users@grizzly.java.net

Re: Notification of handshake failure/timeout

From: Oleksiy Stashok <oleksiy.stashok_at_oracle.com>
Date: Wed, 04 Feb 2015 18:53:35 -0800

Hi,

> We implemented the HandshakeListener interface (OnComplete / OnStart).
>
> How can we be notified of other handshake events such as :
> handshake failure and handshake timeout (E.g: Since we do have the
> ability to set the timeout via setHandshakeTimeout())
>
timeout is applicable in blocking handshake mode. By default we use
non-blocking mode.
Regarding the failure - we don't have that. Can you pls. file an issue -
we'll implement that for the next version.

Thanks.

WBR,
Alexey.


> I would like to thank you on your prompt responses to my (and my
> team members) queries.
>
> Thanks a lot,
>
> Gal
>
> *From:*Oleksiy Stashok [mailto:oleksiy.stashok_at_oracle.com]
> *Sent:* Thursday, January 22, 2015 11:06 PM
> *To:* Siman Tov Gal; users_at_grizzly.java.net
> <mailto:users_at_grizzly.java.net>
> *Cc:* Meltser Tiran; Broide Uri; Ben-Yosef Efrat
> *Subject:* Re: Trying to establish SSL connection - Fails in handshake
>
> Hi,
>
> yeah, I expected there's something wrong with the config.
>
> Do you have any suggested solution to filter out specific
> protocols and ciphers ?
>
> Grizzly API seems to provide a “white list” for these settings.
> What we are looking for is an option to provide a “black list”.
>
> Well, it's always possible to get the list of *all* available
> ciphers and protocols, so it's very easy to get a "white list" out
> of "black list".
> To get the list of all supported protocols you can do something like:
>
>
>
>
> Thanks
>
> Gal
>
> *From:*Oleksiy Stashok [mailto:oleksiy.stashok_at_oracle.com]
> *Sent:* Thursday, January 22, 2015 7:58 AM
> *To:* users_at_grizzly.java.net <mailto:users_at_grizzly.java.net>
> *Subject:* Re: Trying to establish SSL connection - Fails in handshake
>
> Hi,
>
> unfortunately I can't reproduce the problem locally.
> How do you run the sample server, do you use maven?
> Can you pls. share the entire server SSL log, not only handshake.
>
> Thank you.
>
> WBR,
> Alexey.
>
> On 21.01.15 01:58, Siman Tov Gal wrote:
>
> Hi Alexey.
>
> I have run the SSLEchoServer along with the SSLEchoClient (As
> taken from the Grizzly samples).
>
> I have added to the SSLEchoServer runtime execution the
> -Djavax.net.debug=all .
>
> I got the following output during the handshake :
>
> trustStore is: C:\jdk1.7.0_72\jre\lib\security\cacerts
>
> trustStore type is : jks
>
> trustStore provider is :
>
> init truststore
>
> trigger seeding of SecureRandom
>
> done seeding SecureRandom
>
> Press any key to stop the server...
>
> Using SSLEngineImpl.
>
> Ignoring unavailable cipher suite:
> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
>
> Ignoring unavailable cipher suite:
> TLS_DHE_RSA_WITH_AES_256_CBC_SHA
>
> Ignoring unavailable cipher suite:
> TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
>
> Ignoring unavailable cipher suite:
> TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
>
> Ignoring unavailable cipher suite:
> TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
>
> Ignoring unavailable cipher suite:
> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
>
> Ignoring unavailable cipher suite:
> TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
>
> Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
>
> Ignoring unavailable cipher suite:
> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
>
> Ignoring unavailable cipher suite:
> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
>
> Ignoring unavailable cipher suite:
> TLS_DHE_DSS_WITH_AES_256_CBC_SHA
>
> Ignoring unavailable cipher suite:
> TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
>
> Ignoring unavailable cipher suite:
> TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
>
> Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
>
> Allow unsafe renegotiation: false
>
> Allow legacy hello messages: true
>
> Is initial handshake: true
>
> Is secure renegotiation: false
>
> Ignoring unsupported cipher suite:
> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
>
> Ignoring unsupported cipher suite:
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
>
> Ignoring unsupported cipher suite:
> TLS_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
>
> Ignoring unsupported cipher suite:
> TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
>
> Ignoring unsupported cipher suite:
> TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
>
> Ignoring unsupported cipher suite:
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
>
> Ignoring unsupported cipher suite:
> TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for SSLv2Hello
>
> Ignoring unsupported cipher suite:
> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv3
>
> Ignoring unsupported cipher suite:
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
>
> Ignoring unsupported cipher suite:
> TLS_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
>
> Ignoring unsupported cipher suite:
> TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv3
>
> Ignoring unsupported cipher suite:
> TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
>
> Ignoring unsupported cipher suite:
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
>
> Ignoring unsupported cipher suite:
> TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for SSLv3
>
> Ignoring unsupported cipher suite:
> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
>
> Ignoring unsupported cipher suite:
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
>
> Ignoring unsupported cipher suite:
> TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
>
> Ignoring unsupported cipher suite:
> TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
>
> Ignoring unsupported cipher suite:
> TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
>
> Ignoring unsupported cipher suite:
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
>
> Ignoring unsupported cipher suite:
> TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1
>
> Ignoring unsupported cipher suite:
> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
>
> Ignoring unsupported cipher suite:
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
>
> Ignoring unsupported cipher suite:
> TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
>
> Ignoring unsupported cipher suite:
> TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
>
> Ignoring unsupported cipher suite:
> TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
>
> Ignoring unsupported cipher suite:
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
>
> Ignoring unsupported cipher suite:
> TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.1
>
> [Raw read]: length = 5
>
> 0000: 16 03 01 00 95 .....
>
> [Raw read]: length = 149
>
> 0000: 01 00 00 91 03 01 54 BF 77 2F A6 34 EF B4 AD CA
> ......T.w/.4....
>
> 0010: 49 27 25 DD 7A CA 3E EF A9 9E 60 33 15 0C 81 A0
> I'%.z.>...`3....
>
> 0020: 8B 12 9D B1 B4 7C 00 00 2A C0 09 C0 13 00 2F C0
> ........*...../.
>
> 0030: 04 C0 0E 00 33 00 32 C0 08 C0 12 00 0A C0 03 C0
> ....3.2.........
>
> 0040: 0D 00 16 00 13 C0 07 C0 11 00 05 C0 02 C0 0C 00
> ................
>
> 0050: 04 00 FF 01 00 00 3E 00 0A 00 34 00 32 00 17 00
> ......>...4.2...
>
> 0060: 01 00 03 00 13 00 15 00 06 00 07 00 09 00 0A 00
> ................
>
> 0070: 18 00 0B 00 0C 00 19 00 0D 00 0E 00 0F 00 10 00
> ................
>
> 0080: 11 00 02 00 12 00 04 00 05 00 14 00 08 00 16 00
> ................
>
> 0090: 0B 00 02 01 00 .....
>
> Grizzly-worker(1), READ: TLSv1 Handshake, length = 149
>
> *** ClientHello, TLSv1
>
> RandomCookie: GMT: 1405056815 bytes = { 166, 52, 239, 180,
> 173, 202, 73, 39, 37, 221, 122, 202, 62, 239, 169, 158, 96,
> 51, 21, 12, 129, 160, 139, 18, 157, 177, 180, 124 }
>
> Session ID: {}
>
> Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
> TLS_RSA_WITH_AES_128_CBC_SHA,
> TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
> TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
> TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
> TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
> TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
> SSL_RSA_WITH_3DES_EDE_CBC_SHA,
> TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
> TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
> SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
> SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
> TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
> TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA,
> TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
> TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5,
> TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
>
> Compression Methods: { 0 }
>
> Extension elliptic_curves, curve names: {secp256r1, sect163k1,
> sect163r2, secp192r1, secp224r1, sect233k1, sect233r1,
> sect283k1, sect283r1, secp384r1, sect409k1, sect409r1,
> secp521r1, sect571k1, sect571r1, secp160k1, secp160r1,
> secp160r2, sect163r1, secp192k1, sect193r1, sect193r2,
> secp224k1, sect239k1, secp256k1}
>
> Extension ec_point_formats, formats: [uncompressed]
>
> ***
>
> [read] MD5 and SHA1 hashes: len = 149
>
> 0000: 01 00 00 91 03 01 54 BF 77 2F A6 34 EF B4 AD CA
> ......T.w/.4....
>
> 0010: 49 27 25 DD 7A CA 3E EF A9 9E 60 33 15 0C 81 A0
> I'%.z.>...`3....
>
> 0020: 8B 12 9D B1 B4 7C 00 00 2A C0 09 C0 13 00 2F C0
> ........*...../.
>
> 0030: 04 C0 0E 00 33 00 32 C0 08 C0 12 00 0A C0 03 C0
> ....3.2.........
>
> 0040: 0D 00 16 00 13 C0 07 C0 11 00 05 C0 02 C0 0C 00
> ................
>
> 0050: 04 00 FF 01 00 00 3E 00 0A 00 34 00 32 00 17 00
> ......>...4.2...
>
> 0060: 01 00 03 00 13 00 15 00 06 00 07 00 09 00 0A 00
> ................
>
> 0070: 18 00 0B 00 0C 00 19 00 0D 00 0E 00 0F 00 10 00
> ................
>
> 0080: 11 00 02 00 12 00 04 00 05 00 14 00 08 00 16 00
> ................
>
> 0090: 0B 00 02 01 00 .....
>
> %% Initialized: [Session-1, SSL_NULL_WITH_NULL_NULL]
>
> Grizzly-worker(1), fatal error: 40: no cipher suites in common
>
> javax.net.ssl.SSLHandshakeException: no cipher suites in common
>
> %% Invalidated: [Session-1, SSL_NULL_WITH_NULL_NULL]
>
> Grizzly-worker(1), SEND TLSv1 ALERT: fatal, description =
> handshake_failure
>
> Grizzly-worker(1), WRITE: TLSv1 Alert, length = 2
>
> Grizzly-worker(1), fatal: engine already closed. Rethrowing
> javax.net.ssl.SSLHandshakeException: no cipher suites in common
>
> Please advise,
>
> Thanks Gal Siman-Tov
>
> *From:*Oleksiy Stashok [mailto:oleksiy.stashok_at_oracle.com]
> *Sent:* Wednesday, January 21, 2015 3:27 AM
> *To:* Siman Tov Gal
> *Cc:* Meltser Tiran; Broide Uri; 'users_at_grizzly.java.net
> <mailto:users_at_grizzly.java.net>'
> *Subject:* Re: Trying to establish SSL connection - Fails in
> handshake
>
> Hi,
>
> are you running SSLEchoServer?
> If yes, there is SSLEchoClient, does it work with the server?
>
> Thank you.
>
> WBR,
> Alexey.
>
> On 19.01.15 06:17, Siman Tov Gal wrote:
>
> Hi Alexey,
>
> Thanks for the prompt reply.
>
> I took a step back and tried to launch the SSL sample from
> the Grizzly repository
> (*grizzly-framework-samples-2.3.18.jar*).
>
> I used an openssl client and on handshake I got the
> following error:
>
> 30720:error:140790E5:SSL routines:SSL23_WRITE:*ssl
> handshake failure*:s23_lib.c:188:
>
> Note that I did not perform any setup on the
> SSLEngineConfigurator.
>
> As far as I’ve seen other examples they should work as is,
> but this does not happen here.
>
> Am I missing something?
>
> 10x,
>
> Gal
>
> *From:*Oleksiy Stashok [mailto:oleksiy.stashok_at_oracle.com]
> *Sent:* Monday, January 19, 2015 6:58 AM
> *To:* Siman Tov Gal; users_at_grizzly.java.net
> <mailto:users_at_grizzly.java.net>
> *Cc:* Meltser Tiran; Broide Uri
> *Subject:* Re: Trying to establish SSL connection - Fails
> in handshake
>
> Hi,
>
> can you pls. share the test case so we can reproduce the
> problem?
>
> Thank you.
>
> WBR,
> Alexey.
>
> On 18.01.15 00:13, Siman Tov Gal wrote:
>
> Hi
>
> I am trying to establish a SSL handshake with my
> Grizzly server and an openssl client.
>
> I’ve configured the SSLEngineConfigurator with the
> following setup:
>
> sslContextConfig.setKeyStoreFile(keyStoreLocation);
>
> sslContextConfig.setKeyStorePass(keyStorePassword);
>
> // Create SSLEngine _configurator_
>
> SSLEngineConfigurator sslEngineConfigurator =
> *new*SSLEngineConfigurator(sslContextConfig.createSSLContext(),*false*,*false*,*false*);
>
> SSLSocketFactory sf =
> sslEngineConfigurator.getSslContext().getSocketFactory();
>
> String[] supportedProtocols =
> {"TLSv1","SSLv3","TLSv1.1","TLSv1.2","SSLv2Hello"};
>
> sslEngineConfigurator.setEnabledProtocols(supportedProtocols);
>
> sslEngineConfigurator.setProtocolConfigured(*true*);
>
> String[] cipherSuites = sf.getSupportedCipherSuites();
>
> sslEngineConfigurator.setEnabledCipherSuites(cipherSuites);
>
> sslEngineConfigurator.setCipherConfigured(*true*);
>
> sslEngineConfigurator.setNeedClientAuth(*false*);
>
> sslEngineConfigurator.setWantClientAuth(*false*);
>
> *When debugging the handshake code, the point of
> failure was in the SSLBaseFilter:doHandshakeStep()
> method.*
>
> */When entering the case of NEED_UNWRAP/**/, the
> handshake failed due to the fact that the
> /**inputBuffer**was set to null.*
>
> The openssl client send the following command :
>
> */openssl.exe s_client -debug -msg -connect
> localhost:50443/*
>
> I am getting the following response :
>
> */8392:error:140770FC:SSL
> routines:SSL23_GET_SERVER_HELLO:unknown
> protocol:.\ssl\s23_clnt.c:601/*
>
> Thanks in advance
>
> Gal S.T
>
> P.S: I open the SSL debug info (using :
> -Djavax.net.debug=all)
>
> Here is the output :
>
> chain [0] = [
>
> [
>
> Version: V3
>
> Subject: CN=mist mist, OU=VI, O=Comverse, L=Raanana,
> ST=Israel, C=IL
>
> Signature Algorithm: SHA1withRSA, OID =
> 1.2.840.113549.1.1.5
>
> Key: Sun RSA public key, 2048 bits
>
> modulus:
> 24414085473144772337919323012074107190618816754963514243080255494571539528736844619038076143491962690817977116723664346553272438908433680538048087195422831263971167306175278902944331875961609798287166241724881538546675318900905485132685167634098012392607384655817306725746127194856379390873270494744745754705873786404248972196545665264863541650881792842260766824580673229124863089563730094213195521617379221251195145200022967368062802615057847357727486054056179317815221853820588458878995885198226082418443238912098038011785005029767939039988128318928941102946178680941872945325579621419106798984545238312478653261279
>
> public exponent: 65537
>
> Validity: [From: Thu Jan 15 15:47:10 IST 2015,
>
> To: Wed Aug 10 16:47:10 IDT 2044]
>
> Issuer: CN=mist mist, OU=VI, O=Comverse, L=Raanana,
> ST=Israel, C=IL
>
> SerialNumber: [ 5606fc55]
>
> Certificate Extensions: 1
>
> [1]: ObjectId: 2.5.29.14 Criticality=false
>
> SubjectKeyIdentifier [
>
> KeyIdentifier [
>
> 0000: 27 D1 11 CB 8B AF EB 5E D8 67 A5 58 88 CE 39
> 72 '......^.g.X..9r
>
> 0010: 74 DA 48 65 t.He
>
> ]
>
> ]
>
> ]
>
> Algorithm: [SHA1withRSA]
>
> Signature:
>
> 0000: 56 82 F0 A4 A6 56 A8 F8 37 3D E6 A5 1F 87 E3
> 9D V....V..7=......
>
> 0010: 45 33 C6 C6 DB 5E A5 46 C7 EB 6D 12 FD 12 38
> F3 E3...^.F..m...8.
>
> 0020: 0F 80 99 A6 B7 1D 1F 84 22 5E E6 B8 FA DE 7F
> 68 ........"^.....h
>
> 0030: 7B 0D D0 24 53 D0 DA CB 13 F3 38 E3 EA 3B 69
> C1 ...$S.....8..;i.
>
> 0040: 1E 6B BB AA 32 4F CF AF 42 91 52 C5 07 49 99
> AB .k..2O..B.R..I..
>
> 0050: C5 48 29 64 17 2A 23 AF 74 B0 2C 90 01 C1 7E
> BE .H)d.*#.t.,.....
>
> 0060: 37 ED DC 2E F3 59 E7 6C 0B B0 6B DF 20 5C 61
> 24 7....Y.l..k. \a$
>
> 0070: FB BA EB 4E 35 BD 6A AE DB 98 59 27 D4 C1 6D
> 81 ...N5.j...Y'..m.
>
> 0080: 50 8A 7B 45 9C ED 73 20 74 78 6E 45 44 54 E3
> 3E P..E..s txnEDT.>
>
> 0090: B8 B6 86 98 EE 3D 65 36 D8 F2 96 67 9B BD DC
> DE .....=e6...g....
>
> 00A0: CF 6B 12 51 2F D3 5E B6 E4 87 9C E5 2C 91 E6
> 70 .k.Q/.^.....,..p
>
> 00B0: F4 2F 19 A0 08 19 BF BF 0B 25 87 16 AE 98 76
> 94 ./.......%....v.
>
> 00C0: 22 DD 36 99 0A FB 41 53 0D 46 C6 18 33 36 A7
> 4F ".6...AS.F..36.O
>
> 00D0: DF 45 71 46 3B 02 DA 55 58 E8 65 9F 70 E6 E1
> F9 .EqF;..UX.e.p...
>
> 00E0: 6D A3 B9 6D 56 01 F8 B8 E1 A0 47 E5 76 EA 25
> BE m..mV.....G.v.%.
>
> 00F0: 6B 64 1A AA 04 1D A2 61 D9 CB 3F 2C 06 FC 24
> 37 kd.....a..?,..$7
>
> ]
>
> ***
>
> trustStore is: C:\jdk1.7.0_72\jre\lib\security\cacerts
>
> trustStore type is : jks
>
> trustStore provider is :
>
> init truststore
>
> adding as trusted cert:
>
> Subject: CN=SwissSign Platinum CA - G2, O=SwissSign
> AG, C=CH
>
> Issuer: CN=SwissSign Platinum CA - G2, O=SwissSign
> AG, C=CH
>
> Algorithm: RSA; Serial number: 0x4eb200670c035d4f
>
> Valid from Wed Oct 25 10:36:00 IST 2006 until Sat Oct
> 25 11:36:00 IDT 2036
>
> adding as trusted cert:
>
> Subject: EMAILADDRESS=info_at_valicert.com
> <mailto:EMAILADDRESS=info_at_valicert.com>,
> CN=http://www.valicert.com/
> <http://cp.mcafee.com/d/FZsSd6Qm4Qn66m7TztPqqbdQSkkkTzqqbdQSknQTzqqbdSknxPP9J6XOarb2bapIzF_kAHI9RcwFsPYqvOVJsPYqvOVKZLuIgovW_9EETosvWZOWqqb7cIef9TLORQX8FGT7csG7DR8OJMddECQPtPtPo08PFYHv6vbUrGvVmAyTkDJ2tiEaH7r7_OVIQsLnupdwLQzh02oBFg8Cy2tjh1Z9WgfBgCq81wo2FEwJm4fJelo6y0Kq81vp7Qd44E6y0DI4a4Za-rvd79JPJ9>,
> OU=ValiCert Class 1 Policy Validation Authority,
> O="ValiCert, Inc.", L=ValiCert Validation Network
>
> Issuer: EMAILADDRESS=info_at_valicert.com
> <mailto:EMAILADDRESS=info_at_valicert.com>,
> CN=http://www.valicert.com/
> <http://cp.mcafee.com/d/FZsSd3gsrhojhsopovudTdFEITjphhjudFEITjphvjudFEITphu7fcCQrL8FII8IFCOeDZiiKMDkO2BPfNF_bCRPfNF_bCXSZWN1x_HYCyztxN_HTbFFEIsOMUYDu_bnjIyCHssNOEuvkzaT0QSCrjdTdTdw0zeDOJYpYLxKF_BqibtiuQ9RawGItIv_bCPhOZtVAS2_id409ymB0yq89Rd47QDF0-l2pEw61waCy2Rog-QVlwq82VEw5ZAvgQgiwq82uMgEjQHVJYQsCNzAKfob6>,
> OU=ValiCert Class 1 Policy Validation Authority,
> O="ValiCert, Inc.", L=ValiCert Validation Network
>
> Algorithm: RSA; Serial number: 0x1
>
> Valid from Sat Jun 26 01:23:48 IDT 1999 until Wed Jun
> 26 01:23:48 IDT 2019
>
> trigger seeding of SecureRandom
>
> done seeding SecureRandom
>
> Ignoring unavailable cipher suite:
> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
>
> Ignoring unavailable cipher suite:
> TLS_DHE_RSA_WITH_AES_256_CBC_SHA
>
> Ignoring unavailable cipher suite:
> TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
>
> Ignoring unavailable cipher suite:
> TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
>
> Ignoring unavailable cipher suite:
> TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
>
> Ignoring unavailable cipher suite:
> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
>
> Ignoring unavailable cipher suite:
> TLS_ECDH_anon_WITH_AES_256_CBC_SHA
>
> Ignoring unavailable cipher suite:
> TLS_DH_anon_WITH_AES_256_CBC_SHA
>
> Ignoring unavailable cipher suite:
> TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
>
> Ignoring unavailable cipher suite:
> TLS_DH_anon_WITH_AES_256_CBC_SHA256
>
> Ignoring unavailable cipher suite:
> TLS_RSA_WITH_AES_256_CBC_SHA256
>
> Ignoring unavailable cipher suite:
> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
>
> Ignoring unavailable cipher suite:
> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
>
> Ignoring unavailable cipher suite:
> TLS_DHE_DSS_WITH_AES_256_CBC_SHA
>
> Ignoring unavailable cipher suite:
> TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
>
> Ignoring unavailable cipher suite:
> TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
>
> Ignoring unavailable cipher suite:
> TLS_RSA_WITH_AES_256_CBC_SHA
>
> ***** MIST started in 10092 ms *****
>
> Using SSLEngineImpl.
>
> Ignoring unavailable cipher suite:
> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
>
> Ignoring unavailable cipher suite:
> TLS_DHE_RSA_WITH_AES_256_CBC_SHA
>
> Ignoring unavailable cipher suite:
> TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
>
> Ignoring unavailable cipher suite:
> TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
>
> Ignoring unavailable cipher suite:
> TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
>
> Ignoring unavailable cipher suite:
> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
>
> Ignoring unavailable cipher suite:
> TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
>
> Ignoring unavailable cipher suite:
> TLS_RSA_WITH_AES_256_CBC_SHA256
>
> Ignoring unavailable cipher suite:
> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
>
> Ignoring unavailable cipher suite:
> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
>
> Ignoring unavailable cipher suite:
> TLS_DHE_DSS_WITH_AES_256_CBC_SHA
>
> Ignoring unavailable cipher suite:
> TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
>
> Ignoring unavailable cipher suite:
> TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
>
> Ignoring unavailable cipher suite:
> TLS_RSA_WITH_AES_256_CBC_SHA
>
> Allow unsafe renegotiation: false
>
> Allow legacy hello messages: true
>
> Is initial handshake: true
>
> Is secure renegotiation: false
>
> Ignoring unsupported cipher suite:
> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
>
> Ignoring unsupported cipher suite:
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
>
> Ignoring unsupported cipher suite:
> TLS_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
>
> Ignoring unsupported cipher suite:
> TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
>
> Ignoring unsupported cipher suite:
> TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
>
> Ignoring unsupported cipher suite:
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
>
> Ignoring unsupported cipher suite:
> TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for SSLv2Hello
>
> Ignoring unsupported cipher suite:
> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv3
>
> Ignoring unsupported cipher suite:
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
>
> Ignoring unsupported cipher suite:
> TLS_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
>
> Ignoring unsupported cipher suite:
> TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv3
>
> Ignoring unsupported cipher suite:
> TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
>
> Ignoring unsupported cipher suite:
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
>
> Ignoring unsupported cipher suite:
> TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for SSLv3
>
> Ignoring unsupported cipher suite:
> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
>
> Ignoring unsupported cipher suite:
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
>
> Ignoring unsupported cipher suite:
> TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
>
> Ignoring unsupported cipher suite:
> TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
>
> Ignoring unsupported cipher suite:
> TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
>
> Ignoring unsupported cipher suite:
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
>
> Ignoring unsupported cipher suite:
> TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1
>
> Ignoring unsupported cipher suite:
> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
>
> Ignoring unsupported cipher suite:
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
>
> Ignoring unsupported cipher suite:
> TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
>
> Ignoring unsupported cipher suite:
> TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
>
> Ignoring unsupported cipher suite:
> TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
>
> Ignoring unsupported cipher suite:
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
>
> Ignoring unsupported cipher suite:
> TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.1
>
> %% No cached client session
>
> *** ClientHello, TLSv1.2
>
> RandomCookie: GMT: 1404790585 bytes = { 174, 154, 88,
> 222, 218, 55, 81, 20, 22, 53, 136, 174, 20, 168, 180,
> 225, 117, 54, 216, 158, 183, 119, 118, 16, 236, 221,
> 24, 251 }
>
> Session ID: {}
>
> Cipher Suites:
> [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
> TLS_RSA_WITH_AES_128_CBC_SHA256,
> TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
> TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
> TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
> TLS_RSA_WITH_AES_128_CBC_SHA,
> TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
> TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
> TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
> TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
> TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
> SSL_RSA_WITH_3DES_EDE_CBC_SHA,
> TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
> TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
> SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
> SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
> TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
> TLS_ECDHE_RSA_WITH_RC4_128_SHA,
> SSL_RSA_WITH_RC4_128_SHA,
> TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
> TLS_ECDH_RSA_WITH_RC4_128_SHA,
> SSL_RSA_WITH_RC4_128_MD5,
> TLS_EMPTY_RENEGOTIATION_INFO_SCSV,
> TLS_DH_anon_WITH_AES_128_CBC_SHA256,
> TLS_ECDH_anon_WITH_AES_128_CBC_SHA,
> TLS_DH_anon_WITH_AES_128_CBC_SHA,
> TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA,
> SSL_DH_anon_WITH_3DES_EDE_CBC_SHA,
> TLS_ECDH_anon_WITH_RC4_128_SHA,
> SSL_DH_anon_WITH_RC4_128_MD5,
> SSL_RSA_WITH_DES_CBC_SHA,
> SSL_DHE_RSA_WITH_DES_CBC_SHA,
> SSL_DHE_DSS_WITH_DES_CBC_SHA,
> SSL_DH_anon_WITH_DES_CBC_SHA,
> SSL_RSA_EXPORT_WITH_RC4_40_MD5,
> SSL_DH_anon_EXPORT_WITH_RC4_40_MD5,
> SSL_RSA_EXPORT_WITH_DES40_CBC_SHA,
> SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
> SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,
> SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA,
> TLS_RSA_WITH_NULL_SHA256,
> TLS_ECDHE_ECDSA_WITH_NULL_SHA,
> TLS_ECDHE_RSA_WITH_NULL_SHA, SSL_RSA_WITH_NULL_SHA,
> TLS_ECDH_ECDSA_WITH_NULL_SHA,
> TLS_ECDH_RSA_WITH_NULL_SHA,
> TLS_ECDH_anon_WITH_NULL_SHA, SSL_RSA_WITH_NULL_MD5,
> TLS_KRB5_WITH_3DES_EDE_CBC_SHA,
> TLS_KRB5_WITH_3DES_EDE_CBC_MD5,
> TLS_KRB5_WITH_RC4_128_SHA, TLS_KRB5_WITH_RC4_128_MD5,
> TLS_KRB5_WITH_DES_CBC_SHA, TLS_KRB5_WITH_DES_CBC_MD5,
> TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA,
> TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5,
> TLS_KRB5_EXPORT_WITH_RC4_40_SHA,
> TLS_KRB5_EXPORT_WITH_RC4_40_MD5]
>
> Compression Methods: { 0 }
>
> Extension elliptic_curves, curve names: {secp256r1,
> sect163k1, sect163r2, secp192r1, secp224r1, sect233k1,
> sect233r1, sect283k1, sect283r1, secp384r1, sect409k1,
> sect409r1, secp521r1, sect571k1, sect571r1, secp160k1,
> secp160r1, secp160r2, sect163r1, secp192k1, sect193r1,
> sect193r2, secp224k1, sect239k1, secp256k1}
>
> Extension ec_point_formats, formats: [uncompressed]
>
> Extension signature_algorithms, signature_algorithms:
> SHA512withECDSA, SHA512withRSA, SHA384withECDSA,
> SHA384withRSA, SHA256withECDSA, SHA256withRSA,
> SHA224withECDSA, SHA224withRSA, SHA1withECDSA,
> SHA1withRSA, SHA1withDSA, MD5withRSA
>
> ***
>
> [write] MD5 and SHA1 hashes: len = 263
>
> 0000: 01 00 01 03 03 03 54 BB 67 39 AE 9A 58 DE DA
> 37 ......T.g9..X..7
>
> 0010: 51 14 16 35 88 AE 14 A8 B4 E1 75 36 D8 9E B7
> 77 Q..5......u6...w
>
> 0020: 76 10 EC DD 18 FB 00 00 7E C0 23 C0 27 00 3C
> C0 v.........#.'.<.
>
> 0030: 25 C0 29 00 67 00 40 C0 09 C0 13 00 2F C0 04
> C0 %.).g.@...../ <mailto:.g.@...../>...
>
> 0040: 0E 00 33 00 32 C0 08 C0 12 00 0A C0 03 C0 0D
> 00 ..3.2...........
>
> 0050: 16 00 13 C0 07 C0 11 00 05 C0 02 C0 0C 00 04
> 00 ................
>
> 0060: FF 00 6C C0 18 00 34 C0 17 00 1B C0 16 00 18
> 00 ..l...4.........
>
> 0070: 09 00 15 00 12 00 1A 00 03 00 17 00 08 00 14
> 00 ................
>
> 0080: 11 00 19 00 3B C0 06 C0 10 00 02 C0 01 C0 0B
> C0 ....;...........
>
> 0090: 15 00 01 00 1F 00 23 00 20 00 24 00 1E 00 22
> 00 ......#. .$...".
>
> 00A0: 26 00 29 00 28 00 2B 01 00 00 5C 00 0A 00 34
> 00 &.).(.+...\...4.
>
> 00B0: 32 00 17 00 01 00 03 00 13 00 15 00 06 00 07
> 00 2...............
>
> 00C0: 09 00 0A 00 18 00 0B 00 0C 00 19 00 0D 00 0E
> 00 ................
>
> 00D0: 0F 00 10 00 11 00 02 00 12 00 04 00 05 00 14
> 00 ................
>
> 00E0: 08 00 16 00 0B 00 02 01 00 00 0D 00 1A 00 18
> 06 ................
>
> 00F0: 03 06 01 05 03 05 01 04 03 04 01 03 03 03 01
> 02 ................
>
> 0100: 03 02 01 02 02 01 01 .......
>
> StartPoint-IMAP-SSL-Kernel(3) SelectorRunner, WRITE:
> TLSv1.2 Handshake, length = 263
>
> [write] MD5 and SHA1 hashes: len = 257
>
> 0000: 01 03 03 00 D8 00 00 00 20 00 C0 23 00 C0 27
> 00 ........ ..#..'.
>
> 0010: 00 3C 00 C0 25 00 C0 29 00 00 67 00 00 40 00
> C0 .<..%..)..g..@ <mailto:..g..@>..
>
> 0020: 09 06 00 40 00 C0 13 00 00 2F 00 C0 04 01 00
> 80 ...@...../ <mailto:...@...../>......
>
> 0030: 00 C0 0E 00 00 33 00 00 32 00 C0 08 00 C0 12
> 00 .....3..2.......
>
> 0040: 00 0A 07 00 C0 00 C0 03 02 00 80 00 C0 0D 00
> 00 ................
>
> 0050: 16 00 00 13 00 C0 07 05 00 80 00 C0 11 00 00
> 05 ................
>
> 0060: 00 C0 02 00 C0 0C 00 00 04 01 00 80 00 00 FF
> 00 ................
>
> 0070: 00 6C 00 C0 18 00 00 34 00 C0 17 00 00 1B 00
> C0 .l.....4........
>
> 0080: 16 00 00 18 00 00 09 06 00 40 00 00 15 00 00
> 12 .........@ <mailto:.........@>......
>
> 0090: 00 00 1A 00 00 03 02 00 80 00 00 17 00 00 08
> 00 ................
>
> 00A0: 00 14 00 00 11 00 00 19 00 00 3B 00 C0 06 04
> 00 ..........;.....
>
> 00B0: 80 00 C0 10 00 00 02 00 C0 01 00 C0 0B 00 C0
> 15 ................
>
> 00C0: 00 00 01 00 00 1F 00 00 23 00 00 20 00 00 24
> 00 ........#.. ..$.
>
> 00D0: 00 1E 00 00 22 00 00 26 00 00 29 00 00 28 00
> 00 ...."..&..)..(..
>
> 00E0: 2B 54 BB 67 39 AE 9A 58 DE DA 37 51 14 16 35
> 88 +T.g9..X..7Q..5.
>
> 00F0: AE 14 A8 B4 E1 75 36 D8 9E B7 77 76 10 EC DD
> 18 .....u6...wv....
>
> 0100: FB .
>
> StartPoint-IMAP-SSL-Kernel(3) SelectorRunner, WRITE:
> SSLv2 client hello message, length = 257
>
> [Raw write]: length = 259
>
> 0000: 81 01 01 03 03 00 D8 00 00 00 20 00 C0 23 00
> C0 .......... ..#..
>
> 0010: 27 00 00 3C 00 C0 25 00 C0 29 00 00 67 00 00
> 40 '..<..%..)..g..@
>
> 0020: 00 C0 09 06 00 40 00 C0 13 00 00 2F 00 C0 04
> 01 .....@...../ <mailto:.....@...../>....
>
> 0030: 00 80 00 C0 0E 00 00 33 00 00 32 00 C0 08 00
> C0 .......3..2.....
>
> 0040: 12 00 00 0A 07 00 C0 00 C0 03 02 00 80 00 C0
> 0D ................
>
> 0050: 00 00 16 00 00 13 00 C0 07 05 00 80 00 C0 11
> 00 ................
>
> 0060: 00 05 00 C0 02 00 C0 0C 00 00 04 01 00 80 00
> 00 ................
>
> 0070: FF 00 00 6C 00 C0 18 00 00 34 00 C0 17 00 00
> 1B ...l.....4......
>
> 0080: 00 C0 16 00 00 18 00 00 09 06 00 40 00 00 15
> 00 ...........@ <mailto:...........@>....
>
> 0090: 00 12 00 00 1A 00 00 03 02 00 80 00 00 17 00
> 00 ................
>
> 00A0: 08 00 00 14 00 00 11 00 00 19 00 00 3B 00 C0
> 06 ............;...
>
> 00B0: 04 00 80 00 C0 10 00 00 02 00 C0 01 00 C0 0B
> 00 ................
>
> 00C0: C0 15 00 00 01 00 00 1F 00 00 23 00 00 20 00
> 00 ..........#.. ..
>
> 00D0: 24 00 00 1E 00 00 22 00 00 26 00 00 29 00 00
> 28 $....."..&..)..(
>
> 00E0: 00 00 2B 54 BB 67 39 AE 9A 58 DE DA 37 51 14
> 16 ..+T.g9..X..7Q..
>
> 00F0: 35 88 AE 14 A8 B4 E1 75 36 D8 9E B7 77 76 10
> EC 5......u6...wv..
>
> 0100: DD 18 FB
>
> ------------------------------------------------------------------------
>
> “This e-mail message may contain confidential,
> commercial or privileged information that constitutes
> proprietary information of Comverse Inc. or its
> subsidiaries. If you are not the intended recipient of
> this message, you are hereby notified that any review,
> use or distribution of this information is absolutely
> prohibited and we request that you delete all copies
> and contact us by e-mailing to: security_at_comverse.com
> <mailto:security_at_comverse.com>. Thank You.”
>
> ------------------------------------------------------------------------
>
> “This e-mail message may contain confidential, commercial
> or privileged information that constitutes proprietary
> information of Comverse Inc. or its subsidiaries. If you
> are not the intended recipient of this message, you are
> hereby notified that any review, use or distribution of
> this information is absolutely prohibited and we request
> that you delete all copies and contact us by e-mailing to:
> security_at_comverse.com <mailto:security_at_comverse.com>.
> Thank You.”
>
> ------------------------------------------------------------------------
>
> “This e-mail message may contain confidential, commercial or
> privileged information that constitutes proprietary
> information of Comverse Inc. or its subsidiaries. If you are
> not the intended recipient of this message, you are hereby
> notified that any review, use or distribution of this
> information is absolutely prohibited and we request that you
> delete all copies and contact us by e-mailing to:
> security_at_comverse.com <mailto:security_at_comverse.com>. Thank You.”
>
> ------------------------------------------------------------------------
>
> “This e-mail message may contain confidential, commercial or
> privileged information that constitutes proprietary information of
> Comverse Inc. or its subsidiaries. If you are not the intended
> recipient of this message, you are hereby notified that any
> review, use or distribution of this information is absolutely
> prohibited and we request that you delete all copies and contact
> us by e-mailing to: security_at_comverse.com
> <mailto:security_at_comverse.com>. Thank You.”
>
> ------------------------------------------------------------------------
>
> “This e-mail message may contain confidential, commercial or
> privileged information that constitutes proprietary information of
> Comverse Inc. or its subsidiaries. If you are not the intended
> recipient of this message, you are hereby notified that any
> review, use or distribution of this information is absolutely
> prohibited and we request that you delete all copies and contact
> us by e-mailing to: security_at_comverse.com
> <mailto:security_at_comverse.com>. Thank You.”
>
> ------------------------------------------------------------------------
> “This e-mail message may contain confidential, commercial or
> privileged information that constitutes proprietary information of
> Comverse Inc. or its subsidiaries. If you are not the intended
> recipient of this message, you are hereby notified that any review,
> use or distribution of this information is absolutely prohibited and
> we request that you delete all copies and contact us by e-mailing to:
> security_at_comverse.com. Thank You.”