網上搜了下,並無看到完整的netty ssl示例例子,netty in action中也只是匆匆帶過。特詳細的測試和整理以下。算法
D:\security\server>keytool -genkey -alias securechat -keysize 2048 -validity 365 -keyalg RSA -dname "CN=localhost" -keypass sNetty -storepass sNetty -keystore sChat.jks安全
D:\security\server>keytool -export -alias securechat -keystore sChat.jks -storepass sNetty -file sChat.cer
存儲在文件 <sChat.cer> 中的證書session
D:\security\server>cd /d ../client框架
D:\security\client>keytool -genkey -alias smcc -keysize 2048 -validity 365 -keyalg RSA -dname "CN=localhost" -keypass cNetty -storepass cNetty -keystore cChat.jksdom
D:\security\client>keytool -import -trustcacerts -alias securechat -file ../server\sChat.cer -storepass cNetty -keystore cChat.jks
全部者: CN=localhost
發佈者: CN=localhost
序列號: 78384348
有效期開始日期: Wed Mar 01 12:48:48 CST 2017, 截止日期: Thu Mar 01 12:48:48 CST 2018
MD5: 94:83:6C:6D:4B:0D:0B:E6:BF:39:B7:2C:17:29:E8:3C
SHA1: 9A:29:27:41:BE:71:38:C8:13:99:3A:8F:C6:37:C2:95:31:14:B4:98
SHA256: E9:31:40:C7:FC:EA:EF:24:54:EF:4C:59:50:44:CB:1F:9A:35:B7:26:07:2D:3B:1F:BC:30:8E:C0:63:45:4F:21
簽名算法名稱: SHA256withRSA
版本: 3ssh
#1: ObjectId: Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 9B 96 0D 50 4A 5E AF 3D 56 25 9C A5 69 C1 3E CC ...PJ^.=V%..i.>.
0010: 32 85 0D A8 2...
是否信任此證書? [否]: 是
package com.ld.net.spider.server; import io.netty.channel.ChannelHandlerContext; import io.netty.channel.SimpleChannelInboundHandler; import java.net.InetSocketAddress; import org.slf4j.Logger; import org.slf4j.LoggerFactory; public class SpiderServerBusiHandler extends SimpleChannelInboundHandler<Object> { static final Logger logger = LoggerFactory.getLogger(SpiderServerBusiHandler.class); @Override protected void channelRead0(final ChannelHandlerContext ctx, final Object msg) throws Exception { System.out.println(msg.toString()); } @Override public void exceptionCaught(ChannelHandlerContext ctx, Throwable cause) throws Exception { logger.error("channel " + ((InetSocketAddress)ctx.channel().remoteAddress()).toString() + " exception:",cause); ctx.close(); } }
package com.ld.net.spider.channel; import java.nio.charset.Charset; import javax.net.ssl.SSLEngine; import com.ld.net.spider.server.SpiderServerBusiHandler; import io.netty.channel.Channel; import io.netty.channel.ChannelInitializer; import io.netty.channel.ChannelPipeline; import io.netty.handler.codec.LengthFieldBasedFrameDecoder; import io.netty.handler.codec.LengthFieldPrepender; import io.netty.handler.codec.string.StringDecoder; import io.netty.handler.codec.string.StringEncoder; import io.netty.handler.ssl.SslContext; import io.netty.handler.ssl.SslHandler; public class SslChannelInitializer extends ChannelInitializer<Channel> { private final SslContext context; public SslChannelInitializer(SslContext context) { this.context = context; } @Override protected void initChannel(Channel ch) throws Exception { SSLEngine engine = context.newEngine(ch.alloc()); engine.setUseClientMode(false); ch.pipeline().addFirst("ssl", new SslHandler(engine)); ChannelPipeline pipeline = ch.pipeline(); pipeline.addLast("frameDecoder", new LengthFieldBasedFrameDecoder(Integer.MAX_VALUE, 0, 4, 0, 4)); pipeline.addLast("frameEncoder", new LengthFieldPrepender(4)); //最大16M pipeline.addLast("decoder", new StringDecoder(Charset.forName("UTF-8"))); pipeline.addLast("encoder", new StringEncoder(Charset.forName("UTF-8"))); pipeline.addLast("spiderServerBusiHandler", new SpiderServerBusiHandler()); } }
package com.ld.net.spider.channel; import io.netty.bootstrap.ServerBootstrap; import io.netty.buffer.PooledByteBufAllocator; import io.netty.channel.ChannelOption; import io.netty.channel.EventLoopGroup; import io.netty.channel.ServerChannel; import io.netty.channel.nio.NioEventLoopGroup; import io.netty.channel.socket.nio.NioServerSocketChannel; import io.netty.handler.ssl.SslContext; import io.netty.handler.ssl.SslContextBuilder; import java.io.FileInputStream; import java.security.KeyStore; import javax.net.ssl.KeyManagerFactory; import org.slf4j.Logger; import org.slf4j.LoggerFactory; public class SocketServerHelper { static final Logger logger = LoggerFactory.getLogger(SocketServerHelper.class); private static int WORKER_GROUP_SIZE = Runtime.getRuntime().availableProcessors() * 2; private static EventLoopGroup bossGroup; private static EventLoopGroup workerGroup; private static Class<? extends ServerChannel> channelClass; public static void startSpiderServer() throws Exception { ServerBootstrap b = new ServerBootstrap(); b.childOption(ChannelOption.TCP_NODELAY, true) .childOption(ChannelOption.SO_KEEPALIVE, true) .childOption(ChannelOption.SO_REUSEADDR, true) .childOption(ChannelOption.ALLOCATOR, new PooledByteBufAllocator(false)) .childOption(ChannelOption.SO_RCVBUF, 1048576) .childOption(ChannelOption.SO_SNDBUF, 1048576); bossGroup = new NioEventLoopGroup(1); workerGroup = new NioEventLoopGroup(WORKER_GROUP_SIZE); channelClass = NioServerSocketChannel.class; logger.info("workerGroup size:" + WORKER_GROUP_SIZE); logger.info("preparing to start spider server..."); b.group(bossGroup, workerGroup); b.channel(channelClass); KeyManagerFactory keyManagerFactory = null; KeyStore keyStore = KeyStore.getInstance("JKS"); keyStore.load(new FileInputStream("D:\\security\\server\\sChat.jks"), "sNetty".toCharArray()); keyManagerFactory = KeyManagerFactory.getInstance("SunX509"); keyManagerFactory.init(keyStore,"sNetty".toCharArray()); SslContext sslContext = SslContextBuilder.forServer(keyManagerFactory).build(); b.childHandler(new SslChannelInitializer(sslContext)); b.bind(9912).sync(); logger.info("spider server start sucess, listening on port " + 9912 + "."); } public static void main(String[] args) throws Exception { SocketServerHelper.startSpiderServer(); } public static void shutdown() { logger.debug("preparing to shutdown spider server..."); bossGroup.shutdownGracefully(); workerGroup.shutdownGracefully(); logger.debug("spider server is shutdown."); } }
package com.ld.net.spider.channel; import java.net.InetSocketAddress; import java.nio.channels.ClosedChannelException; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import io.netty.buffer.ByteBuf; import io.netty.channel.Channel; import io.netty.channel.ChannelFuture; public class SocketHelper { static final Logger logger = LoggerFactory.getLogger(SocketHelper.class); public static ChannelFuture writeMessage(Channel channel,String msg) { if(channel!=null){ try { return channel.writeAndFlush(msg).sync(); } catch (Exception e) { String otherInfo = ""; if(channel.remoteAddress() != null) { otherInfo = "remote address [" + ((InetSocketAddress)channel.remoteAddress()).toString() + "]"; } else { otherInfo = "channel is null."; } if(e instanceof ClosedChannelException) { logger.error("channel to " + otherInfo + " is closed",e); } else { logger.error("timeout occured during channel send msg, " + otherInfo,e); } } }else{ logger.error("send msg failed, channel is disconnected or not connect. channel is null, please see caller log."); } return null; } public static ChannelFuture writeMessage(Channel channel,ByteBuf msg) { if(channel!=null){ try { return channel.writeAndFlush(msg).sync(); } catch (Exception e) { logger.error("timeout occured during channel send msg. remote address is:" + ((InetSocketAddress)channel.remoteAddress()).toString(),e); } }else{ logger.error("send msg failed, channel is disconnected or not connect, channel is null, please see caller log."); } return null; } }
package com.ld.net.spider.client; import io.netty.channel.ChannelHandlerContext; import io.netty.channel.SimpleChannelInboundHandler; import org.slf4j.Logger; import org.slf4j.LoggerFactory; public class SpiderClientBusiHandler extends SimpleChannelInboundHandler<Object> { static final Logger logger = LoggerFactory.getLogger(SpiderClientBusiHandler.class); @Override protected void channelRead0(ChannelHandlerContext ctx, Object origMsg) { System.out.println(origMsg.toString()); } @Override public void exceptionCaught(ChannelHandlerContext ctx, Throwable cause) throws Exception { cause.printStackTrace(); } }
package com.ld.net.spider.channel; import java.nio.charset.Charset; import javax.net.ssl.SSLEngine; import com.ld.net.spider.client.SpiderClientBusiHandler; import io.netty.channel.Channel; import io.netty.channel.ChannelInitializer; import io.netty.channel.ChannelPipeline; import io.netty.handler.codec.LengthFieldBasedFrameDecoder; import io.netty.handler.codec.LengthFieldPrepender; import io.netty.handler.codec.string.StringDecoder; import io.netty.handler.codec.string.StringEncoder; import io.netty.handler.ssl.SslContext; import io.netty.handler.ssl.SslHandler; public class SslChannelInitializer extends ChannelInitializer<Channel> { private final SslContext context; public SslChannelInitializer(SslContext context) { this.context = context; } @Override protected void initChannel(Channel ch) throws Exception { SSLEngine engine = context.newEngine(ch.alloc()); engine.setUseClientMode(true); ch.pipeline().addFirst("ssl", new SslHandler(engine)); ChannelPipeline pipeline = ch.pipeline(); pipeline.addLast("frameDecoder", new LengthFieldBasedFrameDecoder(Integer.MAX_VALUE, 0, 4, 0, 4)); pipeline.addLast("frameEncoder", new LengthFieldPrepender(4)); //最大16M pipeline.addLast("decoder", new StringDecoder(Charset.forName("UTF-8"))); pipeline.addLast("encoder", new StringEncoder(Charset.forName("UTF-8"))); pipeline.addLast("spiderClientBusiHandler", new SpiderClientBusiHandler()); } }
package com.ld.net.spider.channel; import io.netty.bootstrap.Bootstrap; import io.netty.channel.Channel; import io.netty.channel.ChannelOption; import io.netty.channel.EventLoopGroup; import io.netty.channel.nio.NioEventLoopGroup; import io.netty.channel.socket.nio.NioSocketChannel; import io.netty.handler.ssl.SslContext; import io.netty.handler.ssl.SslContextBuilder; import java.io.FileInputStream; import java.security.KeyStore; import java.text.MessageFormat; import javax.net.ssl.TrustManagerFactory; import org.slf4j.Logger; import org.slf4j.LoggerFactory; public class SocketClientHelper { static final Logger logger = LoggerFactory.getLogger(SocketClientHelper.class); public static void main(String[] args) { Channel channel = SocketClientHelper.createChannel("localhost",9912); try { Thread.sleep(100); } catch (InterruptedException e) { // TODO Auto-generated catch block e.printStackTrace(); } SocketHelper.writeMessage(channel, "ssh over tcp test 1"); SocketHelper.writeMessage(channel, "ssh over tcp test 2"); SocketHelper.writeMessage(channel, "ssh over tcp test 3"); SocketHelper.writeMessage(channel, "ssh over tcp test 4"); SocketHelper.writeMessage(channel, "ssh over tcp test 5"); } public static Channel createChannel(String host, int port) { Channel channel = null; Bootstrap b = getBootstrap(); try { channel = b.connect(host, port).sync().channel(); logger.info(MessageFormat.format("connect to spider server ({0}:{1,number,#}) success for thread [" + Thread.currentThread().getName() + "].", host,port)); } catch (Exception e) { e.printStackTrace(); } return channel; } public static Bootstrap getBootstrap(){ EventLoopGroup group; Class<? extends Channel> channelClass = NioSocketChannel.class; group = new NioEventLoopGroup(); Bootstrap b = new Bootstrap(); b.group(group).channel(channelClass); b.option(ChannelOption.SO_KEEPALIVE, true); b.option(ChannelOption.TCP_NODELAY, true); b.option(ChannelOption.SO_REUSEADDR, true); b.option(ChannelOption.CONNECT_TIMEOUT_MILLIS, 5000); TrustManagerFactory tf = null; try { KeyStore keyStore = KeyStore.getInstance("JKS"); keyStore.load(new FileInputStream("D:\\security\\client\\cChat.jks"), "cNetty".toCharArray()); tf = TrustManagerFactory.getInstance("SunX509"); tf.init(keyStore); SslContext sslContext = SslContextBuilder.forClient().trustManager(tf).build(); b.handler(new SslChannelInitializer(sslContext)); return b; } catch(Exception e) { e.printStackTrace(); } return null; } }
package com.ld.net.spider.channel; import java.net.InetSocketAddress; import java.nio.channels.ClosedChannelException; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import io.netty.buffer.ByteBuf; import io.netty.channel.Channel; import io.netty.channel.ChannelFuture; public class SocketHelper { static final Logger logger = LoggerFactory.getLogger(SocketHelper.class); //僅用於內部通訊,不供業務直接使用 public static ChannelFuture writeMessage(Channel channel,String msg) { if(channel!=null){ try { System.out.println("send: " + msg); return channel.writeAndFlush(msg).sync(); } catch (Exception e) { String otherInfo = ""; if(channel.remoteAddress() != null) { otherInfo = "remote address [" + ((InetSocketAddress)channel.remoteAddress()).toString() + "]"; } else { otherInfo = "channel is null."; } if(e instanceof ClosedChannelException) { logger.error("channel to " + otherInfo + " is closed",e); } else { logger.error("timeout occured during channel send msg, " + otherInfo,e); } } }else{ logger.error("send msg failed, channel is disconnected or not connect. channel is null, please see caller log."); } return null; } public static ChannelFuture writeMessage(Channel channel,ByteBuf msg) { if(channel!=null){ try { return channel.writeAndFlush(msg).sync(); } catch (Exception e) { logger.error("timeout occured during channel send msg. remote address is:" + ((InetSocketAddress)channel.remoteAddress()).toString(),e); } }else{ logger.error("send msg failed, channel is disconnected or not connect, channel is null, please see caller log."); } return null; } }
2017-03-01 16:58:51,130 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:71) Using SLF4J as the default logging framework
2017-03-01 16:58:51,570 INFO main com.ld.net.spider.channel.SocketServerHelper.startSpiderServer(SocketServerHelper.java:87) workerGroup size:16
2017-03-01 16:58:51,571 INFO main com.ld.net.spider.channel.SocketServerHelper.startSpiderServer(SocketServerHelper.java:88) preparing to start spider java.nio.DirectByteBuffer.<init>(long, int): available 2017-03-01 16:58:51,157 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) java.nio.ByteBuffer.cleaner(): available 2017-03-01 16:58:51,158 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:71) Platform: Windows 2017-03-01 16:58:51,159 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) Java version: 8 2017-03-01 16:58:51,159 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.noUnsafe: false 2017-03-01 16:58:51,159 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) sun.misc.Unsafe: available 2017-03-01 16:58:51,160 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.noJavassist: false 2017-03-01 16:58:51,263 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:71) Javassist: available 2017-03-01 16:58:51,264 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.tmpdir: C:\Users\dell\AppData\Local\Temp (java.io.tmpdir) 2017-03-01 16:58:51,264 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.bitMode: 32 (sun.arch.data.model) 2017-03-01 16:58:51,266 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.noPreferDirect: false 2017-03-01 16:58:51,266 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) io.netty.maxDirectMemory: 259522560 bytes 2017-03-01 16:58:51,278 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.allocator.numHeapArenas: 2 2017-03-01 16:58:51,278 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.allocator.numDirectArenas: 2 2017-03-01 16:58:51,278 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.allocator.pageSize: 8192 2017-03-01 16:58:51,278 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.allocator.maxOrder: 11 2017-03-01 16:58:51,279 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.allocator.chunkSize: 16777216 2017-03-01 16:58:51,279 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.allocator.tinyCacheSize: 512 2017-03-01 16:58:51,279 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.allocator.smallCacheSize: 256 2017-03-01 16:58:51,279 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.allocator.normalCacheSize: 64 2017-03-01 16:58:51,279 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.allocator.maxCachedBufferCapacity: 32768 2017-03-01 16:58:51,279 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.allocator.cacheTrimInterval: 8192 2017-03-01 16:58:51,294 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.eventLoopThreads: 16 2017-03-01 16:58:51,317 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.noKeySetOptimization: false 2017-03-01 16:58:51,317 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.selectorAutoRebuildThreshold: 512 2017-03-01 16:58:51,321 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:71) org.jctools-core.MpscChunkedArrayQueue: available 2017-03-01 16:58:51,570 INFO main com.ld.net.spider.channel.SocketServerHelper.startSpiderServer(SocketServerHelper.java:87) workerGroup size:16 2017-03-01 16:58:51,571 INFO main com.ld.net.spider.channel.SocketServerHelper.startSpiderServer(SocketServerHelper.java:88) preparing to start spider server...
*** found key for : securechat
chain [0] = [
[
  Version: V3
  Subject: CN=localhost
  Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
  ...
]
*** ObjectId: Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: 9B 96 0D 50 4A 5E AF 3D 56 25 9C A5 69 C1 3E CC ...PJ^.=V%..i.>. 0010: 32 85 0D A8 2... ] ] ] Algorithm: [SHA256withRSA] Signature: 0000: 06 75 9F E1 A1 60 22 F9 2A 62 A7 71 42 D5 05 B7 .u...`".*b.qB... 0010: FF CB 2C C9 2D 03 D9 34 37 04 61 F0 C3 5D DF 23 ..,.-..47.a..].# 0020: B8 6C 72 3D 8E 60 CC 13 6E 66 C2 3A 81 E9 82 A4 .lr=.`..nf.:.... 0030: FD BD 05 B7 73 B2 6D 15 09 29 D2 9C 1E C1 C2 95 ....s.m..)...... 0040: 8A CA DC C7 E7 0A 64 C6 6E 6A 49 B9 29 77 30 84 ......d.njI.)w0. 0050: 4C 76 01 ED 48 AF 69 06 57 95 D5 AD 0D A9 06 7C Lv..H.i.W....... 0060: 3C 92 34 C0 DF 6D 12 B0 61 BA 9D 34 E1 60 58 37 <.4..m..a..4.`X7 0070: 26 54 AB C4 83 00 C7 9D A4 AE 50 2D A5 0F 9C B8 &T........P-.... 0080: A3 A7 70 AE 7A FF AE 96 32 EA F0 CB 31 46 96 8C ..p.z...2...1F.. 0090: 68 B5 68 4F 6D 7D 63 8D 02 2D 96 75 12 E7 76 01 h.hOm.c..-.u..v. 00A0: 3F 61 46 E3 B9 7B CE E1 77 EC 87 BE B1 ED 3A 9E ?aF.....w.....:. 00B0: B9 86 5E trustStore is: C:\Java\jdk1.8.0_102\jre\lib\security\cacerts
trustStore type is : jks
trustStore provider is :
init truststore
trigger seeding of SecureRandom
done seeding SecureRandom
Using SSLEngineImpl.
2017-03-01 16:58:51,994 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) Default protocols (JDK): [TLSv1.2, TLSv1.1, TLSv1]
2017-03-01 16:58:51,994 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) Default cipher suites (JDK): [TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA]
trustStore is: C:\Java\jdk1.8.0_102\jre\lib\security\cacerts
trustStore type is : jks
trustStore provider is :
init truststore trigger seeding of SecureRandom
done seeding SecureRandom
2017-03-01 16:58:52,024 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:71) -Dio.netty.initialSeedUniquifier: 0xbddc65b5f4c56201 (took 0 ms)
2017-03-01 16:58:52,048 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.allocator.type: unpooled
2017-03-01 16:58:52,159 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:86) Loopback interface: lo (Software Loopback Interface 1, 2017-03-01 16:58:52,159 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:81) \proc\sys\net\core\somaxconn: 200 (non-existent)
2017-03-01 16:58:52,170 INFO main com.ld.net.spider.channel.SocketServerHelper.startSpiderServer(SocketServerHelper.java:100) spider server start sucess, listening on port 9912. Using SSLEngineImpl. Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 2017-03-01 16:59:12,485 DEBUG nioEventLoopGroup-3-1 io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) Generated: io.netty.util.internal.__matchers__.io.netty.buffer.ByteBufMatcher 2017-03-01 16:59:12,488 DEBUG nioEventLoopGroup-3-1 io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) Generated: io.netty.util.internal.__matchers__.java.lang.CharSequenceMatcher 2017-03-01 16:59:12,499 DEBUG nioEventLoopGroup-3-1 io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.recycler.maxCapacity.default: 32768 2017-03-01 16:59:12,499 DEBUG nioEventLoopGroup-3-1 io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.recycler.maxSharedCapacityFactor: 2 2017-03-01 16:59:12,499 DEBUG nioEventLoopGroup-3-1 io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.recycler.linkCapacity: 16 2017-03-01 16:59:12,499 DEBUG nioEventLoopGroup-3-1 io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.recycler.ratio: 8 2017-03-01 16:59:12,508 DEBUG nioEventLoopGroup-3-1 io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:81) -Dio.netty.buffer.bytebuf.checkAccessible: true 2017-03-01 16:59:12,511 DEBUG nioEventLoopGroup-3-1 io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:81) -Dio.netty.leakDetection.level: simple 2017-03-01 16:59:12,511 DEBUG nioEventLoopGroup-3-1 io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:81) -Dio.netty.leakDetection.maxRecords: 4 2017-03-01 16:59:12,512 DEBUG nioEventLoopGroup-3-1 io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) Loaded default ResourceLeakDetector: io.netty.util.ResourceLeakDetector@126fb57 Allow unsafe renegotiation: false Allow legacy hello messages: true Is initial handshake: true Is secure renegotiation: false Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 for TLSv1.1 Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 for TLSv1.1 nioEventLoopGroup-3-1, READ: TLSv1.2 Handshake, length = 148 *** ClientHello, TLSv1.2 RandomCookie: GMT: 1471516000 bytes = { 32, 55, 190, 89, 9, 233, 246, 225, 255, 239, 170, 88, 191, 7, 37, 181, 189, 144, 28, 119, 104, 54, 108, 221, 201, 125, 0, 240 } Session ID: {} Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA] Compression Methods: { 0 } Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1} Extension ec_point_formats, formats: [uncompressed] Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA Extension renegotiation_info, renegotiated_connection: <empty> *** %% Initialized: [Session-1, SSL_NULL_WITH_NULL_NULL] matching alias: securechat %% Negotiating: [Session-1, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] *** ServerHello, TLSv1.2 RandomCookie: GMT: 1471516000 bytes = { 147, 0, 63, 42, 231, 63, 161, 134, 104, 126, 153, 154, 147, 158, 67, 10, 113, 145, 53, 170, 165, 215, 245, 106, 10, 77, 25, 220 } Session ID: {88, 182, 141, 96, 61, 18, 149, 189, 209, 109, 4, 54, 134, 200, 176, 55, 72, 246, 251, 155, 123, 130, 69, 249, 113, 96, 255, 242, 113, 68, 131, 37} Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 Compression Method: 0 Extension renegotiation_info, renegotiated_connection: <empty> *** Cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 *** Certificate chain chain [0] = [ [ Version: V3 Subject: CN=localhost Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11 Key: Sun RSA public key, 2048 bits modulus: 16749831635845125300898772810786851962757363576072630669848767625637449355190291171636880157484930405557737101798725595100430512588580403204298548884735410384206917161679097599345159927427558542606064509105209846308030792251873943022902050593801106402817832005445069333234562380602120679753904732125823381819786751986001753681225980680975385070899047009745899018543699824244522514977436255058760370815937546831611107298564630598608071740306664876690231081590657266029010190622338287792826180634476290558945799344550265622949291069523942227675708770661630527667572593691572695780386271863506537334127274891842041316241 public exponent: 65537 Validity: [From: Wed Mar 01 12:48:48 CST 2017, To: Thu Mar 01 12:48:48 CST 2018] Issuer: CN=localhost SerialNumber: [ 78384348] Certificate Extensions: 1 [1]: ObjectId: Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: 9B 96 0D 50 4A 5E AF 3D 56 25 9C A5 69 C1 3E CC ...PJ^.=V%..i.>. 0010: 32 85 0D A8 2... ] ] ] Algorithm: [SHA256withRSA] Signature: 0000: 06 75 9F E1 A1 60 22 F9 2A 62 A7 71 42 D5 05 B7 .u...`".*b.qB... 0010: FF CB 2C C9 2D 03 D9 34 37 04 61 F0 C3 5D DF 23 ..,.-..47.a..].# 0020: B8 6C 72 3D 8E 60 CC 13 6E 66 C2 3A 81 E9 82 A4 .lr=.`..nf.:.... 0030: FD BD 05 B7 73 B2 6D 15 09 29 D2 9C 1E C1 C2 95 ....s.m..)...... 0040: 8A CA DC C7 E7 0A 64 C6 6E 6A 49 B9 29 77 30 84 ......d.njI.)w0. 0050: 4C 76 01 ED 48 AF 69 06 57 95 D5 AD 0D A9 06 7C Lv..H.i.W....... 0060: 3C 92 34 C0 DF 6D 12 B0 61 BA 9D 34 E1 60 58 37 <.4..m..a..4.`X7 0070: 26 54 AB C4 83 00 C7 9D A4 AE 50 2D A5 0F 9C B8 &T........P-.... 0080: A3 A7 70 AE 7A FF AE 96 32 EA F0 CB 31 46 96 8C ..p.z...2...1F.. 0090: 68 B5 68 4F 6D 7D 63 8D 02 2D 96 75 12 E7 76 01 h.hOm.c..-.u..v. 00A0: 3F 61 46 E3 B9 7B CE E1 77 EC 87 BE B1 ED 3A 9E ?aF.....w.....:. 00B0: B9 86 5E 77 EF 95 9B 17 16 EA 65 A9 59 E2 81 79 ..^w......e.Y..y 00C0: 0E BF B0 E5 18 CE 7A 0B 4A A6 19 1F 60 36 74 32 ......z.J...`6t2 00D0: E3 87 57 8A E0 98 87 DE 94 B0 BA A1 17 0F F2 16 ..W............. 00E0: D2 59 76 08 2F 6D 29 63 DA B9 E2 51 80 E9 85 22 .Yv./m)c...Q..." 00F0: B6 02 FD 8A 9B 44 98 57 44 44 65 B4 CC 42 B3 38 .....D.WDDe..B.8 ] *** *** ECDH ServerKeyExchange Signature Algorithm SHA512withRSA Server key: Sun EC public key, 256 bits public x coord: 45783309125782196590097401233642983782548080213817267914313804415213652148552 public y coord: 65526260642319495465608974625182597202813481141931905711227094488688262267917 parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7) *** ServerHelloDone nioEventLoopGroup-3-1, WRITE: TLSv1.2 Handshake, length = 1143 nioEventLoopGroup-3-1, called closeOutbound() nioEventLoopGroup-3-1, closeOutboundInternal() nioEventLoopGroup-3-1, SEND TLSv1.2 ALERT: warning, description = close_notify nioEventLoopGroup-3-1, WRITE: TLSv1.2 Alert, length = 2 nioEventLoopGroup-3-1, called closeInbound() nioEventLoopGroup-3-1, fatal error: 80: Inbound closed before receiving peer's close_notify: possible truncation attack? javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack? %% Invalidated: [Session-1, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] nioEventLoopGroup-3-1, SEND TLSv1.2 ALERT: fatal, description = internal_error nioEventLoopGroup-3-1, Exception sending alert: java.io.IOException: writer side was already closed. Using SSLEngineImpl. Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Allow unsafe renegotiation: false Allow legacy hello messages: true Is initial handshake: true Is secure renegotiation: false Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 for TLSv1.1 Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 for TLSv1.1 nioEventLoopGroup-3-2, READ: TLSv1.2 Handshake, length = 148 *** ClientHello, TLSv1.2 RandomCookie: GMT: 1471516158 bytes = { 167, 193, 171, 47, 42, 194, 255, 246, 58, 202, 31, 31, 150, 41, 112, 19, 56, 230, 43, 26, 198, 72, 239, 85, 51, 202, 56, 87 } Session ID: {} Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA] Compression Methods: { 0 } Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1} Extension ec_point_formats, formats: [uncompressed] Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA Extension renegotiation_info, renegotiated_connection: <empty> *** %% Initialized: [Session-2, SSL_NULL_WITH_NULL_NULL] %% Negotiating: [Session-2, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] *** ServerHello, TLSv1.2 RandomCookie: GMT: 1471516158 bytes = { 225, 28, 98, 64, 232, 67, 45, 65, 94, 10, 83, 229, 159, 109, 169, 98, 91, 229, 47, 135, 236, 43, 144, 219, 107, 17, 204, 141 } Session ID: {88, 182, 142, 254, 219, 50, 242, 66, 120, 184, 172, 80, 42, 188, 35, 44, 78, 215, 118, 41, 86, 137, 230, 128, 236, 208, 37, 109, 175, 216, 55, 116} Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 Compression Method: 0 Extension renegotiation_info, renegotiated_connection: <empty> *** Cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 *** Certificate chain chain [0] = [ [ Version: V3 Subject: CN=localhost Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11 Key: Sun RSA public key, 2048 bits modulus: 16749831635845125300898772810786851962757363576072630669848767625637449355190291171636880157484930405557737101798725595100430512588580403204298548884735410384206917161679097599345159927427558542606064509105209846308030792251873943022902050593801106402817832005445069333234562380602120679753904732125823381819786751986001753681225980680975385070899047009745899018543699824244522514977436255058760370815937546831611107298564630598608071740306664876690231081590657266029010190622338287792826180634476290558945799344550265622949291069523942227675708770661630527667572593691572695780386271863506537334127274891842041316241 public exponent: 65537 Validity: [From: Wed Mar 01 12:48:48 CST 2017, To: Thu Mar 01 12:48:48 CST 2018] Issuer: CN=localhost SerialNumber: [ 78384348] Certificate Extensions: 1 [1]: ObjectId: Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: 9B 96 0D 50 4A 5E AF 3D 56 25 9C A5 69 C1 3E CC ...PJ^.=V%..i.>. 0010: 32 85 0D A8 2... ] ] ] Algorithm: [SHA256withRSA] Signature: 0000: 06 75 9F E1 A1 60 22 F9 2A 62 A7 71 42 D5 05 B7 .u...`".*b.qB... 0010: FF CB 2C C9 2D 03 D9 34 37 04 61 F0 C3 5D DF 23 ..,.-..47.a..].# 0020: B8 6C 72 3D 8E 60 CC 13 6E 66 C2 3A 81 E9 82 A4 .lr=.`..nf.:.... 0030: FD BD 05 B7 73 B2 6D 15 09 29 D2 9C 1E C1 C2 95 ....s.m..)...... 0040: 8A CA DC C7 E7 0A 64 C6 6E 6A 49 B9 29 77 30 84 ......d.njI.)w0. 0050: 4C 76 01 ED 48 AF 69 06 57 95 D5 AD 0D A9 06 7C Lv..H.i.W....... 0060: 3C 92 34 C0 DF 6D 12 B0 61 BA 9D 34 E1 60 58 37 <.4..m..a..4.`X7 0070: 26 54 AB C4 83 00 C7 9D A4 AE 50 2D A5 0F 9C B8 &T........P-.... 0080: A3 A7 70 AE 7A FF AE 96 32 EA F0 CB 31 46 96 8C ..p.z...2...1F.. 0090: 68 B5 68 4F 6D 7D 63 8D 02 2D 96 75 12 E7 76 01 h.hOm.c..-.u..v. 00A0: 3F 61 46 E3 B9 7B CE E1 77 EC 87 BE B1 ED 3A 9E ?aF.....w.....:. 00B0: B9 86 5E 77 EF 95 9B 17 16 EA 65 A9 59 E2 81 79 ..^w......e.Y..y 00C0: 0E BF B0 E5 18 CE 7A 0B 4A A6 19 1F 60 36 74 32 ......z.J...`6t2 00D0: E3 87 57 8A E0 98 87 DE 94 B0 BA A1 17 0F F2 16 ..W............. 00E0: D2 59 76 08 2F 6D 29 63 DA B9 E2 51 80 E9 85 22 .Yv./m)c...Q..." 00F0: B6 02 FD 8A 9B 44 98 57 44 44 65 B4 CC 42 B3 38 .....D.WDDe..B.8 ] *** *** ECDH ServerKeyExchange Signature Algorithm SHA512withRSA Server key: Sun EC public key, 256 bits public x coord: 114233216280638678797234809004396039380030438791388296040602616024637536719620 public y coord: 110080291266543170097998121713571486190642596218532893835681542649150412914178 parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7) *** ServerHelloDone nioEventLoopGroup-3-2, WRITE: TLSv1.2 Handshake, length = 1143 nioEventLoopGroup-3-2, called closeOutbound() nioEventLoopGroup-3-2, closeOutboundInternal() nioEventLoopGroup-3-2, SEND TLSv1.2 ALERT: warning, description = close_notify nioEventLoopGroup-3-2, WRITE: TLSv1.2 Alert, length = 2 nioEventLoopGroup-3-2, called closeInbound() nioEventLoopGroup-3-2, fatal error: 80: Inbound closed before receiving peer's close_notify: possible truncation attack? javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack? %% Invalidated: [Session-2, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] nioEventLoopGroup-3-2, SEND TLSv1.2 ALERT: fatal, description = internal_error nioEventLoopGroup-3-2, Exception sending alert: java.io.IOException: writer side was already closed. Using SSLEngineImpl. Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Allow unsafe renegotiation: false Allow legacy hello messages: true Is initial handshake: true Is secure renegotiation: false Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 for TLSv1.1 Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 for TLSv1.1 nioEventLoopGroup-3-3, READ: TLSv1.2 Handshake, length = 148 *** ClientHello, TLSv1.2 RandomCookie: GMT: 1471516452 bytes = { 237, 187, 82, 91, 200, 7, 61, 71, 82, 178, 205, 207, 108, 250, 33, 173, 184, 223, 3, 82, 252, 218, 141, 48, 2, 71, 188, 102 } Session ID: {} Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA] Compression Methods: { 0 } Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1} Extension ec_point_formats, formats: [uncompressed] Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA Extension renegotiation_info, renegotiated_connection: <empty> *** %% Initialized: [Session-3, SSL_NULL_WITH_NULL_NULL] %% Negotiating: [Session-3, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] *** ServerHello, TLSv1.2 RandomCookie: GMT: 1471516452 bytes = { 14, 55, 87, 5, 89, 3, 195, 149, 250, 180, 66, 198, 7, 172, 218, 170, 175, 155, 44, 194, 60, 137, 241, 117, 88, 247, 255, 235 } Session ID: {88, 182, 143, 36, 96, 33, 152, 86, 72, 24, 163, 107, 195, 146, 90, 73, 187, 97, 199, 129, 86, 151, 226, 63, 230, 119, 127, 245, 55, 56, 96, 156} Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 Compression Method: 0 Extension renegotiation_info, renegotiated_connection: <empty> *** Cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 *** Certificate chain chain [0] = [ [ Version: V3 Subject: CN=localhost Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11 Key: Sun RSA public key, 2048 bits modulus: 16749831635845125300898772810786851962757363576072630669848767625637449355190291171636880157484930405557737101798725595100430512588580403204298548884735410384206917161679097599345159927427558542606064509105209846308030792251873943022902050593801106402817832005445069333234562380602120679753904732125823381819786751986001753681225980680975385070899047009745899018543699824244522514977436255058760370815937546831611107298564630598608071740306664876690231081590657266029010190622338287792826180634476290558945799344550265622949291069523942227675708770661630527667572593691572695780386271863506537334127274891842041316241 public exponent: 65537 Validity: [From: Wed Mar 01 12:48:48 CST 2017, To: Thu Mar 01 12:48:48 CST 2018] Issuer: CN=localhost SerialNumber: [ 78384348] Certificate Extensions: 1 [1]: ObjectId: Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: 9B 96 0D 50 4A 5E AF 3D 56 25 9C A5 69 C1 3E CC ...PJ^.=V%..i.>. 0010: 32 85 0D A8 2... ] ] ] Algorithm: [SHA256withRSA] Signature: 0000: 06 75 9F E1 A1 60 22 F9 2A 62 A7 71 42 D5 05 B7 .u...`".*b.qB... 0010: FF CB 2C C9 2D 03 D9 34 37 04 61 F0 C3 5D DF 23 ..,.-..47.a..].# 0020: B8 6C 72 3D 8E 60 CC 13 6E 66 C2 3A 81 E9 82 A4 .lr=.`..nf.:.... 0030: FD BD 05 B7 73 B2 6D 15 09 29 D2 9C 1E C1 C2 95 ....s.m..)...... 0040: 8A CA DC C7 E7 0A 64 C6 6E 6A 49 B9 29 77 30 84 ......d.njI.)w0. 0050: 4C 76 01 ED 48 AF 69 06 57 95 D5 AD 0D A9 06 7C Lv..H.i.W....... 0060: 3C 92 34 C0 DF 6D 12 B0 61 BA 9D 34 E1 60 58 37 <.4..m..a..4.`X7 0070: 26 54 AB C4 83 00 C7 9D A4 AE 50 2D A5 0F 9C B8 &T........P-.... 0080: A3 A7 70 AE 7A FF AE 96 32 EA F0 CB 31 46 96 8C ..p.z...2...1F.. 0090: 68 B5 68 4F 6D 7D 63 8D 02 2D 96 75 12 E7 76 01 h.hOm.c..-.u..v. 00A0: 3F 61 46 E3 B9 7B CE E1 77 EC 87 BE B1 ED 3A 9E ?aF.....w.....:. 00B0: B9 86 5E 77 EF 95 9B 17 16 EA 65 A9 59 E2 81 79 ..^w......e.Y..y 00C0: 0E BF B0 E5 18 CE 7A 0B 4A A6 19 1F 60 36 74 32 ......z.J...`6t2 00D0: E3 87 57 8A E0 98 87 DE 94 B0 BA A1 17 0F F2 16 ..W............. 00E0: D2 59 76 08 2F 6D 29 63 DA B9 E2 51 80 E9 85 22 .Yv./m)c...Q..." 00F0: B6 02 FD 8A 9B 44 98 57 44 44 65 B4 CC 42 B3 38 .....D.WDDe..B.8 ] *** *** ECDH ServerKeyExchange Signature Algorithm SHA512withRSA Server key: Sun EC public key, 256 bits public x coord: 109645440307038020256653425962553169171738745287384973361922939472718475813848 public y coord: 105760912478839375803890461571035182727525828359059575720370074390248840995205 parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7) *** ServerHelloDone nioEventLoopGroup-3-3, WRITE: TLSv1.2 Handshake, length = 1143 nioEventLoopGroup-3-3, called closeOutbound() nioEventLoopGroup-3-3, closeOutboundInternal() nioEventLoopGroup-3-3, SEND TLSv1.2 ALERT: warning, description = close_notify nioEventLoopGroup-3-3, WRITE: TLSv1.2 Alert, length = 2 nioEventLoopGroup-3-3, called closeInbound() nioEventLoopGroup-3-3, fatal error: 80: Inbound closed before receiving peer's close_notify: possible truncation attack? javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack? %% Invalidated: [Session-3, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] nioEventLoopGroup-3-3, SEND TLSv1.2 ALERT: fatal, description = internal_error nioEventLoopGroup-3-3, Exception sending alert: java.io.IOException: writer side was already closed. Using SSLEngineImpl. Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Allow unsafe renegotiation: false Allow legacy hello messages: true Is initial handshake: true Is secure renegotiation: false Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 for TLSv1.1 Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 for TLSv1.1 nioEventLoopGroup-3-4, READ: TLSv1.2 Handshake, length = 148 *** ClientHello, TLSv1.2 RandomCookie: GMT: 1471516476 bytes = { 63, 165, 71, 40, 13, 242, 29, 41, 222, 89, 149, 77, 209, 129, 61, 188, 141, 85, 80, 89, 245, 122, 98, 214, 223, 92, 114, 175 } Session ID: {} Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA] Compression Methods: { 0 } Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1} Extension ec_point_formats, formats: [uncompressed] Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA Extension renegotiation_info, renegotiated_connection: <empty> *** %% Initialized: [Session-4, SSL_NULL_WITH_NULL_NULL] %% Negotiating: [Session-4, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] *** ServerHello, TLSv1.2 RandomCookie: GMT: 1471516476 bytes = { 255, 101, 93, 2, 236, 207, 206, 10, 197, 98, 160, 47, 253, 171, 67, 186, 251, 145, 57, 135, 38, 26, 30, 65, 208, 21, 11, 124 } Session ID: {88, 182, 143, 60, 129, 146, 156, 29, 192, 93, 106, 135, 136, 153, 195, 98, 236, 81, 194, 11, 182, 9, 130, 112, 177, 196, 196, 85, 7, 254, 113, 7} Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 Compression Method: 0 Extension renegotiation_info, renegotiated_connection: <empty> *** Cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 *** Certificate chain chain [0] = [ [ Version: V3 Subject: CN=localhost Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11 Key: Sun RSA public key, 2048 bits modulus: 16749831635845125300898772810786851962757363576072630669848767625637449355190291171636880157484930405557737101798725595100430512588580403204298548884735410384206917161679097599345159927427558542606064509105209846308030792251873943022902050593801106402817832005445069333234562380602120679753904732125823381819786751986001753681225980680975385070899047009745899018543699824244522514977436255058760370815937546831611107298564630598608071740306664876690231081590657266029010190622338287792826180634476290558945799344550265622949291069523942227675708770661630527667572593691572695780386271863506537334127274891842041316241 public exponent: 65537 Validity: [From: Wed Mar 01 12:48:48 CST 2017, To: Thu Mar 01 12:48:48 CST 2018] Issuer: CN=localhost SerialNumber: [ 78384348] Certificate Extensions: 1 [1]: ObjectId: Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: 9B 96 0D 50 4A 5E AF 3D 56 25 9C A5 69 C1 3E CC ...PJ^.=V%..i.>. 0010: 32 85 0D A8 2... ] ] ] Algorithm: [SHA256withRSA] Signature: 0000: 06 75 9F E1 A1 60 22 F9 2A 62 A7 71 42 D5 05 B7 .u...`".*b.qB... 0010: FF CB 2C C9 2D 03 D9 34 37 04 61 F0 C3 5D DF 23 ..,.-..47.a..].# 0020: B8 6C 72 3D 8E 60 CC 13 6E 66 C2 3A 81 E9 82 A4 .lr=.`..nf.:.... 0030: FD BD 05 B7 73 B2 6D 15 09 29 D2 9C 1E C1 C2 95 ....s.m..)...... 0040: 8A CA DC C7 E7 0A 64 C6 6E 6A 49 B9 29 77 30 84 ......d.njI.)w0. 0050: 4C 76 01 ED 48 AF 69 06 57 95 D5 AD 0D A9 06 7C Lv..H.i.W....... 0060: 3C 92 34 C0 DF 6D 12 B0 61 BA 9D 34 E1 60 58 37 <.4..m..a..4.`X7 0070: 26 54 AB C4 83 00 C7 9D A4 AE 50 2D A5 0F 9C B8 &T........P-.... 0080: A3 A7 70 AE 7A FF AE 96 32 EA F0 CB 31 46 96 8C ..p.z...2...1F.. 0090: 68 B5 68 4F 6D 7D 63 8D 02 2D 96 75 12 E7 76 01 h.hOm.c..-.u..v. 00A0: 3F 61 46 E3 B9 7B CE E1 77 EC 87 BE B1 ED 3A 9E ?aF.....w.....:. 00B0: B9 86 5E 77 EF 95 9B 17 16 EA 65 A9 59 E2 81 79 ..^w......e.Y..y 00C0: 0E BF B0 E5 18 CE 7A 0B 4A A6 19 1F 60 36 74 32 ......z.J...`6t2 00D0: E3 87 57 8A E0 98 87 DE 94 B0 BA A1 17 0F F2 16 ..W............. 00E0: D2 59 76 08 2F 6D 29 63 DA B9 E2 51 80 E9 85 22 .Yv./m)c...Q..." 00F0: B6 02 FD 8A 9B 44 98 57 44 44 65 B4 CC 42 B3 38 .....D.WDDe..B.8 ] *** *** ECDH ServerKeyExchange Signature Algorithm SHA512withRSA Server key: Sun EC public key, 256 bits public x coord: 92694630830997912533451060743025525319716847165257493278914158902912199372558 public y coord: 20695720232376677011482059963801818244638973623500456869553215867954790837495 parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7) *** ServerHelloDone nioEventLoopGroup-3-4, WRITE: TLSv1.2 Handshake, length = 1143 nioEventLoopGroup-3-4, READ: TLSv1.2 Handshake, length = 70 *** ECDHClientKeyExchange ECDH Public value: { 4, 254, 138, 252, 110, 122, 74, 139, 200, 247, 79, 194, 24, 120, 32, 240, 118, 233, 118, 75, 51, 240, 4, 62, 236, 58, 17, 254, 145, 35, 30, 202, 160, 145, 144, 15, 61, 239, 24, 189, 68, 89, 62, 8, 54, 207, 165, 41, 8, 181, 48, 83, 8, 136, 43, 132, 148, 99, 11, 111, 57, 19, 146, 200, 69 } SESSION KEYGEN: PreMaster Secret: 0000: 9C B2 1A 57 E3 20 3F 36 66 74 F3 5F 78 D5 D7 83 ...W. ?6ft._x... 0010: A8 83 70 67 1D 34 97 48 DC B2 AD E0 C4 13 B4 09 ..pg.4.H........ CONNECTION KEYGEN: Client Nonce: 0000: 58 B6 8F 3C 3F A5 47 28 0D F2 1D 29 DE 59 95 4D X..<?.G(...).Y.M 0010: D1 81 3D BC 8D 55 50 59 F5 7A 62 D6 DF 5C 72 AF ..=..UPY.zb..\r. Server Nonce: 0000: 58 B6 8F 3C FF 65 5D 02 EC CF CE 0A C5 62 A0 2F X..<.e]......b./ 0010: FD AB 43 BA FB 91 39 87 26 1A 1E 41 D0 15 0B 7C ..C...9.&..A.... Master Secret: 0000: 05 94 34 F6 F8 11 EA 3C BC 2C 42 1B 01 18 BB A5 ..4....<.,B..... 0010: F8 B2 20 3A 0E 6A F3 2B 44 3B A2 7E 69 75 29 EB .. :.j.+D;..iu). 0020: 9B 79 4C 47 84 3F DB 98 E6 9E 1C 93 61 28 4B D9 .yLG.?......a(K. ... no MAC keys used for this cipher Client write key: 0000: 33 05 30 AE 87 47 F1 7B 6D 65 A4 F3 B4 3A F6 8E 3.0..G..me...:.. Server write key: 0000: 09 D2 14 BF 20 A6 7E F5 4F 7E 84 7E AA D6 C8 C2 .... ...O....... Client write IV: 0000: DA 19 3D 10 ..=. Server write IV: 0000: 44 F8 F9 29 D..) nioEventLoopGroup-3-4, READ: TLSv1.2 Change Cipher Spec, length = 1 nioEventLoopGroup-3-4, READ: TLSv1.2 Handshake, length = 40 *** Finished verify_data: { 226, 7, 226, 20, 207, 227, 210, 82, 103, 19, 86, 220 } *** nioEventLoopGroup-3-4, WRITE: TLSv1.2 Change Cipher Spec, length = 1 *** Finished verify_data: { 205, 104, 14, 189, 189, 114, 27, 59, 81, 95, 17, 0 } *** nioEventLoopGroup-3-4, WRITE: TLSv1.2 Handshake, length = 40 %% Cached server session: [Session-4, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] 2017-03-01 17:07:08,561 DEBUG nioEventLoopGroup-3-4 io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:81) [id: 0xb4a93c68, L:/ - R:/] HANDSHAKEN: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ssh over tcp test 2017-03-01 17:07:27,211 ERROR nioEventLoopGroup-3-4 com.ld.net.spider.server.SpiderServerBusiHandler.exceptionCaught(SpiderServerBusiHandler.java:38) channel / exception: java.io.IOException: Զ������ǿ�ȹر���һ�����е����ӡ� at sun.nio.ch.SocketDispatcher.read0(Native Method) at sun.nio.ch.SocketDispatcher.read(SocketDispatcher.java:43) at sun.nio.ch.IOUtil.readIntoNativeBuffer(IOUtil.java:223) at sun.nio.ch.IOUtil.read(IOUtil.java:192) at sun.nio.ch.SocketChannelImpl.read(SocketChannelImpl.java:380) at io.netty.buffer.PooledUnsafeDirectByteBuf.setBytes(PooledUnsafeDirectByteBuf.java:221) at io.netty.buffer.AbstractByteBuf.writeBytes(AbstractByteBuf.java:899) at io.netty.channel.socket.nio.NioSocketChannel.doReadBytes(NioSocketChannel.java:275) at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:119) at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:652) at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:575) at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:489) at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:451) at io.netty.util.concurrent.SingleThreadEventExecutor$2.run(SingleThreadEventExecutor.java:140) at io.netty.util.concurrent.DefaultThreadFactory$DefaultRunnableDecorator.run(DefaultThreadFactory.java:144) at java.lang.Thread.run(Thread.java:745) nioEventLoopGroup-3-4, called closeOutbound() nioEventLoopGroup-3-4, closeOutboundInternal() nioEventLoopGroup-3-4, SEND TLSv1.2 ALERT: warning, description = close_notify nioEventLoopGroup-3-4, WRITE: TLSv1.2 Alert, length = 26 nioEventLoopGroup-3-4, called closeOutbound() nioEventLoopGroup-3-4, closeOutboundInternal() Using SSLEngineImpl. Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Allow unsafe renegotiation: false Allow legacy hello messages: true Is initial handshake: true Is secure renegotiation: false Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 for TLSv1.1 Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 for TLSv1.1 nioEventLoopGroup-3-5, READ: TLSv1.2 Handshake, length = 148 *** ClientHello, TLSv1.2 RandomCookie: GMT: 1471516504 bytes = { 174, 125, 52, 145, 247, 71, 23, 3, 4, 3, 213, 123, 250, 134, 8, 166, 179, 114, 170, 160, 175, 48, 222, 242, 143, 119, 195, 201 } Session ID: {} Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA] Compression Methods: { 0 } Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1} Extension ec_point_formats, formats: [uncompressed] Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA Extension renegotiation_info, renegotiated_connection: <empty> *** %% Initialized: [Session-5, SSL_NULL_WITH_NULL_NULL] %% Negotiating: [Session-5, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] *** ServerHello, TLSv1.2 RandomCookie: GMT: 1471516504 bytes = { 41, 134, 164, 168, 204, 30, 159, 147, 192, 42, 191, 140, 191, 206, 1, 255, 214, 212, 5, 9, 109, 157, 235, 29, 198, 198, 7, 159 } Session ID: {88, 182, 143, 88, 250, 213, 187, 121, 114, 188, 118, 213, 99, 83, 219, 241, 240, 134, 184, 211, 15, 18, 198, 254, 90, 144, 112, 27, 199, 87, 241, 197} Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 Compression Method: 0 Extension renegotiation_info, renegotiated_connection: <empty> *** Cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 *** Certificate chain chain [0] = [ [ Version: V3 Subject: CN=localhost Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11 Key: Sun RSA public key, 2048 bits modulus: 16749831635845125300898772810786851962757363576072630669848767625637449355190291171636880157484930405557737101798725595100430512588580403204298548884735410384206917161679097599345159927427558542606064509105209846308030792251873943022902050593801106402817832005445069333234562380602120679753904732125823381819786751986001753681225980680975385070899047009745899018543699824244522514977436255058760370815937546831611107298564630598608071740306664876690231081590657266029010190622338287792826180634476290558945799344550265622949291069523942227675708770661630527667572593691572695780386271863506537334127274891842041316241 public exponent: 65537 Validity: [From: Wed Mar 01 12:48:48 CST 2017, To: Thu Mar 01 12:48:48 CST 2018] Issuer: CN=localhost SerialNumber: [ 78384348] Certificate Extensions: 1 [1]: ObjectId: Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: 9B 96 0D 50 4A 5E AF 3D 56 25 9C A5 69 C1 3E CC ...PJ^.=V%..i.>. 0010: 32 85 0D A8 2... ] ] ] Algorithm: [SHA256withRSA] Signature: 0000: 06 75 9F E1 A1 60 22 F9 2A 62 A7 71 42 D5 05 B7 .u...`".*b.qB... 0010: FF CB 2C C9 2D 03 D9 34 37 04 61 F0 C3 5D DF 23 ..,.-..47.a..].# 0020: B8 6C 72 3D 8E 60 CC 13 6E 66 C2 3A 81 E9 82 A4 .lr=.`..nf.:.... 0030: FD BD 05 B7 73 B2 6D 15 09 29 D2 9C 1E C1 C2 95 ....s.m..)...... 0040: 8A CA DC C7 E7 0A 64 C6 6E 6A 49 B9 29 77 30 84 ......d.njI.)w0. 0050: 4C 76 01 ED 48 AF 69 06 57 95 D5 AD 0D A9 06 7C Lv..H.i.W....... 0060: 3C 92 34 C0 DF 6D 12 B0 61 BA 9D 34 E1 60 58 37 <.4..m..a..4.`X7 0070: 26 54 AB C4 83 00 C7 9D A4 AE 50 2D A5 0F 9C B8 &T........P-.... 0080: A3 A7 70 AE 7A FF AE 96 32 EA F0 CB 31 46 96 8C ..p.z...2...1F.. 0090: 68 B5 68 4F 6D 7D 63 8D 02 2D 96 75 12 E7 76 01 h.hOm.c..-.u..v. 00A0: 3F 61 46 E3 B9 7B CE E1 77 EC 87 BE B1 ED 3A 9E ?aF.....w.....:. 00B0: B9 86 5E 77 EF 95 9B 17 16 EA 65 A9 59 E2 81 79 ..^w......e.Y..y 00C0: 0E BF B0 E5 18 CE 7A 0B 4A A6 19 1F 60 36 74 32 ......z.J...`6t2 00D0: E3 87 57 8A E0 98 87 DE 94 B0 BA A1 17 0F F2 16 ..W............. 00E0: D2 59 76 08 2F 6D 29 63 DA B9 E2 51 80 E9 85 22 .Yv./m)c...Q..." 00F0: B6 02 FD 8A 9B 44 98 57 44 44 65 B4 CC 42 B3 38 .....D.WDDe..B.8 ] *** *** ECDH ServerKeyExchange Signature Algorithm SHA512withRSA Server key: Sun EC public key, 256 bits public x coord: 44848125480595565086468434811987008038751117904620875939380476192930647570684 public y coord: 91928601943159748898641362622238630449355378548862176004876836507039857054799 parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7) *** ServerHelloDone nioEventLoopGroup-3-5, WRITE: TLSv1.2 Handshake, length = 1143 nioEventLoopGroup-3-5, READ: TLSv1.2 Handshake, length = 70 *** ECDHClientKeyExchange ECDH Public value: { 4, 34, 157, 214, 211, 201, 139, 82, 242, 150, 73, 110, 74, 164, 137, 194, 40, 40, 166, 7, 43, 126, 202, 127, 42, 82, 110, 241, 239, 122, 242, 77, 162, 78, 118, 103, 193, 142, 21, 162, 76, 4, 10, 232, 219, 251, 149, 182, 163, 18, 114, 23, 105, 22, 217, 206, 248, 83, 75, 114, 119, 11, 30, 30, 176 } SESSION KEYGEN: PreMaster Secret: 0000: 4E 10 4A 8A 74 53 55 E3 35 9F 13 95 0E 1D 5B 66 N.J.tSU.5.....[f 0010: 77 42 07 47 5F 7F 8B DF 29 A1 8B B0 02 02 26 E7 wB.G_...).....&. CONNECTION KEYGEN: Client Nonce: 0000: 58 B6 8F 58 AE 7D 34 91 F7 47 17 03 04 03 D5 7B X..X..4..G...... 0010: FA 86 08 A6 B3 72 AA A0 AF 30 DE F2 8F 77 C3 C9 .....r...0...w.. Server Nonce: 0000: 58 B6 8F 58 29 86 A4 A8 CC 1E 9F 93 C0 2A BF 8C X..X)........*.. 0010: BF CE 01 FF D6 D4 05 09 6D 9D EB 1D C6 C6 07 9F ........m....... Master Secret: 0000: 92 EC 71 CE 2A 74 16 07 E3 4A A9 77 F3 B9 90 D2 ..q.*t...J.w.... 0010: 4F A1 32 EA 0C E5 C2 BF 5E 2D 8E 8B CB 7D BB E6 O.2.....^-...... 0020: 81 13 A1 0C 32 EA B4 D1 AE 40 D4 8A 8D 8A C1 E8 ....2....@...... ... no MAC keys used for this cipher Client write key: 0000: B6 55 2C A4 6F 19 50 F9 A6 20 79 C5 7A 00 10 08 .U,.o.P.. y.z... Server write key: 0000: A3 D5 C0 BB E2 CA F5 06 E8 58 BA DF 9E 08 7B 47 .........X.....G Client write IV: 0000: 88 69 60 A6 .i`. Server write IV: 0000: 5D 7B A0 13 ]... nioEventLoopGroup-3-5, READ: TLSv1.2 Change Cipher Spec, length = 1 nioEventLoopGroup-3-5, READ: TLSv1.2 Handshake, length = 40 *** Finished verify_data: { 97, 80, 202, 95, 247, 61, 122, 118, 62, 254, 85, 29 } *** nioEventLoopGroup-3-5, WRITE: TLSv1.2 Change Cipher Spec, length = 1 *** Finished verify_data: { 40, 58, 134, 125, 120, 238, 232, 133, 170, 46, 145, 211 } *** nioEventLoopGroup-3-5, WRITE: TLSv1.2 Handshake, length = 40 %% Cached server session: [Session-5, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] 2017-03-01 17:07:36,493 DEBUG nioEventLoopGroup-3-5 io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:81) [id: 0x6db757fe, L:/ - R:/] HANDSHAKEN: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ssh over tcp test 2017-03-01 17:10:39,545 ERROR nioEventLoopGroup-3-5 com.ld.net.spider.server.SpiderServerBusiHandler.exceptionCaught(SpiderServerBusiHandler.java:38) channel / exception: java.io.IOException: Զ������ǿ�ȹر���һ�����е����ӡ� at sun.nio.ch.SocketDispatcher.read0(Native Method) at sun.nio.ch.SocketDispatcher.read(SocketDispatcher.java:43) at sun.nio.ch.IOUtil.readIntoNativeBuffer(IOUtil.java:223) at sun.nio.ch.IOUtil.read(IOUtil.java:192) at sun.nio.ch.SocketChannelImpl.read(SocketChannelImpl.java:380) at io.netty.buffer.PooledUnsafeDirectByteBuf.setBytes(PooledUnsafeDirectByteBuf.java:221) at io.netty.buffer.AbstractByteBuf.writeBytes(AbstractByteBuf.java:899) at io.netty.channel.socket.nio.NioSocketChannel.doReadBytes(NioSocketChannel.java:275) at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:119) at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:652) at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:575) at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:489) at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:451) at io.netty.util.concurrent.SingleThreadEventExecutor$2.run(SingleThreadEventExecutor.java:140) at io.netty.util.concurrent.DefaultThreadFactory$DefaultRunnableDecorator.run(DefaultThreadFactory.java:144) at java.lang.Thread.run(Thread.java:745) nioEventLoopGroup-3-5, called closeOutbound() nioEventLoopGroup-3-5, closeOutboundInternal() nioEventLoopGroup-3-5, SEND TLSv1.2 ALERT: warning, description = close_notify nioEventLoopGroup-3-5, WRITE: TLSv1.2 Alert, length = 26 nioEventLoopGroup-3-5, called closeOutbound() nioEventLoopGroup-3-5, closeOutboundInternal() Using SSLEngineImpl. Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Allow unsafe renegotiation: false Allow legacy hello messages: true Is initial handshake: true Is secure renegotiation: false Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 for TLSv1.1 Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 for TLSv1.1 nioEventLoopGroup-3-6, READ: TLSv1.2 Handshake, length = 148 *** ClientHello, TLSv1.2 RandomCookie: GMT: 1471516695 bytes = { 24, 187, 217, 214, 140, 214, 114, 66, 240, 143, 250, 47, 51, 163, 181, 87, 218, 240, 112, 132, 18, 214, 172, 223, 186, 16, 79, 53 } Session ID: {} Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA] Compression Methods: { 0 } Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1} Extension ec_point_formats, formats: [uncompressed] Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA Extension renegotiation_info, renegotiated_connection: <empty> *** %% Initialized: [Session-6, SSL_NULL_WITH_NULL_NULL] %% Negotiating: [Session-6, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] *** ServerHello, TLSv1.2 RandomCookie: GMT: 1471516695 bytes = { 222, 75, 242, 116, 63, 236, 213, 10, 170, 72, 227, 166, 210, 107, 119, 123, 192, 138, 77, 244, 44, 108, 180, 115, 67, 55, 73, 153 } Session ID: {88, 182, 144, 23, 48, 147, 150, 107, 2, 43, 100, 77, 218, 52, 13, 108, 73, 114, 159, 168, 67, 166, 136, 157, 87, 142, 140, 130, 7, 80, 12, 219} Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 Compression Method: 0 Extension renegotiation_info, renegotiated_connection: <empty> *** Cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 *** Certificate chain chain [0] = [ [ Version: V3 Subject: CN=localhost Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11 Key: Sun RSA public key, 2048 bits modulus: 16749831635845125300898772810786851962757363576072630669848767625637449355190291171636880157484930405557737101798725595100430512588580403204298548884735410384206917161679097599345159927427558542606064509105209846308030792251873943022902050593801106402817832005445069333234562380602120679753904732125823381819786751986001753681225980680975385070899047009745899018543699824244522514977436255058760370815937546831611107298564630598608071740306664876690231081590657266029010190622338287792826180634476290558945799344550265622949291069523942227675708770661630527667572593691572695780386271863506537334127274891842041316241 public exponent: 65537 Validity: [From: Wed Mar 01 12:48:48 CST 2017, To: Thu Mar 01 12:48:48 CST 2018] Issuer: CN=localhost SerialNumber: [ 78384348] Certificate Extensions: 1 [1]: ObjectId: Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: 9B 96 0D 50 4A 5E AF 3D 56 25 9C A5 69 C1 3E CC ...PJ^.=V%..i.>. 0010: 32 85 0D A8 2... ] ] ] Algorithm: [SHA256withRSA] Signature: 0000: 06 75 9F E1 A1 60 22 F9 2A 62 A7 71 42 D5 05 B7 .u...`".*b.qB... 0010: FF CB 2C C9 2D 03 D9 34 37 04 61 F0 C3 5D DF 23 ..,.-..47.a..].# 0020: B8 6C 72 3D 8E 60 CC 13 6E 66 C2 3A 81 E9 82 A4 .lr=.`..nf.:.... 0030: FD BD 05 B7 73 B2 6D 15 09 29 D2 9C 1E C1 C2 95 ....s.m..)...... 0040: 8A CA DC C7 E7 0A 64 C6 6E 6A 49 B9 29 77 30 84 ......d.njI.)w0. 0050: 4C 76 01 ED 48 AF 69 06 57 95 D5 AD 0D A9 06 7C Lv..H.i.W....... 0060: 3C 92 34 C0 DF 6D 12 B0 61 BA 9D 34 E1 60 58 37 <.4..m..a..4.`X7 0070: 26 54 AB C4 83 00 C7 9D A4 AE 50 2D A5 0F 9C B8 &T........P-.... 0080: A3 A7 70 AE 7A FF AE 96 32 EA F0 CB 31 46 96 8C ..p.z...2...1F.. 0090: 68 B5 68 4F 6D 7D 63 8D 02 2D 96 75 12 E7 76 01 h.hOm.c..-.u..v. 00A0: 3F 61 46 E3 B9 7B CE E1 77 EC 87 BE B1 ED 3A 9E ?aF.....w.....:. 00B0: B9 86 5E 77 EF 95 9B 17 16 EA 65 A9 59 E2 81 79 ..^w......e.Y..y 00C0: 0E BF B0 E5 18 CE 7A 0B 4A A6 19 1F 60 36 74 32 ......z.J...`6t2 00D0: E3 87 57 8A E0 98 87 DE 94 B0 BA A1 17 0F F2 16 ..W............. 00E0: D2 59 76 08 2F 6D 29 63 DA B9 E2 51 80 E9 85 22 .Yv./m)c...Q..." 00F0: B6 02 FD 8A 9B 44 98 57 44 44 65 B4 CC 42 B3 38 .....D.WDDe..B.8 ] *** *** ECDH ServerKeyExchange Signature Algorithm SHA512withRSA Server key: Sun EC public key, 256 bits public x coord: 10331457858785828482875741504897765623739531218694853663080345496025520877996 public y coord: 87072985023296105834621900228689461936233240867656310759620109797868298186758 parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7) *** ServerHelloDone nioEventLoopGroup-3-6, WRITE: TLSv1.2 Handshake, length = 1143 nioEventLoopGroup-3-6, READ: TLSv1.2 Handshake, length = 70 *** ECDHClientKeyExchange ECDH Public value: { 4, 242, 42, 217, 216, 163, 173, 6, 29, 45, 128, 126, 105, 4, 135, 9, 225, 39, 129, 40, 33, 177, 214, 234, 245, 46, 166, 160, 118, 7, 90, 165, 153, 248, 45, 131, 243, 77, 24, 122, 167, 69, 231, 196, 59, 232, 168, 74, 66, 173, 16, 90, 66, 137, 99, 154, 218, 178, 52, 18, 97, 246, 8, 165, 222 } SESSION KEYGEN: PreMaster Secret: 0000: 64 2E 66 20 EB 04 53 3A F1 70 90 BE EC 0D BC A8 d.f ..S:.p...... 0010: 88 44 07 D4 A8 69 44 D5 17 3E 9F 36 12 3D FB 68 .D...iD..>.6.=.h CONNECTION KEYGEN: Client Nonce: 0000: 58 B6 90 17 18 BB D9 D6 8C D6 72 42 F0 8F FA 2F X.........rB.../ 0010: 33 A3 B5 57 DA F0 70 84 12 D6 AC DF BA 10 4F 35 3..W..p.......O5 Server Nonce: 0000: 58 B6 90 17 DE 4B F2 74 3F EC D5 0A AA 48 E3 A6 X....K.t?....H.. 0010: D2 6B 77 7B C0 8A 4D F4 2C 6C B4 73 43 37 49 99 .kw...M.,l.sC7I. Master Secret: 0000: 99 59 39 A6 38 D9 10 FB B3 02 DD 82 CC 22 24 02 .Y9.8........"$. 0010: 1A 45 E9 6A 28 23 3B FC 6F 6C DC E1 84 EA DE 71 .E.j(#;.ol.....q 0020: 6D AC 42 48 76 06 07 20 AD F3 7E 59 FA F6 30 5E m.BHv.. ...Y..0^ ... no MAC keys used for this cipher Client write key: 0000: E9 4C D9 C0 D5 D1 4A 0A E4 82 C9 B6 D3 93 19 B0 .L....J......... Server write key: 0000: 1D 1A 6B 10 52 EF C3 FC 06 8C A2 5E 35 B8 34 76 ..k.R......^5.4v Client write IV: 0000: F1 D2 36 BD ..6. Server write IV: 0000: A0 05 91 3A ...: nioEventLoopGroup-3-6, READ: TLSv1.2 Change Cipher Spec, length = 1 nioEventLoopGroup-3-6, READ: TLSv1.2 Handshake, length = 40 *** Finished verify_data: { 188, 100, 155, 18, 18, 132, 204, 180, 111, 0, 116, 167 } *** nioEventLoopGroup-3-6, WRITE: TLSv1.2 Change Cipher Spec, length = 1 *** Finished verify_data: { 49, 222, 223, 97, 94, 74, 95, 196, 241, 38, 54, 38 } *** nioEventLoopGroup-3-6, WRITE: TLSv1.2 Handshake, length = 40 %% Cached server session: [Session-6, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] 2017-03-01 17:10:47,926 DEBUG nioEventLoopGroup-3-6 io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:81) [id: 0x1b619bff, L:/ - R:/] HANDSHAKEN: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ssh over tcp test 1 ssh over tcp test 2 ssh over tcp test 3 ssh over tcp test 4 ssh over tcp test 5
客戶端日誌:2017-03-01 17:10:46,811 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:71) Using SLF4J as the default logging framework 2017-03-01 17:10:46,818 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.eventLoopThreads: 16
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA3842017-03-01 17:10:46,841 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:71) java.nio.Buffer.address: available 2017-03-01 17:10:46,843 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:71) sun.misc.Unsafe.theUnsafe: available 2017-03-01 17:10:46,844 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:71) sun.misc.Unsafe.copyMemory: available 2017-03-01 17:10:46,845 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:71) direct buffer constructor: available 2017-03-01 17:10:46,845 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) java.nio.Bits.unaligned: available, true 2017-03-01 17:10:46,845 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) java.nio.DirectByteBuffer.<init>(long, int): available 2017-03-01 17:10:46,846 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) java.nio.ByteBuffer.cleaner(): available 2017-03-01 17:10:46,847 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:71) Platform: Windows 2017-03-01 17:10:46,849 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) Java version: 8 2017-03-01 17:10:46,849 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.noUnsafe: false 2017-03-01 17:10:46,849 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) sun.misc.Unsafe: available 2017-03-01 17:10:46,849 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.noJavassist: false 2017-03-01 17:10:46,951 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:71) Javassist: available 2017-03-01 17:10:46,952 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.tmpdir: C:\Users\dell\AppData\Local\Temp (java.io.tmpdir) 2017-03-01 17:10:46,954 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.bitMode: 32 (sun.arch.data.model) 2017-03-01 17:10:46,954 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.noPreferDirect: false 2017-03-01 17:10:46,954 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) io.netty.maxDirectMemory: 259522560 bytes 2017-03-01 17:10:46,976 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.noKeySetOptimization: false 2017-03-01 17:10:46,976 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.selectorAutoRebuildThreshold: 512 2017-03-01 17:10:46,980 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:71) org.jctools-core.MpscChunkedArrayQueue: available adding as trusted cert: Subject: CN=localhost Issuer: CN=localhost Algorithm: RSA; Serial number: 0x23c861f Valid from Wed Mar 01 12:52:17 CST 2017 until Thu Mar 01 12:52:17 CST 2018 adding as trusted cert: Subject: CN=localhost Issuer: CN=localhost Algorithm: RSA; Serial number: 0x78384348 Valid from Wed Mar 01 12:48:48 CST 2017 until Thu Mar 01 12:48:48 CST 2018 2017-03-01 17:10:47,275 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:71) netty-tcnative not in the classpath; OpenSslEngine will be unavailable. trustStore is: C:\Java\jdk1.8.0_102\jre\lib\security\cacerts trustStore type is : jks trustStore provider is : init truststore adding as trusted cert: Subject: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US Issuer: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US Algorithm: RSA; Serial number: 0xc3517 Valid from Mon Jun 21 12:00:00 CST 1999 until Mon Jun 22 12:00:00 CST 2020 adding as trusted cert: Subject: CN=SecureTrust CA, O=SecureTrust Corporation, C=US Issuer: CN=SecureTrust CA, O=SecureTrust Corporation, C=US Algorithm: RSA; Serial number: 0xcf08e5c0816a5ad427ff0eb271859d0 Valid from Wed Nov 08 03:31:18 CST 2006 until Tue Jan 01 03:40:55 CST 2030 adding as trusted cert: Subject: CN=Entrust Root Certification Authority - EC1, OU="(c) 2012 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US Issuer: CN=Entrust Root Certification Authority - EC1, OU="(c) 2012 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US Algorithm: EC; Serial number: 0xa68b79290000000050d091f9 Valid from Tue Dec 18 23:25:36 CST 2012 until Fri Dec 18 23:55:36 CST 2037 adding as trusted cert: Subject: OU=Security Communication RootCA1, O=SECOM Trust.net, C=JP Issuer: OU=Security Communication RootCA1, O=SECOM Trust.net, C=JP Algorithm: RSA; Serial number: 0x0 Valid from Tue Sep 30 12:20:49 CST 2003 until Sat Sep 30 12:20:49 CST 2023 adding as trusted cert: Subject: CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US Issuer: CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US Algorithm: RSA; Serial number: 0x83be056904246b1a1756ac95991c74a Valid from Fri Nov 10 08:00:00 CST 2006 until Mon Nov 10 08:00:00 CST 2031 adding as trusted cert: Subject: CN=QuoVadis Root CA 2 G3, O=QuoVadis Limited, C=BM Issuer: CN=QuoVadis Root CA 2 G3, O=QuoVadis Limited, C=BM Algorithm: RSA; Serial number: 0x445734245b81899b35f2ceb82b3b5ba726f07528 Valid from Fri Jan 13 02:59:32 CST 2012 until Mon Jan 13 02:59:32 CST 2042 adding as trusted cert: Subject: CN=DigiCert Trusted Root G4, OU=www.digicert.com, O=DigiCert Inc, C=US Issuer: CN=DigiCert Trusted Root G4, OU=www.digicert.com, O=DigiCert Inc, C=US Algorithm: RSA; Serial number: 0x59b1b579e8e2132e23907bda777755c Valid from Thu Aug 01 20:00:00 CST 2013 until Fri Jan 15 20:00:00 CST 2038 adding as trusted cert: Subject: CN=GeoTrust Primary Certification Authority, O=GeoTrust Inc., C=US Issuer: CN=GeoTrust Primary Certification Authority, O=GeoTrust Inc., C=US Algorithm: RSA; Serial number: 0x18acb56afd69b6153a636cafdafac4a1 Valid from Mon Nov 27 08:00:00 CST 2006 until Thu Jul 17 07:59:59 CST 2036 adding as trusted cert: Subject: OU=Security Communication RootCA2, O="SECOM Trust Systems CO.,LTD.", C=JP Issuer: OU=Security Communication RootCA2, O="SECOM Trust Systems CO.,LTD.", C=JP Algorithm: RSA; Serial number: 0x0 Valid from Fri May 29 13:00:39 CST 2009 until Tue May 29 13:00:39 CST 2029 adding as trusted cert: Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US Algorithm: RSA; Serial number: 0x7dd9fe07cfa81eb7107967fba78934c6 Valid from Mon May 18 08:00:00 CST 1998 until Wed Aug 02 07:59:59 CST 2028 adding as trusted cert: Subject: OU=ePKI Root Certification Authority, O="Chunghwa Telecom Co., Ltd.", C=TW Issuer: OU=ePKI Root Certification Authority, O="Chunghwa Telecom Co., Ltd.", C=TW Algorithm: RSA; Serial number: 0x15c8bd65475cafb897005ee406d2bc9d Valid from Mon Dec 20 10:31:27 CST 2004 until Wed Dec 20 10:31:27 CST 2034 adding as trusted cert: Subject: CN=AffirmTrust Commercial, O=AffirmTrust, C=US Issuer: CN=AffirmTrust Commercial, O=AffirmTrust, C=US Algorithm: RSA; Serial number: 0x7777062726a9b17c Valid from Fri Jan 29 22:06:06 CST 2010 until Tue Dec 31 22:06:06 CST 2030 adding as trusted cert: Subject: CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL Issuer: CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL Algorithm: RSA; Serial number: 0x444c0 Valid from Wed Oct 22 20:07:37 CST 2008 until Mon Dec 31 20:07:37 CST 2029 adding as trusted cert: Subject: CN=XRamp Global Certification Authority, O=XRamp Security Services Inc, OU=www.xrampsecurity.com, C=US Issuer: CN=XRamp Global Certification Authority, O=XRamp Security Services Inc, OU=www.xrampsecurity.com, C=US Algorithm: RSA; Serial number: 0x50946cec18ead59c4dd597ef758fa0ad Valid from Tue Nov 02 01:14:04 CST 2004 until Mon Jan 01 13:37:19 CST 2035 adding as trusted cert: Subject: CN=Sonera Class2 CA, O=Sonera, C=FI Issuer: CN=Sonera Class2 CA, O=Sonera, C=FI Algorithm: RSA; Serial number: 0x1d Valid from Fri Apr 06 15:29:40 CST 2001 until Tue Apr 06 15:29:40 CST 2021 adding as trusted cert: Subject: CN=America Online Root Certification Authority 1, O=America Online Inc., C=US Issuer: CN=America Online Root Certification Authority 1, O=America Online Inc., C=US Algorithm: RSA; Serial number: 0x1 Valid from Tue May 28 14:00:00 CST 2002 until Fri Nov 20 04:43:00 CST 2037 adding as trusted cert: Subject: CN=GeoTrust Primary Certification Authority - G2, OU=(c) 2007 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US Issuer: CN=GeoTrust Primary Certification Authority - G2, OU=(c) 2007 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US Algorithm: EC; Serial number: 0x3cb2f4480a00e2feeb243b5e603ec36b Valid from Mon Nov 05 08:00:00 CST 2007 until Tue Jan 19 07:59:59 CST 2038 adding as trusted cert: Subject: OU=Equifax Secure Certificate Authority, O=Equifax, C=US Issuer: OU=Equifax Secure Certificate Authority, O=Equifax, C=US Algorithm: RSA; Serial number: 0x35def4cf Valid from Sun Aug 23 00:41:51 CST 1998 until Thu Aug 23 00:41:51 CST 2018 adding as trusted cert: Subject: CN=COMODO ECC Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB Issuer: CN=COMODO ECC Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB Algorithm: EC; Serial number: 0x1f47afaa62007050544c019e9b63992a Valid from Thu Mar 06 08:00:00 CST 2008 until Tue Jan 19 07:59:59 CST 2038 adding as trusted cert: Subject: CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US Issuer: CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US Algorithm: RSA; Serial number: 0x2ac5c266a0b409b8f0b79f2ae462577 Valid from Fri Nov 10 08:00:00 CST 2006 until Mon Nov 10 08:00:00 CST 2031 adding as trusted cert: Subject: CN=GeoTrust Universal CA, O=GeoTrust Inc., C=US Issuer: CN=GeoTrust Universal CA, O=GeoTrust Inc., C=US Algorithm: RSA; Serial number: 0x1 Valid from Thu Mar 04 13:00:00 CST 2004 until Sun Mar 04 13:00:00 CST 2029 adding as trusted cert: Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3 Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3 Algorithm: RSA; Serial number: 0x4000000000121585308a2 Valid from Wed Mar 18 18:00:00 CST 2009 until Sun Mar 18 18:00:00 CST 2029 adding as trusted cert: Subject: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE Issuer: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE Algorithm: RSA; Serial number: 0x20000b9 Valid from Sat May 13 02:46:00 CST 2000 until Tue May 13 07:59:00 CST 2025 adding as trusted cert: Subject: OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US Issuer: OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US Algorithm: RSA; Serial number: 0x0 Valid from Wed Jun 30 01:39:16 CST 2004 until Fri Jun 30 01:39:16 CST 2034 adding as trusted cert: Subject: CN=Thawte Timestamping CA, OU=Thawte Certification, O=Thawte, L=Durbanville, ST=Western Cape, C=ZA Issuer: CN=Thawte Timestamping CA, OU=Thawte Certification, O=Thawte, L=Durbanville, ST=Western Cape, C=ZA Algorithm: RSA; Serial number: 0x67c8e1e8e3be1cbdfc913b8ea6238749 Valid from Wed Jan 01 08:00:00 CST 1997 until Sat Jan 02 07:59:59 CST 2021 adding as trusted cert: Subject: CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB Issuer: CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB Algorithm: RSA; Serial number: 0x1 Valid from Thu Jan 01 08:00:00 CST 2004 until Mon Jan 01 07:59:59 CST 2029 adding as trusted cert: Subject: CN=UTN-USERFirst-Hardware, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US Issuer: CN=UTN-USERFirst-Hardware, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US Algorithm: RSA; Serial number: 0x44be0c8b500024b411d3362afe650afd Valid from Sat Jul 10 02:10:42 CST 1999 until Wed Jul 10 02:19:22 CST 2019 adding as trusted cert: Subject: CN=Chambers of Commerce Root, OU=http://www.chambersign.org, O=AC Camerfirma SA CIF A82743287, C=EU Issuer: CN=Chambers of Commerce Root, OU=http://www.chambersign.org, O=AC Camerfirma SA CIF A82743287, C=EU Algorithm: RSA; Serial number: 0x0 Valid from Wed Oct 01 00:13:43 CST 2003 until Thu Oct 01 00:13:44 CST 2037 adding as trusted cert: Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US Algorithm: RSA; Serial number: 0x9b7e0649a33e62b9d5ee90487129ef57 Valid from Fri Oct 01 08:00:00 CST 1999 until Thu Jul 17 07:59:59 CST 2036 adding as trusted cert: Subject: CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE Issuer: CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE Algorithm: RSA; Serial number: 0x40000000001154b5ac394 Valid from Tue Sep 01 20:00:00 CST 1998 until Fri Jan 28 20:00:00 CST 2028 adding as trusted cert: Subject: CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US Issuer: CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US Algorithm: RSA; Serial number: 0x44be0c8b500024b411d3362de0b35f1b Valid from Sat Jul 10 02:31:20 CST 1999 until Wed Jul 10 02:40:36 CST 2019 adding as trusted cert: Subject: CN=AffirmTrust Networking, O=AffirmTrust, C=US Issuer: CN=AffirmTrust Networking, O=AffirmTrust, C=US Algorithm: RSA; Serial number: 0x7c4f04391cd4992d Valid from Fri Jan 29 22:08:24 CST 2010 until Tue Dec 31 22:08:24 CST 2030 adding as trusted cert: Subject: CN=AffirmTrust Premium, O=AffirmTrust, C=US Issuer: CN=AffirmTrust Premium, O=AffirmTrust, C=US Algorithm: RSA; Serial number: 0x6d8c1446b1a60aee Valid from Fri Jan 29 22:10:36 CST 2010 until Mon Dec 31 22:10:36 CST 2040 adding as trusted cert: Subject: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust, O=Baltimore, C=IE Issuer: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust, O=Baltimore, C=IE Algorithm: RSA; Serial number: 0x20000bf Valid from Wed May 17 22:01:00 CST 2000 until Sun May 18 07:59:00 CST 2025 adding as trusted cert: Subject: CN=America Online Root Certification Authority 2, O=America Online Inc., C=US Issuer: CN=America Online Root Certification Authority 2, O=America Online Inc., C=US Algorithm: RSA; Serial number: 0x1 Valid from Tue May 28 14:00:00 CST 2002 until Tue Sep 29 22:08:00 CST 2037 adding as trusted cert: Subject: CN=LuxTrust Global Root, O=LuxTrust s.a., C=LU Issuer: CN=LuxTrust Global Root, O=LuxTrust s.a., C=LU Algorithm: RSA; Serial number: 0xbb8 Valid from Thu Mar 17 17:51:37 CST 2011 until Wed Mar 17 17:51:37 CST 2021 adding as trusted cert: Subject: CN=GeoTrust Primary Certification Authority - G3, OU=(c) 2008 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US Issuer: CN=GeoTrust Primary Certification Authority - G3, OU=(c) 2008 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US Algorithm: RSA; Serial number: 0x15ac6e9419b2794b41f627a9c3180f1f Valid from Wed Apr 02 08:00:00 CST 2008 until Wed Dec 02 07:59:59 CST 2037 adding as trusted cert: Subject: CN=Chambers of Commerce Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU Issuer: CN=Chambers of Commerce Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU Algorithm: RSA; Serial number: 0xa3da427ea4b1aeda Valid from Fri Aug 01 20:29:50 CST 2008 until Sat Jul 31 20:29:50 CST 2038 adding as trusted cert: Subject: CN=SwissSign Silver CA - G2, O=SwissSign AG, C=CH Issuer: CN=SwissSign Silver CA - G2, O=SwissSign AG, C=CH Algorithm: RSA; Serial number: 0x4f1bd42f54bb2f4b Valid from Wed Oct 25 16:32:46 CST 2006 until Sat Oct 25 16:32:46 CST 2036 adding as trusted cert: Subject: CN=Entrust Root Certification Authority - G2, OU="(c) 2009 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US Issuer: CN=Entrust Root Certification Authority - G2, OU="(c) 2009 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US Algorithm: RSA; Serial number: 0x4a538c28 Valid from Wed Jul 08 01:25:54 CST 2009 until Sun Dec 08 01:55:54 CST 2030 adding as trusted cert: Subject: CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US Issuer: CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US Algorithm: RSA; Serial number: 0xce7e0e517d846fe8fe560fc1bf03039 Valid from Fri Nov 10 08:00:00 CST 2006 until Mon Nov 10 08:00:00 CST 2031 adding as trusted cert: Subject: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US Issuer: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US Algorithm: RSA; Serial number: 0x0 Valid from Wed Jun 30 01:06:20 CST 2004 until Fri Jun 30 01:06:20 CST 2034 adding as trusted cert: Subject: CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE Issuer: CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE Algorithm: RSA; Serial number: 0x1 Valid from Tue May 30 18:48:38 CST 2000 until Sat May 30 18:48:38 CST 2020 adding as trusted cert: Subject: CN=T-TeleSec GlobalRoot Class 3, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE Issuer: CN=T-TeleSec GlobalRoot Class 3, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE Algorithm: RSA; Serial number: 0x1 Valid from Wed Oct 01 18:29:56 CST 2008 until Sun Oct 02 07:59:59 CST 2033 adding as trusted cert: Subject: CN=DigiCert Global Root G3, OU=www.digicert.com, O=DigiCert Inc, C=US Issuer: CN=DigiCert Global Root G3, OU=www.digicert.com, O=DigiCert Inc, C=US Algorithm: EC; Serial number: 0x55556bcf25ea43535c3a40fd5ab4572 Valid from Thu Aug 01 20:00:00 CST 2013 until Fri Jan 15 20:00:00 CST 2038 adding as trusted cert: Subject: CN=UTN-USERFirst-Client Authentication and Email, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US Issuer: CN=UTN-USERFirst-Client Authentication and Email, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US Algorithm: RSA; Serial number: 0x44be0c8b500024b411d336252567c989 Valid from Sat Jul 10 01:28:50 CST 1999 until Wed Jul 10 01:36:58 CST 2019 adding as trusted cert: Subject: CN=Class 2 Primary CA, O=Certplus, C=FR Issuer: CN=Class 2 Primary CA, O=Certplus, C=FR Algorithm: RSA; Serial number: 0x85bd4bf3d8dae369f694d75fc3a54423 Valid from Thu Jul 08 01:05:00 CST 1999 until Sun Jul 07 07:59:59 CST 2019 adding as trusted cert: Subject: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US Issuer: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US Algorithm: RSA; Serial number: 0x23456 Valid from Tue May 21 12:00:00 CST 2002 until Sat May 21 12:00:00 CST 2022 adding as trusted cert: Subject: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH Issuer: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH Algorithm: RSA; Serial number: 0x4eb200670c035d4f Valid from Wed Oct 25 16:36:00 CST 2006 until Sat Oct 25 16:36:00 CST 2036 adding as trusted cert: Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R5 Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R5 Algorithm: EC; Serial number: 0x605949e0262ebb55f90a778a71f94ad86c Valid from Tue Nov 13 08:00:00 CST 2012 until Tue Jan 19 11:14:07 CST 2038 adding as trusted cert: Subject: CN=Starfield Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US Issuer: CN=Starfield Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US Algorithm: RSA; Serial number: 0x0 Valid from Tue Sep 01 08:00:00 CST 2009 until Fri Jan 01 07:59:59 CST 2038 adding as trusted cert: Subject: CN=VeriSign Class 2 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US Issuer: CN=VeriSign Class 2 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US Algorithm: RSA; Serial number: 0x6170cb498c5f984529e7b0a6d9505b7a Valid from Fri Oct 01 08:00:00 CST 1999 until Thu Jul 17 07:59:59 CST 2036 adding as trusted cert: Subject: CN=IdenTrust Public Sector Root CA 1, O=IdenTrust, C=US Issuer: CN=IdenTrust Public Sector Root CA 1, O=IdenTrust, C=US Algorithm: RSA; Serial number: 0xa0142800000014523cf467c00000002 Valid from Fri Jan 17 01:53:32 CST 2014 until Tue Jan 17 01:53:32 CST 2034 adding as trusted cert: Subject: CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net Issuer: CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net Algorithm: RSA; Serial number: 0x3863def8 Valid from Sat Dec 25 01:50:51 CST 1999 until Tue Jul 24 22:15:12 CST 2029 adding as trusted cert: Subject: CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US Issuer: CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US Algorithm: RSA; Serial number: 0x344ed55720d5edec49f42fce37db2b6d Valid from Fri Nov 17 08:00:00 CST 2006 until Thu Jul 17 07:59:59 CST 2036 adding as trusted cert: Subject: CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US Issuer: CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US Algorithm: RSA; Serial number: 0x0 Valid from Tue Sep 01 08:00:00 CST 2009 until Fri Jan 01 07:59:59 CST 2038 adding as trusted cert: Subject: CN=VeriSign Class 1 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US Issuer: CN=VeriSign Class 1 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US Algorithm: RSA; Serial number: 0x8b5b75568454850b00cfaf3848ceb1a4 Valid from Fri Oct 01 08:00:00 CST 1999 until Thu Jul 17 07:59:59 CST 2036 adding as trusted cert: Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G4, OU="(c) 2007 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G4, OU="(c) 2007 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US Algorithm: EC; Serial number: 0x2f80fe238c0e220f486712289187acb3 Valid from Mon Nov 05 08:00:00 CST 2007 until Tue Jan 19 07:59:59 CST 2038 adding as trusted cert: Subject: CN=Entrust Root Certification Authority, OU="(c) 2006 Entrust, Inc.", OU=www.entrust.net/CPS is incorporated by reference, O="Entrust, Inc.", C=US Issuer: CN=Entrust Root Certification Authority, OU="(c) 2006 Entrust, Inc.", OU=www.entrust.net/CPS is incorporated by reference, O="Entrust, Inc.", C=US Algorithm: RSA; Serial number: 0x456b5054 Valid from Tue Nov 28 04:23:42 CST 2006 until Sat Nov 28 04:53:42 CST 2026 adding as trusted cert: Subject: CN=DigiCert Assured ID Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US Issuer: CN=DigiCert Assured ID Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US Algorithm: RSA; Serial number: 0xb931c3ad63967ea6723bfc3af9af44b Valid from Thu Aug 01 20:00:00 CST 2013 until Fri Jan 15 20:00:00 CST 2038 adding as trusted cert: Subject: CN=Certum CA, O=Unizeto Sp. z o.o., C=PL Issuer: CN=Certum CA, O=Unizeto Sp. z o.o., C=PL Algorithm: RSA; Serial number: 0x10020 Valid from Tue Jun 11 18:46:39 CST 2002 until Fri Jun 11 18:46:39 CST 2027 adding as trusted cert: Subject: CN=AddTrust Qualified CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE Issuer: CN=AddTrust Qualified CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE Algorithm: RSA; Serial number: 0x1 Valid from Tue May 30 18:44:50 CST 2000 until Sat May 30 18:44:50 CST 2020 adding as trusted cert: Subject: CN=DST Root CA X3, O=Digital Signature Trust Co. Issuer: CN=DST Root CA X3, O=Digital Signature Trust Co. Algorithm: RSA; Serial number: 0x44afb080d6a327ba893039862ef8406b Valid from Sun Oct 01 05:12:19 CST 2000 until Thu Sep 30 22:01:15 CST 2021 adding as trusted cert: Subject: CN=Buypass Class 2 Root CA, O=Buypass AS-983163327, C=NO Issuer: CN=Buypass Class 2 Root CA, O=Buypass AS-983163327, C=NO Algorithm: RSA; Serial number: 0x2 Valid from Tue Oct 26 16:38:03 CST 2010 until Fri Oct 26 16:38:03 CST 2040 adding as trusted cert: Subject: CN=D-TRUST Root Class 3 CA 2 EV 2009, O=D-Trust GmbH, C=DE Issuer: CN=D-TRUST Root Class 3 CA 2 EV 2009, O=D-Trust GmbH, C=DE Algorithm: RSA; Serial number: 0x983f4 Valid from Thu Nov 05 16:50:46 CST 2009 until Mon Nov 05 16:50:46 CST 2029 adding as trusted cert: Subject: CN=DigiCert Assured ID Root G3, OU=www.digicert.com, O=DigiCert Inc, C=US Issuer: CN=DigiCert Assured ID Root G3, OU=www.digicert.com, O=DigiCert Inc, C=US Algorithm: EC; Serial number: 0xba15afa1ddfa0b54944afcd24a06cec Valid from Thu Aug 01 20:00:00 CST 2013 until Fri Jan 15 20:00:00 CST 2038 adding as trusted cert: Subject: CN=SwissSign Gold CA - G2, O=SwissSign AG, C=CH Issuer: CN=SwissSign Gold CA - G2, O=SwissSign AG, C=CH Algorithm: RSA; Serial number: 0xbb401c43f55e4fb0 Valid from Wed Oct 25 16:30:35 CST 2006 until Sat Oct 25 16:30:35 CST 2036 adding as trusted cert: Subject: CN=USERTrust ECC Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US Issuer: CN=USERTrust ECC Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US Algorithm: EC; Serial number: 0x5c8b99c55a94c5d27156decd8980cc26 Valid from Mon Feb 01 08:00:00 CST 2010 until Tue Jan 19 07:59:59 CST 2038 adding as trusted cert: Subject: CN=QuoVadis Root CA 2, O=QuoVadis Limited, C=BM Issuer: CN=QuoVadis Root CA 2, O=QuoVadis Limited, C=BM Algorithm: RSA; Serial number: 0x509 Valid from Sat Nov 25 02:27:00 CST 2006 until Tue Nov 25 02:23:33 CST 2031 adding as trusted cert: Subject: CN=IdenTrust Commercial Root CA 1, O=IdenTrust, C=US Issuer: CN=IdenTrust Commercial Root CA 1, O=IdenTrust, C=US Algorithm: RSA; Serial number: 0xa0142800000014523c844b500000002 Valid from Fri Jan 17 02:12:23 CST 2014 until Tue Jan 17 02:12:23 CST 2034 adding as trusted cert: Subject: CN=Deutsche Telekom Root CA 2, OU=T-TeleSec Trust Center, O=Deutsche Telekom AG, C=DE Issuer: CN=Deutsche Telekom Root CA 2, OU=T-TeleSec Trust Center, O=Deutsche Telekom AG, C=DE Algorithm: RSA; Serial number: 0x26 Valid from Fri Jul 09 20:11:00 CST 1999 until Wed Jul 10 07:59:00 CST 2019 adding as trusted cert: Subject: CN=D-TRUST Root Class 3 CA 2 2009, O=D-Trust GmbH, C=DE Issuer: CN=D-TRUST Root Class 3 CA 2 2009, O=D-Trust GmbH, C=DE Algorithm: RSA; Serial number: 0x983f3 Valid from Thu Nov 05 16:35:58 CST 2009 until Mon Nov 05 16:35:58 CST 2029 adding as trusted cert: Subject: CN=QuoVadis Root CA 1 G3, O=QuoVadis Limited, C=BM Issuer: CN=QuoVadis Root CA 1 G3, O=QuoVadis Limited, C=BM Algorithm: RSA; Serial number: 0x78585f2ead2c194be3370735341328b596d46593 Valid from Fri Jan 13 01:27:44 CST 2012 until Mon Jan 13 01:27:44 CST 2042 adding as trusted cert: Subject: OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US Issuer: OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US Algorithm: RSA; Serial number: 0x3f691e819cf09a4af373ffb948a2e4dd Valid from Mon Jan 29 08:00:00 CST 1996 until Thu Aug 03 07:59:59 CST 2028 adding as trusted cert: Subject: CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US Issuer: CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US Algorithm: RSA; Serial number: 0x1fd6d30fca3ca51a81bbc640e35032d Valid from Mon Feb 01 08:00:00 CST 2010 until Tue Jan 19 07:59:59 CST 2038 adding as trusted cert: Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US Algorithm: RSA; Serial number: 0xb92f60cc889fa17a4609b85b706c8aaf Valid from Mon May 18 08:00:00 CST 1998 until Wed Aug 02 07:59:59 CST 2028 adding as trusted cert: Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US Algorithm: RSA; Serial number: 0x18dad19e267de8bb4a2158cdcc6b3b4a Valid from Wed Nov 08 08:00:00 CST 2006 until Thu Jul 17 07:59:59 CST 2036 adding as trusted cert: Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2 Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2 Algorithm: RSA; Serial number: 0x400000000010f8626e60d Valid from Fri Dec 15 16:00:00 CST 2006 until Wed Dec 15 16:00:00 CST 2021 adding as trusted cert: Subject: CN=QuoVadis Root CA 3, O=QuoVadis Limited, C=BM Issuer: CN=QuoVadis Root CA 3, O=QuoVadis Limited, C=BM Algorithm: RSA; Serial number: 0x5c6 Valid from Sat Nov 25 03:11:23 CST 2006 until Tue Nov 25 03:06:44 CST 2031 adding as trusted cert: Subject: CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US Issuer: CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US Algorithm: RSA; Serial number: 0x0 Valid from Tue Sep 01 08:00:00 CST 2009 until Fri Jan 01 07:59:59 CST 2038 adding as trusted cert: Subject: CN=Swisscom Root CA 2, OU=Digital Certificate Services, O=Swisscom, C=ch Issuer: CN=Swisscom Root CA 2, OU=Digital Certificate Services, O=Swisscom, C=ch Algorithm: RSA; Serial number: 0x1e9e28e848f2e5efc37c4a1e5a1867b6 Valid from Fri Jun 24 16:38:14 CST 2011 until Wed Jun 25 15:38:14 CST 2031 adding as trusted cert: Subject: CN=QuoVadis Root CA 3 G3, O=QuoVadis Limited, C=BM Issuer: CN=QuoVadis Root CA 3 G3, O=QuoVadis Limited, C=BM Algorithm: RSA; Serial number: 0x2ef59b0228a7db7affd5a3a9eebd03a0cf126a1d Valid from Fri Jan 13 04:26:32 CST 2012 until Mon Jan 13 04:26:32 CST 2042 adding as trusted cert: Subject: CN=Actalis Authentication Root CA, O=Actalis S.p.A./03358520967, L=Milan, C=IT Issuer: CN=Actalis Authentication Root CA, O=Actalis S.p.A./03358520967, L=Milan, C=IT Algorithm: RSA; Serial number: 0x570a119742c4e3cc Valid from Thu Sep 22 19:22:02 CST 2011 until Sun Sep 22 19:22:02 CST 2030 adding as trusted cert: Subject: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US Algorithm: RSA; Serial number: 0x3c9131cb1ff6d01b0e9ab8d044bf12be Valid from Mon Jan 29 08:00:00 CST 1996 until Thu Aug 03 07:59:59 CST 2028 adding as trusted cert: Subject: CN=QuoVadis Root Certification Authority, OU=Root Certification Authority, O=QuoVadis Limited, C=BM Issuer: CN=QuoVadis Root Certification Authority, OU=Root Certification Authority, O=QuoVadis Limited, C=BM Algorithm: RSA; Serial number: 0x3ab6508b Valid from Tue Mar 20 02:33:33 CST 2001 until Thu Mar 18 02:33:33 CST 2021 adding as trusted cert: Subject: CN=Class 3P Primary CA, O=Certplus, C=FR Issuer: CN=Class 3P Primary CA, O=Certplus, C=FR Algorithm: RSA; Serial number: 0xbf5cdbb6f21c6ec04deb7a023b36e879 Valid from Thu Jul 08 01:10:00 CST 1999 until Sun Jul 07 07:59:59 CST 2019 adding as trusted cert: Subject: CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US Issuer: CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US Algorithm: RSA; Serial number: 0x59e3 Valid from Mon Jun 21 12:00:00 CST 1999 until Mon Jun 22 12:00:00 CST 2020 adding as trusted cert: Subject: CN=Buypass Class 3 Root CA, O=Buypass AS-983163327, C=NO Issuer: CN=Buypass Class 3 Root CA, O=Buypass AS-983163327, C=NO Algorithm: RSA; Serial number: 0x2 Valid from Tue Oct 26 16:28:58 CST 2010 until Fri Oct 26 16:28:58 CST 2040 adding as trusted cert: Subject: OU=Security Communication EV RootCA1, O="SECOM Trust Systems CO.,LTD.", C=JP Issuer: OU=Security Communication EV RootCA1, O="SECOM Trust Systems CO.,LTD.", C=JP Algorithm: RSA; Serial number: 0x0 Valid from Wed Jun 06 10:12:32 CST 2007 until Sat Jun 06 10:12:32 CST 2037 adding as trusted cert: Subject: CN=thawte Primary Root CA - G2, OU="(c) 2007 thawte, Inc. - For authorized use only", O="thawte, Inc.", C=US Issuer: CN=thawte Primary Root CA - G2, OU="(c) 2007 thawte, Inc. - For authorized use only", O="thawte, Inc.", C=US Algorithm: EC; Serial number: 0x35fc265cd9844fc93d263d579baed756 Valid from Mon Nov 05 08:00:00 CST 2007 until Tue Jan 19 07:59:59 CST 2038 adding as trusted cert: Subject: CN=Swisscom Root EV CA 2, OU=Digital Certificate Services, O=Swisscom, C=ch Issuer: CN=Swisscom Root EV CA 2, OU=Digital Certificate Services, O=Swisscom, C=ch Algorithm: RSA; Serial number: 0xf2fa64e27463d38dfd101d041f76ca58 Valid from Fri Jun 24 17:45:08 CST 2011 until Wed Jun 25 16:45:08 CST 2031 adding as trusted cert: Subject: CN=VeriSign Universal Root Certification Authority, OU="(c) 2008 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US Issuer: CN=VeriSign Universal Root Certification Authority, OU="(c) 2008 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US Algorithm: RSA; Serial number: 0x401ac46421b31321030ebbe4121ac51d Valid from Wed Apr 02 08:00:00 CST 2008 until Wed Dec 02 07:59:59 CST 2037 adding as trusted cert: Subject: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE Issuer: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE Algorithm: RSA; Serial number: 0x1 Valid from Tue May 30 18:38:31 CST 2000 until Sat May 30 18:38:31 CST 2020 adding as trusted cert: Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R4 Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R4 Algorithm: EC; Serial number: 0x2a38a41c960a04de42b228a50be8349802 Valid from Tue Nov 13 08:00:00 CST 2012 until Tue Jan 19 11:14:07 CST 2038 adding as trusted cert: Subject: CN=Global Chambersign Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU Issuer: CN=Global Chambersign Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU Algorithm: RSA; Serial number: 0xc9cdd3e9d57d23ce Valid from Fri Aug 01 20:31:40 CST 2008 until Sat Jul 31 20:31:40 CST 2038 adding as trusted cert: Subject: CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB Issuer: CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB Algorithm: RSA; Serial number: 0x4caaf9cadb636fe01ff74ed85b03869d Valid from Tue Jan 19 08:00:00 CST 2010 until Tue Jan 19 07:59:59 CST 2038 adding as trusted cert: Subject: CN=thawte Primary Root CA - G3, OU="(c) 2008 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US Issuer: CN=thawte Primary Root CA - G3, OU="(c) 2008 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US Algorithm: RSA; Serial number: 0x600197b746a7eab4b49ad64b2ff790fb Valid from Wed Apr 02 08:00:00 CST 2008 until Wed Dec 02 07:59:59 CST 2037 adding as trusted cert: Subject: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA Issuer: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA Algorithm: RSA; Serial number: 0x36122296c5e338a520a1d25f4cd70954 Valid from Thu Aug 01 08:00:00 CST 1996 until Sat Jan 02 07:59:59 CST 2021 adding as trusted cert: Subject: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US Issuer: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US Algorithm: RSA; Serial number: 0x1a5 Valid from Thu Aug 13 08:29:00 CST 1998 until Tue Aug 14 07:59:00 CST 2018 adding as trusted cert: Subject: CN=AffirmTrust Premium ECC, O=AffirmTrust, C=US Issuer: CN=AffirmTrust Premium ECC, O=AffirmTrust, C=US Algorithm: EC; Serial number: 0x7497258ac73f7a54 Valid from Fri Jan 29 22:20:24 CST 2010 until Mon Dec 31 22:20:24 CST 2040 adding as trusted cert: Subject: CN=T-TeleSec GlobalRoot Class 2, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE Issuer: CN=T-TeleSec GlobalRoot Class 2, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE Algorithm: RSA; Serial number: 0x1 Valid from Wed Oct 01 18:40:14 CST 2008 until Sun Oct 02 07:59:59 CST 2033 adding as trusted cert: Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 1 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 1 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US Algorithm: RSA; Serial number: 0x4cc7eaaa983e71d39310f83d3a899192 Valid from Mon May 18 08:00:00 CST 1998 until Wed Aug 02 07:59:59 CST 2028 adding as trusted cert: Subject: CN=KEYNECTIS ROOT CA, OU=ROOT, O=KEYNECTIS, C=FR Issuer: CN=KEYNECTIS ROOT CA, OU=ROOT, O=KEYNECTIS, C=FR Algorithm: RSA; Serial number: 0x1121bc276c5547af584eefd4ced629b2a285 Valid from Tue May 26 08:00:00 CST 2009 until Tue May 26 08:00:00 CST 2020 adding as trusted cert: Subject: CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US Issuer: CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US Algorithm: RSA; Serial number: 0x33af1e6a711a9a0bb2864b11d09fae5 Valid from Thu Aug 01 20:00:00 CST 2013 until Fri Jan 15 20:00:00 CST 2038 trigger seeding of SecureRandom done seeding SecureRandom Using SSLEngineImpl.
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA256 Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_anon_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_DH_anon_WITH_AES_256_GCM_SHA384 2017-03-01 17:10:47,651 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) Default protocols (JDK): [TLSv1.2, TLSv1.1, TLSv1] 2017-03-01 17:10:47,651 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) Default cipher suites (JDK): [TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA] trigger seeding of SecureRandom done seeding SecureRandom 2017-03-01 17:10:47,685 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:71) -Dio.netty.initialSeedUniquifier: 0xc1c11256f75ab57b (took 2 ms) 2017-03-01 17:10:47,732 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.allocator.type: unpooled 2017-03-01 17:10:47,732 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.threadLocalDirectBufferSize: 65536 2017-03-01 17:10:47,732 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.maxThreadLocalCharBufferSize: 16384 Using SSLEngineImpl. Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 2017-03-01 17:10:47,769 DEBUG nioEventLoopGroup-2-1 io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) Generated: io.netty.util.internal.__matchers__.io.netty.buffer.ByteBufMatcher 2017-03-01 17:10:47,779 DEBUG nioEventLoopGroup-2-1 io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) Generated: io.netty.util.internal.__matchers__.java.lang.CharSequenceMatcher Allow unsafe renegotiation: false Allow legacy hello messages: true Is initial handshake: true Is secure renegotiation: false 2017-03-01 17:10:47,788 INFO main com.ld.net.spider.channel.SocketClientHelper.createChannel(SocketClientHelper.java:63) connect to spider server (localhost:9912) success for thread [main]. Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 for TLSv1.1 Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 for TLSv1.1 %% No cached client session *** ClientHello, TLSv1.2 RandomCookie: GMT: 1471516695 bytes = { 24, 187, 217, 214, 140, 214, 114, 66, 240, 143, 250, 47, 51, 163, 181, 87, 218, 240, 112, 132, 18, 214, 172, 223, 186, 16, 79, 53 } Session ID: {} Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA] Compression Methods: { 0 } Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1} Extension ec_point_formats, formats: [uncompressed] Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA Extension renegotiation_info, renegotiated_connection: <empty> *** nioEventLoopGroup-2-1, WRITE: TLSv1.2 Handshake, length = 148 2017-03-01 17:10:47,802 DEBUG nioEventLoopGroup-2-1 io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:81) -Dio.netty.buffer.bytebuf.checkAccessible: true 2017-03-01 17:10:47,805 DEBUG nioEventLoopGroup-2-1 io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:81) -Dio.netty.leakDetection.level: simple 2017-03-01 17:10:47,805 DEBUG nioEventLoopGroup-2-1 io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:81) -Dio.netty.leakDetection.maxRecords: 4 2017-03-01 17:10:47,806 DEBUG nioEventLoopGroup-2-1 io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) Loaded default ResourceLeakDetector: io.netty.util.ResourceLeakDetector@cf6bc9 2017-03-01 17:10:47,818 DEBUG nioEventLoopGroup-2-1 io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.recycler.maxCapacity.default: 32768 2017-03-01 17:10:47,818 DEBUG nioEventLoopGroup-2-1 io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.recycler.maxSharedCapacityFactor: 2 2017-03-01 17:10:47,818 DEBUG nioEventLoopGroup-2-1 io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.recycler.linkCapacity: 16 2017-03-01 17:10:47,818 DEBUG nioEventLoopGroup-2-1 io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.recycler.ratio: 8 nioEventLoopGroup-2-1, READ: TLSv1.2 Handshake, length = 1143 *** ServerHello, TLSv1.2 RandomCookie: GMT: 1471516695 bytes = { 222, 75, 242, 116, 63, 236, 213, 10, 170, 72, 227, 166, 210, 107, 119, 123, 192, 138, 77, 244, 44, 108, 180, 115, 67, 55, 73, 153 } Session ID: {88, 182, 144, 23, 48, 147, 150, 107, 2, 43, 100, 77, 218, 52, 13, 108, 73, 114, 159, 168, 67, 166, 136, 157, 87, 142, 140, 130, 7, 80, 12, 219} Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 Compression Method: 0 Extension renegotiation_info, renegotiated_connection: <empty> *** %% Initialized: [Session-1, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] ** TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 *** Certificate chain chain [0] = [ [ Version: V3 Subject: CN=localhost Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11 Key: Sun RSA public key, 2048 bits modulus: 16749831635845125300898772810786851962757363576072630669848767625637449355190291171636880157484930405557737101798725595100430512588580403204298548884735410384206917161679097599345159927427558542606064509105209846308030792251873943022902050593801106402817832005445069333234562380602120679753904732125823381819786751986001753681225980680975385070899047009745899018543699824244522514977436255058760370815937546831611107298564630598608071740306664876690231081590657266029010190622338287792826180634476290558945799344550265622949291069523942227675708770661630527667572593691572695780386271863506537334127274891842041316241 public exponent: 65537 Validity: [From: Wed Mar 01 12:48:48 CST 2017, To: Thu Mar 01 12:48:48 CST 2018] Issuer: CN=localhost SerialNumber: [ 78384348] Certificate Extensions: 1 [1]: ObjectId: Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: 9B 96 0D 50 4A 5E AF 3D 56 25 9C A5 69 C1 3E CC ...PJ^.=V%..i.>. 0010: 32 85 0D A8 2... ] ] ] Algorithm: [SHA256withRSA] Signature: 0000: 06 75 9F E1 A1 60 22 F9 2A 62 A7 71 42 D5 05 B7 .u...`".*b.qB... 0010: FF CB 2C C9 2D 03 D9 34 37 04 61 F0 C3 5D DF 23 ..,.-..47.a..].# 0020: B8 6C 72 3D 8E 60 CC 13 6E 66 C2 3A 81 E9 82 A4 .lr=.`..nf.:.... 0030: FD BD 05 B7 73 B2 6D 15 09 29 D2 9C 1E C1 C2 95 ....s.m..)...... 0040: 8A CA DC C7 E7 0A 64 C6 6E 6A 49 B9 29 77 30 84 ......d.njI.)w0. 0050: 4C 76 01 ED 48 AF 69 06 57 95 D5 AD 0D A9 06 7C Lv..H.i.W....... 0060: 3C 92 34 C0 DF 6D 12 B0 61 BA 9D 34 E1 60 58 37 <.4..m..a..4.`X7 0070: 26 54 AB C4 83 00 C7 9D A4 AE 50 2D A5 0F 9C B8 &T........P-.... 0080: A3 A7 70 AE 7A FF AE 96 32 EA F0 CB 31 46 96 8C ..p.z...2...1F.. 0090: 68 B5 68 4F 6D 7D 63 8D 02 2D 96 75 12 E7 76 01 h.hOm.c..-.u..v. 00A0: 3F 61 46 E3 B9 7B CE E1 77 EC 87 BE B1 ED 3A 9E ?aF.....w.....:. 00B0: B9 86 5E 77 EF 95 9B 17 16 EA 65 A9 59 E2 81 79 ..^w......e.Y..y 00C0: 0E BF B0 E5 18 CE 7A 0B 4A A6 19 1F 60 36 74 32 ......z.J...`6t2 00D0: E3 87 57 8A E0 98 87 DE 94 B0 BA A1 17 0F F2 16 ..W............. 00E0: D2 59 76 08 2F 6D 29 63 DA B9 E2 51 80 E9 85 22 .Yv./m)c...Q..." 00F0: B6 02 FD 8A 9B 44 98 57 44 44 65 B4 CC 42 B3 38 .....D.WDDe..B.8 ] *** Found trusted certificate: [ [ Version: V3 Subject: CN=localhost Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11 Key: Sun RSA public key, 2048 bits modulus: 16749831635845125300898772810786851962757363576072630669848767625637449355190291171636880157484930405557737101798725595100430512588580403204298548884735410384206917161679097599345159927427558542606064509105209846308030792251873943022902050593801106402817832005445069333234562380602120679753904732125823381819786751986001753681225980680975385070899047009745899018543699824244522514977436255058760370815937546831611107298564630598608071740306664876690231081590657266029010190622338287792826180634476290558945799344550265622949291069523942227675708770661630527667572593691572695780386271863506537334127274891842041316241 public exponent: 65537 Validity: [From: Wed Mar 01 12:48:48 CST 2017, To: Thu Mar 01 12:48:48 CST 2018] Issuer: CN=localhost SerialNumber: [ 78384348] Certificate Extensions: 1 [1]: ObjectId: Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: 9B 96 0D 50 4A 5E AF 3D 56 25 9C A5 69 C1 3E CC ...PJ^.=V%..i.>. 0010: 32 85 0D A8 2... ] ] ] Algorithm: [SHA256withRSA] Signature: 0000: 06 75 9F E1 A1 60 22 F9 2A 62 A7 71 42 D5 05 B7 .u...`".*b.qB... 0010: FF CB 2C C9 2D 03 D9 34 37 04 61 F0 C3 5D DF 23 ..,.-..47.a..].# 0020: B8 6C 72 3D 8E 60 CC 13 6E 66 C2 3A 81 E9 82 A4 .lr=.`..nf.:.... 0030: FD BD 05 B7 73 B2 6D 15 09 29 D2 9C 1E C1 C2 95 ....s.m..)...... 0040: 8A CA DC C7 E7 0A 64 C6 6E 6A 49 B9 29 77 30 84 ......d.njI.)w0. 0050: 4C 76 01 ED 48 AF 69 06 57 95 D5 AD 0D A9 06 7C Lv..H.i.W....... 0060: 3C 92 34 C0 DF 6D 12 B0 61 BA 9D 34 E1 60 58 37 <.4..m..a..4.`X7 0070: 26 54 AB C4 83 00 C7 9D A4 AE 50 2D A5 0F 9C B8 &T........P-.... 0080: A3 A7 70 AE 7A FF AE 96 32 EA F0 CB 31 46 96 8C ..p.z...2...1F.. 0090: 68 B5 68 4F 6D 7D 63 8D 02 2D 96 75 12 E7 76 01 h.hOm.c..-.u..v. 00A0: 3F 61 46 E3 B9 7B CE E1 77 EC 87 BE B1 ED 3A 9E ?aF.....w.....:. 00B0: B9 86 5E 77 EF 95 9B 17 16 EA 65 A9 59 E2 81 79 ..^w......e.Y..y 00C0: 0E BF B0 E5 18 CE 7A 0B 4A A6 19 1F 60 36 74 32 ......z.J...`6t2 00D0: E3 87 57 8A E0 98 87 DE 94 B0 BA A1 17 0F F2 16 ..W............. 00E0: D2 59 76 08 2F 6D 29 63 DA B9 E2 51 80 E9 85 22 .Yv./m)c...Q..." 00F0: B6 02 FD 8A 9B 44 98 57 44 44 65 B4 CC 42 B3 38 .....D.WDDe..B.8 ] *** ECDH ServerKeyExchange Signature Algorithm SHA512withRSA Server key: Sun EC public key, 256 bits public x coord: 10331457858785828482875741504897765623739531218694853663080345496025520877996 public y coord: 87072985023296105834621900228689461936233240867656310759620109797868298186758 parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7) send: ssh over tcp test 1 *** ServerHelloDone *** ECDHClientKeyExchange ECDH Public value: { 4, 242, 42, 217, 216, 163, 173, 6, 29, 45, 128, 126, 105, 4, 135, 9, 225, 39, 129, 40, 33, 177, 214, 234, 245, 46, 166, 160, 118, 7, 90, 165, 153, 248, 45, 131, 243, 77, 24, 122, 167, 69, 231, 196, 59, 232, 168, 74, 66, 173, 16, 90, 66, 137, 99, 154, 218, 178, 52, 18, 97, 246, 8, 165, 222 } nioEventLoopGroup-2-1, WRITE: TLSv1.2 Handshake, length = 70 SESSION KEYGEN: PreMaster Secret: 0000: 64 2E 66 20 EB 04 53 3A F1 70 90 BE EC 0D BC A8 d.f ..S:.p...... 0010: 88 44 07 D4 A8 69 44 D5 17 3E 9F 36 12 3D FB 68 .D...iD..>.6.=.h CONNECTION KEYGEN: Client Nonce: 0000: 58 B6 90 17 18 BB D9 D6 8C D6 72 42 F0 8F FA 2F X.........rB.../ 0010: 33 A3 B5 57 DA F0 70 84 12 D6 AC DF BA 10 4F 35 3..W..p.......O5 Server Nonce: 0000: 58 B6 90 17 DE 4B F2 74 3F EC D5 0A AA 48 E3 A6 X....K.t?....H.. 0010: D2 6B 77 7B C0 8A 4D F4 2C 6C B4 73 43 37 49 99 .kw...M.,l.sC7I. Master Secret: 0000: 99 59 39 A6 38 D9 10 FB B3 02 DD 82 CC 22 24 02 .Y9.8........"$. 0010: 1A 45 E9 6A 28 23 3B FC 6F 6C DC E1 84 EA DE 71 .E.j(#;.ol.....q 0020: 6D AC 42 48 76 06 07 20 AD F3 7E 59 FA F6 30 5E m.BHv.. ...Y..0^ ... no MAC keys used for this cipher Client write key: 0000: E9 4C D9 C0 D5 D1 4A 0A E4 82 C9 B6 D3 93 19 B0 .L....J......... Server write key: 0000: 1D 1A 6B 10 52 EF C3 FC 06 8C A2 5E 35 B8 34 76 ..k.R......^5.4v Client write IV: 0000: F1 D2 36 BD ..6. Server write IV: 0000: A0 05 91 3A ...: nioEventLoopGroup-2-1, WRITE: TLSv1.2 Change Cipher Spec, length = 1 *** Finished verify_data: { 188, 100, 155, 18, 18, 132, 204, 180, 111, 0, 116, 167 } *** nioEventLoopGroup-2-1, WRITE: TLSv1.2 Handshake, length = 40 nioEventLoopGroup-2-1, READ: TLSv1.2 Change Cipher Spec, length = 1 nioEventLoopGroup-2-1, READ: TLSv1.2 Handshake, length = 40 *** Finished verify_data: { 49, 222, 223, 97, 94, 74, 95, 196, 241, 38, 54, 38 } *** %% Cached client session: [Session-1, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] 2017-03-01 17:10:47,930 DEBUG nioEventLoopGroup-2-1 io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:81) [id: 0xe5a7dedb, L:/ - R:localhost/] HANDSHAKEN: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 nioEventLoopGroup-2-1, WRITE: TLSv1.2 Application Data, length = 23 send: ssh over tcp test 2 nioEventLoopGroup-2-1, WRITE: TLSv1.2 Application Data, length = 23 send: ssh over tcp test 3 nioEventLoopGroup-2-1, WRITE: TLSv1.2 Application Data, length = 23 send: ssh over tcp test 4 nioEventLoopGroup-2-1, WRITE: TLSv1.2 Application Data, length = 23 send: ssh over tcp test 5 nioEventLoopGroup-2-1, WRITE: TLSv1.2 Application Data, length = 23