这是SSL / TLS双向身份验证还是有问题?
[英]Is this SSL/TLS two way authentication or what is wrong?
问题描述
I have been learning SSL/TSL and certificates for a week. 
我已经学习SSL / TSL和证书一个星期了。
It looks like it working and that i have SSL/TLS client/server certificates for two way authentication SSL working. 它看起来像在工作,并且我具有用于双向身份验证SSL的SSL / TLS客户端/服务器证书。
The Java server is on PC win7 and Java Client is Android ICS. Java服务器在PC win7上,而Java客户端是Android ICS。
Client connect and send a text string and server reply with text string. 客户端连接并发送文本字符串,服务器使用文本字符串回复。
Transfer works but Im not sure that it's encrypted because i cannot see the data being sent. 传输有效,但我不确定它是否已加密,因为我看不到正在发送的数据。
I would like to have second opinion regarding the debug log if i did something wrong? 如果我做错了什么,我想对调试日志有第二意见?
( removed much binary text to fit in this body ) ( 删除了很多二进制文本以适合此正文 )
adding as trusted cert:
Subject: CN=smith.droid-ip.com, O=SMITH, C=SE
Issuer: CN=smith.droid-ip.com, O=SMITH, C=SE
Algorithm: RSA; Serial number: 0xb4ba1f6a7902bb97
Valid from Thu Oct 11 18:37:21 CEST 2012 until Fri Oct 11 18:37:21 CEST 2013
***
found key for : 1
chain [0] = [
[
Version: V3
Subject: CN=smith.droid-ip.com, O=SMITH, C=SE
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 2048 bits
modulus: 19828292987711460063479095233990735206267474911720200680398978846239921718204800830196446367271259853243857782157464503041073715350900882399263842246256739265150626309452599118681530205469111691215024194198408322269068550434706560902100199589198763096214957779831336905118521574867338194318861017871505432271905525399396261074008234892595483193798680621671023145911
public exponent: 65537
Validity: [From: Thu Oct 11 18:38:14 CEST 2012,
To: Fri Oct 11 18:38:14 CEST 2013]
Issuer: CN=smith.droid-ip.com, O=SMITH, C=SE
SerialNumber: [ ef1a4465 3fb9d4ed]
Certificate Extensions: 3
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: F5 6E DA 1E DD 85 08 31 D9 16 AC 37 23 DB 52 6A .n.....1...7#.Rj
0010: FF B3 D4 E3 ....
]
]
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: F5 6E DA 1E DD 85 08 31 D9 16 AC 37 23 DB 52 6A .n.....1...7#.Rj
0010: FF B3 D4 E3 ....
]
]
[3]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
]
]
Algorithm: [SHA1withRSA]
Signature:
0000: 7C EA BF 17 BB 9C 6E E6 DC 6E D3 5D 7E B5 48 0F ......n..n.]..H.
0010: 5A A1 98 5F 15 A8 46 49 36 D2 1B F9 05 60 87 ED Z.._..FI6....`..
00E0: 61 9B 78 96 F7 54 D3 68 F2 91 9F 43 57 AB C5 0E a.x..T.h...CW...
00F0: D8 9E 51 85 08 62 F6 B4 BB A4 70 04 0F BA D2 C6 ..Q..b....p.....
]
***
SSL Key 1
SSL Trust 1
trigger seeding of SecureRandom
done seeding SecureRandom
Server started
Waiting for connection from client...
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Accepted connection from 192.168.1.1, port 54732
[Raw read]: length = 5
0000: 16 03 01 00 B3 .....
[Raw read]: length = 179
0000: 01 00 00 AF 03 01 50 77 38 3C 36 6C 05 1E DA AF ......Pw8<6l....
0010: DA 43 76 EF 65 9B 43 C4 5A 05 34 FC 42 B9 4F 54 .Cv.e.C.Z.4.B.OT
0090: 08 00 09 00 0A 00 0B 00 0C 00 0D 00 0E 00 0F 00 ................
00A0: 10 00 11 00 12 00 13 00 14 00 15 00 16 00 17 00 ................
00B0: 18 00 19 ...
main, READ: TLSv1 Handshake, length = 179
*** ClientHello, TLSv1
RandomCookie: GMT: 1349990460 bytes = { 54, 108, 5, 30, 218, 175, 218, 67, 118, 239, 101, 155, 67, 196, 90, 5, 52, 252, 66, 185, 79, 84, 176, 249, 20, 196, 174, 171 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
Extension ec_point_formats, formats: [uncompressed, ansiX962_compressed_prime, ansiX962_compressed_char2]
Extension elliptic_curves, curve names: {sect163k1, sect163r1, sect163r2, sect193r1, sect193r2, sect233k1, sect233r1, sect239k1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, secp192k1, secp192r1, secp224k1, secp224r1, secp256k1, secp256r1, secp384r1, secp521r1}
***
[read] MD5 and SHA1 hashes: len = 179
0000: 01 00 00 AF 03 01 50 77 38 3C 36 6C 05 1E DA AF ......Pw8<6l....
0010: DA 43 76 EF 65 9B 43 C4 5A 05 34 FC 42 B9 4F 54 .Cv.e.C.Z.4.B.OT
0020: B0 F9 14 C4 AE AB 00 00 46 00 04 00 05 00 2F 00 ........F...../.
0090: 08 00 09 00 0A 00 0B 00 0C 00 0D 00 0E 00 0F 00 ................
00A0: 10 00 11 00 12 00 13 00 14 00 15 00 16 00 17 00 ................
00B0: 18 00 19 ...
%% Initialized: [Session-1, SSL_NULL_WITH_NULL_NULL]
matching alias: 1
%% Negotiating: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
*** ServerHello, TLSv1
RandomCookie: GMT: 1349990450 bytes = { 174, 0, 115, 139, 10, 24, 65, 65, 210, 225, 235, 246, 73, 222, 227, 2, 249, 108, 142, 119, 113, 131, 78, 202, 83, 67, 172, 181 }
Session ID: {80, 119, 56, 50, 9, 30, 182, 174, 111, 28, 205, 221, 135, 132, 189, 19, 82, 157, 109, 159, 42, 162, 203, 141, 125, 61, 76, 105, 185, 192, 186, 184}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
***
Cipher suite: SSL_RSA_WITH_RC4_128_MD5
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: CN=smith.droid-ip.com, O=SMITH, C=SE
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 2048 bits
modulus: 198282929877114600634790952339907352062674749117202006803989788462399217182048008301964463672712598532438577821574645030410737153509008823992638422462567392651506263094525991186815305469111691215024194198408322269068550434706560902100199589198763096214957779831336905118521574867338194318861017871505432271905525399396261074008234892595483193798680621671023145911
public exponent: 65537
Validity: [From: Thu Oct 11 18:38:14 CEST 2012,
To: Fri Oct 11 18:38:14 CEST 2013]
Issuer: CN=smith.droid-ip.com, O=SMITH, C=SE
SerialNumber: [ ef1a4465 3fb9d4ed]
Certificate Extensions: 3
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: F5 6E DA 1E DD 85 08 31 D9 16 AC 37 23 DB 52 6A .n.....1...7#.Rj
0010: FF B3 D4 E3 ....
]
]
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: F5 6E DA 1E DD 85 08 31 D9 16 AC 37 23 DB 52 6A .n.....1...7#.Rj
0010: FF B3 D4 E3 ....
]
]
[3]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
]
]
Algorithm: [SHA1withRSA]
Signature:
0000: 7C EA BF 17 BB 9C 6E E6 DC 6E D3 5D 7E B5 48 0F ......n..n.]..H.
0010: 5A A1 98 5F 15 A8 46 49 36 D2 1B F9 05 60 87 ED Z.._..FI6....`..
0020: F8 59 E5 08 9F 06 22 0F 18 4A F6 E6 6C 23 39 E8 .Y...."..J..l#9.
00D0: 5A F8 94 F4 5F C2 01 BE EE E0 4E 8B BD CA 14 3C Z..._.....N....<
00E0: 61 9B 78 96 F7 54 D3 68 F2 91 9F 43 57 AB C5 0E a.x..T.h...CW...
00F0: D8 9E 51 85 08 62 F6 B4 BB A4 70 04 0F BA D2 C6 ..Q..b....p.....
]
***
*** CertificateRequest
Cert Types: RSA, DSS, ECDSA
Cert Authorities:
<CN=smith.droid-ip.com, O=SMITH, C=SE>
*** ServerHelloDone
[write] MD5 and SHA1 hashes: len = 1022
0000: 02 00 00 4D 03 01 50 77 38 32 AE 00 73 8B 0A 18 ...M..Pw82..s...
0010: 41 41 D2 E1 EB F6 49 DE E3 02 F9 6C 8E 77 71 83 AA....I....l.wq.
0060: 82 02 37 A0 03 02 01 02 02 09 00 EF 1A 44 65 3F ..7..........De?
0070: B9 D4 ED 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 ...0...*.H......
0080: 05 00 30 3E 31 0B 30 09 06 03 55 04 06 13 02 53 ..0>1.0...U....S
0090: 45 31 0F 30 0D 06 03 55 04 0A 0C 06 53 50 52 49 E1.0...U....SPRI
00A0: 49 44 31 1E 30 1C 06 03 55 04 03 0C 15 64 72 75 ID1.0...U....dru
00B0: 74 74 65 6E 2E 64 79 6E 64 6E 73 2D 69 70 2E 63 tten.droid-ip.c
00C0: 6F 6D 30 1E 17 0D 31 32 31 30 31 31 31 36 33 38 om0...1210111638
00D0: 31 34 5A 17 0D 31 33 31 30 31 31 31 36 33 38 31 14Z..13101116381
00E0: 34 5A 30 3E 31 0B 30 09 06 03 55 04 06 13 02 53 4Z0>1.0...U....S
00F0: 45 31 0F 30 0D 06 03 55 04 0A 0C 06 53 50 52 49 E1.0...U....SPRI
0100: 49 44 31 1E 30 1C 06 03 55 04 03 0C 15 64 72 75 ID1.0...U....dru
0110: 74 74 65 6E 2E 64 79 6E 64 6E 73 2D 69 70 2E 63 tten.droid-ip.c
0120: 6F 6D 30 82 01 22 30 0D 06 09 2A 86 48 86 F7 0D om0.."0...*.H...
03C0: 06 03 55 04 06 13 02 53 45 31 0F 30 0D 06 03 55 ..U....SE1.0...U
03D0: 04 0A 0C 06 53 50 52 49 49 44 31 1E 30 1C 06 03 ....SMITH1.0...
03E0: 55 04 03 0C 15 64 72 75 74 74 65 6E 2E 64 79 6E U....smith.dyn
03F0: 64 6E 73 2D 69 70 2E 63 6F 6D 0E 00 00 00 dns-ip.com....
main, WRITE: TLSv1 Handshake, length = 1022
[Raw write]: length = 1027
0000: 16 03 01 03 FE 02 00 00 4D 03 01 50 77 38 32 AE ........M..Pw82.
0010: 00 73 8B 0A 18 41 41 D2 E1 EB F6 49 DE E3 02 F9 .s...AA....I....
0020: 6C 8E 77 71 83 4E CA 53 43 AC B5 20 50 77 38 32 l.wq.N.SC.. Pw82
0090: 04 06 13 02 53 45 31 0F 30 0D 06 03 55 04 0A 0C ....SE1.0...U...
00A0: 06 53 50 52 49 49 44 31 1E 30 1C 06 03 55 04 03 .SMITH1.0...U..
00B0: 0C 15 64 72 75 74 74 65 6E 2E 64 79 6E 64 6E 73 ..smith.droid
00C0: 2D 69 70 2E 63 6F 6D 30 1E 17 0D 31 32 31 30 31 -ip.com0...12101
00D0: 31 31 36 33 38 31 34 5A 17 0D 31 33 31 30 31 31 1163814Z..131011
03E0: 1E 30 1C 06 03 55 04 03 0C 15 64 72 75 74 74 65 .0...U....drutte
03F0: 6E 2E 64 79 6E 64 6E 73 2D 69 70 2E 63 6F 6D 0E n.droid-ip.com.
0400: 00 00 00 ...
[Raw read]: length = 5
0000: 16 03 01 03 5D ....]
[Raw read]: length = 861
0000: 0B 00 03 59 00 03 56 00 03 53 30 82 03 4F 30 82 ...Y..V..S0..O0.
0010: 02 37 A0 03 02 01 02 02 09 00 B4 BA 1F 6A 79 02 .7...........jy.
0020: BB 97 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 ..0...*.H.......
0030: 00 30 3E 31 0B 30 09 06 03 55 04 06 13 02 53 45 .0>1.0...U....SE
0040: 31 0F 30 0D 06 03 55 04 0A 0C 06 53 50 52 49 49 1.0...U....SPRII
0330: AD 48 3B FE 4B F9 1A 82 C9 CB 24 88 89 C3 78 8E .H;.K.....$...x.
0340: A6 D4 FE CE 39 66 F4 48 39 16 7D 8E 08 DB 3E 24 ....9f.H9.....>$
0350: F7 FD 34 76 94 6D 37 BE EF 53 BA 89 4D ..4v.m7..S..M
main, READ: TLSv1 Handshake, length = 861
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: CN=smith.droid-ip.com, O=SMITH, C=SE
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 2048 bits
modulus: 23496237719502336160731187123882087516857248303136016525007515477411820324389309412497616204841416737428369029539727911829957261900246123671755448783374076371585220700946079814339410199697877719076300791503351733152444962714618216706903270272228589537934701160017250218124068090224176369183083907456616852817429610227318879195807569316432328134191548839310114727528540673
public exponent: 65537 Validity: [From: Thu Oct 11 18:37:21 CEST 2012,
To: Fri Oct 11 18:37:21 CEST 2013]
Issuer: CN=smith.droid-ip.com, O=SMITH, C=SE
SerialNumber: [ b4ba1f6a 7902bb97]
Certificate Extensions: 3
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 28 E3 D4 F1 6B 59 12 54 26 6B 9B 09 6A 94 77 79 (...kY.T&k..j.wy
0010: AE BC 3D 2B ..=+
]
]
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 28 E3 D4 F1 6B 59 12 54 26 6B 9B 09 6A 94 77 79 (...kY.T&k..j.wy
0010: AE BC 3D 2B ..=+
]
]
[3]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
]
]
Algorithm: [SHA1withRSA]
Signature:
0000: B0 22 82 D5 1B AF 4C A7 7E D9 B4 27 F7 48 C4 D7 ."....L....'.H..
0010: DE A5 45 E6 72 D1 85 DE CF F7 AF A4 97 7B 68 6A ..E.r.........hj
0020: FE 22 D0 1A 38 E6 5F D4 6B ED CD F1 32 6B 29 E5 ."..8._.k...2k).
0030: 72 EE 9F 7F 4F 16 10 7D C4 1B 6C 1A 31 4A 8E 3C r...O.....l.1J.<
0040: E0 E9 8B 0E E2 D5 5B 01 00 29 1C 32 8B E8 D9 56 ......[..).2...V
0050: DF 5D 6A 95 F4 BA 20 7D CA E7 FD 0E C5 C1 91 36 .]j... ........6
0060: 5C 13 00 F9 04 A8 4C 93 A7 46 0D C6 54 07 4B 7B \.....L..F..T.K.
00F0: DB 3E 24 F7 FD 34 76 94 6D 37 BE EF 53 BA 89 4D .>$..4v.m7..S..M
]
***
Found trusted certificate:
[
[
Version: V3
Subject: CN=smith.droid-ip.com, O=SMITH, C=SE
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 2048 bits
modulus: 23496237719502336160731187123882087516857248303136016525007515477411820324389309412497616204841416737428369029539727911829957261900246123671755448783374076371585220700946079814339410697877719076300791503351733152444962714618216706903270272228589537934701160017250218124068090224176369183083907456616852817429610227318879195807569316432328134191548839310114727528540673
public exponent: 65537
Validity: [From: Thu Oct 11 18:37:21 CEST 2012,
To: Fri Oct 11 18:37:21 CEST 2013]
Issuer: CN=smith.droid-ip.com, O=SMITH, C=SE
SerialNumber: [ b4ba1f6a 7902bb97]
Certificate Extensions: 3
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 28 E3 D4 F1 6B 59 12 54 26 6B 9B 09 6A 94 77 79 (...kY.T&k..j.wy
0010: AE BC 3D 2B ..=+
]
]
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 28 E3 D4 F1 6B 59 12 54 26 6B 9B 09 6A 94 77 79 (...kY.T&k..j.wy
0010: AE BC 3D 2B ..=+
]
]
[3]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
]
]
Algorithm: [SHA1withRSA]
Signature:
0000: B0 22 82 D5 1B AF 4C A7 7E D9 B4 27 F7 48 C4 D7 ."....L....'.H..
0010: DE A5 45 E6 72 D1 85 DE CF F7 AF A4 97 7B 68 6A ..E.r.........hj
0020: FE 22 D0 1A 38 E6 5F D4 6B ED CD F1 32 6B 29 E5 ."..8._.k...2k).
00D0: CF 07 1B AD 48 3B FE 4B F9 1A 82 C9 CB 24 88 89 ....H;.K.....$..
00E0: C3 78 8E A6 D4 FE CE 39 66 F4 48 39 16 7D 8E 08 .x.....9f.H9....
00F0: DB 3E 24 F7 FD 34 76 94 6D 37 BE EF 53 BA 89 4D .>$..4v.m7..S..M
]
[read] MD5 and SHA1 hashes: len = 861
0000: 0B 00 03 59 00 03 56 00 03 53 30 82 03 4F 30 82 ...Y..V..S0..O0.
0010: 02 37 A0 03 02 01 02 02 09 00 B4 BA 1F 6A 79 02 .7...........jy.
0030: 00 30 3E 31 0B 30 09 06 03 55 04 06 13 02 53 45 .0>1.0...U....SE
0040: 31 0F 30 0D 06 03 55 04 0A 0C 06 53 50 52 49 49 1.0...U....SPRII
00D0: 6D 30 82 01 22 30 0D 06 09 2A 86 48 86 F7 0D 01 m0.."0...*.H....
01D0: 4F DE F0 44 74 44 65 34 E5 05 79 01 B3 11 6F 56 O..DtDe4..y...oV
01E0: EC C0 54 54 BF E1 E9 AA 1E 8B E7 F7 32 7C 54 30 ..TT........2.T0
0340: A6 D4 FE CE 39 66 F4 48 39 16 7D 8E 08 DB 3E 24 ....9f.H9.....>$
0350: F7 FD 34 76 94 6D 37 BE EF 53 BA 89 4D ..4v.m7..S..M
[Raw read]: length = 5
0000: 16 03 01 01 06 .....
[Raw read]: length = 262
0000: 10 00 01 02 01 00 68 11 0C CB 8C 6D 92 37 18 B5 ......h....m.7..
0010: 4E FD 0E 78 75 8F D1 DB 66 0F EA BB D5 72 D0 3A N..xu...f....r.:
0020: 1F 90 F3 43 59 6D 4B 41 12 ED 79 48 89 FF 76 59 ...CYmKA..yH..vY
0030: DF 37 0B 0D 9A AA 22 A6 CB EF 60 4E D3 39 39 81 .7...."...`N.99.
00E0: EC 82 8D 45 BA 4A 50 2D 6D D6 20 70 85 11 35 4A ...E.JP-m. p..5J
00F0: 25 34 00 57 44 34 36 AE 3F 52 A9 8A 16 A1 B2 5A %4.WD46.?R.....Z
0100: 5A 96 A9 F2 5D E4 Z...].
main, READ: TLSv1 Handshake, length = 262
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 D6 F1 4F BA 49 65 65 6E 06 F8 82 06 9C D7 ....O.Ieen......
0010: 4A C2 FA A8 2B 06 79 71 9B 3E CA 4D B7 2D D1 FE J...+.yq.>.M.-..
0020: 81 50 20 43 B8 37 9D EA 67 F5 76 C3 EC E0 6B 79 .P C.7..g.v...ky
CONNECTION KEYGEN:
Client Nonce:
0000: 50 77 38 3C 36 6C 05 1E DA AF DA 43 76 EF 65 9B Pw8<6l.....Cv.e.
0010: 43 C4 5A 05 34 FC 42 B9 4F 54 B0 F9 14 C4 AE AB C.Z.4.B.OT......
Server Nonce:
0000: 50 77 38 32 AE 00 73 8B 0A 18 41 41 D2 E1 EB F6 Pw82..s...AA....
0010: 49 DE E3 02 F9 6C 8E 77 71 83 4E CA 53 43 AC B5 I....l.wq.N.SC..
Master Secret:
0000: 1C 3A 33 0F 48 F6 EB D8 E4 89 67 06 3E E8 5A AF .:3.H.....g.>.Z.
0010: 4A E9 18 C9 D2 BA 9B 5E 5F FE D5 A5 3A 84 47 54 J......^_...:.GT
0020: 0F 37 A3 6F A1 E9 F8 E8 F6 48 CD BA 59 60 54 AC .7.o.....H..Y`T.
Client MAC write Secret:
0000: E7 E3 96 EB A2 8D A7 C0 AE 86 D7 E2 9E 92 F4 C6 ................
Server MAC write Secret:
0000: 01 BE 26 91 6C 97 03 BE 98 22 76 10 92 80 71 F1 ..&.l...."v...q.
Client write key:
0000: EF 91 16 71 44 15 66 AB ED 8C 0E D8 1E EE DE B9 ...qD.f.........
Server write key:
0000: 7D CD 93 B3 35 53 1D 34 F8 6C 60 6C EC B5 F7 5A ....5S.4.l`l...Z
... no IV used for this cipher
[read] MD5 and SHA1 hashes: len = 262
0000: 10 00 01 02 01 00 68 11 0C CB 8C 6D 92 37 18 B5 ......h....m.7..
0010: 4E FD 0E 78 75 8F D1 DB 66 0F EA BB D5 72 D0 3A N..xu...f....r.:
0020: 1F 90 F3 43 59 6D 4B 41 12 ED 79 48 89 FF 76 59 ...CYmKA..yH..vY
0030: DF 37 0B 0D 9A AA 22 A6 CB EF 60 4E D3 39 39 81 .7...."...`N.99.
00D0: D4 CB 63 98 27 D7 79 28 EE EA F6 83 0E 9A 49 0C ..c.'.y(......I.
00E0: EC 82 8D 45 BA 4A 50 2D 6D D6 20 70 85 11 35 4A ...E.JP-m. p..5J
00F0: 25 34 00 57 44 34 36 AE 3F 52 A9 8A 16 A1 B2 5A %4.WD46.?R.....Z
0100: 5A 96 A9 F2 5D E4 Z...].
[Raw read]: length = 5
0000: 16 03 01 01 06 .....
[Raw read]: length = 262
0000: 0F 00 01 02 01 00 39 86 C9 39 9F 54 9A AF 49 40 ......9..9.T..I@
0010: B3 EB C4 81 2A 68 FA E8 ED CE 70 AF 1C 57 43 64 ....*h....p..WCd
0020: 5E C5 B7 86 01 0F 17 E1 BA 52 2A 98 63 33 BF E5 ^........R*.c3..
0030: 05 25 B4 68 6B 7E 0E 86 8A E0 21 66 C2 1A 93 E3 .%.hk.....!f....
0040: B7 3C DD B2 44 86 BF 39 54 00 93 55 1D 22 90 74 .<..D..9T..U.".t
00D0: 2D C5 AC C0 73 6B E4 89 01 6E 4E C5 9F 78 EF 8F -...sk...nN..x..
00E0: 52 4A 7F 8C 47 AC 3A 37 FF FD 67 77 F9 37 F4 B8 RJ..G.:7..gw.7..
00F0: 82 B2 25 3C 8D A7 F2 4F E2 D6 74 CA 67 9F 07 90 ..%<...O..t.g...
0100: 19 6D 89 2E 90 98 .m....
main, READ: TLSv1 Handshake, length = 262
*** CertificateVerify
[read] MD5 and SHA1 hashes: len = 262
0000: 0F 00 01 02 01 00 39 86 C9 39 9F 54 9A AF 49 40 ......9..9.T..I@
0010: B3 EB C4 81 2A 68 FA E8 ED CE 70 AF 1C 57 43 64 ....*h....p..WCd
0020: 5E C5 B7 86 01 0F 17 E1 BA 52 2A 98 63 33 BF E5 ^........R*.c3..
00A0: 0C E5 B2 29 6D 68 94 FC 8C 06 77 3D B5 F2 1F 60 ...)mh....w=...`
00B0: 49 81 B7 82 D7 39 14 6B 0A 56 B4 A7 1A 18 B5 71 I....9.k.V.....q
00C0: 62 64 F6 C6 6C 9C 13 59 5B 85 7C 88 7E 31 43 E0 bd..l..Y[....1C.
00D0: 2D C5 AC C0 73 6B E4 89 01 6E 4E C5 9F 78 EF 8F -...sk...nN..x..
00E0: 52 4A 7F 8C 47 AC 3A 37 FF FD 67 77 F9 37 F4 B8 RJ..G.:7..gw.7..
00F0: 82 B2 25 3C 8D A7 F2 4F E2 D6 74 CA 67 9F 07 90 ..%<...O..t.g...
0100: 19 6D 89 2E 90 98 .m....
[Raw read]: length = 5
0000: 14 03 01 00 01 .....
[Raw read]: length = 1
0000: 01 .
main, READ: TLSv1 Change Cipher Spec, length = 1
[Raw read]: length = 5
0000: 16 03 01 00 20 ....
[Raw read]: length = 32
0000: 01 98 6F CA DD 51 09 F5 05 94 7F 52 DB 34 BD D8 ..o..Q.....R.4..
0010: 13 5A A5 76 3F D5 92 A8 A8 95 D9 22 99 B5 1E DF .Z.v?......"....
main, READ: TLSv1 Handshake, length = 32
Padded plaintext after DECRYPTION: len = 32
0000: 14 00 00 0C D6 D1 12 A7 F8 A4 7A 44 47 9C 47 3E ..........zDG.G>
0010: BB 4E 1E 95 4E 50 44 B3 39 7E 30 09 77 6A DE 92 .N..NPD.9.0.wj..
*** Finished
verify_data: { 214, 209, 18, 167, 248, 164, 122, 68, 71, 156, 71, 62 }
***
[read] MD5 and SHA1 hashes: len = 16
0000: 14 00 00 0C D6 D1 12 A7 F8 A4 7A 44 47 9C 47 3E ..........zDG.G>
main, WRITE: TLSv1 Change Cipher Spec, length = 1
[Raw write]: length = 6
0000: 14 03 01 00 01 01 ......
*** Finished
verify_data: { 165, 58, 44, 99, 220, 79, 174, 0, 32, 51, 253, 168 }
***
[write] MD5 and SHA1 hashes: len = 16
0000: 14 00 00 0C A5 3A 2C 63 DC 4F AE 00 20 33 FD A8 .....:,c.O.. 3..
Padded plaintext before ENCRYPTION: len = 32
0000: 14 00 00 0C A5 3A 2C 63 DC 4F AE 00 20 33 FD A8 .....:,c.O.. 3..
0010: 62 F0 CA 30 9A 85 CC 70 4C C8 06 AB 4E C3 D4 51 b..0...pL...N..Q
main, WRITE: TLSv1 Handshake, length = 32
[Raw write]: length = 37
0000: 16 03 01 00 20 60 0E 0F 7F 02 92 30 80 95 F3 FD .... `.....0....
0010: C9 64 76 7D 2F 38 08 5F BF A8 CD 58 DD 67 77 52 .dv./8._...X.gwR
0020: E2 A5 0B 42 36 ...B6
%% Cached server session: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
printSocketInfo......
Server socket class: class sun.security.ssl.SSLServerSocketImpl
Socker address = 0.0.0.0/0.0.0.0
Socker port = 54012
Need client authentication = true
Want client authentication = false
Use client mode = false
END printSocketInfo......
Cipher suite used for this session: SSL_RSA_WITH_RC4_128_MD5
Server -> receiving...
[Raw read]: length = 5
0000: 17 03 01 00 62 ....b
[Raw read]: length = 98
0000: E8 15 04 7C 7E 46 D5 57 5C 54 4A 60 56 40 BF B5 .....F.W\TJ`V@..
0010: 09 40 C3 E5 A9 DD DF CA F7 B3 DE 93 C0 41 7A 84 .@...........Az.
0020: 1C 8E C2 81 98 FA 74 3C 80 13 FD B1 BB 97 B4 02 ......t<........
0030: A9 04 67 92 08 1D F6 24 D1 77 D0 89 D8 92 88 53 ..g....$.w.....S
0040: 33 47 00 DB E7 F8 B1 75 1C EC B8 A5 FA 60 12 2B 3G.....u.....`.+
0050: 7A 6C 88 4C 60 46 E6 89 61 96 53 7E 64 F1 F3 30 zl.L`F..a.S.d..0
0060: A5 B1 ..
main, READ: TLSv1 Application Data, length = 98
Padded plaintext after DECRYPTION: len = 98
0000: 00 50 2A 2A 2A 2A 2A 2A 2A 2A 2A 20 54 68 69 73 .P********* This
0010: 20 6C 69 6E 65 20 69 73 20 73 65 6E 74 20 66 72 line is sent fr
0020: 6F 6D 20 41 6E 64 72 6F 69 64 20 63 6C 69 65 6E om Android clien
0030: 74 2E 20 48 65 6C 6C 6F 20 73 73 6C 53 65 72 76 t. Hello sslServ
0040: 65 72 53 6F 63 6B 65 74 2A 2A 2A 2A 2A 2A 2A 2A erSocket********
0050: 2A 2A 03 CE 95 53 B4 97 8D BE 2A 25 DD 52 6B 1F **...S....*%.Rk.
0060: 19 44 .D
Padded plaintext before ENCRYPTION: len = 88
0000: 00 46 2A 2A 2A 2A 2A 2A 2A 2A 2A 20 54 68 69 73 .F********* This
0010: 20 6C 69 6E 65 20 69 73 20 73 65 6E 74 20 66 72 line is sent fr
0020: 6F 6D 20 50 43 20 63 6C 69 65 6E 74 2E 20 48 65 om PC client. He
0030: 6C 6C 6F 20 53 53 4C 53 6F 63 6B 65 74 20 2A 2A llo SSLSocket **
0040: 2A 2A 2A 2A 2A 2A 2A 2A 7B A6 BC 2F 8B C5 E0 A4 ********.../....
0050: B1 D7 F9 70 DD EF DF 6C ...p...l
main, WRITE: TLSv1 Application Data, length = 88
[Raw write]: length = 93
0000: 17 03 01 00 58 BA D5 B5 95 E2 12 7A D8 A7 1A D1 ....X......z....
0010: FD FB C6 01 39 2A AD 69 DE A9 6A AE CB 56 4A EF ....9*.i..j..VJ.
0020: E1 B8 EF 20 9D E3 CB 95 EF 37 1D 0A 51 78 DA E6 ... .....7..Qx..
0030: 6C 7D 4C BB 70 B3 28 16 E1 44 9D 15 DA B5 C5 B3 l.L.p.(..D......
0040: C1 68 93 57 E8 2E 9A 2D 80 D4 F0 9C 95 CB 8E 32 .h.W...-.......2
0050: 13 9B 99 3B 68 3A 4F E0 E0 2C 8B 97 CD ...;h:O..,...
********* This line is sent from Android client. Hello sslServerSocket**********
main, called close()
main, called closeInternal(true)
main, SEND TLSv1 ALERT: warning, description = close_notify
Padded plaintext before ENCRYPTION: len = 18
0000: 01 00 30 AA AA 69 87 AF BF AC 5C CD 2D A9 92 29 ..0..i....\.-..)
0010: 00 F4 ..
main, WRITE: TLSv1 Alert, length = 18
[Raw write]: length = 23
0000: 15 03 01 00 12 C7 B4 E7 A6 27 7E B6 08 BD AD 54 .........'.....T
0010: AF 9E 1D 48 3B 66 16 ...H;f.
main, called closeSocket(selfInitiated)
main, called close()
main, called closeInternal(true)
main, called close()
main, called closeInternal(true)
Server ended
***FROM ANDROID CLIENT LOGCAT
10-11 23:21:00.800: I/System.out(25493): Socket class: class org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl
10-11 23:21:00.800: I/System.out(25493): Remote address = smith.droid-ip.com/82.209.154.27
10-11 23:21:00.800: I/System.out(25493): Remote port = 54012
10-11 23:21:00.800: I/System.out(25493): Local socket address = /192.168.1.251:54732
10-11 23:21:00.800: I/System.out(25493): Local address = /192.168.1.251
10-11 23:21:00.800: I/System.out(25493): Local port = 54732
10-11 23:21:00.800: I/System.out(25493): Need client authentication = false
10-11 23:21:01.180: I/System.out(25493): Session class: class org.apache.harmony.xnet.provider.jsse.OpenSSLSessionImpl
10-11 23:21:01.180: I/System.out(25493): Cipher suite = SSL_RSA_WITH_RC4_128_MD5
10-11 23:21:01.180: I/System.out(25493): Protocol = TLSv1
10-11 23:21:01.180: I/System.out(25493): PeerPrincipal = CN=smith.droid-ip.com,O=SMITH,C=SE
10-11 23:21:01.190: I/System.out(25493): LocalPrincipal = CN=smith.droid-ip.com,O=SMITH,C=SE
10-11 23:21:01.190: I/System.out(25493): Server -> receiving...
3 个解决方案
解决方案1
1 已采纳 2012-10-12 00:46:44
If you look at the trace, there is a Certificate message after the CertificateRequest and ServerHelloDone , as well as a CertificateVerify message (followed by a successful Finished ), which indicates that the client-certificate authentication took place. 如果查看跟踪,则在CertificateRequest和ServerHelloDone之后会出现一个Certificate消息,以及一个CertificateVerify消息(紧随其后的Finished ),这表明已进行了客户端证书身份验证。
Later on, you get a fragment of plain text before/after encryption: 稍后,您将获得加密前后的纯文本片段:
Padded plaintext after DECRYPTION: len = 98
0000: 00 50 2A 2A 2A 2A 2A 2A 2A 2A 2A 20 54 68 69 73 .P********* This
0010: 20 6C 69 6E 65 20 69 73 20 73 65 6E 74 20 66 72 line is sent fr
0020: 6F 6D 20 41 6E 64 72 6F 69 64 20 63 6C 69 65 6E om Android clien
0030: 74 2E 20 48 65 6C 6C 6F 20 73 73 6C 53 65 72 76 t. Hello sslServ
0040: 65 72 53 6F 63 6B 65 74 2A 2A 2A 2A 2A 2A 2A 2A erSocket********
0050: 2A 2A 03 CE 95 53 B4 97 8D BE 2A 25 DD 52 6B 1F **...S....*%.Rk.
0060: 19 44 .D
Padded plaintext before ENCRYPTION: len = 88
0000: 00 46 2A 2A 2A 2A 2A 2A 2A 2A 2A 20 54 68 69 73 .F********* This
0010: 20 6C 69 6E 65 20 69 73 20 73 65 6E 74 20 66 72 line is sent fr
0020: 6F 6D 20 50 43 20 63 6C 69 65 6E 74 2E 20 48 65 om PC client. He
0030: 6C 6C 6F 20 53 53 4C 53 6F 63 6B 65 74 20 2A 2A llo SSLSocket **
0040: 2A 2A 2A 2A 2A 2A 2A 2A 7B A6 BC 2F 8B C5 E0 A4 ********.../....
0050: B1 D7 F9 70 DD EF DF 6C ...p...l
You're also using a cipher suite that supports encryption and authenticated key exchange: SSL_RSA_WITH_RC4_128_MD5 . 您还将使用支持加密和身份验证密钥交换的密码套件: SSL_RSA_WITH_RC4_128_MD5 。 This being said, an MD5-based cipher suite is probably not the best choice. 话虽这么说,基于MD5的密码套件可能不是最佳选择。 This one is also the last in the order of preference of cipher suites enabled by default in the SunJSSE provider in Java 7 , yet it's the first in the list sent by your client. 这也是Java 7中SunJSSE提供程序默认启用的密码套件优先顺序中的最后一个,但它是客户端发送的列表中的第一个。 You can certainly change the cipher suite on your client, or perhaps disable it on the server (using setEnabledCipherSuites() on the socket). 您当然可以在客户端上更改密码套件,或者在服务器上禁用它(使用套接字上的setEnabledCipherSuites() )。
It seems to be working correctly there. 那里似乎正常工作。
What seems odd is that both your client and server certificates seem to be distinct self-signed certificates with the same names (Subject/Issuer DN: CN=smith.droid-ip.com, O=SMITH, C=SE , but different keys and serial numbers). 奇怪的是,您的客户端证书和服务器证书似乎都是具有相同名称的不同的自签名证书(主题/发布者DN: CN=smith.droid-ip.com, O=SMITH, C=SE ,但是密钥不同和序列号)。
That's certainly not good practice. 那当然不是好习惯。 Even if you're using self-signed certificates, don't make them use the same names. 即使您使用的是自签名证书,也请不要使它们使用相同的名称。 In addition, you should check that your client verifies the server name properly: you can try to connect to the server using the IP address instead (assuming that the certificate doesn't have an IP address SAN for that address), to check that it fails when it's supposed to. 另外,您应该检查客户端是否正确验证了服务器名称:可以尝试使用IP地址连接到服务器(假设证书没有该地址的IP地址SAN),以检查它是否正确。应该失败。
解决方案2
1 2012-10-12 02:22:02
Aside from looking at the debug logs, try capturing http traffic on the server with WireShark or a similar tool. 除了查看调试日志外,请尝试使用WireShark或类似工具捕获服务器上的http通信。 You can then see the TLS handshake and verify that traffic is indeed encrytped on the wire. 然后,您可以查看TLS握手,并验证网络上确实存在流量。
解决方案3
1 2012-10-12 07:30:16
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
That tells you the cipher suite. 这告诉您密码套件。 This is an encrypting cipher suite. 这是一个加密密码套件。
It goes on to generate pre-master secrets and connection nonces: these are used to generate the session key, so there is a session key. 它继续生成主密码,以及连接随机数:这些用于生成会话密钥,因此有一个会话密钥。
It's encrypted. 已加密。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
Rest Web Service中的两种SSL / TLS身份验证 - two way SSL/TLS authentication in a Rest Web Service
具有云驻留密钥库和信任库(秘密管理器)的相互认证(双向 TLS/SSL)-Spring 启动 - Mutual Authentication(Two-Way TLS/SSL) with cloud residing KeyStores and TrustStores(Secret Manager) -Spring boot
两种方式相互 SSL 认证 - Two way mutual SSL authentication
Netty 中的两种 SSL 身份验证 - Two way SSL authentication in Netty
双向SSL认证 - Two-way mutual SSL authentication
Java SSL/TLS(无可用的身份验证方案) - Java SSL/TLS (No available authentication scheme)
如何在 grails 中设置到 MySQL 的 SSL 连接(双向身份验证)? - How to setup SSL connection (two way authentication) to MySQL in grails?
SSL 6数字证书身份验证在Java 6中失败但在Java 7中工作的两种方式 - Two way SSL digital certificate authentication is failing in Java 6 but working in Java 7
在Android上使用客户端/服务器证书进行双向身份验证SSL套接字 - Using client/server certificates for two way authentication SSL socket on Android
有没有办法在Servlet中动态触发SSL / TLS重新协商? - Is there a way to dynamically trigger SSL/TLS renegotiation in a servlet?
相关标签