security - Debug Java SSL Handshake using -Djavax.net.debug=all -

-

my node.js client connecting java server ssl. seems work until certificateverify cache session, , client prints ssl couldn't authorize.

here snippet of java server debug statements logged ssl handshake using -djavax.net.debug=all. problem is, java not explicitly raise red flags couldn't verify signature. tail of log stops. note: added ellipses after cache server session @ end of log.

can me decipher log output determine why ssl handshake failing? i'm guessing can't verify signature of certificate, not see being explicitly stated. 

pool-1-thread-2, read: tlsv1.2 handshake, length = 264 *** certificateverify signature algorithm sha512withrsa [read] md5 , sha1 hashes:  len = 264 0000: 0f 00 01 04 06 01 01 00   1e f6 13 87 8c 77 81 2d  .............w.- 0010: e3 33 eb e0 8f 80 49 c6   90 f9 b5 4c 9b a0 69 77  .3....i....l..iw 0020: b1 14 6c e3 b2 15 15 1f   26 d5 69 31 64 36 0d d1  ..l.....&.i1d6.. 0030: da ad ba 58 bf 76 6d 25   1d 49 ba 4a c6 80 1c 49  ...x.vm%.i.j...i 0040: dc 5b d8 f0 fc b3 34 86   93 71 0d 3d 92 db ab 0e  .[....4..q.=.... 0050: 6a 34 62 fc f5 09 61 65   68 12 64 bb 6f 6e 39 96  j4b...aeh.d.on9. 0060: bc c6 40 d4 a1 63 4d 0e   68 61 02 8e 14 4b df 6d  ..@..cm.ha...k.m 0070: b1 c2 d6 d5 e6 09 19 e9   31 a6 20 07 44 bb ad 43  ........1. .d..c 0080: d4 3c 91 9c 56 fc a8 70   8b 5c 8d 87 f2 61 30 ca  .<..v..p.\...a0. 0090: 6b 82 88 fa 3d b3 27 84   12 fe ef 2b 51 3a dd 5b  k...=.'....+q:.[ 00a0: 0e 03 d6 44 e9 b8 04 ef   62 4b 7a 51 7e 6d 85 79  ...d....bkzq.m.y 00b0: 1a 78 c8 5e 21 c8 e8 ca   2a 7d 2f 5e 6c 90 1b 00  .x.^!...*./^l... 00c0: b5 97 5f 8d fc d5 c3 d8   ed 2d 05 b6 da 51 16 b7  .._......-...q.. 00d0: 39 14 44 46 de 80 dd 98   31 f8 b5 dd e8 89 8c 64  9.df....1......d 00e0: 4e df 3c 99 38 10 87 f4   d0 67 4e c3 aa fe 25 f3  n.<.8....gn...%. 00f0: 7e f1 48 60 52 09 2c 2b   c4 32 a4 58 92 3e 15 4a  ..h`r.,+.2.x.>.j 0100: da 11 cb 19 45 16 5d 79                            ....e.]y [raw read]: length = 5 0000: 14 03 03 00 01                                     ..... [raw read]: length = 1 0000: 01                                                 . pool-1-thread-2, read: tlsv1.2 change cipher spec, length = 1 [raw read]: length = 5 0000: 16 03 03 00 50                                     ....p [raw read]: length = 80 0000: ce f7 6c d4 32 5c 12 6e   02 47 11 1e da c8 7c 13  ..l.2\.n.g...... 0010: f0 f5 92 42 82 3d 58 ff   70 a3 05 d9 1f d8 00 1e  ...b.=x.p....... 0020: 88 77 06 11 78 b5 a7 aa   23 69 d5 54 e9 22 78 d6  .w..x...#i.t."x. 0030: 08 a8 b2 d8 af ce 78 91   34 28 78 6b 50 8d 7e 32  ......x.4(xkp..2 0040: 1a 30 79 ed 31 51 fd 8d   79 59 5a 9d 99 27 b4 25  .0y.1q..yyz..'.% pool-1-thread-2, read: tlsv1.2 handshake, length = 80 padded plaintext after decryption:  len = 80 0000: a8 92 6e 76 a7 44 8f 3f   0a 85 b0 7b 5f d9 21 ce  ..nv.d.?...._.!. 0010: 14 00 00 0c 86 62 b5 ef   19 0c 5c c2 df 60 35 5c  .....b....\..`5\ 0020: 84 2d 2d 20 c9 87 0a 37   33 44 5d e9 95 2d 3b b9  .-- ...73d]..-;. 0030: e3 50 f1 31 1c 54 f9 41   fb 4e c4 b6 81 c5 df 78  .p.1.t.a.n.....x 0040: 0f 0f 0f 0f 0f 0f 0f 0f   0f 0f 0f 0f 0f 0f 0f 0f  ................ *** finished verify_data:  { 134, 98, 181, 239, 25, 12, 92, 194, 223, 96, 53, 92 } *** [read] md5 , sha1 hashes:  len = 16 0000: 14 00 00 0c 86 62 b5 ef   19 0c 5c c2 df 60 35 5c  .....b....\..`5\ pool-1-thread-2, write: tlsv1.2 change cipher spec, length = 1 [raw write]: length = 6 0000: 14 03 03 00 01 01                                  ...... *** finished verify_data:  { 166, 60, 137, 232, 242, 208, 180, 127, 89, 133, 80, 93 } *** [write] md5 , sha1 hashes:  len = 16 0000: 14 00 00 0c a6 3c 89 e8   f2 d0 b4 7f 59 85 50 5d  .....<......y.p] padded plaintext before encryption:  len = 80 0000: 9c f6 b8 f4 10 05 57 5c   de 38 27 7a 82 f5 04 88  ......w\.8'z.... 0010: 14 00 00 0c a6 3c 89 e8   f2 d0 b4 7f 59 85 50 5d  .....<......y.p] 0020: 73 1c 58 7b 9d fd 88 e4   40 1a 04 ab a3 b3 57 38  s.x.....@.....w8 0030: 7b 22 19 cb f0 24 ae 16   69 63 04 f9 9e 20 7d 00  ."...$..ic... .. 0040: 0f 0f 0f 0f 0f 0f 0f 0f   0f 0f 0f 0f 0f 0f 0f 0f  ................ pool-1-thread-2, write: tlsv1.2 handshake, length = 80 [raw write]: length = 85 0000: 16 03 03 00 50 ab ae b3   92 d6 b2 9b d4 3f 51 a7  ....p........?q. 0010: f6 ff b8 11 ff 81 26 33   2f 70 64 71 ff 33 f3 da  ......&3/pdq.3.. 0020: eb b8 9e 5e 66 69 49 20   05 0f 1a a2 c1 c6 81 ec  ...^fii ........ 0030: 07 23 7e c8 26 11 49 8f   02 1f 53 8f 49 26 30 13  .#..&.i...s.i&0. 0040: da 10 33 9f 0a 94 b5 39   86 c8 5f d9 8a 22 49 68  ..3....9.._.."ih 0050: c1 31 0a 7d ce                                     .1... %% cached server session: ...

more helpful information. i've checked expiration of certificate. expires november 2044, i'm assured hand shake isn't failing due expired certificate.

thanks comment of ejp, decided dig client error message. added debug statement printed error client getting, following:

hostname/ip doesn't match certificate's altnames

i have check in client string, upgraded node v0.12 , appears added output in statement. logic ignore error, , continue encrypted session.

thanks help.


Comments

Post a Comment

Popular posts from this blog

node.js - Mongoose: Cast to ObjectId failed for value on newly created object after setting the value -

-
this question has answer here: what's mongoose error cast objectid failed value xxx @ path “_id”? 7 answers even though has been asked many times because entity has no valid objectid field. i came across situation objectid set value can casted objectid still error. the schema: var serviceschema = parammongoose.schema({ servicename:{ type: parammongoose.schema.types.objectid , ref: 'servicenames',required:true } }); pseudo code: servicefromdb=new service({servicename:'some name'}); servicefromdb.servicename='000000000000000000000001'; servicefromdb.save(function(paramerror,paramdata){ if(paramerror){ console.log('but but...',servicefromdb,paramerror) } }); the output of code is: but but... { servicename: 000000000000000000000001, _id: 55079a90286f49280364f78b } { [casterror: cast objectid faile...
Read more

gradle error "Cannot convert the provided notation to a File or URI" -

-
i have defined 2 system properties in gradle.properties: systemprop.builddir=build systemprop.cfgdir=build\\cfg and have following task defined in build.gradle: task clean(group:'clean',description:'clean project') << { ant.sequential { delete(dir: system.properties.builddir) mkdir(dir: system.properties.builddir) delete(dir: system.properties.cfgdir) mkdir(dir: system.properties.cfgdir) } } this generates following error: execution failed task ':clean'. > cannot convert provided notation file or uri: {dir=build}. following types/formats supported: - string or charsequence path, e.g 'src/main/java' or '/usr/include' - string or charsequence uri, e.g 'file:/usr/include' - file instance. - uri or url instance. but equivalent block of code not generate error , works expected: task clean(group:'clean',description:'clean project') << { ...
Read more

[C++][SFML 2.2] Strange Performance Issues - Moving Mouse Lowers CPU Usage -

-
i've been working on making 2d map editor past 2 weeks or so, , i've run strange problem. trying optimize code, example, making functions should've been functions begin with, did made cpu usage go through roof. i've tried commenting out different sections of code thought culprits (scrolling, rendering, other calculations) no avail. think issue might trying call things within different functions, sake of making modular possible, i'd functionality. the other major change i've made since file i'm comparing i've ported variables external cpp file, since having variables global makes lot easier use within different functions. simple issue, can't life of me understand why happens. with original code, around 2-3% cpu usage. new code, around 20-35%, but, if move mouse around, it'll drop around 6-8%. tl;dr: after trying optimize code using functions, i've somehow killed performance, , found strange quirk moving mouse reduces cpu usage.. /...
Read more