Я включил SSL в кластере hadoop в ambari, используя подписанные сертификаты через пользовательский самозаверяющий CA.Однако открывается только пользовательский интерфейс Namenode1, а пользовательский интерфейс Namenode2 ERR_SSL_VERSION_OR_CIPHER_MISMATCH.Все подписанные сертификаты, включая сертификат CA, находятся в хранилище доверенных сертификатов Java и в хранилище пользовательских сертификатов.В бэкэнде кластер работает и работает в режиме Active / Slave, как и должно быть.Вставлены журналы отладки для ssl-рукопожатия сервера и клиента.
%% No cached client session
update handshake state: client_hello[1]
upcoming handshake states: server_hello[2]
*** ClientHello, TLSv1.2
RandomCookie: GMT: 1552146602 bytes = { 124, 246, 85, 32, 231, 117, 102, 26, 129, 194, 161, 10, 142, 155, 11, 83, 45, 193, 13, 189, 43, 178, 57, 21, 53, 202, 219, 200 }
Session ID: {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA224withECDSA, SHA224withRSA, SHA224withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA
Extension extended_master_secret
Extension server_name, server_name: [type=host_name (0), value=example-infra-01.example.com]
***
main, WRITE: TLSv1.2 Handshake, length = 232
main, READ: TLSv1.2 Handshake, length = 1461
check handshake state: server_hello[2]
*** ServerHello, TLSv1.2
RandomCookie: GMT: 1552146602 bytes = { 74, 111, 68, 189, 88, 130, 151, 116, 37, 202, 171, 111, 66, 248, 239, 41, 250, 142, 55, 7, 207, 189, 203, 250, 210, 210, 141, 80 }
Session ID: {93, 132, 225, 170, 221, 77, 24, 110, 248, 135, 94, 71, 89, 216, 117, 97, 101, 98, 53, 53, 19, 30, 141, 221, 62, 185, 153, 241, 122, 113, 23, 100}
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
Extension server_name, server_name:
Extension extended_master_secret
***
%% Initialized: [Session-7, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384]
** TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
update handshake state: server_hello[2]
upcoming handshake states: server certificate[11]
upcoming handshake states: server_key_exchange[12](optional)
upcoming handshake states: certificate_request[13](optional)
upcoming handshake states: server_hello_done[14]
upcoming handshake states: client certificate[11](optional)
upcoming handshake states: client_key_exchange[16]
upcoming handshake states: certificate_verify[15](optional)
upcoming handshake states: client change_cipher_spec[-1]
upcoming handshake states: client finished[20]
upcoming handshake states: server change_cipher_spec[-1]
upcoming handshake states: server finished[20]
check handshake state: certificate[11]
update handshake state: certificate[11]
upcoming handshake states: server_key_exchange[12](optional)
upcoming handshake states: certificate_request[13](optional)
upcoming handshake states: server_hello_done[14]
upcoming handshake states: client certificate[11](optional)
upcoming handshake states: client_key_exchange[16]
upcoming handshake states: certificate_verify[15](optional)
upcoming handshake states: client change_cipher_spec[-1]
upcoming handshake states: client finished[20]
upcoming handshake states: server change_cipher_spec[-1]
upcoming handshake states: server finished[20]
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: EMAILADDRESS=exampletest02@example.com, CN=example-infra-01.example.com, OU=dev, O=org, L=current, ST=state, C=country
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 2048 bits
modulus: 21841755142500677173038686755031873041366701846670510917687245038534981997174536899121267104976251234487931691682356456587057979146131226006486802945627458953213345485002320762746572550140153263127388890940484242628083923909940555188294345156730990162012315907130788552918940050956069183125819873814807318195323024331782362924669648387137160317840086368280513586813886958200363786656575039759673832758101555834192465439708239536183449763070916218201916947796469040269718952095684909120070890691280563367820197999332144131568815041448905148594619506642918085699503567938203770656599824571574354719182434767493343531767
public exponent: 65537
Validity: [From: Fri Sep 20 11:20:44 UTC 2019,
To: Mon Sep 17 11:20:44 UTC 2029]
Issuer: EMAILADDRESS=exampletest02@example.com, CN=exampletest02CA, OU=dev, O=org, L=current, ST=state, C=country
SerialNumber: [ f353]
Certificate Extensions: 1
[1]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
DNSName: example-infra-01.example.com
]
]
Algorithm: [SHA256withRSA]
Signature:
0000: 54 F3 7D 47 26 59 C8 1A B8 35 04 45 88 B8 64 ED T..G&Y...5.E..d.
0010: 9B BD CB 80 D0 34 3D B5 B2 FF A7 71 A6 12 4A 26 .....4=....q..J&
0020: DE EC 2B A3 7D 10 E4 5E 94 EE 01 E0 9A 54 F2 EA ..+....^.....T..
0030: EC 3C 1B B6 5B 90 73 11 3B 3C DC FB 85 FF CE 8E .<..[.s.;<......
0040: 03 41 6C CE 81 89 25 0C 7C EF 03 AE 31 2F 8D CD .Al...%.....1/..
0050: AB C2 81 6C DB 7E CA 07 00 0F B6 01 E4 67 EA A0 ...l.........g..
0060: 84 3B 94 6A 53 5B 47 70 0B 58 BE 2D D4 2E D5 F8 .;.jS[Gp.X.-....
0070: 00 7E D2 1D C4 C1 D3 0F 42 5D 83 0E 8A DB A9 89 ........B]......
0080: 82 5A D8 5E D5 C8 B6 CE 51 E8 36 EC 23 1B 13 8C .Z.^....Q.6.#...
0090: 2D 93 B3 1B F4 37 A1 B5 BA 56 B7 00 51 96 CE CB -....7...V..Q...
00A0: BB 53 8C F8 60 0E 90 0B A7 1C 58 5F 54 D9 BE B7 .S..`.....X_T...
00B0: 61 06 8A 67 25 0C D5 68 15 14 34 BB 69 F2 96 66 a..g%..h..4.i..f
00C0: CE DC 57 3A 90 E5 22 1D 52 8E 89 68 AC 3D C3 3B ..W:..".R..h.=.;
00D0: 19 CA 59 C6 03 6C 16 38 4E 94 25 49 53 49 6C B2 ..Y..l.8N.%ISIl.
00E0: CE 13 13 82 C5 84 E5 5E 1B 9B 94 54 23 B8 29 1E .......^...T#.).
00F0: 17 E0 4A 5F BF 58 DE 9E 2A 25 9B C2 32 EA E5 F6 ..J_.X..*%..2...
]
***
Found trusted certificate:
[
[
Version: V3
Subject: EMAILADDRESS=exampletest02@example.com, CN=example-infra-01.example.com, OU=dev, O=org, L=current, ST=state, C=country
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 2048 bits
modulus: 21841755142500677173038686755031873041366701846670510917687245038534981997174536899121267104976251234487931691682356456587057979146131226006486802945627458953213345485002320762746572550140153263127388890940484242628083923909940555188294345156730990162012315907130788552918940050956069183125819873814807318195323024331782362924669648387137160317840086368280513586813886958200363786656575039759673832758101555834192465439708239536183449763070916218201916947796469040269718952095684909120070890691280563367820197999332144131568815041448905148594619506642918085699503567938203770656599824571574354719182434767493343531767
public exponent: 65537
Validity: [From: Fri Sep 20 11:20:44 UTC 2019,
To: Mon Sep 17 11:20:44 UTC 2029]
Issuer: EMAILADDRESS=exampletest02@example.com, CN=exampletest02CA, OU=dev, O=org, L=current, ST=state, C=country
SerialNumber: [ f353]
Certificate Extensions: 1
[1]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
DNSName: example-infra-01.example.com
]
]
Algorithm: [SHA256withRSA]
Signature:
0000: 54 F3 7D 47 26 59 C8 1A B8 35 04 45 88 B8 64 ED T..G&Y...5.E..d.
0010: 9B BD CB 80 D0 34 3D B5 B2 FF A7 71 A6 12 4A 26 .....4=....q..J&
0020: DE EC 2B A3 7D 10 E4 5E 94 EE 01 E0 9A 54 F2 EA ..+....^.....T..
0030: EC 3C 1B B6 5B 90 73 11 3B 3C DC FB 85 FF CE 8E .<..[.s.;<......
0040: 03 41 6C CE 81 89 25 0C 7C EF 03 AE 31 2F 8D CD .Al...%.....1/..
0050: AB C2 81 6C DB 7E CA 07 00 0F B6 01 E4 67 EA A0 ...l.........g..
0060: 84 3B 94 6A 53 5B 47 70 0B 58 BE 2D D4 2E D5 F8 .;.jS[Gp.X.-....
0070: 00 7E D2 1D C4 C1 D3 0F 42 5D 83 0E 8A DB A9 89 ........B]......
0080: 82 5A D8 5E D5 C8 B6 CE 51 E8 36 EC 23 1B 13 8C .Z.^....Q.6.#...
0090: 2D 93 B3 1B F4 37 A1 B5 BA 56 B7 00 51 96 CE CB -....7...V..Q...
00A0: BB 53 8C F8 60 0E 90 0B A7 1C 58 5F 54 D9 BE B7 .S..`.....X_T...
00B0: 61 06 8A 67 25 0C D5 68 15 14 34 BB 69 F2 96 66 a..g%..h..4.i..f
00C0: CE DC 57 3A 90 E5 22 1D 52 8E 89 68 AC 3D C3 3B ..W:..".R..h.=.;
00D0: 19 CA 59 C6 03 6C 16 38 4E 94 25 49 53 49 6C B2 ..Y..l.8N.%ISIl.
00E0: CE 13 13 82 C5 84 E5 5E 1B 9B 94 54 23 B8 29 1E .......^...T#.).
00F0: 17 E0 4A 5F BF 58 DE 9E 2A 25 9B C2 32 EA E5 F6 ..J_.X..*%..2...
]
check handshake state: server_key_exchange[12]
update handshake state: server_key_exchange[12]
upcoming handshake states: certificate_request[13](optional)
upcoming handshake states: server_hello_done[14]
upcoming handshake states: client certificate[11](optional)
upcoming handshake states: client_key_exchange[16]
upcoming handshake states: certificate_verify[15](optional)
upcoming handshake states: client change_cipher_spec[-1]
upcoming handshake states: client finished[20]
upcoming handshake states: server change_cipher_spec[-1]
upcoming handshake states: server finished[20]
*** ECDH ServerKeyExchange
Signature Algorithm SHA512withRSA
Server key: Sun EC public key, 256 bits
public x coord: 71243459788679529452333968749910729075781137069187014570295198815671440442567
public y coord: 113361508572920438429337576097115462276383236410260704000629230880259446655931
parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7)
check handshake state: server_hello_done[14]
update handshake state: server_hello_done[14]
upcoming handshake states: client certificate[11](optional)
upcoming handshake states: client_key_exchange[16]
upcoming handshake states: certificate_verify[15](optional)
upcoming handshake states: client change_cipher_spec[-1]
upcoming handshake states: client finished[20]
upcoming handshake states: server change_cipher_spec[-1]
upcoming handshake states: server finished[20]
*** ServerHelloDone
*** ECDHClientKeyExchange
ECDH Public value: { 4, 152, 139, 246, 59, 71, 138, 250, 25, 160, 51, 106, 181, 172, 76, 157, 91, 105, 32, 165, 230, 140, 77, 233, 215, 0, 196, 240, 108, 155, 117, 232, 15, 162, 215, 135, 203, 87, 222, 29, 97, 172, 72, 136, 204, 71, 25, 247, 149, 241, 148, 109, 231, 95, 118, 19, 176, 121, 145, 52, 44, 166, 16, 187, 155 }
update handshake state: client_key_exchange[16]
upcoming handshake states: certificate_verify[15](optional)
upcoming handshake states: client change_cipher_spec[-1]
upcoming handshake states: client finished[20]
upcoming handshake states: server change_cipher_spec[-1]
upcoming handshake states: server finished[20]
main, WRITE: TLSv1.2 Handshake, length = 70
SESSION KEYGEN:
PreMaster Secret:
0000: 7F DA 03 00 E7 C3 71 FA 17 21 E6 F3 A0 3D E2 36 ......q..!...=.6
0010: BD 95 F2 6F 99 72 77 99 8F 80 F7 38 44 8D 82 F6 ...o.rw....8D...
CONNECTION KEYGEN:
Client Nonce:
0000: 5D 84 E1 AA 7C F6 55 20 E7 75 66 1A 81 C2 A1 0A ].....U .uf.....
0010: 8E 9B 0B 53 2D C1 0D BD 2B B2 39 15 35 CA DB C8 ...S-...+.9.5...
Server Nonce:
0000: 5D 84 E1 AA 4A 6F 44 BD 58 82 97 74 25 CA AB 6F ]...JoD.X..t%..o
0010: 42 F8 EF 29 FA 8E 37 07 CF BD CB FA D2 D2 8D 50 B..)..7........P
Master Secret:
0000: 0B E0 95 54 2E EE 98 F8 10 16 1B 09 D1 B5 17 8E ...T............
0010: B7 79 CC 19 14 CF 26 FF B6 78 BC CA FC 0D F9 03 .y....&..x......
0020: 8F 2F B9 0C 61 13 BD C5 BF 55 80 FE FE 0E FA B1 ./..a....U......
Client MAC write Secret:
0000: 68 B0 DB F5 7C F5 B4 B6 CA 55 1F E3 FC 02 03 8A h........U......
0010: 26 7A FF 5C 43 7D 7C D4 9E 13 4A F1 37 FB 87 BC &z.\C.....J.7...
0020: 8A 2B 0E 02 CC B0 10 59 8D 18 B7 E8 9F D4 1B 57 .+.....Y.......W
Server MAC write Secret:
0000: B5 EE 51 5F 4B FC 2E F6 72 CF 51 8A 9E 77 00 90 ..Q_K...r.Q..w..
0010: D7 73 B4 95 03 99 38 CE B8 13 C5 53 FA 45 7F 90 .s....8....S.E..
0020: 23 B2 9F 47 CB 43 B6 2C 89 1E 33 EB 74 C1 05 70 #..G.C.,..3.t..p
Client write key:
0000: D5 2C 69 E9 C9 45 A2 09 F2 C5 19 8C FE 78 F4 64 .,i..E.......x.d
0010: 38 8E E1 7A D1 4A 23 8F 82 11 31 B5 91 E8 6F D1 8..z.J#...1...o.
Server write key:
0000: 69 24 D3 17 8A 54 8D 14 3A 62 0D 0B AC 05 BA 9E i$...T..:b......
0010: 1B BD C2 79 EF 8F 79 A7 27 A4 65 4F 66 DB E6 33 ...y..y.'.eOf..3
... no IV derived for this protocol
update handshake state: change_cipher_spec
upcoming handshake states: client finished[20]
upcoming handshake states: server change_cipher_spec[-1]
upcoming handshake states: server finished[20]
main, WRITE: TLSv1.2 Change Cipher Spec, length = 1
*** Finished
verify_data: { 128, 248, 254, 214, 242, 88, 203, 66, 123, 158, 131, 38 }
***
update handshake state: finished[20]
upcoming handshake states: server change_cipher_spec[-1]
upcoming handshake states: server finished[20]
main, WRITE: TLSv1.2 Handshake, length = 96
main, READ: TLSv1.2 Change Cipher Spec, length = 1
update handshake state: change_cipher_spec
upcoming handshake states: server finished[20]
main, READ: TLSv1.2 Handshake, length = 96
check handshake state: finished[20]
update handshake state: finished[20]
*** Finished
verify_data: { 7, 205, 135, 154, 166, 68, 152, 172, 238, 87, 23, 223 }
***
%% Cached client session: [Session-7, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384]
main, WRITE: TLSv1.2 Application Data, length = 400
main, READ: TLSv1.2 Application Data, length = 304
main, called close()
main, called closeInternal(true)
main, SEND TLSv1.2 ALERT: warning, description = close_notify
main, WRITE: TLSv1.2 Alert, length = 80
main, called closeSocket(true)
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
main, setSoTimeout(60000) called
main, the previous server name in SNI (type=host_name (0), value=example-infra-01.example.com) was replaced with (type=host_name (0), value=example-infra-01.example.com)
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1.1
%% Client cached [Session-7, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384]
%% Try resuming [Session-7, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384] from port 38288
update handshake state: client_hello[1]
upcoming handshake states: server_hello[2]
*** ClientHello, TLSv1.2
RandomCookie: GMT: 1552146602 bytes = { 156, 4, 46, 63, 96, 91, 233, 184, 59, 248, 73, 0, 6, 45, 107, 156, 136, 184, 177, 47, 63, 14, 208, 172, 82, 179, 167, 79 }
Session ID: {93, 132, 225, 170, 221, 77, 24, 110, 248, 135, 94, 71, 89, 216, 117, 97, 101, 98, 53, 53, 19, 30, 141, 221, 62, 185, 153, 241, 122, 113, 23, 100}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA224withECDSA, SHA224withRSA, SHA224withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA
Extension extended_master_secret
Extension server_name, server_name: [type=host_name (0), value=example-infra-01.example.com]
***
main, WRITE: TLSv1.2 Handshake, length = 264
main, READ: TLSv1.2 Handshake, length = 85
check handshake state: server_hello[2]
*** ServerHello, TLSv1.2
RandomCookie: GMT: 1552146602 bytes = { 54, 37, 146, 192, 105, 253, 113, 196, 34, 251, 28, 19, 242, 223, 145, 202, 72, 194, 181, 147, 86, 35, 253, 145, 193, 227, 29, 180 }
Session ID: {93, 132, 225, 170, 221, 77, 24, 110, 248, 135, 94, 71, 89, 216, 117, 97, 101, 98, 53, 53, 19, 30, 141, 221, 62, 185, 153, 241, 122, 113, 23, 100}
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
Extension extended_master_secret
***
CONNECTION KEYGEN:
Client Nonce:
0000: 5D 84 E1 AA 9C 04 2E 3F 60 5B E9 B8 3B F8 49 00 ]......?`[..;.I.
0010: 06 2D 6B 9C 88 B8 B1 2F 3F 0E D0 AC 52 B3 A7 4F .-k..../?...R..O
Server Nonce:
0000: 5D 84 E1 AA 36 25 92 C0 69 FD 71 C4 22 FB 1C 13 ]...6%..i.q."...
0010: F2 DF 91 CA 48 C2 B5 93 56 23 FD 91 C1 E3 1D B4 ....H...V#......
Master Secret:
0000: 0B E0 95 54 2E EE 98 F8 10 16 1B 09 D1 B5 17 8E ...T............
0010: B7 79 CC 19 14 CF 26 FF B6 78 BC CA FC 0D F9 03 .y....&..x......
0020: 8F 2F B9 0C 61 13 BD C5 BF 55 80 FE FE 0E FA B1 ./..a....U......
Client MAC write Secret:
0000: E0 19 EA 79 72 6D 05 6B 85 E6 14 1D 97 73 B9 40 ...yrm.k.....s.@
0010: 43 9B 1F 2E A5 B3 67 84 B0 9D 16 C9 E0 EC 0A 68 C.....g........h
0020: EF 31 10 83 19 D1 A3 CA 6A 83 3F AC 31 A2 B6 E5 .1......j.?.1...
Server MAC write Secret:
0000: E0 73 33 C9 08 40 53 30 21 BA 38 F7 BD F6 8D 81 .s3..@S0!.8.....
0010: 27 24 5F 05 78 A8 DC 77 04 30 19 32 06 79 39 54 '$_.x..w.0.2.y9T
0020: A9 AA 46 87 CD C9 12 FD 92 DD B6 0E 9A 36 96 17 ..F..........6..
Client write key:
0000: 4D F3 EF 58 06 82 5B 6E 5B FB 3C 06 D6 BF 31 6D M..X..[n[.<...1m
0010: 8B B2 17 D0 70 A3 12 60 A9 8D E9 EB E3 B6 D5 1C ....p..`........
Server write key:
0000: 31 BD FD 1E 38 51 61 57 E5 F3 47 4D 0C 76 3D 92 1...8QaW..GM.v=.
0010: 74 1F 3C 27 23 7A C7 91 01 B1 27 90 0C 3C EC A6 t.<'#z....'..<..
... no IV derived for this protocol
%% Server resumed [Session-7, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384]
update handshake state: server_hello[2]
upcoming handshake states: server change_cipher_spec[-1]
upcoming handshake states: server finished[20]
upcoming handshake states: client change_cipher_spec[-1]
upcoming handshake states: client finished[20]
main, READ: TLSv1.2 Change Cipher Spec, length = 1
update handshake state: change_cipher_spec
upcoming handshake states: server finished[20]
upcoming handshake states: client change_cipher_spec[-1]
upcoming handshake states: client finished[20]
main, READ: TLSv1.2 Handshake, length = 96
check handshake state: finished[20]
update handshake state: finished[20]
upcoming handshake states: client change_cipher_spec[-1]
upcoming handshake states: client finished[20]
*** Finished
verify_data: { 75, 62, 236, 200, 14, 200, 178, 123, 37, 211, 140, 250 }
***
update handshake state: change_cipher_spec
upcoming handshake states: client finished[20]
main, WRITE: TLSv1.2 Change Cipher Spec, length = 1
*** Finished
verify_data: { 185, 171, 138, 219, 67, 211, 3, 16, 36, 213, 230, 75 }
***
update handshake state: finished[20]
main, WRITE: TLSv1.2 Handshake, length = 96
main, WRITE: TLSv1.2 Application Data, length = 1408
main, READ: TLSv1.2 Application Data, length = 880
main, setSoTimeout(60000) called
main, WRITE: TLSv1.2 Application Data, length = 560
main, READ: TLSv1.2 Application Data, length = 912
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
qtp2092801316-44, READ: TLSv1 Handshake, length = 211
check handshake state: client_hello[1]
update handshake state: client_hello[1]
upcoming handshake states: server_hello[2]
*** ClientHello, TLSv1.2
RandomCookie: GMT: -1465277827 bytes = { 145, 94, 102, 159, 70, 125, 116, 216, 246, 70, 130, 67, 253, 91, 217, 187, 215, 75, 95, 191, 145, 123, 47, 190, 114, 8, 235, 115 }
Session ID: {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, Unknown 0xcc:0xa9, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, Unknown 0xcc:0xa8, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, Unknown 0xcc:0xaa, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5]
Compression Methods: { 0 }
Extension server_name, server_name: [type=host_name (0), value=example-mst-02.example.com]
Extension renegotiation_info, renegotiated_connection: <empty>
Extension elliptic_curves, curve names: {unknown curve 29, secp256r1, secp384r1, secp521r1}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA256withECDSA, SHA384withECDSA, SHA512withECDSA, SHA1withECDSA, Unknown (hash:0x8, signature:0x4), Unknown (hash:0x8, signature:0x5), Unknown (hash:0x8, signature:0x6), SHA256withRSA, SHA384withRSA, SHA512withRSA, SHA1withRSA, SHA256withDSA, Unknown (hash:0x5, signature:0x2), Unknown (hash:0x6, signature:0x2), SHA1withDSA
***
%% Initialized: [Session-8, SSL_NULL_WITH_NULL_NULL]
matching alias: example-mst-02.example.com
matching alias: example-mst-02.example.com
matching alias: example-mst-02.example.com
matching alias: example-mst-02.example.com
qtp2092801316-44, fatal error: 40: no cipher suites in common
javax.net.ssl.SSLHandshakeException: no cipher suites in common
%% Invalidated: [Session-8, SSL_NULL_WITH_NULL_NULL]
qtp2092801316-44, SEND TLSv1.2 ALERT: fatal, description = handshake_failure
qtp2092801316-44, WRITE: TLSv1.2 Alert, length = 2
qtp2092801316-44, fatal: engine already closed. Rethrowing javax.net.ssl.SSLHandshakeException: no cipher suites in common
qtp2092801316-44, called closeOutbound()
qtp2092801316-44, closeOutboundInternal()
Using SSLEngineImpl.