Hi Alexey
I need it for server side.
Gal
From: Oleksiy Stashok [mailto:oleksiy.stashok_at_oracle.com]
Sent: Wednesday, February 04, 2015 8:08 PM
To: users_at_grizzly.java.net
Subject: Re: Notification of handshake failure/timeout
Hi Gal,
do you need this for client or server side, or both?
Thanks.
WBR,
Alexey.
On 04.02.15 09:46, Siman Tov Gal wrote:
Hi Alexey,
We managed to establish a complete handshake on both SSL/TLS channels.
However, I have got several open issues regarding the handshake mechanism.
We implemented the HandshakeListener interface (OnComplete / OnStart).
How can we be notified of other handshake events such as : handshake failure and handshake timeout (E.g: Since we do have the ability to set the timeout via setHandshakeTimeout())
I would like to thank you on your prompt responses to my (and my team members) queries.
Thanks a lot,
Gal
From: Oleksiy Stashok [mailto:oleksiy.stashok_at_oracle.com]
Sent: Thursday, January 22, 2015 11:06 PM
To: Siman Tov Gal; users_at_grizzly.java.net<mailto:users_at_grizzly.java.net>
Cc: Meltser Tiran; Broide Uri; Ben-Yosef Efrat
Subject: Re: Trying to establish SSL connection - Fails in handshake
Hi,
yeah, I expected there's something wrong with the config.
Do you have any suggested solution to filter out specific protocols and ciphers ?
Grizzly API seems to provide a "white list" for these settings. What we are looking for is an option to provide a "black list".
Well, it's always possible to get the list of *all* available ciphers and protocols, so it's very easy to get a "white list" out of "black list".
To get the list of all supported protocols you can do something like:
Thanks
Gal
From: Oleksiy Stashok [mailto:oleksiy.stashok_at_oracle.com]
Sent: Thursday, January 22, 2015 7:58 AM
To: users_at_grizzly.java.net<mailto:users_at_grizzly.java.net>
Subject: Re: Trying to establish SSL connection - Fails in handshake
Hi,
unfortunately I can't reproduce the problem locally.
How do you run the sample server, do you use maven?
Can you pls. share the entire server SSL log, not only handshake.
Thank you.
WBR,
Alexey.
On 21.01.15 01:58, Siman Tov Gal wrote:
Hi Alexey.
I have run the SSLEchoServer along with the SSLEchoClient (As taken from the Grizzly samples).
I have added to the SSLEchoServer runtime execution the -Djavax.net.debug=all .
I got the following output during the handshake :
trustStore is: C:\jdk1.7.0_72\jre\lib\security\cacerts
trustStore type is : jks
trustStore provider is :
init truststore
trigger seeding of SecureRandom
done seeding SecureRandom
Press any key to stop the server...
Using SSLEngineImpl.
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.1
[Raw read]: length = 5
0000: 16 03 01 00 95 .....
[Raw read]: length = 149
0000: 01 00 00 91 03 01 54 BF 77 2F A6 34 EF B4 AD CA ......T.w/.4....
0010: 49 27 25 DD 7A CA 3E EF A9 9E 60 33 15 0C 81 A0 I'%.z.>...`3....
0020: 8B 12 9D B1 B4 7C 00 00 2A C0 09 C0 13 00 2F C0 ........*...../.
0030: 04 C0 0E 00 33 00 32 C0 08 C0 12 00 0A C0 03 C0 ....3.2.........
0040: 0D 00 16 00 13 C0 07 C0 11 00 05 C0 02 C0 0C 00 ................
0050: 04 00 FF 01 00 00 3E 00 0A 00 34 00 32 00 17 00 ......>...4.2...
0060: 01 00 03 00 13 00 15 00 06 00 07 00 09 00 0A 00 ................
0070: 18 00 0B 00 0C 00 19 00 0D 00 0E 00 0F 00 10 00 ................
0080: 11 00 02 00 12 00 04 00 05 00 14 00 08 00 16 00 ................
0090: 0B 00 02 01 00 .....
Grizzly-worker(1), READ: TLSv1 Handshake, length = 149
*** ClientHello, TLSv1
RandomCookie: GMT: 1405056815 bytes = { 166, 52, 239, 180, 173, 202, 73, 39, 37, 221, 122, 202, 62, 239, 169, 158, 96, 51, 21, 12, 129, 160, 139, 18, 157, 177, 180, 124 }
Session ID: {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
***
[read] MD5 and SHA1 hashes: len = 149
0000: 01 00 00 91 03 01 54 BF 77 2F A6 34 EF B4 AD CA ......T.w/.4....
0010: 49 27 25 DD 7A CA 3E EF A9 9E 60 33 15 0C 81 A0 I'%.z.>...`3....
0020: 8B 12 9D B1 B4 7C 00 00 2A C0 09 C0 13 00 2F C0 ........*...../.
0030: 04 C0 0E 00 33 00 32 C0 08 C0 12 00 0A C0 03 C0 ....3.2.........
0040: 0D 00 16 00 13 C0 07 C0 11 00 05 C0 02 C0 0C 00 ................
0050: 04 00 FF 01 00 00 3E 00 0A 00 34 00 32 00 17 00 ......>...4.2...
0060: 01 00 03 00 13 00 15 00 06 00 07 00 09 00 0A 00 ................
0070: 18 00 0B 00 0C 00 19 00 0D 00 0E 00 0F 00 10 00 ................
0080: 11 00 02 00 12 00 04 00 05 00 14 00 08 00 16 00 ................
0090: 0B 00 02 01 00 .....
%% Initialized: [Session-1, SSL_NULL_WITH_NULL_NULL]
Grizzly-worker(1), fatal error: 40: no cipher suites in common
javax.net.ssl.SSLHandshakeException: no cipher suites in common
%% Invalidated: [Session-1, SSL_NULL_WITH_NULL_NULL]
Grizzly-worker(1), SEND TLSv1 ALERT: fatal, description = handshake_failure
Grizzly-worker(1), WRITE: TLSv1 Alert, length = 2
Grizzly-worker(1), fatal: engine already closed. Rethrowing javax.net.ssl.SSLHandshakeException: no cipher suites in common
Please advise,
Thanks Gal Siman-Tov
From: Oleksiy Stashok [mailto:oleksiy.stashok_at_oracle.com]
Sent: Wednesday, January 21, 2015 3:27 AM
To: Siman Tov Gal
Cc: Meltser Tiran; Broide Uri; 'users_at_grizzly.java.net<mailto:users_at_grizzly.java.net>'
Subject: Re: Trying to establish SSL connection - Fails in handshake
Hi,
are you running SSLEchoServer?
If yes, there is SSLEchoClient, does it work with the server?
Thank you.
WBR,
Alexey.
On 19.01.15 06:17, Siman Tov Gal wrote:
Hi Alexey,
Thanks for the prompt reply.
I took a step back and tried to launch the SSL sample from the Grizzly repository (grizzly-framework-samples-2.3.18.jar).
I used an openssl client and on handshake I got the following error:
30720:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:188:
Note that I did not perform any setup on the SSLEngineConfigurator.
As far as I've seen other examples they should work as is, but this does not happen here.
Am I missing something?
10x,
Gal
From: Oleksiy Stashok [mailto:oleksiy.stashok_at_oracle.com]
Sent: Monday, January 19, 2015 6:58 AM
To: Siman Tov Gal; users_at_grizzly.java.net<mailto:users_at_grizzly.java.net>
Cc: Meltser Tiran; Broide Uri
Subject: Re: Trying to establish SSL connection - Fails in handshake
Hi,
can you pls. share the test case so we can reproduce the problem?
Thank you.
WBR,
Alexey.
On 18.01.15 00:13, Siman Tov Gal wrote:
Hi
I am trying to establish a SSL handshake with my Grizzly server and an openssl client.
I've configured the SSLEngineConfigurator with the following setup:
sslContextConfig.setKeyStoreFile(keyStoreLocation);
sslContextConfig.setKeyStorePass(keyStorePassword);
// Create SSLEngine configurator
SSLEngineConfigurator sslEngineConfigurator = new SSLEngineConfigurator(sslContextConfig.createSSLContext(),false,false,false);
SSLSocketFactory sf = sslEngineConfigurator.getSslContext().getSocketFactory();
String[] supportedProtocols = {"TLSv1","SSLv3","TLSv1.1","TLSv1.2","SSLv2Hello"};
sslEngineConfigurator.setEnabledProtocols(supportedProtocols);
sslEngineConfigurator.setProtocolConfigured(true);
String[] cipherSuites = sf.getSupportedCipherSuites();
sslEngineConfigurator.setEnabledCipherSuites(cipherSuites);
sslEngineConfigurator.setCipherConfigured(true);
sslEngineConfigurator.setNeedClientAuth(false);
sslEngineConfigurator.setWantClientAuth(false);
When debugging the handshake code, the point of failure was in the SSLBaseFilter:doHandshakeStep() method.
When entering the case of NEED_UNWRAP, the handshake failed due to the fact that the inputBuffer was set to null.
The openssl client send the following command :
openssl.exe s_client -debug -msg -connect localhost:50443
I am getting the following response :
8392:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:.\ssl\s23_clnt.c:601
Thanks in advance
Gal S.T
P.S: I open the SSL debug info (using : -Djavax.net.debug=all)
Here is the output :
chain [0] = [
[
Version: V3
Subject: CN=mist mist, OU=VI, O=Comverse, L=Raanana, ST=Israel, C=IL
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 2048 bits
modulus: 24414085473144772337919323012074107190618816754963514243080255494571539528736844619038076143491962690817977116723664346553272438908433680538048087195422831263971167306175278902944331875961609798287166241724881538546675318900905485132685167634098012392607384655817306725746127194856379390873270494744745754705873786404248972196545665264863541650881792842260766824580673229124863089563730094213195521617379221251195145200022967368062802615057847357727486054056179317815221853820588458878995885198226082418443238912098038011785005029767939039988128318928941102946178680941872945325579621419106798984545238312478653261279
public exponent: 65537
Validity: [From: Thu Jan 15 15:47:10 IST 2015,
To: Wed Aug 10 16:47:10 IDT 2044]
Issuer: CN=mist mist, OU=VI, O=Comverse, L=Raanana, ST=Israel, C=IL
SerialNumber: [ 5606fc55]
Certificate Extensions: 1
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 27 D1 11 CB 8B AF EB 5E D8 67 A5 58 88 CE 39 72 '......^.g.X..9r
0010: 74 DA 48 65 t.He
]
]
]
Algorithm: [SHA1withRSA]
Signature:
0000: 56 82 F0 A4 A6 56 A8 F8 37 3D E6 A5 1F 87 E3 9D V....V..7=......
0010: 45 33 C6 C6 DB 5E A5 46 C7 EB 6D 12 FD 12 38 F3 E3...^.F..m...8.
0020: 0F 80 99 A6 B7 1D 1F 84 22 5E E6 B8 FA DE 7F 68 ........"^.....h
0030: 7B 0D D0 24 53 D0 DA CB 13 F3 38 E3 EA 3B 69 C1 ...$S.....8..;i.
0040: 1E 6B BB AA 32 4F CF AF 42 91 52 C5 07 49 99 AB .k..2O..B.R..I..
0050: C5 48 29 64 17 2A 23 AF 74 B0 2C 90 01 C1 7E BE .H)d.*#.t.,.....
0060: 37 ED DC 2E F3 59 E7 6C 0B B0 6B DF 20 5C 61 24 7....Y.l..k. \a$
0070: FB BA EB 4E 35 BD 6A AE DB 98 59 27 D4 C1 6D 81 ...N5.j...Y'..m.
0080: 50 8A 7B 45 9C ED 73 20 74 78 6E 45 44 54 E3 3E P..E..s txnEDT.>
0090: B8 B6 86 98 EE 3D 65 36 D8 F2 96 67 9B BD DC DE .....=e6...g....
00A0: CF 6B 12 51 2F D3 5E B6 E4 87 9C E5 2C 91 E6 70 .k.Q/.^.....,..p
00B0: F4 2F 19 A0 08 19 BF BF 0B 25 87 16 AE 98 76 94 ./.......%....v.
00C0: 22 DD 36 99 0A FB 41 53 0D 46 C6 18 33 36 A7 4F ".6...AS.F..36.O
00D0: DF 45 71 46 3B 02 DA 55 58 E8 65 9F 70 E6 E1 F9 .EqF;..UX.e.p...
00E0: 6D A3 B9 6D 56 01 F8 B8 E1 A0 47 E5 76 EA 25 BE m..mV.....G.v.%.
00F0: 6B 64 1A AA 04 1D A2 61 D9 CB 3F 2C 06 FC 24 37 kd.....a..?,..$7
]
***
trustStore is: C:\jdk1.7.0_72\jre\lib\security\cacerts
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
Subject: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH
Issuer: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH
Algorithm: RSA; Serial number: 0x4eb200670c035d4f
Valid from Wed Oct 25 10:36:00 IST 2006 until Sat Oct 25 11:36:00 IDT 2036
adding as trusted cert:
Subject: EMAILADDRESS=info@valicert.com<mailto:EMAILADDRESS=info@valicert.com>, CN=
http://www.valicert.com/<http://cp.mcafee.com/d/FZsSd6Qm4Qn66m7TztPqqbdQSkkkTzqqbdQSknQTzqqbdSknxPP9J6XOarb2bapIzF_kAHI9RcwFsPYqvOVJsPYqvOVKZLuIgovW_9EETosvWZOWqqb7cIef9TLORQX8FGT7csG7DR8OJMddECQPtPtPo08PFYHv6vbUrGvVmAyTkDJ2tiEaH7r7_OVIQsLnupdwLQzh02oBFg8Cy2tjh1Z9WgfBgCq81wo2FEwJm4fJelo6y0Kq81vp7Qd44E6y0DI4a4Za-rvd79JPJ9>, OU=ValiCert Class 1 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
Issuer: EMAILADDRESS=info@valicert.com<mailto:EMAILADDRESS=info@valicert.com>, CN=
http://www.valicert.com/<http://cp.mcafee.com/d/FZsSd3gsrhojhsopovudTdFEITjphhjudFEITjphvjudFEITphu7fcCQrL8FII8IFCOeDZiiKMDkO2BPfNF_bCRPfNF_bCXSZWN1x_HYCyztxN_HTbFFEIsOMUYDu_bnjIyCHssNOEuvkzaT0QSCrjdTdTdw0zeDOJYpYLxKF_BqibtiuQ9RawGItIv_bCPhOZtVAS2_id409ymB0yq89Rd47QDF0-l2pEw61waCy2Rog-QVlwq82VEw5ZAvgQgiwq82uMgEjQHVJYQsCNzAKfob6>, OU=ValiCert Class 1 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
Algorithm: RSA; Serial number: 0x1
Valid from Sat Jun 26 01:23:48 IDT 1999 until Wed Jun 26 01:23:48 IDT 2019
trigger seeding of SecureRandom
done seeding SecureRandom
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_anon_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
***** MIST started in 10092 ms *****
Using SSLEngineImpl.
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.1
%% No cached client session
*** ClientHello, TLSv1.2
RandomCookie: GMT: 1404790585 bytes = { 174, 154, 88, 222, 218, 55, 81, 20, 22, 53, 136, 174, 20, 168, 180, 225, 117, 54, 216, 158, 183, 119, 118, 16, 236, 221, 24, 251 }
Session ID: {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV, TLS_DH_anon_WITH_AES_128_CBC_SHA256, TLS_ECDH_anon_WITH_AES_128_CBC_SHA, TLS_DH_anon_WITH_AES_128_CBC_SHA, TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA, SSL_DH_anon_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_anon_WITH_RC4_128_SHA, SSL_DH_anon_WITH_RC4_128_MD5, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_DH_anon_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_DH_anon_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA, TLS_RSA_WITH_NULL_SHA256, TLS_ECDHE_ECDSA_WITH_NULL_SHA, TLS_ECDHE_RSA_WITH_NULL_SHA, SSL_RSA_WITH_NULL_SHA, TLS_ECDH_ECDSA_WITH_NULL_SHA, TLS_ECDH_RSA_WITH_NULL_SHA, TLS_ECDH_anon_WITH_NULL_SHA, SSL_RSA_WITH_NULL_MD5, TLS_KRB5_WITH_3DES_EDE_CBC_SHA, TLS_KRB5_WITH_3DES_EDE_CBC_MD5, TLS_KRB5_WITH_RC4_128_SHA, TLS_KRB5_WITH_RC4_128_MD5, TLS_KRB5_WITH_DES_CBC_SHA, TLS_KRB5_WITH_DES_CBC_MD5, TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA, TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5, TLS_KRB5_EXPORT_WITH_RC4_40_SHA, TLS_KRB5_EXPORT_WITH_RC4_40_MD5]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA, MD5withRSA
***
[write] MD5 and SHA1 hashes: len = 263
0000: 01 00 01 03 03 03 54 BB 67 39 AE 9A 58 DE DA 37 ......T.g9..X..7
0010: 51 14 16 35 88 AE 14 A8 B4 E1 75 36 D8 9E B7 77 Q..5......u6...w
0020: 76 10 EC DD 18 FB 00 00 7E C0 23 C0 27 00 3C C0 v.........#.'.<.
0030: 25 C0 29 00 67 00 40 C0 09 C0 13 00 2F C0 04 C0 %.).g.@...../<mailto:.g.@...../>...
0040: 0E 00 33 00 32 C0 08 C0 12 00 0A C0 03 C0 0D 00 ..3.2...........
0050: 16 00 13 C0 07 C0 11 00 05 C0 02 C0 0C 00 04 00 ................
0060: FF 00 6C C0 18 00 34 C0 17 00 1B C0 16 00 18 00 ..l...4.........
0070: 09 00 15 00 12 00 1A 00 03 00 17 00 08 00 14 00 ................
0080: 11 00 19 00 3B C0 06 C0 10 00 02 C0 01 C0 0B C0 ....;...........
0090: 15 00 01 00 1F 00 23 00 20 00 24 00 1E 00 22 00 ......#. .$...".
00A0: 26 00 29 00 28 00 2B 01 00 00 5C 00 0A 00 34 00 &.).(.+...\...4.
00B0: 32 00 17 00 01 00 03 00 13 00 15 00 06 00 07 00 2...............
00C0: 09 00 0A 00 18 00 0B 00 0C 00 19 00 0D 00 0E 00 ................
00D0: 0F 00 10 00 11 00 02 00 12 00 04 00 05 00 14 00 ................
00E0: 08 00 16 00 0B 00 02 01 00 00 0D 00 1A 00 18 06 ................
00F0: 03 06 01 05 03 05 01 04 03 04 01 03 03 03 01 02 ................
0100: 03 02 01 02 02 01 01 .......
StartPoint-IMAP-SSL-Kernel(3) SelectorRunner, WRITE: TLSv1.2 Handshake, length = 263
[write] MD5 and SHA1 hashes: len = 257
0000: 01 03 03 00 D8 00 00 00 20 00 C0 23 00 C0 27 00 ........ ..#..'.
0010: 00 3C 00 C0 25 00 C0 29 00 00 67 00 00 40 00 C0 .<..%..)..g..@<mailto:..g..@>..
0020: 09 06 00 40 00 C0 13 00 00 2F 00 C0 04 01 00 80 ...@...../<mailto:...@...../>......
0030: 00 C0 0E 00 00 33 00 00 32 00 C0 08 00 C0 12 00 .....3..2.......
0040: 00 0A 07 00 C0 00 C0 03 02 00 80 00 C0 0D 00 00 ................
0050: 16 00 00 13 00 C0 07 05 00 80 00 C0 11 00 00 05 ................
0060: 00 C0 02 00 C0 0C 00 00 04 01 00 80 00 00 FF 00 ................
0070: 00 6C 00 C0 18 00 00 34 00 C0 17 00 00 1B 00 C0 .l.....4........
0080: 16 00 00 18 00 00 09 06 00 40 00 00 15 00 00 12 .........@<mailto:.........@>......
0090: 00 00 1A 00 00 03 02 00 80 00 00 17 00 00 08 00 ................
00A0: 00 14 00 00 11 00 00 19 00 00 3B 00 C0 06 04 00 ..........;.....
00B0: 80 00 C0 10 00 00 02 00 C0 01 00 C0 0B 00 C0 15 ................
00C0: 00 00 01 00 00 1F 00 00 23 00 00 20 00 00 24 00 ........#.. ..$.
00D0: 00 1E 00 00 22 00 00 26 00 00 29 00 00 28 00 00 ...."..&..)..(..
00E0: 2B 54 BB 67 39 AE 9A 58 DE DA 37 51 14 16 35 88 +T.g9..X..7Q..5.
00F0: AE 14 A8 B4 E1 75 36 D8 9E B7 77 76 10 EC DD 18 .....u6...wv....
0100: FB .
StartPoint-IMAP-SSL-Kernel(3) SelectorRunner, WRITE: SSLv2 client hello message, length = 257
[Raw write]: length = 259
0000: 81 01 01 03 03 00 D8 00 00 00 20 00 C0 23 00 C0 .......... ..#..
0010: 27 00 00 3C 00 C0 25 00 C0 29 00 00 67 00 00 40 '..<..%..)..g..@
0020: 00 C0 09 06 00 40 00 C0 13 00 00 2F 00 C0 04 01 .....@...../<mailto:.....@...../>....
0030: 00 80 00 C0 0E 00 00 33 00 00 32 00 C0 08 00 C0 .......3..2.....
0040: 12 00 00 0A 07 00 C0 00 C0 03 02 00 80 00 C0 0D ................
0050: 00 00 16 00 00 13 00 C0 07 05 00 80 00 C0 11 00 ................
0060: 00 05 00 C0 02 00 C0 0C 00 00 04 01 00 80 00 00 ................
0070: FF 00 00 6C 00 C0 18 00 00 34 00 C0 17 00 00 1B ...l.....4......
0080: 00 C0 16 00 00 18 00 00 09 06 00 40 00 00 15 00 ...........@<mailto:...........@>....
0090: 00 12 00 00 1A 00 00 03 02 00 80 00 00 17 00 00 ................
00A0: 08 00 00 14 00 00 11 00 00 19 00 00 3B 00 C0 06 ............;...
00B0: 04 00 80 00 C0 10 00 00 02 00 C0 01 00 C0 0B 00 ................
00C0: C0 15 00 00 01 00 00 1F 00 00 23 00 00 20 00 00 ..........#.. ..
00D0: 24 00 00 1E 00 00 22 00 00 26 00 00 29 00 00 28 $....."..&..)..(
00E0: 00 00 2B 54 BB 67 39 AE 9A 58 DE DA 37 51 14 16 ..+T.g9..X..7Q..
00F0: 35 88 AE 14 A8 B4 E1 75 36 D8 9E B7 77 76 10 EC 5......u6...wv..
0100: DD 18 FB
________________________________
"This e-mail message may contain confidential, commercial or privileged information that constitutes proprietary information of Comverse Inc. or its subsidiaries. If you are not the intended recipient of this message, you are hereby notified that any review, use or distribution of this information is absolutely prohibited and we request that you delete all copies and contact us by e-mailing to: security_at_comverse.com<mailto:security_at_comverse.com>. Thank You."
________________________________
"This e-mail message may contain confidential, commercial or privileged information that constitutes proprietary information of Comverse Inc. or its subsidiaries. If you are not the intended recipient of this message, you are hereby notified that any review, use or distribution of this information is absolutely prohibited and we request that you delete all copies and contact us by e-mailing to: security_at_comverse.com<mailto:security_at_comverse.com>. Thank You."
________________________________
"This e-mail message may contain confidential, commercial or privileged information that constitutes proprietary information of Comverse Inc. or its subsidiaries. If you are not the intended recipient of this message, you are hereby notified that any review, use or distribution of this information is absolutely prohibited and we request that you delete all copies and contact us by e-mailing to: security_at_comverse.com<mailto:security_at_comverse.com>. Thank You."
________________________________
"This e-mail message may contain confidential, commercial or privileged information that constitutes proprietary information of Comverse Inc. or its subsidiaries. If you are not the intended recipient of this message, you are hereby notified that any review, use or distribution of this information is absolutely prohibited and we request that you delete all copies and contact us by e-mailing to: security_at_comverse.com<mailto:security_at_comverse.com>. Thank You."
________________________________
"This e-mail message may contain confidential, commercial or privileged information that constitutes proprietary information of Comverse Inc. or its subsidiaries. If you are not the intended recipient of this message, you are hereby notified that any review, use or distribution of this information is absolutely prohibited and we request that you delete all copies and contact us by e-mailing to: security_at_comverse.com<mailto:security_at_comverse.com>. Thank You."
________________________________
"This e-mail message may contain confidential, commercial or privileged information that constitutes proprietary information of Comverse Inc. or its subsidiaries. If you are not the intended recipient of this message, you are hereby notified that any review, use or distribution of this information is absolutely prohibited and we request that you delete all copies and contact us by e-mailing to: security_at_comverse.com. Thank You."