TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
>
> Ignoring unsupported cipher suite:
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
>
> Ignoring unsupported cipher suite:
> TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for SSLv2Hello
>
> Ignoring unsupported cipher suite:
> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv3
>
> Ignoring unsupported cipher suite:
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
>
> Ignoring unsupported cipher suite:
> TLS_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
>
> Ignoring unsupported cipher suite:
> TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv3
>
> Ignoring unsupported cipher suite:
> TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
>
> Ignoring unsupported cipher suite:
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
>
> Ignoring unsupported cipher suite:
> TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for SSLv3
>
> Ignoring unsupported cipher suite:
> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
>
> Ignoring unsupported cipher suite:
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
>
> Ignoring unsupported cipher suite:
> TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
>
> Ignoring unsupported cipher suite:
> TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
>
> Ignoring unsupported cipher suite:
> TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
>
> Ignoring unsupported cipher suite:
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
>
> Ignoring unsupported cipher suite:
> TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1
>
> Ignoring unsupported cipher suite:
> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
>
> Ignoring unsupported cipher suite:
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
>
> Ignoring unsupported cipher suite:
> TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
>
> Ignoring unsupported cipher suite:
> TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
>
> Ignoring unsupported cipher suite:
> TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
>
> Ignoring unsupported cipher suite:
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
>
> Ignoring unsupported cipher suite:
> TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.1
>
> %% No cached client session
>
> *** ClientHello, TLSv1.2
>
> RandomCookie: GMT: 1404790585 bytes = { 174, 154, 88, 222,
> 218, 55, 81, 20, 22, 53, 136, 174, 20, 168, 180, 225, 117, 54,
> 216, 158, 183, 119, 118, 16, 236, 221, 24, 251 }
>
> Session ID: {}
>
> Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
> TLS_RSA_WITH_AES_128_CBC_SHA256,
> TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
> TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
> TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
> TLS_RSA_WITH_AES_128_CBC_SHA,
> TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
> TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
> TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
> TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
> TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
> SSL_RSA_WITH_3DES_EDE_CBC_SHA,
> TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
> TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
> SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
> SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
> TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
> TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA,
> TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
> TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5,
> TLS_EMPTY_RENEGOTIATION_INFO_SCSV,
> TLS_DH_anon_WITH_AES_128_CBC_SHA256,
> TLS_ECDH_anon_WITH_AES_128_CBC_SHA,
> TLS_DH_anon_WITH_AES_128_CBC_SHA,
> TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA,
> SSL_DH_anon_WITH_3DES_EDE_CBC_SHA,
> TLS_ECDH_anon_WITH_RC4_128_SHA, SSL_DH_anon_WITH_RC4_128_MD5,
> SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA,
> SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_DH_anon_WITH_DES_CBC_SHA,
> SSL_RSA_EXPORT_WITH_RC4_40_MD5,
> SSL_DH_anon_EXPORT_WITH_RC4_40_MD5,
> SSL_RSA_EXPORT_WITH_DES40_CBC_SHA,
> SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
> SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,
> SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA,
> TLS_RSA_WITH_NULL_SHA256, TLS_ECDHE_ECDSA_WITH_NULL_SHA,
> TLS_ECDHE_RSA_WITH_NULL_SHA, SSL_RSA_WITH_NULL_SHA,
> TLS_ECDH_ECDSA_WITH_NULL_SHA, TLS_ECDH_RSA_WITH_NULL_SHA,
> TLS_ECDH_anon_WITH_NULL_SHA, SSL_RSA_WITH_NULL_MD5,
> TLS_KRB5_WITH_3DES_EDE_CBC_SHA,
> TLS_KRB5_WITH_3DES_EDE_CBC_MD5, TLS_KRB5_WITH_RC4_128_SHA,
> TLS_KRB5_WITH_RC4_128_MD5, TLS_KRB5_WITH_DES_CBC_SHA,
> TLS_KRB5_WITH_DES_CBC_MD5,
> TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA,
> TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5,
> TLS_KRB5_EXPORT_WITH_RC4_40_SHA, TLS_KRB5_EXPORT_WITH_RC4_40_MD5]
>
> Compression Methods: { 0 }
>
> Extension elliptic_curves, curve names: {secp256r1, sect163k1,
> sect163r2, secp192r1, secp224r1, sect233k1, sect233r1,
> sect283k1, sect283r1, secp384r1, sect409k1, sect409r1,
> secp521r1, sect571k1, sect571r1, secp160k1, secp160r1,
> secp160r2, sect163r1, secp192k1, sect193r1, sect193r2,
> secp224k1, sect239k1, secp256k1}
>
> Extension ec_point_formats, formats: [uncompressed]
>
> Extension signature_algorithms, signature_algorithms:
> SHA512withECDSA, SHA512withRSA, SHA384withECDSA,
> SHA384withRSA, SHA256withECDSA, SHA256withRSA,
> SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA,
> SHA1withDSA, MD5withRSA
>
> ***
>
> [write] MD5 and SHA1 hashes: len = 263
>
> 0000: 01 00 01 03 03 03 54 BB 67 39 AE 9A 58 DE DA 37
> ......T.g9..X..7
>
> 0010: 51 14 16 35 88 AE 14 A8 B4 E1 75 36 D8 9E B7 77
> Q..5......u6...w
>
> 0020: 76 10 EC DD 18 FB 00 00 7E C0 23 C0 27 00 3C C0
> v.........#.'.<.
>
> 0030: 25 C0 29 00 67 00 40 C0 09 C0 13 00 2F C0 04 C0
> %.).g.@...../ <mailto:.g.@...../>...
>
> 0040: 0E 00 33 00 32 C0 08 C0 12 00 0A C0 03 C0 0D 00
> ..3.2...........
>
> 0050: 16 00 13 C0 07 C0 11 00 05 C0 02 C0 0C 00 04 00
> ................
>
> 0060: FF 00 6C C0 18 00 34 C0 17 00 1B C0 16 00 18 00
> ..l...4.........
>
> 0070: 09 00 15 00 12 00 1A 00 03 00 17 00 08 00 14 00
> ................
>
> 0080: 11 00 19 00 3B C0 06 C0 10 00 02 C0 01 C0 0B C0
> ....;...........
>
> 0090: 15 00 01 00 1F 00 23 00 20 00 24 00 1E 00 22 00
> ......#. .$...".
>
> 00A0: 26 00 29 00 28 00 2B 01 00 00 5C 00 0A 00 34 00
> &.).(.+...\...4.
>
> 00B0: 32 00 17 00 01 00 03 00 13 00 15 00 06 00 07 00
> 2...............
>
> 00C0: 09 00 0A 00 18 00 0B 00 0C 00 19 00 0D 00 0E 00
> ................
>
> 00D0: 0F 00 10 00 11 00 02 00 12 00 04 00 05 00 14 00
> ................
>
> 00E0: 08 00 16 00 0B 00 02 01 00 00 0D 00 1A 00 18 06
> ................
>
> 00F0: 03 06 01 05 03 05 01 04 03 04 01 03 03 03 01 02
> ................
>
> 0100: 03 02 01 02 02 01 01 .......
>
> StartPoint-IMAP-SSL-Kernel(3) SelectorRunner, WRITE: TLSv1.2
> Handshake, length = 263
>
> [write] MD5 and SHA1 hashes: len = 257
>
> 0000: 01 03 03 00 D8 00 00 00 20 00 C0 23 00 C0 27 00
> ........ ..#..'.
>
> 0010: 00 3C 00 C0 25 00 C0 29 00 00 67 00 00 40 00 C0
> .<..%..)..g..@ <mailto:..g..@>..
>
> 0020: 09 06 00 40 00 C0 13 00 00 2F 00 C0 04 01 00 80
> ...@...../ <mailto:...@...../>......
>
> 0030: 00 C0 0E 00 00 33 00 00 32 00 C0 08 00 C0 12 00
> .....3..2.......
>
> 0040: 00 0A 07 00 C0 00 C0 03 02 00 80 00 C0 0D 00 00
> ................
>
> 0050: 16 00 00 13 00 C0 07 05 00 80 00 C0 11 00 00 05
> ................
>
> 0060: 00 C0 02 00 C0 0C 00 00 04 01 00 80 00 00 FF 00
> ................
>
> 0070: 00 6C 00 C0 18 00 00 34 00 C0 17 00 00 1B 00 C0
> .l.....4........
>
> 0080: 16 00 00 18 00 00 09 06 00 40 00 00 15 00 00 12
> .........@ <mailto:.........@>......
>
> 0090: 00 00 1A 00 00 03 02 00 80 00 00 17 00 00 08 00
> ................
>
> 00A0: 00 14 00 00 11 00 00 19 00 00 3B 00 C0 06 04 00
> ..........;.....
>
> 00B0: 80 00 C0 10 00 00 02 00 C0 01 00 C0 0B 00 C0 15
> ................
>
> 00C0: 00 00 01 00 00 1F 00 00 23 00 00 20 00 00 24 00
> ........#.. ..$.
>
> 00D0: 00 1E 00 00 22 00 00 26 00 00 29 00 00 28 00 00
> ...."..&..)..(..
>
> 00E0: 2B 54 BB 67 39 AE 9A 58 DE DA 37 51 14 16 35 88
> +T.g9..X..7Q..5.
>
> 00F0: AE 14 A8 B4 E1 75 36 D8 9E B7 77 76 10 EC DD 18
> .....u6...wv....
>
> 0100: FB .
>
> StartPoint-IMAP-SSL-Kernel(3) SelectorRunner, WRITE: SSLv2
> client hello message, length = 257
>
> [Raw write]: length = 259
>
> 0000: 81 01 01 03 03 00 D8 00 00 00 20 00 C0 23 00 C0
> .......... ..#..
>
> 0010: 27 00 00 3C 00 C0 25 00 C0 29 00 00 67 00 00 40
> '..<..%..)..g..@
>
> 0020: 00 C0 09 06 00 40 00 C0 13 00 00 2F 00 C0 04 01
> .....@...../ <mailto:.....@...../>....
>
> 0030: 00 80 00 C0 0E 00 00 33 00 00 32 00 C0 08 00 C0
> .......3..2.....
>
> 0040: 12 00 00 0A 07 00 C0 00 C0 03 02 00 80 00 C0 0D
> ................
>
> 0050: 00 00 16 00 00 13 00 C0 07 05 00 80 00 C0 11 00
> ................
>
> 0060: 00 05 00 C0 02 00 C0 0C 00 00 04 01 00 80 00 00
> ................
>
> 0070: FF 00 00 6C 00 C0 18 00 00 34 00 C0 17 00 00 1B
> ...l.....4......
>
> 0080: 00 C0 16 00 00 18 00 00 09 06 00 40 00 00 15 00
> ...........@ <mailto:...........@>....
>
> 0090: 00 12 00 00 1A 00 00 03 02 00 80 00 00 17 00 00
> ................
>
> 00A0: 08 00 00 14 00 00 11 00 00 19 00 00 3B 00 C0 06
> ............;...
>
> 00B0: 04 00 80 00 C0 10 00 00 02 00 C0 01 00 C0 0B 00
> ................
>
> 00C0: C0 15 00 00 01 00 00 1F 00 00 23 00 00 20 00 00
> ..........#.. ..
>
> 00D0: 24 00 00 1E 00 00 22 00 00 26 00 00 29 00 00 28
> $....."..&..)..(
>
> 00E0: 00 00 2B 54 BB 67 39 AE 9A 58 DE DA 37 51 14 16
> ..+T.g9..X..7Q..
>
> 00F0: 35 88 AE 14 A8 B4 E1 75 36 D8 9E B7 77 76 10 EC
> 5......u6...wv..
>
> 0100: DD 18 FB
>
> ------------------------------------------------------------------------
>
> “This e-mail message may contain confidential, commercial or
> privileged information that constitutes proprietary
> information of Comverse Inc. or its subsidiaries. If you are
> not the intended recipient of this message, you are hereby
> notified that any review, use or distribution of this
> information is absolutely prohibited and we request that you
> delete all copies and contact us by e-mailing to:
> security_at_comverse.com <mailto:security_at_comverse.com>. Thank You.”
>
> ------------------------------------------------------------------------
>
> “This e-mail message may contain confidential, commercial or
> privileged information that constitutes proprietary information of
> Comverse Inc. or its subsidiaries. If you are not the intended
> recipient of this message, you are hereby notified that any
> review, use or distribution of this information is absolutely
> prohibited and we request that you delete all copies and contact
> us by e-mailing to: security_at_comverse.com
> <mailto:security_at_comverse.com>. Thank You.”
>
> ------------------------------------------------------------------------
> “This e-mail message may contain confidential, commercial or
> privileged information that constitutes proprietary information of
> Comverse Inc. or its subsidiaries. If you are not the intended
> recipient of this message, you are hereby notified that any review,
> use or distribution of this information is absolutely prohibited and
> we request that you delete all copies and contact us by e-mailing to:
> security_at_comverse.com. Thank You.”