TLSv.1.3 interropt problems with OpenSSL 1.1.1 when used on the client side with mutual auth

[Norman Maurer]

Hi all,


As requested I pushed a pure JDK reproducer to GitHub which you can easily use to reproduce the problem. All the details how to run it etc are in the README.md file. I also included a server to show that all works if we use the JDK on the client side and server side.
Also as stated before you will see that the cert will be send even if you use OpenSSL on the serverside if you replace “-Verify 1” with “-verify 1” (which is kind of the same as setWantClientAuth(true)).
Please don't hesitate to ping me if you need any more details or have any more questions.

https://github.com/normanmaurer/jdktls13bugreproducer <https://github.com/normanmaurer/jdktls13bugreproducer>


Here is the output with debugging enabled on the client side.

javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.515 CEST|SSLContextImpl.java:427|System property jdk.tls.client.cipherSuites is set to 'null'
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.529 CEST|SSLContextImpl.java:427|System property jdk.tls.server.cipherSuites is set to 'null'
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.563 CEST|SSLCipher.java:437|jdk.tls.keyLimits:  entry = AES/GCM/NoPadding KeyUpdate 2^37. AES/GCM/NOPADDING:KEYUPDATE = 137438953472
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.577 CEST|SSLContextImpl.java:401|Ignore disabled cipher suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.577 CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.578 CEST|SSLContextImpl.java:401|Ignore disabled cipher suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.578 CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.578 CEST|SSLContextImpl.java:401|Ignore disabled cipher suite: SSL_RSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.578 CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite: SSL_RSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.578 CEST|SSLContextImpl.java:401|Ignore disabled cipher suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.579 CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.579 CEST|SSLContextImpl.java:401|Ignore disabled cipher suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.579 CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.579 CEST|SSLContextImpl.java:401|Ignore disabled cipher suite: SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.579 CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite: SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.580 CEST|SSLContextImpl.java:401|Ignore disabled cipher suite: SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.580 CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite: SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.581 CEST|SSLContextImpl.java:401|Ignore disabled cipher suite: TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.581 CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite: TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.581 CEST|SSLContextImpl.java:401|Ignore disabled cipher suite: SSL_DH_anon_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.581 CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite: SSL_DH_anon_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.581 CEST|SSLContextImpl.java:401|Ignore disabled cipher suite: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.582 CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.582 CEST|SSLContextImpl.java:401|Ignore disabled cipher suite: TLS_ECDHE_RSA_WITH_RC4_128_SHA
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.582 CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_RC4_128_SHA
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.582 CEST|SSLContextImpl.java:401|Ignore disabled cipher suite: SSL_RSA_WITH_RC4_128_SHA
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.582 CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite: SSL_RSA_WITH_RC4_128_SHA
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.582 CEST|SSLContextImpl.java:401|Ignore disabled cipher suite: TLS_ECDH_ECDSA_WITH_RC4_128_SHA
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.583 CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_RC4_128_SHA
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.583 CEST|SSLContextImpl.java:401|Ignore disabled cipher suite: TLS_ECDH_RSA_WITH_RC4_128_SHA
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.583 CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_RC4_128_SHA
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.583 CEST|SSLContextImpl.java:401|Ignore disabled cipher suite: SSL_RSA_WITH_RC4_128_MD5
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.583 CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite: SSL_RSA_WITH_RC4_128_MD5
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.583 CEST|SSLContextImpl.java:401|Ignore disabled cipher suite: TLS_ECDH_anon_WITH_RC4_128_SHA
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.583 CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite: TLS_ECDH_anon_WITH_RC4_128_SHA
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.584 CEST|SSLContextImpl.java:401|Ignore disabled cipher suite: SSL_DH_anon_WITH_RC4_128_MD5
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.584 CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite: SSL_DH_anon_WITH_RC4_128_MD5
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.584 CEST|SSLContextImpl.java:401|Ignore disabled cipher suite: SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.584 CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite: SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.585 CEST|SSLContextImpl.java:401|Ignore disabled cipher suite: SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.585 CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite: SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.585 CEST|SSLContextImpl.java:401|Ignore disabled cipher suite: SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.585 CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite: SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.585 CEST|SSLContextImpl.java:401|Ignore disabled cipher suite: SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.585 CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite: SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.586 CEST|SSLContextImpl.java:401|Ignore disabled cipher suite: SSL_RSA_EXPORT_WITH_RC4_40_MD5
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.586 CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite: SSL_RSA_EXPORT_WITH_RC4_40_MD5
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.586 CEST|SSLContextImpl.java:401|Ignore disabled cipher suite: SSL_DH_anon_EXPORT_WITH_RC4_40_MD5
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.586 CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite: SSL_DH_anon_EXPORT_WITH_RC4_40_MD5
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.589 CEST|SSLContextImpl.java:401|Ignore disabled cipher suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.589 CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.589 CEST|SSLContextImpl.java:401|Ignore disabled cipher suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.589 CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.589 CEST|SSLContextImpl.java:401|Ignore disabled cipher suite: SSL_RSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.590 CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite: SSL_RSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.590 CEST|SSLContextImpl.java:401|Ignore disabled cipher suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.590 CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.590 CEST|SSLContextImpl.java:401|Ignore disabled cipher suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.590 CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.590 CEST|SSLContextImpl.java:401|Ignore disabled cipher suite: SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.591 CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite: SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.591 CEST|SSLContextImpl.java:401|Ignore disabled cipher suite: SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.591 CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite: SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.593 CEST|SSLContextImpl.java:401|Ignore disabled cipher suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.593 CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.594 CEST|SSLContextImpl.java:401|Ignore disabled cipher suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.594 CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.594 CEST|SSLContextImpl.java:401|Ignore disabled cipher suite: SSL_RSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.594 CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite: SSL_RSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.594 CEST|SSLContextImpl.java:401|Ignore disabled cipher suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.594 CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.595 CEST|SSLContextImpl.java:401|Ignore disabled cipher suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.595 CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.595 CEST|SSLContextImpl.java:401|Ignore disabled cipher suite: SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.595 CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite: SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.595 CEST|SSLContextImpl.java:401|Ignore disabled cipher suite: SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.595 CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite: SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.597 CEST|SSLContextImpl.java:401|Ignore disabled cipher suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.597 CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.597 CEST|SSLContextImpl.java:401|Ignore disabled cipher suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.597 CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.598 CEST|SSLContextImpl.java:401|Ignore disabled cipher suite: SSL_RSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.598 CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite: SSL_RSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.598 CEST|SSLContextImpl.java:401|Ignore disabled cipher suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.598 CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.598 CEST|SSLContextImpl.java:401|Ignore disabled cipher suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.598 CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.598 CEST|SSLContextImpl.java:401|Ignore disabled cipher suite: SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.598 CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite: SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.599 CEST|SSLContextImpl.java:401|Ignore disabled cipher suite: SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.599 CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite: SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.642 CEST|SunX509KeyManagerImpl.java:164|found key for : 1 (
  "certificate" : {
    "version"            : "v3",
    "serial number"      : "20 C3 8D C4 49 66 D0 02",
    "signature algorithm": "SHA256withRSA",
    "issuer"             : "CN=e8ac02fa0d65a84219016045db8b05c485b4ecdf.netty.test",
    "not before"         : "2013-08-02 09:51:36.000 CEST",
    "not  after"         : "10000-01-01 24:59:59.000 CET",
    "subject"            : "CN=e8ac02fa0d65a84219016045db8b05c485b4ecdf.netty.test",
    "subject public key" : "RSA"}
)
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.643 CEST|SSLContextImpl.java:115|trigger seeding of SecureRandom
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.643 CEST|SSLContextImpl.java:119|done seeding of SecureRandom
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.665 CEST|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_AES_128_GCM_SHA256 for TLS12
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.666 CEST|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_AES_256_GCM_SHA384 for TLS12
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.671 CEST|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_AES_128_GCM_SHA256 for TLS11
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.671 CEST|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_AES_256_GCM_SHA384 for TLS11
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.671 CEST|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 for TLS11
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.671 CEST|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 for TLS11
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.671 CEST|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 for TLS11
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.672 CEST|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384 for TLS11
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.672 CEST|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 for TLS11
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.672 CEST|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 for TLS11
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.672 CEST|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 for TLS11
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.672 CEST|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 for TLS11
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.673 CEST|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 for TLS11
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.673 CEST|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_RSA_WITH_AES_128_GCM_SHA256 for TLS11
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.673 CEST|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 for TLS11
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.673 CEST|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 for TLS11
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.673 CEST|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 for TLS11
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.673 CEST|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 for TLS11
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.673 CEST|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLS11
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.674 CEST|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLS11
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.674 CEST|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLS11
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.674 CEST|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLS11
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.674 CEST|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLS11
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.674 CEST|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLS11
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.674 CEST|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLS11
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.674 CEST|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_AES_128_GCM_SHA256 for TLS10
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.674 CEST|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_AES_256_GCM_SHA384 for TLS10
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.675 CEST|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 for TLS10
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.675 CEST|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 for TLS10
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.675 CEST|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 for TLS10
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.675 CEST|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384 for TLS10
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.675 CEST|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 for TLS10
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.675 CEST|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 for TLS10
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.675 CEST|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 for TLS10
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.675 CEST|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 for TLS10
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.675 CEST|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 for TLS10
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.676 CEST|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_RSA_WITH_AES_128_GCM_SHA256 for TLS10
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.676 CEST|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 for TLS10
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.676 CEST|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 for TLS10
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.676 CEST|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 for TLS10
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.676 CEST|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 for TLS10
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.676 CEST|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLS10
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.677 CEST|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLS10
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.677 CEST|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLS10
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.677 CEST|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLS10
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.677 CEST|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLS10
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.677 CEST|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLS10
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.677 CEST|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLS10
javax.net.ssl|WARNING|01|main|2018-09-17 11:51:54.690 CEST|ServerNameExtension.java:255|Unable to indicate server name
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.690 CEST|SSLExtensions.java:235|Ignore, context unavailable extension: server_name
javax.net.ssl|WARNING|01|main|2018-09-17 11:51:54.701 CEST|SignatureScheme.java:282|Signature algorithm, ed25519, is not supported by the underlying providers
javax.net.ssl|WARNING|01|main|2018-09-17 11:51:54.702 CEST|SignatureScheme.java:282|Signature algorithm, ed448, is not supported by the underlying providers
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.706 CEST|SignatureScheme.java:358|Ignore disabled signature sheme: rsa_md5
javax.net.ssl|INFO|01|main|2018-09-17 11:51:54.706 CEST|AlpnExtension.java:161|No available application protocols
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.706 CEST|SSLExtensions.java:235|Ignore, context unavailable extension: application_layer_protocol_negotiation
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.707 CEST|SSLExtensions.java:235|Ignore, context unavailable extension: cookie
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.711 CEST|SSLExtensions.java:235|Ignore, context unavailable extension: renegotiation_info
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.711 CEST|PreSharedKeyExtension.java:606|No session to resume.
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.711 CEST|SSLExtensions.java:235|Ignore, context unavailable extension: pre_shared_key
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.714 CEST|ClientHello.java:633|Produced ClientHello handshake message (
"ClientHello": {
  "client version"      : "TLSv1.2",
  "random"              : "66 2E BE D3 8A 77 39 06 3B 5A 34 03 7D EE 74 BB 08 D2 19 FD 50 17 2D 84 29 AA FB E0 EE ED 50 69",
  "session id"          : "0B 03 C8 E2 D2 A5 CD 3A 22 C5 85 17 06 64 A9 30 14 62 C0 AF AB 67 CE 63 50 41 50 7F 6B FD 4C 9F",
  "cipher suites"       : "[TLS_AES_128_GCM_SHA256(0x1301), TLS_AES_256_GCM_SHA384(0x1302), TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384(0xC02C), TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(0xC02B), TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(0xC030), TLS_RSA_WITH_AES_256_GCM_SHA384(0x009D), TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384(0xC02E), TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384(0xC032), TLS_DHE_RSA_WITH_AES_256_GCM_SHA384(0x009F), TLS_DHE_DSS_WITH_AES_256_GCM_SHA384(0x00A3), TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(0xC02F), TLS_RSA_WITH_AES_128_GCM_SHA256(0x009C), TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256(0xC02D), TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256(0xC031), TLS_DHE_RSA_WITH_AES_128_GCM_SHA256(0x009E), TLS_DHE_DSS_WITH_AES_128_GCM_SHA256(0x00A2), TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384(0xC024), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384(0xC028), TLS_RSA_WITH_AES_256_CBC_SHA256(0x003D), TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384(0xC026), TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384(0xC02A), TLS_DHE_RSA_WITH_AES_256_CBC_SHA256(0x006B), TLS_DHE_DSS_WITH_AES_256_CBC_SHA256(0x006A), TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA(0xC00A), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(0xC014), TLS_RSA_WITH_AES_256_CBC_SHA(0x0035), TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA(0xC005), TLS_ECDH_RSA_WITH_AES_256_CBC_SHA(0xC00F), TLS_DHE_RSA_WITH_AES_256_CBC_SHA(0x0039), TLS_DHE_DSS_WITH_AES_256_CBC_SHA(0x0038), TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256(0xC023), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256(0xC027), TLS_RSA_WITH_AES_128_CBC_SHA256(0x003C), TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256(0xC025), TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256(0xC029), TLS_DHE_RSA_WITH_AES_128_CBC_SHA256(0x0067), TLS_DHE_DSS_WITH_AES_128_CBC_SHA256(0x0040), TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA(0xC009), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(0xC013), TLS_RSA_WITH_AES_128_CBC_SHA(0x002F), TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA(0xC004), TLS_ECDH_RSA_WITH_AES_128_CBC_SHA(0xC00E), TLS_DHE_RSA_WITH_AES_128_CBC_SHA(0x0033), TLS_DHE_DSS_WITH_AES_128_CBC_SHA(0x0032), TLS_EMPTY_RENEGOTIATION_INFO_SCSV(0x00FF)]",
  "compression methods" : "00",
  "extensions"          : [
    "status_request (5)": {
      "certificate status type": ocsp
      "OCSP status request": {
        "responder_id": <empty>
        "request extensions": {
          <empty>
        }
      }
    },
    "supported_groups (10)": {
      "versions": [secp256r1, secp384r1, secp521r1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp256k1, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192]
    },
    "ec_point_formats (11)": {
      "formats": [uncompressed]
    },
    "signature_algorithms (13)": {
      "signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp512r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha224, rsa_sha224, dsa_sha224, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1]
    },
    "signature_algorithms_cert (50)": {
      "signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp512r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha224, rsa_sha224, dsa_sha224, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1]
    },
    "status_request_v2 (17)": {
      "cert status request": {
        "certificate status type": ocsp_multi
        "OCSP status request": {
          "responder_id": <empty>
          "request extensions": {
            <empty>
          }
        }
      }
    },
    "extended_master_secret (23)": {
      <empty>
    },
    "supported_versions (43)": {
      "versions": [TLSv1.3, TLSv1.2, TLSv1.1, TLSv1]
    },
    "psk_key_exchange_modes (45)": {
      "ke_modes": [psk_dhe_ke]
    },
    "key_share (51)": {
      "client_shares": [  
        {
          "named group": secp256r1
          "key_exchange": {
            0000: 04 A3 9F B9 05 27 00 38   C4 D7 61 6C 66 1F 4A 8D  .....'.8..alf.J.
            0010: B1 02 6F 0B F6 E1 BD 50   93 52 86 2C D2 3C 8D 1A  ..o....P.R.,.<..
            0020: 10 A9 CD F0 40 F4 CD 04   25 A1 11 E2 58 23 A3 24  .... at ...%...X#.$
            0030: CA E8 8F 28 F7 2B 65 96   B2 E3 A1 AE 99 24 94 28  ...(.+e......$.(
            0040: 83 
          }
        },
      ]
    }
  ]
}
)
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.714 CEST|SSLSocketOutputRecord.java:241|WRITE: TLS13 handshake, length = 417
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.719 CEST|SSLSocketOutputRecord.java:255|Raw write (
  0000: 16 03 03 01 A1 01 00 01   9D 03 03 66 2E BE D3 8A  ...........f....
  0010: 77 39 06 3B 5A 34 03 7D   EE 74 BB 08 D2 19 FD 50  w9.;Z4...t.....P
  0020: 17 2D 84 29 AA FB E0 EE   ED 50 69 20 0B 03 C8 E2  .-.).....Pi ....
  0030: D2 A5 CD 3A 22 C5 85 17   06 64 A9 30 14 62 C0 AF  ...:"....d.0.b..
  0040: AB 67 CE 63 50 41 50 7F   6B FD 4C 9F 00 5A 13 01  .g.cPAP.k.L..Z..
  0050: 13 02 C0 2C C0 2B C0 30   00 9D C0 2E C0 32 00 9F  ...,.+.0.....2..
  0060: 00 A3 C0 2F 00 9C C0 2D   C0 31 00 9E 00 A2 C0 24  .../...-.1.....$
  0070: C0 28 00 3D C0 26 C0 2A   00 6B 00 6A C0 0A C0 14  .(.=.&.*.k.j....
  0080: 00 35 C0 05 C0 0F 00 39   00 38 C0 23 C0 27 00 3C  .5.....9.8.#.'.<
  0090: C0 25 C0 29 00 67 00 40   C0 09 C0 13 00 2F C0 04  .%.).g. at ...../..
  00A0: C0 0E 00 33 00 32 00 FF   01 00 00 FA 00 05 00 05  ...3.2..........
  00B0: 01 00 00 00 00 00 0A 00   20 00 1E 00 17 00 18 00  ........ .......
  00C0: 19 00 09 00 0A 00 0B 00   0C 00 0D 00 0E 00 16 01  ................
  00D0: 00 01 01 01 02 01 03 01   04 00 0B 00 02 01 00 00  ................
  00E0: 0D 00 28 00 26 04 03 05   03 06 03 08 04 08 05 08  ..(.&...........
  00F0: 06 08 09 08 0A 08 0B 04   01 05 01 06 01 04 02 03  ................
  0100: 03 03 01 03 02 02 03 02   01 02 02 00 32 00 28 00  ............2.(.
  0110: 26 04 03 05 03 06 03 08   04 08 05 08 06 08 09 08  &...............
  0120: 0A 08 0B 04 01 05 01 06   01 04 02 03 03 03 01 03  ................
  0130: 02 02 03 02 01 02 02 00   11 00 09 00 07 02 00 04  ................
  0140: 00 00 00 00 00 17 00 00   00 2B 00 09 08 03 04 03  .........+......
  0150: 03 03 02 03 01 00 2D 00   02 01 01 00 33 00 47 00  ......-.....3.G.
  0160: 45 00 17 00 41 04 A3 9F   B9 05 27 00 38 C4 D7 61  E...A.....'.8..a
  0170: 6C 66 1F 4A 8D B1 02 6F   0B F6 E1 BD 50 93 52 86  lf.J...o....P.R.
  0180: 2C D2 3C 8D 1A 10 A9 CD   F0 40 F4 CD 04 25 A1 11  ,.<...... at ...%..
  0190: E2 58 23 A3 24 CA E8 8F   28 F7 2B 65 96 B2 E3 A1  .X#.$...(.+e....
  01A0: AE 99 24 94 28 83                                  ..$.(.
)
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.720 CEST|SSLSocketInputRecord.java:458|Raw read (
  0000: 16 03 03 00 9B                                     .....
)
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.720 CEST|SSLSocketInputRecord.java:213|READ: TLSv1.2 handshake, length = 155
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.721 CEST|SSLSocketInputRecord.java:458|Raw read (
  0000: 02 00 00 97 03 03 AB 76   F1 BA F3 B1 F0 DD 53 AC  .......v......S.
  0010: 5B 54 E9 E4 2E F8 44 D2   5E B2 59 85 0D 16 79 EE  [T....D.^.Y...y.
  0020: A7 66 8A 84 69 2A 20 0B   03 C8 E2 D2 A5 CD 3A 22  .f..i* .......:"
  0030: C5 85 17 06 64 A9 30 14   62 C0 AF AB 67 CE 63 50  ....d.0.b...g.cP
  0040: 41 50 7F 6B FD 4C 9F 13   01 00 00 4F 00 2B 00 02  AP.k.L.....O.+..
  0050: 03 04 00 33 00 45 00 17   00 41 04 18 4A 46 BB 73  ...3.E...A..JF.s
  0060: F4 6F 5D F0 3C 98 AD 70   7E 13 D6 C0 E5 C0 28 5A  .o].<..p......(Z
  0070: D7 42 78 95 68 E0 85 B7   06 CD DB 3C 35 DA AF E8  .Bx.h......<5...
  0080: 95 D6 A2 3C 77 CF 7E 8E   C8 94 50 BA CD 18 3F DA  ...<w.....P...?.
  0090: E3 A3 25 E9 F3 C9 A9 7F   4E B6 A9                 ..%.....N..
)
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.721 CEST|SSLSocketInputRecord.java:249|READ: TLSv1.2 handshake, length = 155
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.722 CEST|ServerHello.java:866|Consuming ServerHello handshake message (
"ServerHello": {
  "server version"      : "TLSv1.2",
  "random"              : "AB 76 F1 BA F3 B1 F0 DD 53 AC 5B 54 E9 E4 2E F8 44 D2 5E B2 59 85 0D 16 79 EE A7 66 8A 84 69 2A",
  "session id"          : "0B 03 C8 E2 D2 A5 CD 3A 22 C5 85 17 06 64 A9 30 14 62 C0 AF AB 67 CE 63 50 41 50 7F 6B FD 4C 9F",
  "cipher suite"        : "TLS_AES_128_GCM_SHA256(0x1301)",
  "compression methods" : "00",
  "extensions"          : [
    "supported_versions (43)": {
      "selected version": [TLSv1.3]
    },
    "key_share (51)": {
      "server_share": {
        "named group": secp256r1
        "key_exchange": {
          0000: 04 18 4A 46 BB 73 F4 6F   5D F0 3C 98 AD 70 7E 13  ..JF.s.o].<..p..
          0010: D6 C0 E5 C0 28 5A D7 42   78 95 68 E0 85 B7 06 CD  ....(Z.Bx.h.....
          0020: DB 3C 35 DA AF E8 95 D6   A2 3C 77 CF 7E 8E C8 94  .<5......<w.....
          0030: 50 BA CD 18 3F DA E3 A3   25 E9 F3 C9 A9 7F 4E B6  P...?...%.....N.
          0040: A9 
        }
      },
    }
  ]
}
)
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.723 CEST|SSLExtensions.java:167|Consumed extension: supported_versions
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.723 CEST|ServerHello.java:962|Negotiated protocol version: TLSv1.3
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.723 CEST|SSLExtensions.java:138|Ignore unsupported extension: server_name
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.723 CEST|SSLExtensions.java:138|Ignore unsupported extension: max_fragment_length
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.723 CEST|SSLExtensions.java:138|Ignore unsupported extension: status_request
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.724 CEST|SSLExtensions.java:138|Ignore unsupported extension: ec_point_formats
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.724 CEST|SSLExtensions.java:138|Ignore unsupported extension: application_layer_protocol_negotiation
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.724 CEST|SSLExtensions.java:138|Ignore unsupported extension: status_request_v2
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.724 CEST|SSLExtensions.java:138|Ignore unsupported extension: extended_master_secret
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.724 CEST|SSLExtensions.java:167|Consumed extension: supported_versions
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.725 CEST|SSLExtensions.java:167|Consumed extension: key_share
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.725 CEST|SSLExtensions.java:138|Ignore unsupported extension: renegotiation_info
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.725 CEST|PreSharedKeyExtension.java:832|Handling pre_shared_key absence.
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.725 CEST|SSLSessionImpl.java:203|Session initialized:  Session(1537177914725|TLS_AES_128_GCM_SHA256)
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.725 CEST|SSLExtensions.java:182|Ignore unavailable extension: server_name
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.726 CEST|SSLExtensions.java:182|Ignore unavailable extension: max_fragment_length
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.726 CEST|SSLExtensions.java:182|Ignore unavailable extension: status_request
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.726 CEST|SSLExtensions.java:182|Ignore unavailable extension: ec_point_formats
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.726 CEST|SSLExtensions.java:182|Ignore unavailable extension: application_layer_protocol_negotiation
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.726 CEST|SSLExtensions.java:182|Ignore unavailable extension: status_request_v2
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.726 CEST|SSLExtensions.java:182|Ignore unavailable extension: extended_master_secret
javax.net.ssl|WARNING|01|main|2018-09-17 11:51:54.726 CEST|SSLExtensions.java:190|Ignore impact of unsupported extension: supported_versions
javax.net.ssl|WARNING|01|main|2018-09-17 11:51:54.726 CEST|SSLExtensions.java:190|Ignore impact of unsupported extension: key_share
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.726 CEST|SSLExtensions.java:182|Ignore unavailable extension: renegotiation_info
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.726 CEST|SSLExtensions.java:182|Ignore unavailable extension: pre_shared_key
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.732 CEST|SSLCipher.java:1824|KeyLimit read side: algorithm = AES/GCM/NOPADDING:KEYUPDATE
countdown value = 137438953472
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.735 CEST|SSLCipher.java:1978|KeyLimit write side: algorithm = AES/GCM/NOPADDING:KEYUPDATE
countdown value = 137438953472
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.736 CEST|SSLSocketOutputRecord.java:225|Raw write (
  0000: 14 03 03 00 01 01                                  ......
)
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.736 CEST|SSLSocketInputRecord.java:458|Raw read (
  0000: 14 03 03 00 01                                     .....
)
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.737 CEST|SSLSocketInputRecord.java:213|READ: TLSv1.2 change_cipher_spec, length = 1
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.737 CEST|SSLSocketInputRecord.java:458|Raw read (
  0000: 01                                                 .
)
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.737 CEST|SSLSocketInputRecord.java:249|READ: TLSv1.2 change_cipher_spec, length = 1
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.737 CEST|ChangeCipherSpec.java:232|Consuming ChangeCipherSpec message
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.737 CEST|SSLSocketInputRecord.java:458|Raw read (
  0000: 17 03 03 00 27                                     ....'
)
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.738 CEST|SSLSocketInputRecord.java:213|READ: TLSv1.2 application_data, length = 39
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.738 CEST|SSLSocketInputRecord.java:458|Raw read (
  0000: D5 B7 25 6F AF E9 D6 6F   7C 61 98 90 3F FE BA 9A  ..%o...o.a..?...
  0010: A8 5B 94 5E 3A 47 38 62   36 90 9A 1D BE BF 87 18  .[.^:G8b6.......
  0020: 56 8C E3 AA CE AD AA                               V......
)
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.738 CEST|SSLSocketInputRecord.java:249|READ: TLSv1.2 application_data, length = 39
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.746 CEST|SSLCipher.java:1915|Plaintext after DECRYPTION (
  0000: 08 00 00 12 00 10 00 0A   00 0C 00 0A 00 1D 00 17  ................
  0010: 00 1E 00 19 00 18                                  ......
)
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.747 CEST|EncryptedExtensions.java:171|Consuming EncryptedExtensions handshake message (
"EncryptedExtensions": [
  "supported_groups (10)": {
    "versions": [x25519, secp256r1, x448, secp521r1, secp384r1]
  }
]
)
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.747 CEST|SSLExtensions.java:148|Ignore unavailable extension: server_name
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.747 CEST|SSLExtensions.java:148|Ignore unavailable extension: max_fragment_length
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.748 CEST|SSLExtensions.java:167|Consumed extension: supported_groups
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.748 CEST|SSLExtensions.java:182|Ignore unavailable extension: server_name
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.748 CEST|SSLExtensions.java:182|Ignore unavailable extension: max_fragment_length
javax.net.ssl|WARNING|01|main|2018-09-17 11:51:54.748 CEST|SSLExtensions.java:190|Ignore impact of unsupported extension: supported_groups
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.748 CEST|SSLExtensions.java:182|Ignore unavailable extension: application_layer_protocol_negotiation
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.749 CEST|SSLSocketInputRecord.java:458|Raw read (
  0000: 17 03 03 00 42                                     ....B
)
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.749 CEST|SSLSocketInputRecord.java:213|READ: TLSv1.2 application_data, length = 66
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.749 CEST|SSLSocketInputRecord.java:458|Raw read (
  0000: 63 F7 54 24 11 6A 91 1F   1F C5 70 9A 26 AD CE 98  c.T$.j....p.&...
  0010: D0 A9 7A 84 AF 39 7C A0   AD F6 6B B2 10 88 27 8B  ..z..9....k...'.
  0020: 79 E0 F4 5A 9F 68 AA F0   56 D3 45 72 7C 7F 22 03  y..Z.h..V.Er..".
  0030: 0A 53 F6 24 68 CB 0B E1   3B DD D4 78 B5 AC 1E D7  .S.$h...;..x....
  0040: 03 FB                                              ..
)
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.749 CEST|SSLSocketInputRecord.java:249|READ: TLSv1.2 application_data, length = 66
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.750 CEST|SSLCipher.java:1915|Plaintext after DECRYPTION (
  0000: 0D 00 00 2D 00 00 2A 00   0D 00 26 00 24 04 03 05  ...-..*...&.$...
  0010: 03 06 03 08 07 08 08 08   09 08 0A 08 0B 08 04 08  ................
  0020: 05 08 06 04 01 05 01 06   01 03 03 02 03 03 01 02  ................
  0030: 01                                                 .
)
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.750 CEST|CertificateRequest.java:864|Consuming CertificateRequest handshake message (
"CertificateRequest": {
  "certificate_request_context": "",
  "extensions": [
    "signature_algorithms (13)": {
      "signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp512r1_sha512, ed25519, ed448, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, ecdsa_sha224, ecdsa_sha1, rsa_sha224, rsa_pkcs1_sha1]
    }
  ]
}
)
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.750 CEST|SSLExtensions.java:167|Consumed extension: signature_algorithms
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.750 CEST|SSLExtensions.java:148|Ignore unavailable extension: signature_algorithms_cert
javax.net.ssl|WARNING|01|main|2018-09-17 11:51:54.751 CEST|SignatureScheme.java:390|Unsupported signature scheme: ed25519
javax.net.ssl|WARNING|01|main|2018-09-17 11:51:54.751 CEST|SignatureScheme.java:390|Unsupported signature scheme: ed448
javax.net.ssl|WARNING|01|main|2018-09-17 11:51:54.751 CEST|SignatureScheme.java:390|Unsupported signature scheme: ecdsa_sha224
javax.net.ssl|WARNING|01|main|2018-09-17 11:51:54.751 CEST|SignatureScheme.java:390|Unsupported signature scheme: rsa_sha224
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.752 CEST|SSLExtensions.java:199|Populated with extension: signature_algorithms
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.752 CEST|SSLExtensions.java:182|Ignore unavailable extension: signature_algorithms_cert
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.752 CEST|SSLSocketInputRecord.java:458|Raw read (
  0000: 17 03 03 03 20                                     .... 
)
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.752 CEST|SSLSocketInputRecord.java:213|READ: TLSv1.2 application_data, length = 800
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.753 CEST|SSLSocketInputRecord.java:458|Raw read (
  0000: FE BB B2 07 BA CE A6 32   AA 58 66 2F 6D 87 16 75  .......2.Xf/m..u
  0010: CF 71 13 53 FB 45 AE DC   84 F4 AA 33 08 08 DF B5  .q.S.E.....3....
  0020: 97 C5 79 40 4A 28 F4 9D   0F 5A 86 4E C4 5F C7 2E  ..y at J(...Z.N._..
  0030: AA AA 42 F7 8A FF 6B C1   28 75 9B A3 25 F0 23 81  ..B...k.(u..%.#.
  0040: 74 BB 9A EA A8 8D 89 BE   E9 80 AE 31 C3 3A FC 35  t..........1.:.5
  0050: E6 CA C5 77 BF C7 0E ED   64 26 DB 4E C3 3D F5 AD  ...w....d&.N.=..
  0060: 5E EB A8 37 AA 81 EF 39   24 84 C9 C4 C7 A2 D7 DB  ^..7...9$.......
  0070: 7F 82 01 7A 02 E7 23 A3   6E C9 68 B8 E5 C3 9F 53  ...z..#.n.h....S
  0080: 16 6E EF B0 54 D2 67 4C   FF 22 E6 78 B1 A0 DB BE  .n..T.gL.".x....
  0090: 97 23 FC C8 D8 92 86 3D   C6 6B E4 C1 AC EF B8 46  .#.....=.k.....F
  00A0: 75 3C 00 08 8B 34 5F 59   05 49 25 97 BE A8 61 8E  u<...4_Y.I%...a.
  00B0: B0 5F 25 91 7A FE 79 53   7A C1 A7 E7 70 7B A5 53  ._%.z.ySz...p..S
  00C0: 5A 63 8B 8E B9 92 2D B3   80 DC AA 75 BE 0F 47 F3  Zc....-....u..G.
  00D0: E8 D9 0D 7D D9 C3 B6 00   AD 2A 43 CC 66 87 88 AF  .........*C.f...
  00E0: 35 87 74 2F 87 2F 3C A6   FB 12 1A 9C 46 62 1C DC  5.t/./<.....Fb..
  00F0: 4E 4E DC 16 70 7E 08 74   FB F7 E6 5F 4D D9 20 F9  NN..p..t..._M. .
  0100: CA F3 91 45 D6 1A B3 BA   FA 4E BD A4 74 9E 4C 78  ...E.....N..t.Lx
  0110: 03 18 2C 70 35 42 68 F3   9A 1D 24 3F A7 27 DF 29  ..,p5Bh...$?.'.)
  0120: D5 58 7C CB 19 2F D1 DF   8A 6D B2 85 52 B5 78 19  .X.../...m..R.x.
  0130: EA 5C E2 7A 23 42 9E D7   A3 DC D0 DE D8 33 47 2B  .\.z#B.......3G+
  0140: 0C D8 6E 77 25 DB E6 12   B0 7A AD A5 C9 96 AC A9  ..nw%....z......
  0150: 1D CD 73 39 AC 6A 9F E2   0A F7 17 F1 F0 FF 75 9C  ..s9.j........u.
  0160: B2 05 9E 7A F4 18 4F FC   9D 42 69 4C E0 3E A1 21  ...z..O..BiL.>.!
  0170: DA 1F 71 07 59 C6 A2 F9   0B 4F C0 CD A4 85 A8 DB  ..q.Y....O......
  0180: 77 F6 87 5E 09 16 49 5C   2C B8 C0 7B 39 81 65 FD  w..^..I\,...9.e.
  0190: 29 52 E2 C7 F5 C7 AD BC   F6 A9 F9 6D D2 E9 A4 14  )R.........m....
  01A0: C9 D3 79 2E D2 BA 10 4C   BD 44 65 2B A8 7E F1 3A  ..y....L.De+...:
  01B0: F3 F6 11 53 38 17 10 12   B4 CD C5 AD 72 3B 84 A2  ...S8.......r;..
  01C0: 1B F9 D7 BF 34 00 5A FE   F4 CE 09 0C EA F2 27 9A  ....4.Z.......'.
  01D0: BD DD 93 37 E2 DF 60 CC   8A F7 C6 4B 08 30 0D 78  ...7..`....K.0.x
  01E0: 5C EB 49 34 DB 8B EB 55   33 0C 82 03 07 FD 3D FC  \.I4...U3.....=.
  01F0: 49 11 88 1C F6 67 7F 0B   48 AA EC 1B AF 04 46 CF  I....g..H.....F.
  0200: 09 C5 8E B3 F8 92 C4 56   3D 8F 0E 1D 9F D3 0C FE  .......V=.......
  0210: 94 23 15 53 8E 1F 5E C4   FA 44 03 3B 1B B0 0A 2D  .#.S..^..D.;...-
  0220: 71 D4 B5 AC 1F 52 D7 25   9F A0 C8 4B 9B 32 B8 22  q....R.%...K.2."
  0230: 3F AF B3 19 16 8C 2A 5C   B4 89 BF 82 DC 4D AF 22  ?.....*\.....M."
  0240: 2A 33 73 90 F3 C8 FF 2E   C1 B3 83 D2 7A 29 4E 15  *3s.........z)N.
  0250: 5D 87 86 F6 94 EA B0 B4   A4 41 B9 C5 BA 89 B8 E9  ]........A......
  0260: 26 E7 96 BC 4D 8A FD 86   C7 C9 2A 96 75 C3 07 EF  &...M.....*.u...
  0270: 5C 5A 4E 91 71 7D 1B A2   12 88 C5 D0 D2 5E 79 E1  \ZN.q........^y.
  0280: 6C 65 35 5E 6C CC 56 47   FD F3 96 78 7A A0 08 7E  le5^l.VG...xz...
  0290: DB 3C CC 10 76 15 37 46   48 6B 2D 23 7B A3 44 5A  .<..v.7FHk-#..DZ
  02A0: A4 46 B3 CE E2 15 BA 4C   D2 93 16 57 1F BA 75 72  .F.....L...W..ur
  02B0: BF 8C 66 50 F2 A4 F6 05   84 E5 47 12 30 BE 34 70  ..fP......G.0.4p
  02C0: 4D 0F BD FE 54 E8 B1 CE   B5 7F 6E 97 38 09 29 1F  M...T.....n.8.).
  02D0: 41 2D 2E 9E 75 D8 77 0C   08 DB 5C B4 EE 3F FE E2  A-..u.w...\..?..
  02E0: DC CF D0 ED C8 02 50 C4   EE B3 1D 8A 9E 9B EE 5E  ......P........^
  02F0: 14 BA C2 5A B0 83 8E 5C   E5 7B 69 2B 69 8C F1 AA  ...Z...\..i+i...
  0300: 2D D5 D1 3D 9D 42 1B B2   50 5D BE 7E E4 11 D2 90  -..=.B..P]......
  0310: 0B 54 71 7F D6 13 88 E2   FE 37 9F 70 B5 0B 57 79  .Tq......7.p..Wy
)
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.753 CEST|SSLSocketInputRecord.java:249|READ: TLSv1.2 application_data, length = 800
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.755 CEST|SSLCipher.java:1915|Plaintext after DECRYPTION (
  0000: 0B 00 03 0B 00 00 03 07   00 03 02 30 82 02 FE 30  ...........0...0
  0010: 82 01 E6 A0 03 02 01 02   02 08 20 C3 8D C4 49 66  .......... ...If
  0020: D0 02 30 0D 06 09 2A 86   48 86 F7 0D 01 01 0B 05  ..0...*.H.......
  0030: 00 30 3E 31 3C 30 3A 06   03 55 04 03 0C 33 65 38  .0>1<0:..U...3e8
  0040: 61 63 30 32 66 61 30 64   36 35 61 38 34 32 31 39  ac02fa0d65a84219
  0050: 30 31 36 30 34 35 64 62   38 62 30 35 63 34 38 35  016045db8b05c485
  0060: 62 34 65 63 64 66 2E 6E   65 74 74 79 2E 74 65 73  b4ecdf.netty.tes
  0070: 74 30 20 17 0D 31 33 30   38 30 32 30 37 35 31 33  t0 ..13080207513
  0080: 36 5A 18 0F 39 39 39 39   31 32 33 31 32 33 35 39  6Z..999912312359
  0090: 35 39 5A 30 3E 31 3C 30   3A 06 03 55 04 03 0C 33  59Z0>1<0:..U...3
  00A0: 65 38 61 63 30 32 66 61   30 64 36 35 61 38 34 32  e8ac02fa0d65a842
  00B0: 31 39 30 31 36 30 34 35   64 62 38 62 30 35 63 34  19016045db8b05c4
  00C0: 38 35 62 34 65 63 64 66   2E 6E 65 74 74 79 2E 74  85b4ecdf.netty.t
  00D0: 65 73 74 30 82 01 22 30   0D 06 09 2A 86 48 86 F7  est0.."0...*.H..
  00E0: 0D 01 01 01 05 00 03 82   01 0F 00 30 82 01 0A 02  ...........0....
  00F0: 82 01 01 00 DB F8 70 4E   DC 2D 14 44 12 AF 0D 48  ......pN.-.D...H
  0100: 09 1D B8 48 94 1C 9E F1   7F DC 6C D1 F7 94 3A B7  ...H......l...:.
  0110: 5C E3 85 07 3E CB E1 76   4A 2C 32 17 4B E1 5E 42  \...>..vJ,2.K.^B
  0120: A4 80 50 CA 36 A2 D9 94   F9 59 23 D0 AA 2B B2 13  ..P.6....Y#..+..
  0130: 23 6D 45 DF 13 52 A4 4E   28 D3 30 99 5A 81 AD 8C  #mE..R.N(.0.Z...
  0140: DB 15 55 B7 6D 5F 44 89   09 35 66 C8 2F 47 56 14  ..U.m_D..5f./GV.
  0150: B5 B2 46 AE CE 5D DC A0   C8 59 08 89 6F 5B DB F2  ..F..]...Y..o[..
  0160: D8 69 E3 C1 80 44 F6 DA   46 ED 1D 20 80 12 3F 81  .i...D..F.. ..?.
  0170: 95 27 F6 EB 9F B5 AC DC   72 01 70 46 18 67 1C 08  .'......r.pF.g..
  0180: AC C4 6D CA 80 48 12 87   3A 05 69 EA 92 EA 95 00  ..m..H..:.i.....
  0190: 1F B9 2C BA 83 F3 B3 1B   37 1E B3 7C D7 46 B1 AE  ..,.....7....F..
  01A0: D4 DD E9 04 8C C0 23 00   96 E3 6F 67 E7 66 65 61  ......#...og.fea
  01B0: F6 11 D2 7A FE 44 42 83   9D 1A CF 20 80 EC 58 04  ...z.DB.... ..X.
  01C0: A6 10 78 41 7B 34 C3 FA   FD 2A 08 94 72 2F 3D AE  ..xA.4...*..r/=.
  01D0: B0 58 16 63 EE DA 81 42   44 DB 21 C7 23 69 93 BB  .X.c...BD.!.#i..
  01E0: 64 40 16 78 01 8A 52 57   94 C0 AD 57 04 F4 C4 6B  d at .x..RW...W...k
  01F0: 90 C6 46 C7 02 03 01 00   01 30 0D 06 09 2A 86 48  ..F......0...*.H
  0200: 86 F7 0D 01 01 0B 05 00   03 82 01 01 00 4B FC 37  .............K.7
  0210: B5 E6 F2 A6 98 D8 58 2B   39 CE 8F 6B 51 93 80 0F  ......X+9..kQ...
  0220: 80 39 BD DA 53 7D D3 1B   00 11 F3 A7 FE 9C B7 FA  .9..S...........
  0230: 05 23 DA A2 17 10 7C E7   89 89 DE C5 90 5B 98 22  .#...........[."
  0240: 7B 97 97 EA 2A B3 E4 6A   33 F8 FC 47 41 39 06 E1  ....*..j3..GA9..
  0250: 98 63 6C 0E 2A 92 FF 3D   B1 62 D7 27 FF 2B 2B DF  .cl.*..=.b.'.++.
  0260: B7 B2 95 87 C7 B5 21 45   1E 73 F8 B5 0D D6 13 0C  ......!E.s......
  0270: 1D 25 35 6B D7 5F 18 DF   30 A1 8B 72 DD C6 31 B1  .%5k._..0..r..1.
  0280: 07 2A F2 DF 1F 1E 36 23   0C FF F9 FB DA E8 B5 2B  .*....6#.......+
  0290: 3B 8B B6 4C 37 EF D3 27   07 B9 1E D4 64 4B 82 D4  ;..L7..'....dK..
  02A0: 32 78 C6 D1 61 6E 9A BF   41 10 23 0B 27 CD C7 77  2x..an..A.#.'..w
  02B0: 03 73 B2 F6 12 D2 56 9C   29 A2 BD 31 40 F6 5F 0C  .s....V.)..1 at ._.
  02C0: 17 56 4F 30 34 95 77 87   9C 43 B0 74 C5 92 05 43  .VO04.w..C.t...C
  02D0: 97 12 48 5B 7B 58 66 89   0A C1 8C CD 89 14 E0 5A  ..H[.Xf........Z
  02E0: 78 23 29 10 71 6C 5D 94   D5 FB C0 96 51 C1 0D 93  x#).ql].....Q...
  02F0: 64 91 45 82 5A 53 88 56   5D 7A AE 88 E8 07 7D 02  d.E.ZS.V]z......
  0300: 7D 44 9D CA 73 E5 6F 14   27 8B 6F 86 6C 00 00     .D..s.o.'.o.l..
)
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.756 CEST|CertificateMessage.java:1148|Consuming server Certificate handshake message (
"Certificate": {
  "certificate_request_context": "",
  "certificate_list": [  
  {
    "certificate" : {
      "version"            : "v3",
      "serial number"      : "20 C3 8D C4 49 66 D0 02",
      "signature algorithm": "SHA256withRSA",
      "issuer"             : "CN=e8ac02fa0d65a84219016045db8b05c485b4ecdf.netty.test",
      "not before"         : "2013-08-02 09:51:36.000 CEST",
      "not  after"         : "10000-01-01 24:59:59.000 CET",
      "subject"            : "CN=e8ac02fa0d65a84219016045db8b05c485b4ecdf.netty.test",
      "subject public key" : "RSA"}
    "extensions": {
      <no extension>
    }
  },
]
}
)
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.756 CEST|SSLExtensions.java:148|Ignore unavailable extension: status_request
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.757 CEST|SSLSocketInputRecord.java:458|Raw read (
  0000: 17 03 03 01 19                                     .....
)
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.757 CEST|SSLSocketInputRecord.java:213|READ: TLSv1.2 application_data, length = 281
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.757 CEST|SSLSocketInputRecord.java:458|Raw read (
  0000: DE 53 C0 74 78 C3 82 0D   E8 46 C0 0A F4 56 6E 6B  .S.tx....F...Vnk
  0010: B5 39 77 41 20 21 BA 07   99 2B BF 8D 0A 41 C9 B8  .9wA !...+...A..
  0020: BC 0F C1 8E C5 76 36 F0   7A B6 9A F8 38 4D 4D 4D  .....v6.z...8MMM
  0030: 70 33 BE 8F 8C ED BE BC   60 49 B8 41 65 E9 04 D9  p3......`I.Ae...
  0040: 45 43 AA 41 6D F7 67 7B   03 6D FF E0 4D 76 53 CE  EC.Am.g..m..MvS.
  0050: C1 73 3E 1C CD 87 40 B7   25 56 54 0C 3E CA D7 1D  .s>... at .%VT.>...
  0060: 45 80 41 E8 36 B7 FC 57   38 BB 21 EB E7 EA 19 A1  E.A.6..W8.!.....
  0070: 39 25 B0 44 8B FD 30 87   86 7A 47 03 C1 02 AC FD  9%.D..0..zG.....
  0080: 67 89 4B 27 34 04 20 AE   91 65 7C 8C 4A 58 C5 77  g.K'4. ..e..JX.w
  0090: 46 2E DD A8 23 CA 5C 28   49 25 23 3D 8A 93 B9 10  F...#.\(I%#=....
  00A0: 24 0D DE DC 98 AC AA B0   CB 51 80 D7 F8 E7 20 23  $........Q.... #
  00B0: 41 64 A6 44 93 A7 E1 A7   91 62 4F 3A 73 F6 24 04  Ad.D.....bO:s.$.
  00C0: C3 E8 25 65 37 D9 1B 7A   65 AE DE C6 29 67 2E C1  ..%e7..ze...)g..
  00D0: F7 4C 5C 18 D7 14 98 90   ED 9D AD F5 98 A7 FD 93  .L\.............
  00E0: 53 F4 B5 90 C9 CB FD 54   8E 5F 53 23 E3 73 94 BD  S......T._S#.s..
  00F0: A4 07 B7 E3 C7 83 7B 17   CF 51 4A 9E 9C 05 3C 51  .........QJ...<Q
  0100: 4D C7 A1 7A D6 4D A6 58   E5 3A D4 12 B9 B9 46 9C  M..z.M.X.:....F.
  0110: AB 1D C5 6B F9 6A 85 CB   E2                       ...k.j...
)
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.758 CEST|SSLSocketInputRecord.java:249|READ: TLSv1.2 application_data, length = 281
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.758 CEST|SSLCipher.java:1915|Plaintext after DECRYPTION (
  0000: 0F 00 01 04 08 04 01 00   30 11 28 CE 64 4E 08 BA  ........0.(.dN..
  0010: A1 BE 46 D9 3D 14 29 1A   EB 5A B0 1A 09 B7 11 A5  ..F.=.)..Z......
  0020: 9A F4 22 17 87 5F 87 D5   63 04 8E 27 EC 3A F8 52  ..".._..c..'.:.R
  0030: 36 F4 2F CF 47 D2 5C CE   0A F0 29 EF 63 03 B1 64  6./.G.\...).c..d
  0040: B8 45 6E 39 71 E3 BD 25   95 31 25 85 4C FB C6 AD  .En9q..%.1%.L...
  0050: C8 43 96 4E FA AD B9 98   17 43 61 FB 9B 87 CE 94  .C.N.....Ca.....
  0060: CF 74 6F 3B AA 6A C8 80   8F C7 C8 05 E4 EF 42 6C  .to;.j........Bl
  0070: D4 01 9E 25 5E 34 E8 2D   93 BD BB 05 49 2F 9D B6  ...%^4.-....I/..
  0080: F6 91 2F D1 E5 CB 1B 9E   F6 DB 18 32 1D F5 66 A0  ../........2..f.
  0090: 63 5D 25 01 B6 F6 1B 41   07 3E 90 61 37 49 38 17  c]%....A.>.a7I8.
  00A0: B0 15 C9 AD 0C 7A 05 8D   B4 48 BB 03 2D DE 5E 49  .....z...H..-.^I
  00B0: 99 8B 74 53 5F 73 9B 18   FD 95 2A C3 F9 A3 8B 59  ..tS_s....*....Y
  00C0: 1A ED 2C 55 C2 22 10 1E   7A FC 38 0A 99 FC 30 89  ..,U."..z.8...0.
  00D0: 03 89 1C CD A7 DE E5 35   FD E9 E0 05 96 09 AF DD  .......5........
  00E0: 51 A3 7F C7 16 C5 96 8D   CA CC 53 50 DC C5 C6 BA  Q.........SP....
  00F0: D6 05 28 18 BA 99 F8 0F   7F 24 9F D5 6B 93 DE BC  ..(......$..k...
  0100: EB 23 85 D9 D3 41 56 44                            .#...AVD
)
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.762 CEST|CertificateVerify.java:1128|Consuming CertificateVerify handshake message (
"CertificateVerify": {
  "signature algorithm": rsa_pss_rsae_sha256
  "signature": {
    0000: 30 11 28 CE 64 4E 08 BA   A1 BE 46 D9 3D 14 29 1A  0.(.dN....F.=.).
    0010: EB 5A B0 1A 09 B7 11 A5   9A F4 22 17 87 5F 87 D5  .Z........".._..
    0020: 63 04 8E 27 EC 3A F8 52   36 F4 2F CF 47 D2 5C CE  c..'.:.R6./.G.\.
    0030: 0A F0 29 EF 63 03 B1 64   B8 45 6E 39 71 E3 BD 25  ..).c..d.En9q..%
    0040: 95 31 25 85 4C FB C6 AD   C8 43 96 4E FA AD B9 98  .1%.L....C.N....
    0050: 17 43 61 FB 9B 87 CE 94   CF 74 6F 3B AA 6A C8 80  .Ca......to;.j..
    0060: 8F C7 C8 05 E4 EF 42 6C   D4 01 9E 25 5E 34 E8 2D  ......Bl...%^4.-
    0070: 93 BD BB 05 49 2F 9D B6   F6 91 2F D1 E5 CB 1B 9E  ....I/..../.....
    0080: F6 DB 18 32 1D F5 66 A0   63 5D 25 01 B6 F6 1B 41  ...2..f.c]%....A
    0090: 07 3E 90 61 37 49 38 17   B0 15 C9 AD 0C 7A 05 8D  .>.a7I8......z..
    00A0: B4 48 BB 03 2D DE 5E 49   99 8B 74 53 5F 73 9B 18  .H..-.^I..tS_s..
    00B0: FD 95 2A C3 F9 A3 8B 59   1A ED 2C 55 C2 22 10 1E  ..*....Y..,U."..
    00C0: 7A FC 38 0A 99 FC 30 89   03 89 1C CD A7 DE E5 35  z.8...0........5
    00D0: FD E9 E0 05 96 09 AF DD   51 A3 7F C7 16 C5 96 8D  ........Q.......
    00E0: CA CC 53 50 DC C5 C6 BA   D6 05 28 18 BA 99 F8 0F  ..SP......(.....
    00F0: 7F 24 9F D5 6B 93 DE BC   EB 23 85 D9 D3 41 56 44  .$..k....#...AVD
  }
}
)
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.762 CEST|SSLSocketInputRecord.java:458|Raw read (
  0000: 17 03 03 00 35                                     ....5
)
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.762 CEST|SSLSocketInputRecord.java:213|READ: TLSv1.2 application_data, length = 53
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.763 CEST|SSLSocketInputRecord.java:458|Raw read (
  0000: F6 A7 CD EA 89 34 B2 DB   C4 28 91 18 C9 03 98 B6  .....4...(......
  0010: DF 49 4E F5 2E 23 32 90   F8 13 C7 AE 18 E3 E5 64  .IN..#2........d
  0020: D9 E4 A5 B0 5C F0 4A 3E   AF EC 28 8D 09 78 AB EE  ....\.J>..(..x..
  0030: 38 1B 9E 45 04                                     8..E.
)
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.763 CEST|SSLSocketInputRecord.java:249|READ: TLSv1.2 application_data, length = 53
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.763 CEST|SSLCipher.java:1915|Plaintext after DECRYPTION (
  0000: 14 00 00 20 F2 93 6B 71   2B FA F3 1B BF 68 98 D1  ... ..kq+....h..
  0010: AA 5E B0 AF 5D 3B A6 B5   8F 79 BA 64 E8 A1 34 5F  .^..];...y.d..4_
  0020: D4 2B ED 8C                                        .+..
)
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.764 CEST|Finished.java:860|Consuming server Finished handshake message (
"Finished": {
  "verify data": {
    0000: F2 93 6B 71 2B FA F3 1B   BF 68 98 D1 AA 5E B0 AF  ..kq+....h...^..
    0010: 5D 3B A6 B5 8F 79 BA 64   E8 A1 34 5F D4 2B ED 8C  ];...y.d..4_.+..
  }'}
)
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.765 CEST|SSLCipher.java:1824|KeyLimit read side: algorithm = AES/GCM/NOPADDING:KEYUPDATE
countdown value = 137438953472
javax.net.ssl|WARNING|01|main|2018-09-17 11:51:54.765 CEST|CertificateMessage.java:1015|No signature_algorithms(_cert) in ClientHello
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.766 CEST|CertificateMessage.java:1081|No available client authentication scheme
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.766 CEST|CertificateMessage.java:1116|Produced client Certificate message (
"Certificate": {
  "certificate_request_context": "",
  "certificate_list": [  
]
}
)
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.766 CEST|SSLSocketOutputRecord.java:241|WRITE: TLS13 handshake, length = 8
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.766 CEST|SSLCipher.java:2020|Plaintext before ENCRYPTION (
  0000: 0B 00 00 04 00 00 00 00   16 00 00 00 00 00 00 00  ................
  0010: 00 00 00 00 00 00 00 00   00                       .........
)
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.767 CEST|SSLSocketOutputRecord.java:255|Raw write (
  0000: 17 03 03 00 29 E5 32 E4   5B 13 E7 D4 A1 78 FE 38  ....).2.[....x.8
  0010: 26 22 CB C1 04 88 3A 3A   2D D4 A1 31 5A 78 65 50  &"....::-..1ZxeP
  0020: 51 45 67 FA 9F 55 35 E1   49 C5 3B 3B 91 B1        QEg..U5.I.;;..
)
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.767 CEST|CertificateVerify.java:1059|No X.509 credentials negotiated for CertificateVerify
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.768 CEST|Finished.java:658|Produced client Finished handshake message (
"Finished": {
  "verify data": {
    0000: D8 47 0B A0 DF BB BF 49   E4 55 B9 D3 FB 3D B0 DD  .G.....I.U...=..
    0010: 57 1E 08 28 20 7E E1 0B   E3 EB 12 10 09 76 D1 8F  W..( ........v..
  }'}
)
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.768 CEST|SSLSocketOutputRecord.java:241|WRITE: TLS13 handshake, length = 36
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.769 CEST|SSLCipher.java:2020|Plaintext before ENCRYPTION (
  0000: 14 00 00 20 D8 47 0B A0   DF BB BF 49 E4 55 B9 D3  ... .G.....I.U..
  0010: FB 3D B0 DD 57 1E 08 28   20 7E E1 0B E3 EB 12 10  .=..W..( .......
  0020: 09 76 D1 8F 16 00 00 00   00 00 00 00 00 00 00 00  .v..............
  0030: 00 00 00 00 00                                     .....
)
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.769 CEST|SSLSocketOutputRecord.java:255|Raw write (
  0000: 17 03 03 00 45 0F 4D 84   52 28 59 96 92 52 D1 AB  ....E.M.R(Y..R..
  0010: DB 86 64 25 31 FF 9D 8E   D7 84 63 B5 03 E2 9E 06  ..d%1.....c.....
  0020: 3C 8C C2 22 F3 7A EE 55   AD 8C F5 5C F6 04 9A E2  <..".z.U...\....
  0030: 6D BA E4 C4 9F 97 C3 DA   BC D3 CB 8C 2C 9E BF FD  m...........,...
  0040: A3 9F C1 A2 79 51 75 B7   AE B6                    ....yQu...
)
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.770 CEST|SSLCipher.java:1978|KeyLimit write side: algorithm = AES/GCM/NOPADDING:KEYUPDATE
countdown value = 137438953472
javax.net.ssl|DEBUG|0C|Thread-0|2018-09-17 11:51:54.772 CEST|SSLSocketInputRecord.java:458|Raw read (
  0000: 17 03 03 00 13                                     .....
)
javax.net.ssl|DEBUG|0C|Thread-0|2018-09-17 11:51:54.772 CEST|SSLSocketInputRecord.java:213|READ: TLSv1.2 application_data, length = 19
javax.net.ssl|DEBUG|0C|Thread-0|2018-09-17 11:51:54.772 CEST|SSLSocketInputRecord.java:458|Raw read (
  0000: 4F 0D C7 65 8B 24 B4 92   A2 26 31 8C 81 AF 8F F7  O..e.$...&1.....
  0010: AC C3 B3                                           ...
)
javax.net.ssl|DEBUG|0C|Thread-0|2018-09-17 11:51:54.772 CEST|SSLSocketInputRecord.java:249|READ: TLSv1.2 application_data, length = 19
javax.net.ssl|DEBUG|0C|Thread-0|2018-09-17 11:51:54.773 CEST|SSLCipher.java:1915|Plaintext after DECRYPTION (
  0000: 02 74                                              .t
)
javax.net.ssl|DEBUG|0C|Thread-0|2018-09-17 11:51:54.774 CEST|Alert.java:232|Received alert message (
"Alert": {
  "level"      : "fatal",
  "description": "certificate_required"
}
)
javax.net.ssl|ERROR|0C|Thread-0|2018-09-17 11:51:54.774 CEST|TransportContext.java:313|Fatal (CERTIFICATE_REQUIRED): Received fatal alert: certificate_required (
"throwable" : {
  javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_required
  	at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:128)
  	at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
  	at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:308)
  	at java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:279)
  	at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:181)
  	at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:164)
  	at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1155)
  	at java.base/sun.security.ssl.SSLSocketImpl.readApplicationRecord(SSLSocketImpl.java:1125)
  	at java.base/sun.security.ssl.SSLSocketImpl$AppInputStream.read(SSLSocketImpl.java:823)
  	at java.base/sun.security.ssl.SSLSocketImpl$AppInputStream.read(SSLSocketImpl.java:758)
  	at ReproducerClient$1.run(ReproducerClient.java:33)
  	at java.base/java.lang.Thread.run(Thread.java:834)}

)
javax.net.ssl|ALL|0C|Thread-0|2018-09-17 11:51:54.775 CEST|SSLSessionImpl.java:753|Invalidated session:  Session(1537177914725|TLS_AES_128_GCM_SHA256)
javax.net.ssl|DEBUG|0C|Thread-0|2018-09-17 11:51:54.776 CEST|SSLSocketImpl.java:1361|close the underlying socket
javax.net.ssl|DEBUG|0C|Thread-0|2018-09-17 11:51:54.776 CEST|SSLSocketImpl.java:1380|close the SSL connection (initiative)
javax.net.ssl|WARNING|0C|Thread-0|2018-09-17 11:51:54.777 CEST|SSLSocketImpl.java:1289|handling exception (
"throwable" : {
  javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_required
  	at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:128)
  	at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
  	at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:308)
  	at java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:279)
  	at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:181)
  	at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:164)
  	at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1155)
  	at java.base/sun.security.ssl.SSLSocketImpl.readApplicationRecord(SSLSocketImpl.java:1125)
  	at java.base/sun.security.ssl.SSLSocketImpl$AppInputStream.read(SSLSocketImpl.java:823)
  	at java.base/sun.security.ssl.SSLSocketImpl$AppInputStream.read(SSLSocketImpl.java:758)
  	at ReproducerClient$1.run(ReproducerClient.java:33)
  	at java.base/java.lang.Thread.run(Thread.java:834)}

)


Bye
Norman

> On 16. Sep 2018, at 15:54, Norman Maurer <norman.maurer at googlemail.com <mailto:norman.maurer at googlemail.com>> wrote:
> 
> Will do,  but not before tomorrow (I will also share the client side code). That said there is nothing special about the keymanager.
> Like I said before it sends the cert when using „want client with“, it just seems it may be too late.
> 
> 
> Bye
> Norman
> 
>> Am 15.09.2018 um 08:26 schrieb Bradford Wetmore <bradford.wetmore at oracle.com <mailto:bradford.wetmore at oracle.com>>:
>> 
>> It would greatly help if you can provide the client side debug output so we can see what's going on locally:
>> 
>> -Djavax.net.debug=all or System.setProperty(....)
>> 
>> Please also let us know if you are using a custom client keymanager. It's possible that it isn't properly selecting an entity to use, in which case an empty message will be sent.
>> 
>> Brad
>> 
>> 
>>> On 9/14/2018 11:18 PM, Norman Maurer wrote:
>>> Ok will try to find time today.
>>>> Am 15.09.2018 um 08:08 schrieb Xuelei Fan <xuelei.fan at oracle.com <mailto:xuelei.fan at oracle.com>>:
>>>> 
>>>> Hi Norman,
>>>> 
>>>> I have not had a chance to look into the details.  But sure, it helps a lot if you can provide a java client to reproduce the issue.
>>>> 
>>>> Thanks,
>>>> Xuelei
>>>> 
>>>>> On 9/14/2018 10:29 PM, Norman Maurer wrote:
>>>>> Is there any more details you need ?
>>>>> Just wondering. If you say so I can also provide a pure jdk client (without the Netty wrapper) that shows the problem when used with OpenSSL on the server in the next days.
>>>>> Bye
>>>>> Norman
>>>>>> Am 13.09.2018 um 21:07 schrieb Norman Maurer <norman.maurer at googlemail.com <mailto:norman.maurer at googlemail.com>>:
>>>>>> 
>>>>>> Hi all,
>>>>>> 
>>>>>> I am currently in the process of adding TLS 1.3 support into netty-tcnative[1] which uses JNI to make use of OpenSSL for it. During this work I noticed that I received test-failures when mutual auth is used and the JDK implementation is used on the client side. When using the JDK implementation on the server and client side all works as expected. Also if I use another protocol (like TLSv1.2) all works as expected.
>>>>>> 
>>>>>> The problem I am observing is that the client seems to sent the certificate “too late” and so the server (which uses openssl) will report and error that the client did not provide an certificate (even when it was required).
>>>>>> 
>>>>>> To reproduce this you can use openssl s_server like this and just create your usual SSLSocket with a KeyManagerFactory configured.
>>>>>> 
>>>>>> ./bin/openssl s_server -tls1_3 -cert ~/Documents/workspace/netty/handler/src/test/resources/io/netty/handler/ssl/test.crt -key ~/Documents/workspace/netty/handler/src/test/resources/io/netty/handler/ssl/test_unencrypted.pem -4 -accept localhost:8443 -state -debug  -Verify 1
>>>>>> 
>>>>>> When now try to connect to it via the JDK TLS1.3 implementation I see the following output:
>>>>>> SSL_accept:before SSL initialization
>>>>>> read from 0x7fe400f050c0 [0x7fe40300f603] (5 bytes => 5 (0x5))
>>>>>> 0000 - 16 03 03 01 60                                    ....`
>>>>>> read from 0x7fe400f050c0 [0x7fe40300f608] (352 bytes => 352 (0x160))
>>>>>> 0000 - 01 00 01 5c 03 03 22 da-02 d7 86 40 6e 7d c5 a7   ...\..".... at n}..
>>>>>> 0010 - ea 34 47 a4 fa d0 bb 92-f5 62 ec f6 21 e5 ec da   .4G......b..!...
>>>>>> 0020 - d6 6b 75 aa b9 34 20 b7-57 a6 83 7b c8 bc a2 0f   .ku..4 .W..{....
>>>>>> 0030 - 52 82 11 6f a3 1a 84 c5-4b fd e0 80 58 3c 2a bf   R..o....K...X<*.
>>>>>> 0040 - af 54 32 4c 7d 4f fe 00-14 c0 2c c0 2b c0 2f c0   .T2L}O....,.+./.
>>>>>> 0050 - 13 c0 14 00 9c 00 2f 00-35 13 01 13 02 01 00 00   ....../.5.......
>>>>>> 0060 - ff 00 05 00 05 01 00 00-00 00 00 0a 00 20 00 1e   ............. ..
>>>>>> 0070 - 00 17 00 18 00 19 00 09-00 0a 00 0b 00 0c 00 0d   ................
>>>>>> 0080 - 00 0e 00 16 01 00 01 01-01 02 01 03 01 04 00 0b   ................
>>>>>> 0090 - 00 02 01 00 00 0d 00 28-00 26 04 03 05 03 06 03   .......(.&......
>>>>>> 00a0 - 08 04 08 05 08 06 08 09-08 0a 08 0b 04 01 05 01   ................
>>>>>> 00b0 - 06 01 04 02 03 03 03 01-03 02 02 03 02 01 02 02   ................
>>>>>> 00c0 - 00 32 00 28 00 26 04 03-05 03 06 03 08 04 08 05   .2.(.&..........
>>>>>> 00d0 - 08 06 08 09 08 0a 08 0b-04 01 05 01 06 01 04 02   ................
>>>>>> 00e0 - 03 03 03 01 03 02 02 03-02 01 02 02 00 11 00 09   ................
>>>>>> 00f0 - 00 07 02 00 04 00 00 00-00 00 17 00 00 00 2b 00   ..............+.
>>>>>> 0100 - 09 08 03 04 03 03 03 02-03 01 00 2d 00 02 01 01   ...........-....
>>>>>> 0110 - 00 33 00 47 00 45 00 17-00 41 04 4e da b3 f2 63   .3.G.E...A.N...c
>>>>>> 0120 - ee 6e bf e3 af 73 be c9-92 c5 ec 70 ff c7 64 b8   .n...s.....p..d.
>>>>>> 0130 - 8a 9a cc fd f9 d6 36 ef-ce e0 dc 81 01 2f 87 57   ......6....../.W
>>>>>> 0140 - 56 f0 e4 2d 8b c8 73 14-eb 5f 21 0a 5e 94 46 ba   V..-..s.._!.^.F.
>>>>>> 0150 - de d1 33 57 4c b5 b3 66-c9 26 fb ff 01 00 01 00   ..3WL..f.&......
>>>>>> SSL_accept:before SSL initialization
>>>>>> SSL_accept:SSLv3/TLS read client hello
>>>>>> SSL_accept:SSLv3/TLS write server hello
>>>>>> SSL_accept:SSLv3/TLS write change cipher spec
>>>>>> SSL_accept:TLSv1.3 write encrypted extensions
>>>>>> SSL_accept:SSLv3/TLS write certificate request
>>>>>> SSL_accept:SSLv3/TLS write certificate
>>>>>> SSL_accept:TLSv1.3 write server certificate verify
>>>>>> write to 0x7fe400f050c0 [0x7fe403018a00] (1430 bytes => 1430 (0x596))
>>>>>> 0000 - 16 03 03 00 9b 02 00 00-97 03 03 bc 7f 3b 07 ad   .............;..
>>>>>> 0010 - fb 21 9c 6f 7c 4a 9d 84-9a 82 6e 9c 1a b4 e3 5d   .!.o|J....n....]
>>>>>> 0020 - a8 d3 9d 52 a7 e1 93 c3-cc 8c 82 20 b7 57 a6 83   ...R....... .W..
>>>>>> 0030 - 7b c8 bc a2 0f 52 82 11-6f a3 1a 84 c5 4b fd e0   {....R..o....K..
>>>>>> 0040 - 80 58 3c 2a bf af 54 32-4c 7d 4f fe 13 01 00 00   .X<*..T2L}O.....
>>>>>> 0050 - 4f 00 2b 00 02 03 04 00-33 00 45 00 17 00 41 04   O.+.....3.E...A.
>>>>>> 0060 - 7d 81 11 ab ff a6 60 e7-5f 23 82 ed 22 35 76 24   }.....`._#.."5v$
>>>>>> 0070 - b0 47 09 25 0c 79 b9 07-5b 3e 28 b7 3c d8 d3 ce   .G.%.y..[>(.<...
>>>>>> 0080 - 6b 89 c6 01 21 28 c9 97-ae 50 a5 e7 43 35 ae c7   k...!(...P..C5..
>>>>>> 0090 - 73 10 60 62 57 25 9b c9-f1 93 28 70 03 44 e1 a0   s.`bW%....(p.D..
>>>>>> 00a0 - 14 03 03 00 01 01 17 03-03 00 27 0f 8b fb 2d 33   ..........'...-3
>>>>>> 00b0 - 72 c6 a8 28 0b 7d e1 c3-b7 d0 f3 d9 18 5b ca e0   r..(.}.......[..
>>>>>> 00c0 - 56 09 74 48 ba 28 16 1c-15 11 d9 fa 6e b3 bc b9   V.tH.(......n...
>>>>>> 00d0 - 4d 54 17 03 03 00 42 35-53 5b 9a 8e 09 df 86 c4   MT....B5S[......
>>>>>> 00e0 - 00 28 05 6d a8 c9 bb 38-e2 77 72 73 25 26 e3 65   .(.m...8.wrs%&.e
>>>>>> 00f0 - 58 d8 fd 15 8a ce ea 97-8a 50 1e e3 f9 c5 dc 96   X........P......
>>>>>> 0100 - f0 3b 3c 0a 12 41 58 9d-ab f8 3a 28 0a 1f 61 e9   .;<..AX...:(..a.
>>>>>> 0110 - df 68 a9 1f 84 66 f7 5b-d7 17 03 03 03 20 8f b5   .h...f.[..... ..
>>>>>> 0120 - b4 52 44 80 d0 b9 63 3d-80 9c 8b 02 fc f3 d5 bb   .RD...c=........
>>>>>> 0130 - a9 2a 4f 5b 4a cc 77 78-96 75 95 20 b8 12 c4 a6   .*O[J.wx.u. ....
>>>>>> 0140 - e6 82 ea 56 56 e2 5f 97-65 99 7e 6e 3d b1 66 ee   ...VV._.e.~n=.f.
>>>>>> 0150 - 10 4c f7 6d 9b 73 86 14-7a 81 f8 b1 27 af 08 ee   .L.m.s..z...'...
>>>>>> 0160 - ce 26 90 34 73 3d b7 45-8d 85 29 a8 65 19 e7 02   .&.4s=.E..).e...
>>>>>> 0170 - e5 55 4a 27 f1 b1 6a a4-11 cc 6c af 78 6d 22 5c   .UJ'..j...l.xm"\
>>>>>> 0180 - 33 73 e3 ad 7f 8d 1b d3-75 95 66 64 2d 0e f1 3e   3s......u.fd-..>
>>>>>> 0190 - c2 30 df a1 7e ce a3 50-c3 4e 68 f6 36 b3 4e 45   .0..~..P.Nh.6.NE
>>>>>> 01a0 - 9c ac e9 f2 0d 7c e3 73-6a 40 ab 6e 6e f9 d8 20   .....|.sj at .nn..
>>>>>> 01b0 - 9c f3 04 32 cd 1d df 18-e5 4d e3 e8 b1 38 59 f8   ...2.....M...8Y.
>>>>>> 01c0 - 28 67 2e ca af a2 8b 88-ce ca 48 a6 07 2b a6 9a   (g........H..+..
>>>>>> 01d0 - 0e 88 5b d7 0b d9 31 77-97 8d 6c 2b f5 60 24 61   ..[...1w..l+.`$a
>>>>>> 01e0 - a8 5c 47 5d 7c 66 f0 9b-1f e4 76 93 38 f6 78 3e   .\G]|f....v.8.x>
>>>>>> 01f0 - 69 29 72 f9 d9 4b cb 05-03 e4 f2 d6 24 e1 91 ee   i)r..K......$...
>>>>>> 0200 - 85 37 d7 7b c3 5c 35 90-08 cd b1 cc 76 11 fc 00   .7.{.\5.....v...
>>>>>> 0210 - 12 7e 89 7b 70 e6 ca fe-0b 26 b6 bb ac fe 4b 9f   .~.{p....&....K.
>>>>>> 0220 - ec cf 41 69 42 3a 3e 41-f9 b0 c0 93 5b 70 1f c7   ..AiB:>A....[p..
>>>>>> 0230 - 11 00 3d ec 66 5a 1a ca-31 89 22 27 02 dd a0 cb   ..=.fZ..1."'....
>>>>>> 0240 - 39 14 25 ee 30 44 e8 62-97 bf 8e 16 63 40 c4 11   9.%.0D.b....c at ..
>>>>>> 0250 - a6 d9 32 b1 3c 86 35 bb-9f f1 4d 71 9f a5 4f 78   ..2.<.5...Mq..Ox
>>>>>> 0260 - 0a e8 96 dd 4d 10 c3 48-f2 db 67 57 2d cd dc 23   ....M..H..gW-..#
>>>>>> 0270 - 3a 8d 6a 61 47 20 ff c8-33 cd e9 f7 47 4c 68 4f   :.jaG ..3...GLhO
>>>>>> 0280 - 19 2f 8b e3 b1 90 ac 66-a7 cf 5c e6 d2 05 21 25   ./.....f..\...!%
>>>>>> 0290 - d2 d8 f0 43 8c 55 01 ef-d6 8f c0 27 87 0d 21 d5   ...C.U.....'..!.
>>>>>> 02a0 - 2b 2b 6f db e8 85 ea cd-6e 9c 5d 56 d5 31 c1 f2   ++o.....n.]V.1..
>>>>>> 02b0 - 97 2f 5a 83 7a 2b 71 03-65 e0 b6 4a 56 37 de e1   ./Z.z+q.e..JV7..
>>>>>> 02c0 - 80 3a c4 cc 5a ac 3b 9a-7a bf f7 6b fe a8 69 e9   .:..Z.;.z..k..i.
>>>>>> 02d0 - 58 09 59 bd 46 bd d2 a3-bc ad 1c 10 53 c8 29 7b   X.Y.F.......S.){
>>>>>> 02e0 - be 63 00 d6 e5 a8 d6 ab-b2 bc 8b e1 2c 0e 24 2a   .c..........,.$*
>>>>>> 02f0 - c2 31 2d d8 6e 1f 19 93-d7 54 e1 1e 28 ce 72 83   .1-.n....T..(.r.
>>>>>> 0300 - ff 05 18 f2 fc e9 0c b3-0c 1b d5 96 c2 d8 fc 76   ...............v
>>>>>> 0310 - 37 a9 5a ef 8e e9 b6 71-21 f3 bd c1 85 23 85 22   7.Z....q!....#."
>>>>>> 0320 - 3d c4 1c c9 31 8b 7e 00-8f 8e b4 9f 05 d4 80 6b   =...1.~........k
>>>>>> 0330 - 98 4c a8 82 68 ff 1a a5-28 e2 9b 03 a1 a7 b1 00   .L..h...(.......
>>>>>> 0340 - 02 2b 2d e2 e1 87 8c e8-0a fb 0b 79 54 ca 3d d5   .+-........yT.=.
>>>>>> 0350 - 6a dd b7 b7 87 42 2b 47-49 da e9 0a 82 0a c9 8f   j....B+GI.......
>>>>>> 0360 - 57 f7 1e 03 ca 8d 16 bc-21 3a 6a ee b9 b8 fa f0   W.......!:j.....
>>>>>> 0370 - d9 18 35 9f 35 ac d8 6e-9a 8a 0d 56 10 1e 1f 5a   ..5.5..n...V...Z
>>>>>> 0380 - ba ec e4 fe 1a 92 b4 31-35 43 1d 99 b9 12 fa ff   .......15C......
>>>>>> 0390 - 99 2b 88 e0 58 ec 9c dc-8f 67 ef 2a c2 e2 64 5d   .+..X....g.*..d]
>>>>>> 03a0 - 66 76 1c d0 aa 00 30 59-b1 f5 b1 55 9f ad 60 e9   fv....0Y...U..`.
>>>>>> 03b0 - 3d 03 1e d0 8b 4d bf 74-ac bc bb 1c 83 14 c5 e0   =....M.t........
>>>>>> 03c0 - f4 fc 70 9e f4 22 a0 78-04 fe c8 b1 17 65 f6 94   ..p..".x.....e..
>>>>>> 03d0 - 47 82 50 4a b6 32 74 ae-5b 38 5a 2e d9 b0 6a 45   G.PJ.2t.[8Z...jE
>>>>>> 03e0 - 74 e8 f0 22 fe d3 b0 11-c3 fd 72 4f da 77 7a ba   t.."......rO.wz.
>>>>>> 03f0 - 26 3e 61 0c 63 21 17 a6-b2 13 6e 71 5c f2 0d ad   &>a.c!....nq\...
>>>>>> 0400 - f2 d1 19 71 51 9e a4 1b-b0 30 24 e0 71 7d 87 80   ...qQ....0$.q}..
>>>>>> 0410 - a9 5a e9 bc db e4 4f 50-4d a1 bc bc 2c 4b 66 98   .Z....OPM...,Kf.
>>>>>> 0420 - d4 e4 b0 76 0f d2 db a5-a5 39 9e f2 5b ea 34 c1   ...v.....9..[.4.
>>>>>> 0430 - 62 ab 47 51 3b 37 17 45-54 31 18 f3 f1 ca 17 03   b.GQ;7.ET1......
>>>>>> 0440 - 03 01 19 dd 50 50 f5 0c-f2 c9 3c b4 8f 63 cc 4a   ....PP....<..c.J
>>>>>> 0450 - a7 50 c9 91 9b 79 9a 2a-5c 47 d3 77 f6 56 69 90   .P...y.*\G.w.Vi.
>>>>>> 0460 - 98 cd ff bd c1 2a 49 fc-0d d4 7e cc 7e 44 af c4   .....*I...~.~D..
>>>>>> 0470 - 61 47 e0 c1 76 b1 8c 2e-df 7e d0 82 e1 89 1f 04   aG..v....~......
>>>>>> 0480 - ae 64 bd 71 4d ae 1c 3c-e3 d3 39 5d 61 2a ea 70   .d.qM..<..9]a*.p
>>>>>> 0490 - 8c 31 6d a0 b1 72 a8 7a-5c 9c 11 08 b8 4d a5 c4   .1m..r.z\....M..
>>>>>> 04a0 - ad 1b 38 4a 6a 02 28 d4-d1 0f c8 9f 0b b3 02 18   ..8Jj.(.........
>>>>>> 04b0 - 82 2b bd 46 82 04 64 f0-41 b2 da f5 cd 9c f7 f3   .+.F..d.A.......
>>>>>> 04c0 - 73 30 58 ca 12 ec ea 90-85 1c 75 09 0a 70 b8 80   s0X.......u..p..
>>>>>> 04d0 - 3d 02 17 3e 9b 83 04 b5-dd 9e e6 18 17 65 83 a5   =..>.........e..
>>>>>> 04e0 - 59 7d 4b 98 da bd 8b aa-d6 aa c5 1c 7d 87 56 e3   Y}K.........}.V.
>>>>>> 04f0 - 74 d8 e9 7b eb b3 3d f7-7c 3c 0a e9 a8 2e 04 0d   t..{..=.|<......
>>>>>> 0500 - 6a e7 83 e0 ec 99 43 6a-8b 1c 73 59 7a c8 cd 6e   j.....Cj..sYz..n
>>>>>> 0510 - 4a 14 73 ff 9a fb 71 94-d5 50 a9 d9 e0 dd 02 4c   J.s...q..P.....L
>>>>>> 0520 - 2b 67 9e da 9e fa 2d 67-49 df 13 10 ed 35 3e 73   +g....-gI....5>s
>>>>>> 0530 - 07 20 17 fb 0b ef f6 d0-b7 68 1c 65 21 a6 e3 3b   . .......h.e!..;
>>>>>> 0540 - bf 7b 84 cd 9e f5 76 2a-0d 4f b8 c3 c8 15 08 e9   .{....v*.O......
>>>>>> 0550 - 0f 3c 50 49 12 97 a8 d7-f1 a3 16 da 17 03 03 00   .<PI............
>>>>>> 0560 - 35 22 dd a2 9d 25 98 2c-35 b8 00 29 fa a1 dd ba   5"...%.,5..)....
>>>>>> 0570 - 72 b9 fe e5 85 85 f0 f1-3b 4e f5 7c 58 c8 2a da   r.......;N.|X.*.
>>>>>> 0580 - d2 75 94 3b c1 7a 7c 7e-db 5b fe 8a 2d 3f 8c 9a   .u.;.z|~.[..-?..
>>>>>> 0590 - 6e 79 ab 2b ff 1a                                 ny.+..
>>>>>> SSL_accept:SSLv3/TLS write finished
>>>>>> SSL_accept:TLSv1.3 early data
>>>>>> read from 0x7fe400f050c0 [0x7fe40300f603] (5 bytes => 5 (0x5))
>>>>>> 0000 - 14 03 03 00 01                                    .....
>>>>>> read from 0x7fe400f050c0 [0x7fe40300f608] (1 bytes => 1 (0x1))
>>>>>> 0000 - 01                                                .
>>>>>> read from 0x7fe400f050c0 [0x7fe40300f603] (5 bytes => 5 (0x5))
>>>>>> 0000 - 17 03 03 00 3d                                    ....=
>>>>>> read from 0x7fe400f050c0 [0x7fe40300f608] (61 bytes => 61 (0x3D))
>>>>>> 0000 - 38 e7 bb 2c 5b af b6 5f-37 d8 3e 7e bb f4 04 f5   8..,[.._7.>~....
>>>>>> 0010 - e1 28 b5 e5 07 5a ec ce-da 2f f3 b6 45 61 cf ef   .(...Z.../..Ea..
>>>>>> 0020 - 90 fb 57 b8 f3 20 45 27-60 d4 26 51 38 77 e4 bc   ..W.. E'`.&Q8w..
>>>>>> 0030 - b7 64 d4 8b 73 25 41 9e-fe d3 9d 5f 53            .d..s%A...._S
>>>>>> SSL_accept:TLSv1.3 early data
>>>>>> write to 0x7fe400f050c0 [0x7fe403018a00] (24 bytes => 24 (0x18))
>>>>>> 0000 - 17 03 03 00 13 25 85 60-eb 7d c1 a8 15 49 d5 63   .....%.`.}...I.c
>>>>>> 0010 - 18 7f c6 ac ed 7f df 77-                          .......w
>>>>>> SSL3 alert write:fatal:unknown
>>>>>> SSL_accept:error in error
>>>>>> ERROR
>>>>>> 140736092021632:error:1417C0C7:SSL routines:tls_process_client_certificate:peer did not return a certificate:ssl/statem/statem_srvr.c:3654:
>>>>>> shutting down SSL
>>>>>> CONNECTION CLOSED
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> When using openssl s_client all works as expected tho (thats also true if I use my native implementation on the client and server side that uses openssl):
>>>>>> 
>>>>>> ./bin/openssl s_client -cert ~/Documents/workspace/netty/handler/src/test/resources/io/netty/handler/ssl/test.crt -key ~/Documents/workspace/netty/handler/src/test/resources/io/netty/handler/ssl/test_unencrypted.pem  -state -tls1_3 -connect localhost:8443
>>>>>> 
>>>>>> The interesting thing is if I use “-verify 1” and not “-Verify 1” with openssl which tells it I want to request a certificate but will also process if none is provided I receive the certificate at some point as seen here:
>>>>>> 
>>>>>> SSL_accept:before SSL initialization
>>>>>> read from 0x7fdc58809fb0 [0x7fdc5901da03] (5 bytes => 5 (0x5))
>>>>>> 0000 - 16 03 03 01 60                                    ....`
>>>>>> read from 0x7fdc58809fb0 [0x7fdc5901da08] (352 bytes => 352 (0x160))
>>>>>> 0000 - 01 00 01 5c 03 03 61 c0-b3 ed 88 65 e6 cf 11 3f   ...\..a....e...?
>>>>>> 0010 - c0 e0 f8 df a6 63 32 c2-ab 3d 61 6f 41 ed b1 4b   .....c2..=aoA..K
>>>>>> 0020 - 53 0e 83 e5 a1 b8 20 c7-1b 8c b8 e6 b5 da 4e 4e   S..... .......NN
>>>>>> 0030 - 3f 3c 61 7a ad 58 23 94-a7 32 79 2f db 9f 21 c0   ?<az.X#..2y/..!.
>>>>>> 0040 - 8e 0c c5 ce b1 c2 a4 00-14 c0 2c c0 2b c0 2f c0   ..........,.+./.
>>>>>> 0050 - 13 c0 14 00 9c 00 2f 00-35 13 01 13 02 01 00 00   ....../.5.......
>>>>>> 0060 - ff 00 05 00 05 01 00 00-00 00 00 0a 00 20 00 1e   ............. ..
>>>>>> 0070 - 00 17 00 18 00 19 00 09-00 0a 00 0b 00 0c 00 0d   ................
>>>>>> 0080 - 00 0e 00 16 01 00 01 01-01 02 01 03 01 04 00 0b   ................
>>>>>> 0090 - 00 02 01 00 00 0d 00 28-00 26 04 03 05 03 06 03   .......(.&......
>>>>>> 00a0 - 08 04 08 05 08 06 08 09-08 0a 08 0b 04 01 05 01   ................
>>>>>> 00b0 - 06 01 04 02 03 03 03 01-03 02 02 03 02 01 02 02   ................
>>>>>> 00c0 - 00 32 00 28 00 26 04 03-05 03 06 03 08 04 08 05   .2.(.&..........
>>>>>> 00d0 - 08 06 08 09 08 0a 08 0b-04 01 05 01 06 01 04 02   ................
>>>>>> 00e0 - 03 03 03 01 03 02 02 03-02 01 02 02 00 11 00 09   ................
>>>>>> 00f0 - 00 07 02 00 04 00 00 00-00 00 17 00 00 00 2b 00   ..............+.
>>>>>> 0100 - 09 08 03 04 03 03 03 02-03 01 00 2d 00 02 01 01   ...........-....
>>>>>> 0110 - 00 33 00 47 00 45 00 17-00 41 04 52 dc d6 47 6e   .3.G.E...A.R..Gn
>>>>>> 0120 - a1 de 9c 71 c2 54 0e 5c-9b 57 fb c8 aa 3f 19 f7   ...q.T.\.W...?..
>>>>>> 0130 - d3 a4 25 12 fa 3f 6c 6d-95 30 66 ca 63 b7 a1 dd   ..%..?lm.0f.c...
>>>>>> 0140 - ae 9f 99 d6 a8 6b 20 4f-29 7a 74 58 ad 58 de 12   .....k O)ztX.X..
>>>>>> 0150 - d7 a5 9b 69 dc 27 ac ec-9e d4 04 ff 01 00 01 00   ...i.'..........
>>>>>> SSL_accept:before SSL initialization
>>>>>> SSL_accept:SSLv3/TLS read client hello
>>>>>> SSL_accept:SSLv3/TLS write server hello
>>>>>> SSL_accept:SSLv3/TLS write change cipher spec
>>>>>> SSL_accept:TLSv1.3 write encrypted extensions
>>>>>> SSL_accept:SSLv3/TLS write certificate request
>>>>>> SSL_accept:SSLv3/TLS write certificate
>>>>>> SSL_accept:TLSv1.3 write server certificate verify
>>>>>> write to 0x7fdc58809fb0 [0x7fdc59025e00] (1430 bytes => 1430 (0x596))
>>>>>> 0000 - 16 03 03 00 9b 02 00 00-97 03 03 8b c8 62 48 6c   .............bHl
>>>>>> 0010 - f5 7c 73 d9 17 f8 63 a2-11 27 40 93 09 26 53 06   .|s...c..'@..&S.
>>>>>> 0020 - b3 62 df 46 26 b6 dc 59-29 b5 58 20 c7 1b 8c b8   .b.F&..Y).X ....
>>>>>> 0030 - e6 b5 da 4e 4e 3f 3c 61-7a ad 58 23 94 a7 32 79   ...NN?<az.X#..2y
>>>>>> 0040 - 2f db 9f 21 c0 8e 0c c5-ce b1 c2 a4 13 01 00 00   /..!............
>>>>>> 0050 - 4f 00 2b 00 02 03 04 00-33 00 45 00 17 00 41 04   O.+.....3.E...A.
>>>>>> 0060 - 07 63 1c 19 53 89 68 a8-0f ea 9e 4c 18 6f 2a ad   .c..S.h....L.o*.
>>>>>> 0070 - 2a df eb 17 a2 08 94 c6-e3 c5 97 ae 0f c1 1a d7   *...............
>>>>>> 0080 - 0d d7 2e 6d 77 3d 30 a0-07 db 70 35 bb 37 dd 1e   ...mw=0...p5.7..
>>>>>> 0090 - b6 f3 4d cb 13 97 7c 11-63 98 e8 64 2d a7 e6 cc   ..M...|.c..d-...
>>>>>> 00a0 - 14 03 03 00 01 01 17 03-03 00 27 a3 73 d2 ee 2c   ..........'.s..,
>>>>>> 00b0 - 2f 9c 8f 95 7f ca a3 89-bc b4 b3 b2 3c 8b 23 ef   /...........<.#.
>>>>>> 00c0 - 36 66 23 c9 09 02 33 0d-dc 5d 36 61 44 89 8b ef   6f#...3..]6aD...
>>>>>> 00d0 - fd 13 17 03 03 00 42 f2-5b 3c 0c 27 5e 7f 97 4f   ......B.[<.'^..O
>>>>>> 00e0 - 0f de 8c b9 0a a1 41 c7-c2 1e 92 99 6a d5 bd 12   ......A.....j...
>>>>>> 00f0 - 38 b6 b7 93 33 e9 8e 0f-44 93 f0 69 58 b6 41 22   8...3...D..iX.A"
>>>>>> 0100 - 46 e2 4a d5 d6 32 2b b8-a7 ae 3a c2 c5 2f e6 35   F.J..2+...:../.5
>>>>>> 0110 - 11 0c f1 9a 35 2a 87 ed-9e 17 03 03 03 20 a7 e2   ....5*....... ..
>>>>>> 0120 - fe ba c7 10 5b 9c cd 94-67 19 37 2d 46 59 ab 56   ....[...g.7-FY.V
>>>>>> 0130 - 6b dd a4 10 61 cc ed f1-71 a7 2d 6a 41 2e 2b da   k...a...q.-jA.+.
>>>>>> 0140 - d1 35 fc 01 df 49 e5 90-1d 9b b2 03 0a 81 58 18   .5...I........X.
>>>>>> 0150 - 96 a1 db 31 19 98 35 5c-87 8f 6e 32 0a e6 c0 aa   ...1..5\..n2....
>>>>>> 0160 - 9e 8e 72 e2 34 b3 b7 a3-d6 d1 66 c7 ce 93 fe 78   ..r.4.....f....x
>>>>>> 0170 - 17 c4 71 7c 42 15 c8 af-dc 4f 50 42 51 80 fc bf   ..q|B....OPBQ...
>>>>>> 0180 - fc 54 d5 d8 59 20 9a 90-c4 78 97 9c 2d 4a d5 58   .T..Y ...x..-J.X
>>>>>> 0190 - be 81 79 23 59 22 9d 27-f8 bd a0 b2 98 b3 47 82   ..y#Y".'......G.
>>>>>> 01a0 - d3 52 b5 b5 91 ab 5c 76-52 c5 a5 95 2d 03 1c b7   .R....\vR...-...
>>>>>> 01b0 - 64 4d 0b 88 7f 15 0b c8-a8 90 50 9a b6 b1 9f b7   dM........P.....
>>>>>> 01c0 - 40 09 f2 5f 39 f8 9a 06-21 4d 67 10 0a 67 08 b6   @.._9...!Mg..g..
>>>>>> 01d0 - b5 9a 25 8c d5 ca 31 6a-8a 6b 01 93 7d 6f 1e 52   ..%...1j.k..}o.R
>>>>>> 01e0 - 98 96 9d fb e8 c1 07 ab-57 98 2d 1e 75 77 ef c2   ........W.-.uw..
>>>>>> 01f0 - 49 78 e0 b9 2b 32 23 7e-95 4d 3e 27 00 61 86 0c   Ix..+2#~.M>'.a..
>>>>>> 0200 - 47 c7 79 e4 ee 9d ba c0-ea 62 f1 0d 8e 4a 91 30   G.y......b...J.0
>>>>>> 0210 - bc 4f 5a 98 26 30 66 ec-c4 63 8f 28 d5 1c 61 23   .OZ.&0f..c.(..a#
>>>>>> 0220 - ea e9 90 4e 36 d9 fa 31-7b 14 27 22 0a ae 9f 64   ...N6..1{.'"...d
>>>>>> 0230 - 40 3d e5 a0 5c 9d 3c 04-71 09 b0 7a 6b 51 a0 9c   @=..\.<.q..zkQ..
>>>>>> 0240 - c0 61 32 ce 15 62 8e 29-b1 59 91 c0 17 2c b3 c5   .a2..b.).Y...,..
>>>>>> 0250 - f9 ed 07 65 3d 11 de 98-de 62 36 50 74 37 af 2d   ...e=....b6Pt7.-
>>>>>> 0260 - 7d 86 55 c4 3e a2 83 ab-47 8d f2 b2 8d 1d 75 83   }.U.>...G.....u.
>>>>>> 0270 - b5 e4 41 87 a7 a3 85 b0-5e 4e 2e 9c 8c b0 1b 83   ..A.....^N......
>>>>>> 0280 - 7b 54 79 c9 60 ea 7d ed-06 fa dd 24 40 f1 53 9e   {Ty.`.}....$@.S.
>>>>>> 0290 - 43 79 25 53 9c c7 6e 95-ab 9f 96 59 cd b9 7b a8   Cy%S..n....Y..{.
>>>>>> 02a0 - a0 23 13 69 db a9 c9 e7-1a 8e e1 9b 54 94 1c 44   .#.i........T..D
>>>>>> 02b0 - 50 08 8b dd eb 4e 2b bb-d7 c9 c2 33 8c a1 b3 65   P....N+....3...e
>>>>>> 02c0 - 06 e6 9d ac 11 16 21 58-40 8d 59 e6 67 e5 31 02   ......!X at .Y.g.1.
>>>>>> 02d0 - 15 8d 29 80 20 66 ba c3-56 93 95 5c 65 4b 41 00   ..). f..V..\eKA.
>>>>>> 02e0 - c5 71 12 12 f5 20 4f 59-be 77 06 10 6e 48 85 5c   .q... OY.w..nH.\
>>>>>> 02f0 - ff a2 c4 ae fb 4d 95 f5-cc f6 61 20 33 b7 92 1d   .....M....a 3...
>>>>>> 0300 - ac a8 f1 b2 b0 88 c6 7b-8b 00 53 30 6d 4a d1 42   .......{..S0mJ.B
>>>>>> 0310 - b3 3e 85 f5 84 e1 c6 ab-10 9d 61 03 46 ff 2d 81   .>........a.F.-.
>>>>>> 0320 - 15 4f 84 d1 4c ee f4 a6-a0 ec 50 60 a0 d1 ff df   .O..L.....P`....
>>>>>> 0330 - 8a 97 f6 7d fb 8f fb 60-18 d4 f1 1f 92 4d d8 69   ...}...`.....M.i
>>>>>> 0340 - b1 92 97 44 0f 3c 8a aa-47 07 48 d4 07 2d 3e f2   ...D.<..G.H..->.
>>>>>> 0350 - c4 a7 16 35 a7 17 71 ef-98 84 24 67 12 58 30 3b   ...5..q...$g.X0;
>>>>>> 0360 - 1d 41 8d e5 12 52 95 64-e5 88 35 99 d7 c3 58 40   .A...R.d..5...X@
>>>>>> 0370 - f9 55 9b 9f e5 33 15 70-41 d7 45 ba a4 fc 75 ea   .U...3.pA.E...u.
>>>>>> 0380 - a4 ae f0 68 ea 64 d8 f5-06 68 a9 75 22 4d 43 cc   ...h.d...h.u"MC.
>>>>>> 0390 - ff 50 cc ac 6e fd 43 dd-eb e4 c8 dd 4b 6c 12 bb   .P..n.C.....Kl..
>>>>>> 03a0 - f1 d4 5e 11 4a 86 90 0b-f8 3a 2e 23 db 61 5a 1f   ..^.J....:.#.aZ.
>>>>>> 03b0 - 7e 11 00 92 21 68 1f b5-ab f2 f8 38 5e 62 ea f8   ~...!h.....8^b..
>>>>>> 03c0 - da ef c2 6e a0 b8 20 e4-69 49 b3 1f 15 84 0b 9b   ...n.. .iI......
>>>>>> 03d0 - ce b0 6f 36 32 7f 7e bf-e8 d7 18 7a 58 60 f4 04   ..o62.~....zX`..
>>>>>> 03e0 - cc 36 bf 06 cd ec e5 9b-19 03 96 09 fb af 8f c3   .6..............
>>>>>> 03f0 - 98 b4 02 aa e8 55 81 aa-c4 fe 06 81 30 a0 c7 b2   .....U......0...
>>>>>> 0400 - f8 e2 30 00 d7 a0 54 7f-5f d7 ef a6 f8 41 58 34   ..0...T._....AX4
>>>>>> 0410 - f5 f0 18 69 8d e6 7a 23-78 90 8f b1 05 c5 b5 7f   ...i..z#x.......
>>>>>> 0420 - e0 f2 c7 fa c8 36 5b 53-7e cf e6 75 d3 54 b4 69   .....6[S~..u.T.i
>>>>>> 0430 - 68 43 0d 6a d2 83 cc 13-6d ca bf 83 3c 90 17 03   hC.j....m...<...
>>>>>> 0440 - 03 01 19 96 dc 49 26 ce-1d 8e 86 3d bd cb 00 5e   .....I&....=...^
>>>>>> 0450 - ee f6 e7 1d 16 7a ca ef-fa 6d 16 40 b6 99 d0 c1   .....z...m. at ....
>>>>>> 0460 - df 0b 5f 51 60 a8 24 e0-61 82 13 40 da 88 38 3a   .._Q`.$.a.. at ..8:
>>>>>> 0470 - 26 1d 80 51 c4 b1 95 35-95 3c 91 35 28 17 49 d8   &..Q...5.<.5(.I.
>>>>>> 0480 - c3 45 be 32 98 3e 02 07-3b 01 20 2b 51 e1 1a 94   .E.2.>..;. +Q...
>>>>>> 0490 - b9 be 96 aa 7a 13 09 ff-d5 a9 63 d4 6f 49 cb b5   ....z.....c.oI..
>>>>>> 04a0 - 23 ab 7f 8c e2 63 f0 5c-5c 27 1e 04 a8 71 0c c0   #....c.\\'...q..
>>>>>> 04b0 - 89 cd ed 18 8d 5b 75 ac-af f3 68 6d cc ba 20 38   .....[u...hm.. 8
>>>>>> 04c0 - b5 7c 09 47 29 28 e2 26-57 57 1f f0 f3 18 fd 6f   .|.G)(.&WW.....o
>>>>>> 04d0 - 27 42 a4 e3 de bb e5 d6-09 7d 25 b1 98 97 ad 33   'B.......}%....3
>>>>>> 04e0 - 68 35 92 07 80 23 f1 66-20 5d 74 f3 02 c5 51 ff   h5...#.f ]t...Q.
>>>>>> 04f0 - 07 a9 e9 0e 3e 74 da 2e-8f 3b 16 be e6 94 1b 66   ....>t...;.....f
>>>>>> 0500 - bb b2 a2 1e 7c 7b ff 5e-a4 36 2a ba 0b cd 7f e9   ....|{.^.6*.....
>>>>>> 0510 - 86 bb 5e 30 f5 57 92 52-82 b6 2e da 71 b7 22 c2   ..^0.W.R....q.".
>>>>>> 0520 - 90 c4 69 46 07 df 6c 3f-05 8b 19 3e ce b9 75 0d   ..iF..l?...>..u.
>>>>>> 0530 - 4b 97 37 ae 94 e2 d6 3c-91 e6 82 c7 a1 78 79 2c   K.7....<.....xy,
>>>>>> 0540 - 9a a3 d5 45 94 ad e2 c8-ab fd 81 ec 62 87 f7 75   ...E........b..u
>>>>>> 0550 - e3 70 79 8e 82 3b c5 45-0d d0 33 5f 17 03 03 00   .py..;.E..3_....
>>>>>> 0560 - 35 da e0 74 2a 06 41 5a-64 1e 54 94 29 73 43 3f   5..t*.AZd.T.)sC?
>>>>>> 0570 - e5 24 a8 ba b2 7e 6b 26-82 fc d9 f6 dd 19 05 4a   .$...~k&.......J
>>>>>> 0580 - 2c 1a f3 bb 16 1d 38 95-a6 d3 a8 58 f6 a3 41 c7   ,.....8....X..A.
>>>>>> 0590 - 92 44 35 24 25 0e                                 .D5$%.
>>>>>> SSL_accept:SSLv3/TLS write finished
>>>>>> SSL_accept:TLSv1.3 early data
>>>>>> read from 0x7fdc58809fb0 [0x7fdc5901da03] (5 bytes => 5 (0x5))
>>>>>> 0000 - 14 03 03 00 01                                    .....
>>>>>> read from 0x7fdc58809fb0 [0x7fdc5901da08] (1 bytes => 1 (0x1))
>>>>>> 0000 - 01                                                .
>>>>>> read from 0x7fdc58809fb0 [0x7fdc5901da03] (5 bytes => 5 (0x5))
>>>>>> 0000 - 17 03 03 00 3d                                    ....=
>>>>>> read from 0x7fdc58809fb0 [0x7fdc5901da08] (61 bytes => 61 (0x3D))
>>>>>> 0000 - ad dd 3e d9 ee ab 56 65-50 1c 72 2a d8 62 7f 90   ..>...VeP.r*.b..
>>>>>> 0010 - 13 71 7d 37 39 40 fb 89-8f 05 4b 39 44 9d 4d 67   .q}79 at ....K9D.Mg
>>>>>> 0020 - e3 41 29 b6 3e e8 fe 04-1b 8e eb 7a 4c e2 14 a0   .A).>......zL...
>>>>>> 0030 - b1 c2 47 3f 94 35 ed ab-8a d1 75 3b ba            ..G?.5....u;.
>>>>>> SSL_accept:TLSv1.3 early data
>>>>>> SSL_accept:SSLv3/TLS read client certificate
>>>>>> SSL_accept:SSLv3/TLS read finished
>>>>>> write to 0x7fdc58809fb0 [0x7fdc59025e00] (223 bytes => 223 (0xDF))
>>>>>> 0000 - 17 03 03 00 da 52 1f 48-00 f4 31 13 90 7f 9c c2   .....R.H..1.....
>>>>>> 0010 - fc 70 1a fc f7 4a 48 e7-31 ad 37 ab b5 2b 4e 5c   .p...JH.1.7..+N\
>>>>>> 0020 - e8 d8 6d e9 af 6c 4f c1-9e 7b ea ff ef b3 eb 74   ..m..lO..{.....t
>>>>>> 0030 - 27 67 10 21 66 5b 32 13-31 bc 99 d5 1c 6c 79 55   'g.!f[2.1....lyU
>>>>>> 0040 - f3 3e f6 4b 07 4d a9 78-3d 12 8a f5 38 ef d9 f4   .>.K.M.x=...8...
>>>>>> 0050 - 48 e0 2c 35 94 06 4f eb-09 e6 70 fb 59 95 7a c8   H.,5..O...p.Y.z.
>>>>>> 0060 - 24 dd 24 e2 f9 63 b9 3c-f2 66 86 c4 73 44 53 fd   $.$..c.<.f..sDS.
>>>>>> 0070 - ca 67 8f 01 d6 db 70 f9-60 bc 50 11 51 72 dc 63   .g....p.`.P.Qr.c
>>>>>> 0080 - 12 ca 4f 23 e2 c5 d1 1d-e5 b0 d4 ec 89 ca 28 be   ..O#..........(.
>>>>>> 0090 - 9c 30 83 40 02 a4 62 a8-5c b3 20 1a ab 39 b7 7b   .0. at ..b.\. ..9.{
>>>>>> 00a0 - 89 13 39 87 73 be a8 f8-60 13 31 0a 48 5c 79 b9   ..9.s...`.1.H\y.
>>>>>> 00b0 - cc 4a 51 e3 0d d2 b4 93-c0 1f 3a 22 b3 fa 24 a0   .JQ.......:"..$.
>>>>>> 00c0 - 7c f6 76 79 d0 2d 5b 1a-ff a6 e9 e1 40 d3 b1 8c   |.vy.-[..... at ...
>>>>>> 00d0 - 0a fa fa de f3 8e d6 ad-9a 22 6b 67 0b 88 18      ........."kg...
>>>>>> SSL_accept:SSLv3/TLS write session ticket
>>>>>> write to 0x7fdc58809fb0 [0x7fdc59025e00] (223 bytes => 223 (0xDF))
>>>>>> 0000 - 17 03 03 00 da 46 aa ea-6a 37 b1 35 e8 41 c8 b3   .....F..j7.5.A..
>>>>>> 0010 - 84 25 af 1c 36 a3 6d 78-a4 44 4a 83 52 ef 13 7c   .%..6.mx.DJ.R..|
>>>>>> 0020 - 8f 18 d3 4c f8 22 c8 b3-ad d0 d0 5b 47 a0 43 da   ...L.".....[G.C.
>>>>>> 0030 - d2 6e 04 8f dc c9 56 90-58 87 62 63 4c cc 31 ec   .n....V.X.bcL.1.
>>>>>> 0040 - b8 c9 18 be 41 32 e1 3c-00 41 2a f1 4d 5c 2d 44   ....A2.<.A*.M\-D
>>>>>> 0050 - 8c aa e1 f0 ed 38 ee 44-64 e5 fd ea 58 3b 84 5d   .....8.Dd...X;.]
>>>>>> 0060 - 83 39 21 2e fe 79 4d 76-10 65 87 0f 3c ac df 28   .9!..yMv.e..<..(
>>>>>> 0070 - 49 f8 60 eb be 49 e4 0a-0b 6a 03 2b 9d cf 9b a5   I.`..I...j.+....
>>>>>> 0080 - 03 56 58 32 c2 b2 59 f9-0a 0d f0 ae af ff 20 19   .VX2..Y....... .
>>>>>> 0090 - e5 6e e4 86 2f 5e 3f 7d-47 d5 73 ae 89 48 a7 66   .n../^?}G.s..H.f
>>>>>> 00a0 - fb 2d 83 60 e8 8b ab 27-12 db 24 78 54 eb 14 2d   .-.`...'..$xT..-
>>>>>> 00b0 - b7 c6 17 2d 3c 91 57 ac-6e 35 b8 c3 fa c2 42 48   ...-<.W.n5....BH
>>>>>> 00c0 - 2a cb aa 98 32 89 8a ce-0c f7 cd 5e fb bf 6d 33   *...2......^..m3
>>>>>> 00d0 - 08 50 cf 1e 06 bb a1 98-be a4 a9 51 9a b0 34      .P.........Q..4
>>>>>> SSL_accept:SSLv3/TLS write session ticket
>>>>>> write to 0x7fdc58809fb0 [0x7fdc59021c03] (23 bytes => 23 (0x17))
>>>>>> 0000 - 17 03 03 00 12 c5 9b 73-cc 91 7e 48 cb 25 31 a0   .......s..~H.%1.
>>>>>> 0010 - 67 41 db bb 0f 62 d8                              gA...b.
>>>>>> write to 0x7fdc58809fb0 [0x7fdc59021c03] (23 bytes => 23 (0x17))
>>>>>> 0000 - 17 03 03 00 12 0f dd 3f-c1 7c e6 b0 cc ea f0 13   .......?.|......
>>>>>> 0010 - 00 d8 01 de ef 7c bb                              .....|.
>>>>>> read from 0x7fdc58809fb0 [0x7fdc5901da03] (5 bytes => 5 (0x5))
>>>>>> 0000 - 17 03 03 00 1e                                    .....
>>>>>> read from 0x7fdc58809fb0 [0x7fdc5901da08] (30 bytes => 30 (0x1E))
>>>>>> 0000 - d6 88 44 82 cb 23 16 ba-c9 a4 fb 55 51 08 90 c1   ..D..#.....UQ...
>>>>>> 0010 - bf bd a1 7f 0e 37 b0 b4-b5 df f1 07 6c 07         .....7......l.
>>>>>> I am a clientwrite to 0x7fdc58809fb0 [0x7fdc59021c03] (23 bytes => 23 (0x17))
>>>>>> 0000 - 17 03 03 00 12 c0 70 5d-14 e7 69 57 0a d8 64 16   ......p]..iW..d.
>>>>>> 0010 - 0c 90 06 0f c3 4d 1d                              .....M.
>>>>>> read from 0x7fdc58809fb0 [0x7fdc5901da03] (5 bytes => 5 (0x5))
>>>>>> 0000 - 17 03 03 00 13                                    .....
>>>>>> read from 0x7fdc58809fb0 [0x7fdc5901da08] (19 bytes => 19 (0x13))
>>>>>> 0000 - 60 28 5b ff bb 0d 9f 96-9a 2d cb fd 60 eb 96 62   `([......-..`..b
>>>>>> 0010 - 53 e6 25                                          S.%
>>>>>> SSL3 alert read:warning:close notify
>>>>>> DONE
>>>>>> shutting down SSL
>>>>>> CONNECTION CLOSED
>>>>>> 
>>>>>> 
>>>>>> I am using the following JDK version on MacOS:
>>>>>> 
>>>>>> ssl git:(cert_cb_openssl_1_1_1) ✗ /Library/Java/JavaVirtualMachines/jdk-11.jdk/Contents/Home/bin/java -version
>>>>>> java version "11" 2018-09-25
>>>>>> Java(TM) SE Runtime Environment 18.9 (build 11+28)
>>>>>> Java HotSpot(TM) 64-Bit Server VM 18.9 (build 11+28, mixed mode)
>>>>>> 
>>>>>> For this to work you will need to have openssl 1.1.1 installed.
>>>>>> 
>>>>>> Any help would be welcome,
>>>>>> Norman
>>>>>> 
>>>>>> [1] https://github.com/netty/netty-tcnative <https://github.com/netty/netty-tcnative>
>>>>>> 
>>>>>> 
>>>>>> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20180917/51891796/attachment.htm>