Is this SSL/TLS two way authentication or what is wrong?

Question

I have been learning SSL/TSL and certificates for a week.

It looks like it working and that i have SSL/TLS client/server certificates for two way authentication SSL working.

The Java server is on PC win7 and Java Client is Android ICS.
Client connect and send a text string and server reply with text string.

Transfer works but Im not sure that it's encrypted because i cannot see the data being sent.

I would like to have second opinion regarding the debug log if i did something wrong?
( removed much binary text to fit in this body )

adding as trusted cert:
  Subject: CN=smith.droid-ip.com, O=SMITH, C=SE
  Issuer:  CN=smith.droid-ip.com, O=SMITH, C=SE
  Algorithm: RSA; Serial number: 0xb4ba1f6a7902bb97
  Valid from Thu Oct 11 18:37:21 CEST 2012 until Fri Oct 11 18:37:21 CEST 2013

***
found key for : 1
chain [0] = [
[
  Version: V3
  Subject: CN=smith.droid-ip.com, O=SMITH, C=SE
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, 2048 bits
  modulus: 19828292987711460063479095233990735206267474911720200680398978846239921718204800830196446367271259853243857782157464503041073715350900882399263842246256739265150626309452599118681530205469111691215024194198408322269068550434706560902100199589198763096214957779831336905118521574867338194318861017871505432271905525399396261074008234892595483193798680621671023145911
  public exponent: 65537
  Validity: [From: Thu Oct 11 18:38:14 CEST 2012,
               To: Fri Oct 11 18:38:14 CEST 2013]
  Issuer: CN=smith.droid-ip.com, O=SMITH, C=SE
  SerialNumber: [    ef1a4465 3fb9d4ed]

Certificate Extensions: 3
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: F5 6E DA 1E DD 85 08 31   D9 16 AC 37 23 DB 52 6A  .n.....1...7#.Rj
0010: FF B3 D4 E3                                        ....
]
]

[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: F5 6E DA 1E DD 85 08 31   D9 16 AC 37 23 DB 52 6A  .n.....1...7#.Rj
0010: FF B3 D4 E3                                        ....
]
]

[3]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
  CA:true
  PathLen:2147483647
]

]
  Algorithm: [SHA1withRSA]
  Signature:
0000: 7C EA BF 17 BB 9C 6E E6   DC 6E D3 5D 7E B5 48 0F  ......n..n.]..H.
0010: 5A A1 98 5F 15 A8 46 49   36 D2 1B F9 05 60 87 ED  Z.._..FI6....`..
00E0: 61 9B 78 96 F7 54 D3 68   F2 91 9F 43 57 AB C5 0E  a.x..T.h...CW...
00F0: D8 9E 51 85 08 62 F6 B4   BB A4 70 04 0F BA D2 C6  ..Q..b....p.....

]
***
SSL Key 1
SSL Trust 1
trigger seeding of SecureRandom
done seeding SecureRandom
Server started
  Waiting for connection from client...
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
  Accepted connection from 192.168.1.1, port 54732
[Raw read]: length = 5
0000: 16 03 01 00 B3                                     .....
[Raw read]: length = 179
0000: 01 00 00 AF 03 01 50 77   38 3C 36 6C 05 1E DA AF  ......Pw8<6l....
0010: DA 43 76 EF 65 9B 43 C4   5A 05 34 FC 42 B9 4F 54  .Cv.e.C.Z.4.B.OT
0090: 08 00 09 00 0A 00 0B 00   0C 00 0D 00 0E 00 0F 00  ................
00A0: 10 00 11 00 12 00 13 00   14 00 15 00 16 00 17 00  ................
00B0: 18 00 19                                           ...
main, READ: TLSv1 Handshake, length = 179
*** ClientHello, TLSv1
RandomCookie:  GMT: 1349990460 bytes = { 54, 108, 5, 30, 218, 175, 218, 67, 118, 239, 101, 155, 67, 196, 90, 5, 52, 252, 66, 185, 79, 84, 176, 249, 20, 196, 174, 171 }
Session ID:  {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods:  { 0 }
Extension ec_point_formats, formats: [uncompressed, ansiX962_compressed_prime, ansiX962_compressed_char2]
Extension elliptic_curves, curve names: {sect163k1, sect163r1, sect163r2, sect193r1, sect193r2, sect233k1, sect233r1, sect239k1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, secp192k1, secp192r1, secp224k1, secp224r1, secp256k1, secp256r1, secp384r1, secp521r1}
***
[read] MD5 and SHA1 hashes:  len = 179
0000: 01 00 00 AF 03 01 50 77   38 3C 36 6C 05 1E DA AF  ......Pw8<6l....
0010: DA 43 76 EF 65 9B 43 C4   5A 05 34 FC 42 B9 4F 54  .Cv.e.C.Z.4.B.OT
0020: B0 F9 14 C4 AE AB 00 00   46 00 04 00 05 00 2F 00  ........F...../.
0090: 08 00 09 00 0A 00 0B 00   0C 00 0D 00 0E 00 0F 00  ................
00A0: 10 00 11 00 12 00 13 00   14 00 15 00 16 00 17 00  ................
00B0: 18 00 19                                           ...
%% Initialized:  [Session-1, SSL_NULL_WITH_NULL_NULL]
matching alias: 1
%% Negotiating:  [Session-1, SSL_RSA_WITH_RC4_128_MD5]
*** ServerHello, TLSv1
RandomCookie:  GMT: 1349990450 bytes = { 174, 0, 115, 139, 10, 24, 65, 65, 210, 225, 235, 246, 73, 222, 227, 2, 249, 108, 142, 119, 113, 131, 78, 202, 83, 67, 172, 181 }
Session ID:  {80, 119, 56, 50, 9, 30, 182, 174, 111, 28, 205, 221, 135, 132, 189, 19, 82, 157, 109, 159, 42, 162, 203, 141, 125, 61, 76, 105, 185, 192, 186, 184}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
***
Cipher suite:  SSL_RSA_WITH_RC4_128_MD5
*** Certificate chain
chain [0] = [
[
  Version: V3
  Subject: CN=smith.droid-ip.com, O=SMITH, C=SE
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, 2048 bits
  modulus: 198282929877114600634790952339907352062674749117202006803989788462399217182048008301964463672712598532438577821574645030410737153509008823992638422462567392651506263094525991186815305469111691215024194198408322269068550434706560902100199589198763096214957779831336905118521574867338194318861017871505432271905525399396261074008234892595483193798680621671023145911
  public exponent: 65537
  Validity: [From: Thu Oct 11 18:38:14 CEST 2012,
               To: Fri Oct 11 18:38:14 CEST 2013]
  Issuer: CN=smith.droid-ip.com, O=SMITH, C=SE
  SerialNumber: [    ef1a4465 3fb9d4ed]

Certificate Extensions: 3
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: F5 6E DA 1E DD 85 08 31   D9 16 AC 37 23 DB 52 6A  .n.....1...7#.Rj
0010: FF B3 D4 E3                                        ....
]
]

[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: F5 6E DA 1E DD 85 08 31   D9 16 AC 37 23 DB 52 6A  .n.....1...7#.Rj
0010: FF B3 D4 E3                                        ....
]
]

[3]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
  CA:true
  PathLen:2147483647
]

]
  Algorithm: [SHA1withRSA]
  Signature:
0000: 7C EA BF 17 BB 9C 6E E6   DC 6E D3 5D 7E B5 48 0F  ......n..n.]..H.
0010: 5A A1 98 5F 15 A8 46 49   36 D2 1B F9 05 60 87 ED  Z.._..FI6....`..
0020: F8 59 E5 08 9F 06 22 0F   18 4A F6 E6 6C 23 39 E8  .Y...."..J..l#9.
00D0: 5A F8 94 F4 5F C2 01 BE   EE E0 4E 8B BD CA 14 3C  Z..._.....N....<
00E0: 61 9B 78 96 F7 54 D3 68   F2 91 9F 43 57 AB C5 0E  a.x..T.h...CW...
00F0: D8 9E 51 85 08 62 F6 B4   BB A4 70 04 0F BA D2 C6  ..Q..b....p.....

]
***
*** CertificateRequest
Cert Types: RSA, DSS, ECDSA
Cert Authorities:
<CN=smith.droid-ip.com, O=SMITH, C=SE>
*** ServerHelloDone
[write] MD5 and SHA1 hashes:  len = 1022
0000: 02 00 00 4D 03 01 50 77   38 32 AE 00 73 8B 0A 18  ...M..Pw82..s...
0010: 41 41 D2 E1 EB F6 49 DE   E3 02 F9 6C 8E 77 71 83  AA....I....l.wq.
0060: 82 02 37 A0 03 02 01 02   02 09 00 EF 1A 44 65 3F  ..7..........De?
0070: B9 D4 ED 30 0D 06 09 2A   86 48 86 F7 0D 01 01 05  ...0...*.H......
0080: 05 00 30 3E 31 0B 30 09   06 03 55 04 06 13 02 53  ..0>1.0...U....S
0090: 45 31 0F 30 0D 06 03 55   04 0A 0C 06 53 50 52 49  E1.0...U....SPRI
00A0: 49 44 31 1E 30 1C 06 03   55 04 03 0C 15 64 72 75  ID1.0...U....dru
00B0: 74 74 65 6E 2E 64 79 6E   64 6E 73 2D 69 70 2E 63  tten.droid-ip.c
00C0: 6F 6D 30 1E 17 0D 31 32   31 30 31 31 31 36 33 38  om0...1210111638
00D0: 31 34 5A 17 0D 31 33 31   30 31 31 31 36 33 38 31  14Z..13101116381
00E0: 34 5A 30 3E 31 0B 30 09   06 03 55 04 06 13 02 53  4Z0>1.0...U....S
00F0: 45 31 0F 30 0D 06 03 55   04 0A 0C 06 53 50 52 49  E1.0...U....SPRI
0100: 49 44 31 1E 30 1C 06 03   55 04 03 0C 15 64 72 75  ID1.0...U....dru
0110: 74 74 65 6E 2E 64 79 6E   64 6E 73 2D 69 70 2E 63  tten.droid-ip.c
0120: 6F 6D 30 82 01 22 30 0D   06 09 2A 86 48 86 F7 0D  om0.."0...*.H...
03C0: 06 03 55 04 06 13 02 53   45 31 0F 30 0D 06 03 55  ..U....SE1.0...U
03D0: 04 0A 0C 06 53 50 52 49   49 44 31 1E 30 1C 06 03  ....SMITH1.0...
03E0: 55 04 03 0C 15 64 72 75   74 74 65 6E 2E 64 79 6E  U....smith.dyn
03F0: 64 6E 73 2D 69 70 2E 63   6F 6D 0E 00 00 00        dns-ip.com....
main, WRITE: TLSv1 Handshake, length = 1022
[Raw write]: length = 1027
0000: 16 03 01 03 FE 02 00 00   4D 03 01 50 77 38 32 AE  ........M..Pw82.
0010: 00 73 8B 0A 18 41 41 D2   E1 EB F6 49 DE E3 02 F9  .s...AA....I....
0020: 6C 8E 77 71 83 4E CA 53   43 AC B5 20 50 77 38 32  l.wq.N.SC.. Pw82
0090: 04 06 13 02 53 45 31 0F   30 0D 06 03 55 04 0A 0C  ....SE1.0...U...
00A0: 06 53 50 52 49 49 44 31   1E 30 1C 06 03 55 04 03  .SMITH1.0...U..
00B0: 0C 15 64 72 75 74 74 65   6E 2E 64 79 6E 64 6E 73  ..smith.droid
00C0: 2D 69 70 2E 63 6F 6D 30   1E 17 0D 31 32 31 30 31  -ip.com0...12101
00D0: 31 31 36 33 38 31 34 5A   17 0D 31 33 31 30 31 31  1163814Z..131011
03E0: 1E 30 1C 06 03 55 04 03   0C 15 64 72 75 74 74 65  .0...U....drutte
03F0: 6E 2E 64 79 6E 64 6E 73   2D 69 70 2E 63 6F 6D 0E  n.droid-ip.com.
0400: 00 00 00                                           ...
[Raw read]: length = 5
0000: 16 03 01 03 5D                                     ....]
[Raw read]: length = 861
0000: 0B 00 03 59 00 03 56 00   03 53 30 82 03 4F 30 82  ...Y..V..S0..O0.
0010: 02 37 A0 03 02 01 02 02   09 00 B4 BA 1F 6A 79 02  .7...........jy.
0020: BB 97 30 0D 06 09 2A 86   48 86 F7 0D 01 01 05 05  ..0...*.H.......
0030: 00 30 3E 31 0B 30 09 06   03 55 04 06 13 02 53 45  .0>1.0...U....SE
0040: 31 0F 30 0D 06 03 55 04   0A 0C 06 53 50 52 49 49  1.0...U....SPRII
0330: AD 48 3B FE 4B F9 1A 82   C9 CB 24 88 89 C3 78 8E  .H;.K.....$...x.
0340: A6 D4 FE CE 39 66 F4 48   39 16 7D 8E 08 DB 3E 24  ....9f.H9.....>$
0350: F7 FD 34 76 94 6D 37 BE   EF 53 BA 89 4D           ..4v.m7..S..M
main, READ: TLSv1 Handshake, length = 861
*** Certificate chain
chain [0] = [
[
  Version: V3
  Subject: CN=smith.droid-ip.com, O=SMITH, C=SE
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, 2048 bits
  modulus: 23496237719502336160731187123882087516857248303136016525007515477411820324389309412497616204841416737428369029539727911829957261900246123671755448783374076371585220700946079814339410199697877719076300791503351733152444962714618216706903270272228589537934701160017250218124068090224176369183083907456616852817429610227318879195807569316432328134191548839310114727528540673
  public exponent: 65537  Validity: [From: Thu Oct 11 18:37:21 CEST 2012,
               To: Fri Oct 11 18:37:21 CEST 2013]
  Issuer: CN=smith.droid-ip.com, O=SMITH, C=SE
  SerialNumber: [    b4ba1f6a 7902bb97]

Certificate Extensions: 3
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 28 E3 D4 F1 6B 59 12 54   26 6B 9B 09 6A 94 77 79  (...kY.T&k..j.wy
0010: AE BC 3D 2B                                        ..=+
]
]

[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 28 E3 D4 F1 6B 59 12 54   26 6B 9B 09 6A 94 77 79  (...kY.T&k..j.wy
0010: AE BC 3D 2B                                        ..=+
]
]

[3]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
  CA:true
  PathLen:2147483647
]

]
  Algorithm: [SHA1withRSA]
  Signature:
0000: B0 22 82 D5 1B AF 4C A7   7E D9 B4 27 F7 48 C4 D7  ."....L....'.H..
0010: DE A5 45 E6 72 D1 85 DE   CF F7 AF A4 97 7B 68 6A  ..E.r.........hj
0020: FE 22 D0 1A 38 E6 5F D4   6B ED CD F1 32 6B 29 E5  ."..8._.k...2k).
0030: 72 EE 9F 7F 4F 16 10 7D   C4 1B 6C 1A 31 4A 8E 3C  r...O.....l.1J.<
0040: E0 E9 8B 0E E2 D5 5B 01   00 29 1C 32 8B E8 D9 56  ......[..).2...V
0050: DF 5D 6A 95 F4 BA 20 7D   CA E7 FD 0E C5 C1 91 36  .]j... ........6
0060: 5C 13 00 F9 04 A8 4C 93   A7 46 0D C6 54 07 4B 7B  \.....L..F..T.K.
00F0: DB 3E 24 F7 FD 34 76 94   6D 37 BE EF 53 BA 89 4D  .>$..4v.m7..S..M

]
***
Found trusted certificate:
[
[
  Version: V3
  Subject: CN=smith.droid-ip.com, O=SMITH, C=SE
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, 2048 bits
  modulus: 23496237719502336160731187123882087516857248303136016525007515477411820324389309412497616204841416737428369029539727911829957261900246123671755448783374076371585220700946079814339410697877719076300791503351733152444962714618216706903270272228589537934701160017250218124068090224176369183083907456616852817429610227318879195807569316432328134191548839310114727528540673
  public exponent: 65537
  Validity: [From: Thu Oct 11 18:37:21 CEST 2012,
               To: Fri Oct 11 18:37:21 CEST 2013]
  Issuer: CN=smith.droid-ip.com, O=SMITH, C=SE
  SerialNumber: [    b4ba1f6a 7902bb97]

Certificate Extensions: 3
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 28 E3 D4 F1 6B 59 12 54   26 6B 9B 09 6A 94 77 79  (...kY.T&k..j.wy
0010: AE BC 3D 2B                                        ..=+
]
]

[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 28 E3 D4 F1 6B 59 12 54   26 6B 9B 09 6A 94 77 79  (...kY.T&k..j.wy
0010: AE BC 3D 2B                                        ..=+
]
]

[3]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
  CA:true
  PathLen:2147483647
]

]
  Algorithm: [SHA1withRSA]
  Signature:
0000: B0 22 82 D5 1B AF 4C A7   7E D9 B4 27 F7 48 C4 D7  ."....L....'.H..
0010: DE A5 45 E6 72 D1 85 DE   CF F7 AF A4 97 7B 68 6A  ..E.r.........hj
0020: FE 22 D0 1A 38 E6 5F D4   6B ED CD F1 32 6B 29 E5  ."..8._.k...2k).
00D0: CF 07 1B AD 48 3B FE 4B   F9 1A 82 C9 CB 24 88 89  ....H;.K.....$..
00E0: C3 78 8E A6 D4 FE CE 39   66 F4 48 39 16 7D 8E 08  .x.....9f.H9....
00F0: DB 3E 24 F7 FD 34 76 94   6D 37 BE EF 53 BA 89 4D  .>$..4v.m7..S..M

]
[read] MD5 and SHA1 hashes:  len = 861
0000: 0B 00 03 59 00 03 56 00   03 53 30 82 03 4F 30 82  ...Y..V..S0..O0.
0010: 02 37 A0 03 02 01 02 02   09 00 B4 BA 1F 6A 79 02  .7...........jy.
0030: 00 30 3E 31 0B 30 09 06   03 55 04 06 13 02 53 45  .0>1.0...U....SE
0040: 31 0F 30 0D 06 03 55 04   0A 0C 06 53 50 52 49 49  1.0...U....SPRII
00D0: 6D 30 82 01 22 30 0D 06   09 2A 86 48 86 F7 0D 01  m0.."0...*.H....
01D0: 4F DE F0 44 74 44 65 34   E5 05 79 01 B3 11 6F 56  O..DtDe4..y...oV
01E0: EC C0 54 54 BF E1 E9 AA   1E 8B E7 F7 32 7C 54 30  ..TT........2.T0
0340: A6 D4 FE CE 39 66 F4 48   39 16 7D 8E 08 DB 3E 24  ....9f.H9.....>$
0350: F7 FD 34 76 94 6D 37 BE   EF 53 BA 89 4D           ..4v.m7..S..M
[Raw read]: length = 5
0000: 16 03 01 01 06                                     .....
[Raw read]: length = 262
0000: 10 00 01 02 01 00 68 11   0C CB 8C 6D 92 37 18 B5  ......h....m.7..
0010: 4E FD 0E 78 75 8F D1 DB   66 0F EA BB D5 72 D0 3A  N..xu...f....r.:
0020: 1F 90 F3 43 59 6D 4B 41   12 ED 79 48 89 FF 76 59  ...CYmKA..yH..vY
0030: DF 37 0B 0D 9A AA 22 A6   CB EF 60 4E D3 39 39 81  .7...."...`N.99.
00E0: EC 82 8D 45 BA 4A 50 2D   6D D6 20 70 85 11 35 4A  ...E.JP-m. p..5J
00F0: 25 34 00 57 44 34 36 AE   3F 52 A9 8A 16 A1 B2 5A  %4.WD46.?R.....Z
0100: 5A 96 A9 F2 5D E4                                  Z...].
main, READ: TLSv1 Handshake, length = 262
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 D6 F1 4F BA 49 65   65 6E 06 F8 82 06 9C D7  ....O.Ieen......
0010: 4A C2 FA A8 2B 06 79 71   9B 3E CA 4D B7 2D D1 FE  J...+.yq.>.M.-..
0020: 81 50 20 43 B8 37 9D EA   67 F5 76 C3 EC E0 6B 79  .P C.7..g.v...ky
CONNECTION KEYGEN:
Client Nonce:
0000: 50 77 38 3C 36 6C 05 1E   DA AF DA 43 76 EF 65 9B  Pw8<6l.....Cv.e.
0010: 43 C4 5A 05 34 FC 42 B9   4F 54 B0 F9 14 C4 AE AB  C.Z.4.B.OT......
Server Nonce:
0000: 50 77 38 32 AE 00 73 8B   0A 18 41 41 D2 E1 EB F6  Pw82..s...AA....
0010: 49 DE E3 02 F9 6C 8E 77   71 83 4E CA 53 43 AC B5  I....l.wq.N.SC..
Master Secret:
0000: 1C 3A 33 0F 48 F6 EB D8   E4 89 67 06 3E E8 5A AF  .:3.H.....g.>.Z.
0010: 4A E9 18 C9 D2 BA 9B 5E   5F FE D5 A5 3A 84 47 54  J......^_...:.GT
0020: 0F 37 A3 6F A1 E9 F8 E8   F6 48 CD BA 59 60 54 AC  .7.o.....H..Y`T.
Client MAC write Secret:
0000: E7 E3 96 EB A2 8D A7 C0   AE 86 D7 E2 9E 92 F4 C6  ................
Server MAC write Secret:
0000: 01 BE 26 91 6C 97 03 BE   98 22 76 10 92 80 71 F1  ..&.l...."v...q.
Client write key:
0000: EF 91 16 71 44 15 66 AB   ED 8C 0E D8 1E EE DE B9  ...qD.f.........
Server write key:
0000: 7D CD 93 B3 35 53 1D 34   F8 6C 60 6C EC B5 F7 5A  ....5S.4.l`l...Z
... no IV used for this cipher
[read] MD5 and SHA1 hashes:  len = 262
0000: 10 00 01 02 01 00 68 11   0C CB 8C 6D 92 37 18 B5  ......h....m.7..
0010: 4E FD 0E 78 75 8F D1 DB   66 0F EA BB D5 72 D0 3A  N..xu...f....r.:
0020: 1F 90 F3 43 59 6D 4B 41   12 ED 79 48 89 FF 76 59  ...CYmKA..yH..vY
0030: DF 37 0B 0D 9A AA 22 A6   CB EF 60 4E D3 39 39 81  .7...."...`N.99.
00D0: D4 CB 63 98 27 D7 79 28   EE EA F6 83 0E 9A 49 0C  ..c.'.y(......I.
00E0: EC 82 8D 45 BA 4A 50 2D   6D D6 20 70 85 11 35 4A  ...E.JP-m. p..5J
00F0: 25 34 00 57 44 34 36 AE   3F 52 A9 8A 16 A1 B2 5A  %4.WD46.?R.....Z
0100: 5A 96 A9 F2 5D E4                                  Z...].
[Raw read]: length = 5
0000: 16 03 01 01 06                                     .....
[Raw read]: length = 262
0000: 0F 00 01 02 01 00 39 86   C9 39 9F 54 9A AF 49 40  ......9..9.T..I@
0010: B3 EB C4 81 2A 68 FA E8   ED CE 70 AF 1C 57 43 64  ....*h....p..WCd
0020: 5E C5 B7 86 01 0F 17 E1   BA 52 2A 98 63 33 BF E5  ^........R*.c3..
0030: 05 25 B4 68 6B 7E 0E 86   8A E0 21 66 C2 1A 93 E3  .%.hk.....!f....
0040: B7 3C DD B2 44 86 BF 39   54 00 93 55 1D 22 90 74  .<..D..9T..U.".t
00D0: 2D C5 AC C0 73 6B E4 89   01 6E 4E C5 9F 78 EF 8F  -...sk...nN..x..
00E0: 52 4A 7F 8C 47 AC 3A 37   FF FD 67 77 F9 37 F4 B8  RJ..G.:7..gw.7..
00F0: 82 B2 25 3C 8D A7 F2 4F   E2 D6 74 CA 67 9F 07 90  ..%<...O..t.g...
0100: 19 6D 89 2E 90 98                                  .m....
main, READ: TLSv1 Handshake, length = 262
*** CertificateVerify
[read] MD5 and SHA1 hashes:  len = 262
0000: 0F 00 01 02 01 00 39 86   C9 39 9F 54 9A AF 49 40  ......9..9.T..I@
0010: B3 EB C4 81 2A 68 FA E8   ED CE 70 AF 1C 57 43 64  ....*h....p..WCd
0020: 5E C5 B7 86 01 0F 17 E1   BA 52 2A 98 63 33 BF E5  ^........R*.c3..

00A0: 0C E5 B2 29 6D 68 94 FC   8C 06 77 3D B5 F2 1F 60  ...)mh....w=...`
00B0: 49 81 B7 82 D7 39 14 6B   0A 56 B4 A7 1A 18 B5 71  I....9.k.V.....q
00C0: 62 64 F6 C6 6C 9C 13 59   5B 85 7C 88 7E 31 43 E0  bd..l..Y[....1C.
00D0: 2D C5 AC C0 73 6B E4 89   01 6E 4E C5 9F 78 EF 8F  -...sk...nN..x..
00E0: 52 4A 7F 8C 47 AC 3A 37   FF FD 67 77 F9 37 F4 B8  RJ..G.:7..gw.7..
00F0: 82 B2 25 3C 8D A7 F2 4F   E2 D6 74 CA 67 9F 07 90  ..%<...O..t.g...
0100: 19 6D 89 2E 90 98                                  .m....
[Raw read]: length = 5
0000: 14 03 01 00 01                                     .....
[Raw read]: length = 1
0000: 01                                                 .
main, READ: TLSv1 Change Cipher Spec, length = 1
[Raw read]: length = 5
0000: 16 03 01 00 20                                     .... 
[Raw read]: length = 32
0000: 01 98 6F CA DD 51 09 F5   05 94 7F 52 DB 34 BD D8  ..o..Q.....R.4..
0010: 13 5A A5 76 3F D5 92 A8   A8 95 D9 22 99 B5 1E DF  .Z.v?......"....
main, READ: TLSv1 Handshake, length = 32
Padded plaintext after DECRYPTION:  len = 32
0000: 14 00 00 0C D6 D1 12 A7   F8 A4 7A 44 47 9C 47 3E  ..........zDG.G>
0010: BB 4E 1E 95 4E 50 44 B3   39 7E 30 09 77 6A DE 92  .N..NPD.9.0.wj..
*** Finished
verify_data:  { 214, 209, 18, 167, 248, 164, 122, 68, 71, 156, 71, 62 }
***
[read] MD5 and SHA1 hashes:  len = 16
0000: 14 00 00 0C D6 D1 12 A7   F8 A4 7A 44 47 9C 47 3E  ..........zDG.G>
main, WRITE: TLSv1 Change Cipher Spec, length = 1
[Raw write]: length = 6
0000: 14 03 01 00 01 01                                  ......
*** Finished
verify_data:  { 165, 58, 44, 99, 220, 79, 174, 0, 32, 51, 253, 168 }
***
[write] MD5 and SHA1 hashes:  len = 16
0000: 14 00 00 0C A5 3A 2C 63   DC 4F AE 00 20 33 FD A8  .....:,c.O.. 3..
Padded plaintext before ENCRYPTION:  len = 32
0000: 14 00 00 0C A5 3A 2C 63   DC 4F AE 00 20 33 FD A8  .....:,c.O.. 3..
0010: 62 F0 CA 30 9A 85 CC 70   4C C8 06 AB 4E C3 D4 51  b..0...pL...N..Q
main, WRITE: TLSv1 Handshake, length = 32
[Raw write]: length = 37
0000: 16 03 01 00 20 60 0E 0F   7F 02 92 30 80 95 F3 FD  .... `.....0....
0010: C9 64 76 7D 2F 38 08 5F   BF A8 CD 58 DD 67 77 52  .dv./8._...X.gwR
0020: E2 A5 0B 42 36                                     ...B6
%% Cached server session: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
printSocketInfo......
Server socket class: class sun.security.ssl.SSLServerSocketImpl
   Socker address = 0.0.0.0/0.0.0.0
   Socker port = 54012
   Need client authentication = true
   Want client authentication = false
   Use client mode = false
END printSocketInfo......
  Cipher suite used for this session: SSL_RSA_WITH_RC4_128_MD5
  Server -> receiving...
[Raw read]: length = 5
0000: 17 03 01 00 62                                     ....b
[Raw read]: length = 98
0000: E8 15 04 7C 7E 46 D5 57   5C 54 4A 60 56 40 BF B5  .....F.W\TJ`V@..
0010: 09 40 C3 E5 A9 DD DF CA   F7 B3 DE 93 C0 41 7A 84  .@...........Az.
0020: 1C 8E C2 81 98 FA 74 3C   80 13 FD B1 BB 97 B4 02  ......t<........
0030: A9 04 67 92 08 1D F6 24   D1 77 D0 89 D8 92 88 53  ..g....$.w.....S
0040: 33 47 00 DB E7 F8 B1 75   1C EC B8 A5 FA 60 12 2B  3G.....u.....`.+
0050: 7A 6C 88 4C 60 46 E6 89   61 96 53 7E 64 F1 F3 30  zl.L`F..a.S.d..0
0060: A5 B1                                              ..
main, READ: TLSv1 Application Data, length = 98
Padded plaintext after DECRYPTION:  len = 98
0000: 00 50 2A 2A 2A 2A 2A 2A   2A 2A 2A 20 54 68 69 73  .P********* This
0010: 20 6C 69 6E 65 20 69 73   20 73 65 6E 74 20 66 72   line is sent fr
0020: 6F 6D 20 41 6E 64 72 6F   69 64 20 63 6C 69 65 6E  om Android clien
0030: 74 2E 20 48 65 6C 6C 6F   20 73 73 6C 53 65 72 76  t. Hello sslServ
0040: 65 72 53 6F 63 6B 65 74   2A 2A 2A 2A 2A 2A 2A 2A  erSocket********
0050: 2A 2A 03 CE 95 53 B4 97   8D BE 2A 25 DD 52 6B 1F  **...S....*%.Rk.
0060: 19 44                                              .D
Padded plaintext before ENCRYPTION:  len = 88
0000: 00 46 2A 2A 2A 2A 2A 2A   2A 2A 2A 20 54 68 69 73  .F********* This
0010: 20 6C 69 6E 65 20 69 73   20 73 65 6E 74 20 66 72   line is sent fr
0020: 6F 6D 20 50 43 20 63 6C   69 65 6E 74 2E 20 48 65  om PC client. He
0030: 6C 6C 6F 20 53 53 4C 53   6F 63 6B 65 74 20 2A 2A  llo SSLSocket **
0040: 2A 2A 2A 2A 2A 2A 2A 2A   7B A6 BC 2F 8B C5 E0 A4  ********.../....
0050: B1 D7 F9 70 DD EF DF 6C                            ...p...l
main, WRITE: TLSv1 Application Data, length = 88
[Raw write]: length = 93
0000: 17 03 01 00 58 BA D5 B5   95 E2 12 7A D8 A7 1A D1  ....X......z....
0010: FD FB C6 01 39 2A AD 69   DE A9 6A AE CB 56 4A EF  ....9*.i..j..VJ.
0020: E1 B8 EF 20 9D E3 CB 95   EF 37 1D 0A 51 78 DA E6  ... .....7..Qx..
0030: 6C 7D 4C BB 70 B3 28 16   E1 44 9D 15 DA B5 C5 B3  l.L.p.(..D......
0040: C1 68 93 57 E8 2E 9A 2D   80 D4 F0 9C 95 CB 8E 32  .h.W...-.......2
0050: 13 9B 99 3B 68 3A 4F E0   E0 2C 8B 97 CD           ...;h:O..,...
********* This line is sent from Android client. Hello sslServerSocket**********
main, called close()
main, called closeInternal(true)
main, SEND TLSv1 ALERT:  warning, description = close_notify
Padded plaintext before ENCRYPTION:  len = 18
0000: 01 00 30 AA AA 69 87 AF   BF AC 5C CD 2D A9 92 29  ..0..i....\.-..)
0010: 00 F4                                              ..
main, WRITE: TLSv1 Alert, length = 18
[Raw write]: length = 23
0000: 15 03 01 00 12 C7 B4 E7   A6 27 7E B6 08 BD AD 54  .........'.....T
0010: AF 9E 1D 48 3B 66 16                               ...H;f.
main, called closeSocket(selfInitiated)
main, called close()
main, called closeInternal(true)
main, called close()
main, called closeInternal(true)
Server ended

***FROM ANDROID CLIENT LOGCAT
10-11 23:21:00.800: I/System.out(25493): Socket class: class org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl
10-11 23:21:00.800: I/System.out(25493):    Remote address = smith.droid-ip.com/82.209.154.27
10-11 23:21:00.800: I/System.out(25493):    Remote port = 54012
10-11 23:21:00.800: I/System.out(25493):    Local socket address = /192.168.1.251:54732
10-11 23:21:00.800: I/System.out(25493):    Local address = /192.168.1.251
10-11 23:21:00.800: I/System.out(25493):    Local port = 54732
10-11 23:21:00.800: I/System.out(25493):    Need client authentication = false
10-11 23:21:01.180: I/System.out(25493): Session class: class org.apache.harmony.xnet.provider.jsse.OpenSSLSessionImpl
10-11 23:21:01.180: I/System.out(25493):    Cipher suite = SSL_RSA_WITH_RC4_128_MD5
10-11 23:21:01.180: I/System.out(25493):    Protocol = TLSv1
10-11 23:21:01.180: I/System.out(25493):    PeerPrincipal = CN=smith.droid-ip.com,O=SMITH,C=SE
10-11 23:21:01.190: I/System.out(25493):    LocalPrincipal = CN=smith.droid-ip.com,O=SMITH,C=SE
10-11 23:21:01.190: I/System.out(25493):   Server -> receiving...

Answer 1

If you look at the trace, there is a Certificate message after the CertificateRequest and ServerHelloDone , as well as a CertificateVerify message (followed by a successful Finished ), which indicates that the client-certificate authentication took place.

Later on, you get a fragment of plain text before/after encryption:

Padded plaintext after DECRYPTION:  len = 98
0000: 00 50 2A 2A 2A 2A 2A 2A   2A 2A 2A 20 54 68 69 73  .P********* This
0010: 20 6C 69 6E 65 20 69 73   20 73 65 6E 74 20 66 72   line is sent fr
0020: 6F 6D 20 41 6E 64 72 6F   69 64 20 63 6C 69 65 6E  om Android clien
0030: 74 2E 20 48 65 6C 6C 6F   20 73 73 6C 53 65 72 76  t. Hello sslServ
0040: 65 72 53 6F 63 6B 65 74   2A 2A 2A 2A 2A 2A 2A 2A  erSocket********
0050: 2A 2A 03 CE 95 53 B4 97   8D BE 2A 25 DD 52 6B 1F  **...S....*%.Rk.
0060: 19 44                                              .D
Padded plaintext before ENCRYPTION:  len = 88
0000: 00 46 2A 2A 2A 2A 2A 2A   2A 2A 2A 20 54 68 69 73  .F********* This
0010: 20 6C 69 6E 65 20 69 73   20 73 65 6E 74 20 66 72   line is sent fr
0020: 6F 6D 20 50 43 20 63 6C   69 65 6E 74 2E 20 48 65  om PC client. He
0030: 6C 6C 6F 20 53 53 4C 53   6F 63 6B 65 74 20 2A 2A  llo SSLSocket **
0040: 2A 2A 2A 2A 2A 2A 2A 2A   7B A6 BC 2F 8B C5 E0 A4  ********.../....
0050: B1 D7 F9 70 DD EF DF 6C                            ...p...l

You're also using a cipher suite that supports encryption and authenticated key exchange: SSL_RSA_WITH_RC4_128_MD5 . This being said, an MD5-based cipher suite is probably not the best choice. This one is also the last in the order of preference of cipher suites enabled by default in the SunJSSE provider in Java 7 , yet it's the first in the list sent by your client. You can certainly change the cipher suite on your client, or perhaps disable it on the server (using setEnabledCipherSuites() on the socket).

It seems to be working correctly there.

What seems odd is that both your client and server certificates seem to be distinct self-signed certificates with the same names (Subject/Issuer DN: CN=smith.droid-ip.com, O=SMITH, C=SE , but different keys and serial numbers).

That's certainly not good practice. Even if you're using self-signed certificates, don't make them use the same names. In addition, you should check that your client verifies the server name properly: you can try to connect to the server using the IP address instead (assuming that the certificate doesn't have an IP address SAN for that address), to check that it fails when it's supposed to.

Answer 2

Aside from looking at the debug logs, try capturing http traffic on the server with WireShark or a similar tool. You can then see the TLS handshake and verify that traffic is indeed encrytped on the wire.

Answer 3

Cipher Suite: SSL_RSA_WITH_RC4_128_MD5

That tells you the cipher suite. This is an encrypting cipher suite.

It goes on to generate pre-master secrets and connection nonces: these are used to generate the session key, so there is a session key.

It's encrypted.