У меня есть приложение SpringBoot, работающее без clientAuth, а appServer находится за балансировщиком нагрузки. Теперь нажатие на балансировщик нагрузки работает нормально, и балансировщик нагрузки может обмениваться данными с сервером приложений.
Получение ошибки рукопожатия, когда я устанавливаю свойство clientAuth.
server.ssl.clientAuth = хочу
Ошибка: -
peer closed connection in SSL handshake while SSL handshaking to upstream, health check "test_443_match001" of peer 10.xx.xx.xx:8443 in upstream "test_443_default""
Журналы рукопожатия с сервера начальной загрузки,
javax.net.ssl|DEBUG|18|qtp1289834245-24|2020-03-13 18:47:05.632 GMT|SSLExtensions.java:132|Ignore unknown or unsupported extension (
"unknown extension (35)": {
}
)
javax.net.ssl|DEBUG|18|qtp1289834245-24|2020-03-13 18:47:05.633 GMT|SSLExtensions.java:132|Ignore unknown or unsupported extension (
"unknown extension (15)": {
0000: 01 .
}
)
javax.net.ssl|DEBUG|18|qtp1289834245-24|2020-03-13 18:47:05.636 GMT|ClientHello.java:809|Consuming ClientHello handshake message (
"ClientHello": {
"client version" : "TLSv1.2",
"random" : "6F 21 74 06 C5 B9 C5 6F 23 11 AC A9 ED 46 BC 0B 95 B3 95 01 BA DC 40 58 90 F8 BC E1 65 3C A1 BC",
"session id" : "",
"cipher suites" : "[TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(0xC030), TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384(0xC02C), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384(0xC028), TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384(0xC024), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(0xC014), TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA(0xC00A), TLS_ECDH_anon_WITH_AES_256_CBC_SHA(0xC019), TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384(0xC032), TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384(0xC02E), TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384(0xC02A), TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384(0xC026), TLS_ECDH_RSA_WITH_AES_256_CBC_SHA(0xC00F), TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA(0xC005), TLS_RSA_WITH_AES_256_GCM_SHA384(0x009D), TLS_RSA_WITH_AES_256_CBC_SHA256(0x003D), TLS_RSA_WITH_AES_256_CBC_SHA(0x0035), TLS_RSA_WITH_CAMELLIA_256_CBC_SHA(0x0084), TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(0xC02F), TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(0xC02B), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256(0xC027), TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256(0xC023), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(0xC013), TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA(0xC009), TLS_ECDH_anon_WITH_AES_128_CBC_SHA(0xC018), TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256(0xC031), TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256(0xC02D), TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256(0xC029), TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256(0xC025), TLS_ECDH_RSA_WITH_AES_128_CBC_SHA(0xC00E), TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA(0xC004), TLS_RSA_WITH_AES_128_GCM_SHA256(0x009C), TLS_RSA_WITH_AES_128_CBC_SHA256(0x003C), TLS_RSA_WITH_AES_128_CBC_SHA(0x002F), TLS_RSA_WITH_SEED_CBC_SHA(0x0096), TLS_RSA_WITH_CAMELLIA_128_CBC_SHA(0x0041), SSL_RSA_WITH_IDEA_CBC_SHA(0x0007), TLS_ECDHE_RSA_WITH_RC4_128_SHA(0xC011), TLS_ECDHE_ECDSA_WITH_RC4_128_SHA(0xC007), TLS_ECDH_anon_WITH_RC4_128_SHA(0xC016), TLS_ECDH_RSA_WITH_RC4_128_SHA(0xC00C), TLS_ECDH_ECDSA_WITH_RC4_128_SHA(0xC002), SSL_RSA_WITH_RC4_128_SHA(0x0005), SSL_RSA_WITH_RC4_128_MD5(0x0004), TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA(0xC012), TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA(0xC008), TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA(0xC017), TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA(0xC00D), TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA(0xC003), SSL_RSA_WITH_3DES_EDE_CBC_SHA(0x000A), TLS_EMPTY_RENEGOTIATION_INFO_SCSV(0x00FF)]",
"compression methods" : "00",
"extensions" : [
"ec_point_formats (11)": {
"formats": [uncompressed, ansiX962_compressed_prime, ansiX962_compressed_char2]
},
"supported_groups (10)": {
"versions": [secp256r1, secp521r1, UNDEFINED-NAMED-GROUP(28), UNDEFINED-NAMED-GROUP(27), secp384r1, UNDEFINED-NAMED-GROUP(26), secp256k1]
},
"unknown extension (35)": {
},
"signature_algorithms (13)": {
"signature schemes": [rsa_pkcs1_sha512, dsa_sha512, ecdsa_secp512r1_sha512, rsa_pkcs1_sha384, dsa_sha384, ecdsa_secp384r1_sha384, rsa_pkcs1_sha256, dsa_sha256, ecdsa_secp256r1_sha256, rsa_sha224, dsa_sha224, ecdsa_sha224, rsa_pkcs1_sha1, dsa_sha1, ecdsa_sha1]
},
"unknown extension (15)": {
0000: 01 .
}
]
}
)
javax.net.ssl|DEBUG|18|qtp1289834245-24|2020-03-13 18:47:05.636 GMT|SSLExtensions.java:170|Ignore unavailable extension: supported_versions
javax.net.ssl|DEBUG|18|qtp1289834245-24|2020-03-13 18:47:05.636 GMT|ClientHello.java:839|Negotiated protocol version: TLSv1.2
javax.net.ssl|DEBUG|18|qtp1289834245-24|2020-03-13 18:47:05.636 GMT|SSLExtensions.java:170|Ignore unavailable extension: server_name
javax.net.ssl|DEBUG|18|qtp1289834245-24|2020-03-13 18:47:05.636 GMT|SSLExtensions.java:170|Ignore unavailable extension: max_fragment_length
javax.net.ssl|DEBUG|18|qtp1289834245-24|2020-03-13 18:47:05.636 GMT|SSLExtensions.java:170|Ignore unavailable extension: status_request
javax.net.ssl|DEBUG|18|qtp1289834245-24|2020-03-13 18:47:05.636 GMT|SSLExtensions.java:189|Consumed extension: supported_groups
javax.net.ssl|DEBUG|18|qtp1289834245-24|2020-03-13 18:47:05.636 GMT|SSLExtensions.java:189|Consumed extension: ec_point_formats
javax.net.ssl|DEBUG|18|qtp1289834245-24|2020-03-13 18:47:05.636 GMT|SSLExtensions.java:189|Consumed extension: signature_algorithms
javax.net.ssl|DEBUG|18|qtp1289834245-24|2020-03-13 18:47:05.636 GMT|SSLExtensions.java:170|Ignore unavailable extension: signature_algorithms_cert
javax.net.ssl|DEBUG|18|qtp1289834245-24|2020-03-13 18:47:05.636 GMT|SSLExtensions.java:170|Ignore unavailable extension: status_request_v2
javax.net.ssl|DEBUG|18|qtp1289834245-24|2020-03-13 18:47:05.636 GMT|SSLExtensions.java:170|Ignore unavailable extension: supported_versions
javax.net.ssl|DEBUG|18|qtp1289834245-24|2020-03-13 18:47:05.636 GMT|SSLExtensions.java:160|Ignore unsupported extension: cookie
javax.net.ssl|DEBUG|18|qtp1289834245-24|2020-03-13 18:47:05.636 GMT|SSLExtensions.java:160|Ignore unsupported extension: psk_key_exchange_modes
javax.net.ssl|DEBUG|18|qtp1289834245-24|2020-03-13 18:47:05.637 GMT|SSLExtensions.java:160|Ignore unsupported extension: key_share
javax.net.ssl|ALL|18|qtp1289834245-24|2020-03-13 18:47:05.637 GMT|RenegoInfoExtension.java:286|Safe renegotiation, using the SCSV signgling
javax.net.ssl|DEBUG|18|qtp1289834245-24|2020-03-13 18:47:05.637 GMT|SSLExtensions.java:160|Ignore unsupported extension: pre_shared_key
javax.net.ssl|DEBUG|18|qtp1289834245-24|2020-03-13 18:47:05.637 GMT|SSLExtensions.java:204|Ignore unavailable extension: server_name
javax.net.ssl|DEBUG|18|qtp1289834245-24|2020-03-13 18:47:05.637 GMT|SSLExtensions.java:204|Ignore unavailable extension: max_fragment_length
javax.net.ssl|DEBUG|18|qtp1289834245-24|2020-03-13 18:47:05.637 GMT|SSLExtensions.java:204|Ignore unavailable extension: status_request
javax.net.ssl|WARNING|18|qtp1289834245-24|2020-03-13 18:47:05.637 GMT|SSLExtensions.java:212|Ignore impact of unsupported extension: supported_groups
javax.net.ssl|WARNING|18|qtp1289834245-24|2020-03-13 18:47:05.637 GMT|SSLExtensions.java:212|Ignore impact of unsupported extension: ec_point_formats
javax.net.ssl|WARNING|18|qtp1289834245-24|2020-03-13 18:47:05.637 GMT|SignatureScheme.java:379|Unsupported signature scheme: dsa_sha512
javax.net.ssl|WARNING|18|qtp1289834245-24|2020-03-13 18:47:05.637 GMT|SignatureScheme.java:379|Unsupported signature scheme: dsa_sha384
javax.net.ssl|DEBUG|18|qtp1289834245-24|2020-03-13 18:47:05.637 GMT|SSLExtensions.java:221|Populated with extension: signature_algorithms
javax.net.ssl|DEBUG|18|qtp1289834245-24|2020-03-13 18:47:05.637 GMT|SSLExtensions.java:204|Ignore unavailable extension: signature_algorithms_cert
javax.net.ssl|DEBUG|18|qtp1289834245-24|2020-03-13 18:47:05.637 GMT|SSLExtensions.java:204|Ignore unavailable extension: application_layer_protocol_negotiation
javax.net.ssl|DEBUG|18|qtp1289834245-24|2020-03-13 18:47:05.637 GMT|SSLExtensions.java:204|Ignore unavailable extension: status_request_v2
javax.net.ssl|DEBUG|18|qtp1289834245-24|2020-03-13 18:47:05.637 GMT|SSLExtensions.java:204|Ignore unavailable extension: extended_master_secret
javax.net.ssl|DEBUG|18|qtp1289834245-24|2020-03-13 18:47:05.637 GMT|SSLExtensions.java:204|Ignore unavailable extension: supported_versions
javax.net.ssl|DEBUG|18|qtp1289834245-24|2020-03-13 18:47:05.637 GMT|SSLExtensions.java:204|Ignore unavailable extension: renegotiation_info
javax.net.ssl|ALL|18|qtp1289834245-24|2020-03-13 18:47:05.637 GMT|X509Authentication.java:243|No X.509 cert selected for EC
javax.net.ssl|ALL|18|qtp1289834245-24|2020-03-13 18:47:05.638 GMT|X509Authentication.java:243|No X.509 cert selected for EC
javax.net.ssl|DEBUG|18|qtp1289834245-24|2020-03-13 18:47:05.639 GMT|ServerHello.java:439|use cipher suite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
javax.net.ssl|DEBUG|18|qtp1289834245-24|2020-03-13 18:47:05.639 GMT|StatusResponseManager.java:763|Staping disabled or is a resumed session
javax.net.ssl|ALL|18|qtp1289834245-24|2020-03-13 18:47:05.639 GMT|ServerNameExtension.java:440|Ignore unavailable extension: server_name
javax.net.ssl|DEBUG|18|qtp1289834245-24|2020-03-13 18:47:05.639 GMT|SSLExtensions.java:257|Ignore, context unavailable extension: server_name
javax.net.ssl|ALL|18|qtp1289834245-24|2020-03-13 18:47:05.639 GMT|MaxFragExtension.java:296|Ignore unavailable max_fragment_length extension
javax.net.ssl|DEBUG|18|qtp1289834245-24|2020-03-13 18:47:05.639 GMT|SSLExtensions.java:257|Ignore, context unavailable extension: max_fragment_length
javax.net.ssl|DEBUG|18|qtp1289834245-24|2020-03-13 18:47:05.639 GMT|SSLExtensions.java:257|Ignore, context unavailable extension: status_request
javax.net.ssl|WARNING|18|qtp1289834245-24|2020-03-13 18:47:05.639 GMT|SSLExtensions.java:243|Ignore, no extension producer defined: ec_point_formats
javax.net.ssl|DEBUG|18|qtp1289834245-24|2020-03-13 18:47:05.639 GMT|AlpnExtension.java:365|Ignore unavailable extension: application_layer_protocol_negotiation
javax.net.ssl|DEBUG|18|qtp1289834245-24|2020-03-13 18:47:05.639 GMT|SSLExtensions.java:257|Ignore, context unavailable extension: application_layer_protocol_negotiation
javax.net.ssl|DEBUG|18|qtp1289834245-24|2020-03-13 18:47:05.639 GMT|SSLExtensions.java:257|Ignore, context unavailable extension: status_request_v2
javax.net.ssl|DEBUG|18|qtp1289834245-24|2020-03-13 18:47:05.639 GMT|SSLExtensions.java:257|Ignore, context unavailable extension: extended_master_secret
javax.net.ssl|DEBUG|18|qtp1289834245-24|2020-03-13 18:47:05.639 GMT|ServerHello.java:364|Produced ServerHello handshake message (
"ServerHello": {
"server version" : "TLSv1.2",
"random" : "F1 0F 0A AB AF 7A 6A 0C FA 2B CA E9 61 A7 76 3B 4E 0C BD 4D 01 34 65 93 44 4F 57 4E 47 52 44 01",
"session id" : "D9 7A 19 3D 0A C2 E2 F6 C1 11 AE 7D 6B AB AD 62 E4 48 9A 97 14 98 1F 1D 5C BB 1B 74 0F 86 12 26",
"cipher suite" : "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(0xC030)",
"compression methods" : "00",
"extensions" : [
"renegotiation_info (65,281)": {
"renegotiated connection": [<no renegotiated connection>]
}
]
}
)
javax.net.ssl|DEBUG|18|qtp1289834245-24|2020-03-13 18:47:05.641 GMT|CertificateMessage.java:262|Produced server Certificate handshake message (
"Certificates": [
"certificate" : {
"version" : "v3",
"serial number" : "40 BD AA C1 00 FE D8 DF CD 20 85 A5 34 18 1A 20",
"signature algorithm": "SHA256withRSA",
"issuer" : "C=US, O=Test Inc., OU=Certification Authority, CN=Test Server CA 1",
"not before" : "2020-03-02 22:23:20.000 GMT",
"not after" : "2022-04-01 22:23:20.000 GMT",
"subject" : "C=US, ST=California, O=Test Inc., OU=management:test.group.12345, CN=server1.Test.com",
"subject public key" : "RSA",
"extensions" : [
{
ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: caIssuers
accessLocation: URIName: http://certs.Test.com/Testcorpserverca1.der
,
accessMethod: ocsp
accessLocation: URIName: http://ocsp.Test.com/ocsp03-corpserverca104
]
]
},
{
ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: B6 23 B5 5A EB 7E EB B6 F3 28 1E 04 D0 AD 5C 93 .#.Z.....(....\.
0010: A9 A4 9A 6D ...m
]
]
},
{
ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:false
PathLen: undefined
]
},
{
ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl.Test.com/Testcorpserverca1.crl]
]]
},
{
ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [1.2.840.113635.100.5.15.2]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.2
qualifier: 0000: 30 81 97 0C 81 94 52 65 6C 69 61 6E 63 65 20 6F 0.....Reliance o
0010: 6E 20 74 68 69 73 20 63 65 72 74 69 66 69 63 61 n this certifica
0020: 74 65 20 62 79 20 61 6E 79 20 70 61 72 74 79 20 te by any party
0030: 61 73 73 75 6D 65 73 20 61 63 63 65 70 74 61 6E assumes acceptan
0040: 63 65 20 6F 66 20 61 6E 79 20 61 70 70 6C 69 63 ce of any applic
0050: 61 62 6C 65 20 74 65 72 6D 73 20 61 6E 64 20 63 able terms and c
0060: 6F 6E 64 69 74 69 6F 6E 73 20 6F 66 20 75 73 65 onditions of use
0070: 20 61 6E 64 2F 6F 72 20 63 65 72 74 69 66 69 63 and/or certific
0080: 61 74 69 6F 6E 20 70 72 61 63 74 69 63 65 20 73 ation practice s
0090: 74 61 74 65 6D 65 6E 74 73 2E tatements.
], PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 3D 68 74 74 70 73 3A 2F 2F 63 65 72 74 69 66 .=https://certif
0010: 69 63 61 74 65 6D 61 6E 61 67 65 72 2E 61 70 70 icatemanager.app
0020: 6C 65 2E 63 6F 6D 2F 23 68 65 6C 70 2F 70 6F 6C le.com/#help/pol
0030: 69 63 69 65 73 2F 63 6F 72 70 6F 72 61 74 65 icies/
]] ]
]
},
{
ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
]
},
{
ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_Encipherment
]
},
{
ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
DNSName: server1.Test.com
DNSName: server1.Test.com
DNSName: server1.Test.com
]
},
{
ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 8C 6F 4B 26 08 74 ED 93 40 5C 04 37 89 EE 12 FE .oK&.t..@\.7....
0010: 0F 6F 93 CA .o..
]
]
}
]},
"certificate" : {
"version" : "v3",
"serial number" : "0D 5D DF 69 27 9B 23 11",
"signature algorithm": "SHA256withRSA",
"issuer" : "C=US, O=Test Inc., OU=Certification Authority, CN=Test Root CA",
"not before" : "2014-03-26 16:53:37.000 GMT",
"not after" : "2029-03-26 16:53:37.000 GMT",
"subject" : "C=US, O=Test Inc., OU=Certification Authority, CN=Test Server CA 1",
"subject public key" : "RSA",
"extensions" : [
{
ObjectId: 1.2.840.113635.100.6.24.4 Criticality=false
},
{
ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: ocsp
accessLocation: URIName: http://ocsp.Test.com/ocsp04-corproot
]
]
},
{
ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 35 20 26 CE 85 BE 49 26 20 01 DD C8 EE FF 3D 68 5 &...I& .....=h
0010: C8 D0 DF F5 ....
]
]
},
{
ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
]
},
{
ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl.Test.com/corproot.crl]
]]
},
{
ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
]
},
{
ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: B6 23 B5 5A EB 7E EB B6 F3 28 1E 04 D0 AD 5C 93 .#.Z.....(....\.
0010: A9 A4 9A 6D ...m
]
]
}
]},
"certificate" : {
"version" : "v3",
"serial number" : "14 99 6B 4A 6A E4 40 A0",
"signature algorithm": "SHA256withRSA",
"issuer" : "C=US, O=Test Inc., OU=Certification Authority, CN=Test Root CA",
"not before" : "2013-07-16 19:20:45.000 GMT",
"not after" : "2029-07-17 19:20:45.000 GMT",
"subject" : "C=US, O=Test Inc., OU=Certification Authority, CN=Test Root CA",
"subject public key" : "RSA",
"extensions" : [
{
ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 35 20 26 CE 85 BE 49 26 20 01 DD C8 EE FF 3D 68 5 &...I& .....=h
0010: C8 D0 DF F5 ....
]
]
},
{
ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
]
},
{
ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
]
},
{
ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 35 20 26 CE 85 BE 49 26 20 01 DD C8 EE FF 3D 68 5 &...I& .....=h
0010: C8 D0 DF F5 ....
]
]
}
]}
]
)
javax.net.ssl|DEBUG|18|qtp1289834245-24|2020-03-13 18:47:05.643 GMT|ECDHServerKeyExchange.java:502|Produced ECDH ServerKeyExchange handshake message (
"ECDH ServerKeyExchange": {
"parameters": {
"named group": "secp256r1"
"ecdh public": {
0000: 04 4D 1A C5 32 D7 49 6A 9B DF FE 52 B7 53 EC A5 .M..2.Ij...R.S..
0010: 64 26 24 6A 32 40 8E 5A 83 7B 54 CE E7 11 43 8F d&$j2@.Z..T...C.
0020: 75 98 8B F0 97 D8 0C B6 A7 7C CE 90 9A 03 D0 30 u..............0
0030: 15 F7 B1 C6 6B E7 1C D5 31 DD D2 01 1E A4 6E E8 ....k...1.....n.
0040: BC .
},
},
"digital signature": {
"signature algorithm": "rsa_pkcs1_sha512"
"signature": {
0000: 58 56 CF 3C 3C 25 3F E6 E0 FB 3F 36 1F 75 43 B6 XV.<<%?...?6.uC.
0010: CF 61 65 2D C5 3C 92 0C AB 7B 78 AF F0 87 2A 1E .ae-.<....x...*.
0020: 77 14 2D 52 F9 2C 56 E1 D4 27 F7 C2 48 EF 6D C3 w.-R.,V..'..H.m.
0030: C2 F6 98 BE 30 8B 60 62 ED 0B 4B 1B 71 B7 CF 46 ....0.`b..K.q..F
0040: DF 0D 5F 13 85 46 57 32 B8 BE 26 E0 CB BC B7 26 .._..FW2..&....&
0050: 05 13 4E 85 41 8C B6 78 38 74 39 AC A2 0A 16 5E ..N.A..x8t9....^
0060: D9 D4 88 BE 92 9A E5 B9 38 97 E8 F9 06 56 3C 55 ........8....V<U
0070: 11 07 06 88 1B B6 8C C5 AE E3 E0 1C 32 19 43 50 ............2.CP
0080: 55 CA 54 40 C6 F0 AE 72 DE FE 99 1E 54 16 05 48 U.T@...r....T..H
0090: 3A 4D 8C FD 52 34 81 50 0A 38 39 BF 51 62 90 A8 :M..R4.P.89.Qb..
00A0: 99 9D FD 5E EB 6F 10 21 07 69 4E DC 4A C9 BE 36 ...^.o.!.iN.J..6
00B0: C0 E2 27 75 9E 88 61 B5 67 38 75 5F DA C8 9C 5A ..'u..a.g8u_...Z
00C0: 11 DB 29 58 78 F9 DB C1 93 C8 DC FE BF 95 7E 0F ..)Xx...........
00D0: CD C9 4A 2B CF 99 F5 75 64 A9 42 C1 EA B6 AB 92 ..J+...ud.B.....
00E0: 1E 5C 07 B2 D8 90 78 CF D0 86 78 F0 59 8E F9 BE .\....x...x.Y...
00F0: C2 9E B9 56 76 37 21 15 F1 0E EC F3 BB 1F 86 07 ...Vv7!.........
},
}
}
)
javax.net.ssl|DEBUG|18|qtp1289834245-24|2020-03-13 18:47:05.644 GMT|CertificateRequest.java:619|Produced CertificateRequest handshake message (
"CertificateRequest": {
"certificate types": [ecdsa_sign, rsa_sign, dss_sign]
"supported signature algorithms": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp512r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha224, rsa_sha224, dsa_sha224, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1]
"certificate authorities": [CN=Hongkong Post Root CA 1, CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US, C=ES, O=EDICOM, OU=PKI, CN=ACEDICOM Root, ....]
}
)
javax.net.ssl|DEBUG|18|qtp1289834245-24|2020-03-13 18:47:05.645 GMT|ServerHelloDone.java:97|Produced ServerHelloDone handshake message (
<empty>
)
javax.net.ssl|ALL|2C|Connector-Scheduler-15d0849-1|2020-03-13 18:47:06.675 GMT|SSLEngineImpl.java:739|Closing outbound of SSLEngine
У меня нет ни одного чипер настроен в опоре. Как я могу сортировать это дальше?