В настоящее время я использую встроенный MQTT-брокер (moquette) в приложении android, когда при использовании TLS возникла ошибка: SSLHandshakeException: удаленное соединение закрыло соединение во время рукопожатия. Не знаю в чем проблема.
Код клиента:
KeyStore caKs = KeyStore.getInstance(KeyStore.getDefaultType());
caKs.load(null, null);
caKs.setCertificateEntry("ca-certificate", caCert);
TrustManagerFactory tmf = TrustManagerFactory.getInstance("X509");
tmf.init(caKs);
// client key and certificates are sent to server so it can authenticate
// us
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(null, null);
ks.setCertificateEntry("certificate", cert);
ks.setKeyEntry("private-key", key.getPrivate(), password.toCharArray(),
new java.security.cert.Certificate[] { cert });
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory
.getDefaultAlgorithm());
kmf.init(ks, password.toCharArray());
// finally, create SSL socket factory
SSLContext context = SSLContext.getInstance("TLSv1.2");
context.init(kmf.getKeyManagers(), tmf.getTrustManagers(), new SecureRandom());
return context.getSocketFactory();
Код сервера:
// Init keystore for KeyManagerFactory
KeyStore ks = KeyStore.getInstance("pkcs12");
ks.load(null, null);
ks.setKeyEntry("server", privateKeyEntry.getPrivateKey(), password, privateKeyEntry.getCertificateChain());
// Init KeyManagerFactory
final KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(ks, password);
// Init keystore for TrustManagerFactory
KeyStore ks2 = KeyStore.getInstance("pkcs12");
ks2.load(null, null);
ks2.setCertificateEntry("ca", keyStore.getCertificate("ca_cert"));
// Init TrustManagerFactory
final TrustManagerFactory my_trust_manager = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
my_trust_manager.init(ks2);
// Init default trust manager
X509TrustManager myTm = null;
for (TrustManager tm : my_trust_manager.getTrustManagers()) {
if (tm instanceof X509TrustManager) {
myTm = (X509TrustManager) tm;
break;
}
}
final X509TrustManager finalMyTm = myTm;
// Init add our custom ca certificate to default trust manager
X509TrustManager customTrust = new X509TrustManager() {
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
if(finalMyTm == null){
throw new CertificateException("Trust manager could not be loades");
}
finalMyTm.checkClientTrusted(chain, authType); // setPresentedCertByClient(chain[0]);
}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
if(finalMyTm == null){
throw new CertificateException("Trust manager could not be loades");
}
finalMyTm.checkServerTrusted(chain, authType);
}
@Override
public X509Certificate[] getAcceptedIssuers() {
if(finalMyTm == null){
return null;
}
return finalMyTm.getAcceptedIssuers();
}
};
SSLContext serverContext = SSLContext.getInstance("TLSv1.2");
serverContext.init(kmf.getKeyManagers(), new TrustManager[]{ customTrust } , new SecureRandom());
Трассировка стека TLS (это сообщение было слишком большим, поэтому я удалил часть хешированного текста)
found key for : private-key
chain [0] = [
[
Version: V1
Subject: CN=cliente externo, OU=lsdi, O=ufma, L=slz, ST=ma, C=br
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 2048 bits
modulus: 29117495739230712393462545551735561211933494734166812671336243903431145258876257112878861065792592013047750043602236523431977238494810101
public exponent: 65537
Validity: [From: Tue Feb 18 13:34:02 BRT 2020,
To: Fri Jul 02 13:34:02 BRT 2021]
Issuer: CN=ca-lsdi, OU=lsdi, O=ufma, L=slz, ST=ma, C=br
SerialNumber: [ 7e214139 cce17338 c6b7cfa2 32af30b0 924c7314]
]
Algorithm: [SHA256withRSA]
Signature:
0000: 62 EF 81 DE 0A 14 F5 69 19 ED 95 78 63 8D AC 56 b......i...xc..V
0010: F4 69 B6 0A 0A 96 51 92 60 B3 37 7C 96 BB EA 4A .i....Q.`.7....J
01D0: 07 4A 89 2C A1 00 B1 0E 06 13 01 1D C5 3E 63 C7 .J.,.........>c.
01E0: BE 7B C4 06 28 4D 3A EF 3D 83 97 28 B2 04 B6 C6 ....(M:.=..(....
01F0: 40 02 AD 9B AF AA 69 C9 79 39 F1 6D 8D DF 36 8F @.....i.y9.m..6.
]
***
System property jdk.tls.client.cipherSuites is set to 'null'
System property jdk.tls.server.cipherSuites is set to 'null'
Ignoring disabled cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA
Ignoring disabled cipher suite: SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
trigger seeding of SecureRandom
done seeding SecureRandom
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
MQTT Con: cliente-externo, setSoTimeout(1000) called
MQTT Con: cliente-externo, setSoTimeout(30000) called
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1.1
%% No cached client session
update handshake state: client_hello[1]
upcoming handshake states: server_hello[2]
*** ClientHello, TLSv1.2
RandomCookie: GMT: 1582047780 bytes = { 245, 163, 31, 239, 231, 60, 152, 22, 139, 178, 73, 104, 240, 163, 5, 191, 10, 70, 133, 99, 42, 216, 143, 188, 167, 242, 109, 110 }
Session ID: {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA224withECDSA, SHA224withRSA, SHA224withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA
Extension extended_master_secret
Extension server_name, server_name: [type=host_name (0), value=192.168.10.31]
***
[write] MD5 and SHA1 hashes: len = 207
0000: 01 00 00 CB 03 03 5E 4C 22 24 F5 A3 1F EF E7 3C ......^L"$.....<
0010: 98 16 8B B2 49 68 F0 A3 05 BF 0A 46 85 63 2A D8 ....Ih.....F.c*.
0090: 0B 00 02 01 00 00 0D 00 1C 00 1A 06 03 06 01 05 ................
00A0: 03 05 01 04 03 04 01 04 02 03 03 03 01 03 02 02 ................
00B0: 03 02 01 02 02 00 17 00 00 00 00 00 12 00 10 00 ................
00C0: 00 0D 31 39 32 2E 31 36 38 2E 31 30 2E 33 31 ..192.168.10.31
MQTT Con: cliente-externo, WRITE: TLSv1.2 Handshake, length = 207
[Raw write]: length = 212
0000: 16 03 03 00 CF 01 00 00 CB 03 03 5E 4C 22 24 F5 ...........^L"$.
0010: A3 1F EF E7 3C 98 16 8B B2 49 68 F0 A3 05 BF 0A ....<....Ih.....
00C0: 00 12 00 10 00 00 0D 31 39 32 2E 31 36 38 2E 31 .......192.168.1
00D0: 30 2E 33 31 0.31
[Raw read]: length = 5
0000: 16 03 03 00 5B ....[
[Raw read]: length = 91
0000: 02 00 00 57 03 03 5E 4C 22 24 60 CC 27 59 EA 1A ...W..^L"$`.'Y..
0010: 5A 56 E7 C4 21 B9 6D BF 1C 4D BF B8 BC 68 48 BD ZV..!.m..M...hH.
0020: 53 4E CA 94 DC 39 20 01 29 1D F9 99 AB 44 03 31 SN...9 .)....D.1
0030: 5C 15 9E D6 2E 9C A3 BA FB 63 97 7A AB 78 03 47 \........c.z.x.G
0040: D5 26 C9 FF 26 CF E7 C0 2F 00 00 0F FF 01 00 01 .&..&.../.......
0050: 00 00 17 00 00 00 0B 00 02 01 00 ...........
MQTT Con: cliente-externo, READ: TLSv1.2 Handshake, length = 91
check handshake state: server_hello[2]
*** ServerHello, TLSv1.2
RandomCookie: GMT: 1582047780 bytes = { 96, 204, 39, 89, 234, 26, 90, 86, 231, 196, 33, 185, 109, 191, 28, 77, 191, 184, 188, 104, 72, 189, 83, 78, 202, 148, 220, 57 }
Session ID: {1, 41, 29, 249, 153, 171, 68, 3, 49, 92, 21, 158, 214, 46, 156, 163, 186, 251, 99, 151, 122, 171, 120, 3, 71, 213, 38, 201, 255, 38, 207, 231}
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
Extension extended_master_secret
Extension ec_point_formats, formats: [uncompressed]
***
%% Initialized: [Session-1, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]
** TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
update handshake state: server_hello[2]
upcoming handshake states: server certificate[11]
upcoming handshake states: server_key_exchange[12](optional)
upcoming handshake states: certificate_request[13](optional)
upcoming handshake states: server_hello_done[14]
upcoming handshake states: client certificate[11](optional)
upcoming handshake states: client_key_exchange[16]
upcoming handshake states: certificate_verify[15](optional)
upcoming handshake states: client change_cipher_spec[-1]
upcoming handshake states: client finished[20]
upcoming handshake states: server change_cipher_spec[-1]
upcoming handshake states: server finished[20]
[read] MD5 and SHA1 hashes: len = 91
0000: 02 00 00 57 03 03 5E 4C 22 24 60 CC 27 59 EA 1A ...W..^L"$`.'Y..
0050: 00 00 17 00 00 00 0B 00 02 01 00 ...........
[Raw read]: length = 5
0000: 16 03 03 09 BA .....
[Raw read]: length = 2490
0000: 0B 00 09 B6 00 09 B3 00 04 18 30 82 04 14 30 82 ..........0...0.
09B0: 21 E0 D1 BA E8 0B 2F 00 13 A7 !...../...
MQTT Con: cliente-externo, READ: TLSv1.2 Handshake, length = 2490
check handshake state: certificate[11]
update handshake state: certificate[11]
upcoming handshake states: server_key_exchange[12](optional)
upcoming handshake states: certificate_request[13](optional)
upcoming handshake states: server_hello_done[14]
upcoming handshake states: client certificate[11](optional)
upcoming handshake states: client_key_exchange[16]
upcoming handshake states: certificate_verify[15](optional)
upcoming handshake states: client change_cipher_spec[-1]
upcoming handshake states: client finished[20]
upcoming handshake states: server change_cipher_spec[-1]
upcoming handshake states: server finished[20]
*** Certificate chain
chain [0] = [
[
Version: V1
Subject: O=ufma, OU=lsdi, CN=teste-broker
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 2048 bits
modulus: 2335107480292160968310434273785959653293337137696961927189611358367649135551602079910761188194610032565284442249233070117357717769818931826728385338093819514455862844510360973522689631527998983020876908198564333611187272615053634929743330568957072968095163358848690623133698841698192340591145591011187277450657863346759764682003070406398315646178183577605003305459876639276941
public exponent: 65537
Validity: [From: Mon Feb 17 16:09:13 BRT 2020,
To: Thu Jul 01 16:09:13 BRT 2021]
Issuer: CN=ca-lsdi, OU=lsdi, O=ufma, L=slz, ST=ma, C=br
SerialNumber: [ 7e214139 cce17338 c6b7cfa2 32af30b0 924c7313]
]
Algorithm: [SHA256withRSA]
Signature:
0000: 65 2F A0 95 8E 0C 9C 49 13 AD 88 59 B3 5D FA 34 e/.....I...Y.].4
0010: 86 D5 92 AF 1E 3E 47 69 54 01 98 AC 3C E9 CC C6 .....>GiT...<...
01F0: C1 F0 74 2F BB 0E 14 0E A2 45 23 49 49 18 80 5E ..t/.....E#II..^
]
chain [1] = [
[
Version: V3
Subject: CN=ca-lsdi, OU=lsdi, O=ufma, L=slz, ST=ma, C=br
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 4096 bits
modulus: 772853948839620394007937584067274558772670023513673934546662003074505129241495814287658883757532795304104808275462124709720251807658975041930997119386033032131175810029254024239215608741630848531376074569611382121213578208607457084141927155989120935929911184052237201151958782852975039535374209703169314321090438761277978261732659014804782080053331262633085691671864411
public exponent: 65537
Validity: [From: Mon Feb 17 15:36:57 BRT 2020,
To: Wed Dec 07 15:36:57 BRT 2022]
Issuer: CN=ca-lsdi, OU=lsdi, O=ufma, L=slz, ST=ma, C=br
SerialNumber: [ 21859667 17017143 51dec5a8 2b9ab4eb 2353fcd0]
Certificate Extensions: 3
[1]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 2C B0 C9 D6 EC D2 54 E1 4B AE 09 32 57 61 1A 79 ,.....T.K..2Wa.y
0010: 84 77 18 8C .w..
]
]
[2]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
]
[3]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 2C B0 C9 D6 EC D2 54 E1 4B AE 09 32 57 61 1A 79 ,.....T.K..2Wa.y
0010: 84 77 18 8C .w..
]
]
]
Algorithm: [SHA256withRSA]
Signature:
0000: 0A 02 67 27 BD D6 16 2F FD 50 91 95 57 6E FE F2 ..g'.../.P..Wn..
01F0: 79 79 C5 50 08 AD 21 E0 D1 BA E8 0B 2F 00 13 A7 yy.P..!...../...
]
***
Found trusted certificate:
[
[
Version: V3
Subject: CN=ca-lsdi, OU=lsdi, O=ufma, L=slz, ST=ma, C=br
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 4096 bits
modulus: 772853948839620394007937584067274558772670023513673934546662003074505129241495814287658883757532795304104808275462124709720251807658975041930997119386033032131175810029254024239215608741630848374209703169314321090438761277978261732659014804782080053331262633085691671864411
public exponent: 65537
Validity: [From: Mon Feb 17 15:36:57 BRT 2020,
To: Wed Dec 07 15:36:57 BRT 2022]
Issuer: CN=ca-lsdi, OU=lsdi, O=ufma, L=slz, ST=ma, C=br
SerialNumber: [ 21859667 17017143 51dec5a8 2b9ab4eb 2353fcd0]
Certificate Extensions: 3
[1]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 2C B0 C9 D6 EC D2 54 E1 4B AE 09 32 57 61 1A 79 ,.....T.K..2Wa.y
0010: 84 77 18 8C .w..
]
]
[2]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
]
[3]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 2C B0 C9 D6 EC D2 54 E1 4B AE 09 32 57 61 1A 79 ,.....T.K..2Wa.y
0010: 84 77 18 8C .w..
]
]
]
Algorithm: [SHA256withRSA]
Signature:
0000: 0A 02 67 27 BD D6 16 2F FD 50 91 95 57 6E FE F2 ..g'.../.P..Wn..
01E0: 42 E9 8E 54 6C 8B 93 54 4E D0 79 8C 28 7D 33 2D B..Tl..TN.y.(.3-
01F0: 79 79 C5 50 08 AD 21 E0 D1 BA E8 0B 2F 00 13 A7 yy.P..!...../...
]
[read] MD5 and SHA1 hashes: len = 2490
0000: 0B 00 09 B6 00 09 B3 00 04 18 30 82 04 14 30 82 ..........0...0.
0010: 01 FC 02 14 7E 21 41 39 CC E1 73 38 C6 B7 CF A2 .....!A9..s8....
09A0: 93 54 4E D0 79 8C 28 7D 33 2D 79 79 C5 50 08 AD .TN.y.(.3-yy.P..
09B0: 21 E0 D1 BA E8 0B 2F 00 13 A7 !...../...
[Raw read]: length = 5
0000: 16 03 03 01 4D ....M
[Raw read]: length = 333
0000: 0C 00 01 49 03 00 17 41 04 8B 76 49 99 FE 2F C1 ...I...A..vI../.
0110: DD A9 25 3E AF DC 47 B0 8F 24 5C 97 7D 7E E0 ED ..%>..G..$\.....
0120: 54 AB 36 66 79 1E 5C 50 65 B2 56 AF 2E 65 10 5F T.6fy.\Pe.V..e._
0130: 1B 4C 7B 4D 46 E9 74 CF B9 32 6B 5D F8 4C B6 58 .L.MF.t..2k].L.X
0140: CB 02 6B 17 EB 40 FF ED C5 20 75 9B 0D ..k..@... u..
MQTT Con: cliente-externo, READ: TLSv1.2 Handshake, length = 333
check handshake state: server_key_exchange[12]
update handshake state: server_key_exchange[12]
upcoming handshake states: certificate_request[13](optional)
upcoming handshake states: server_hello_done[14]
upcoming handshake states: client certificate[11](optional)
upcoming handshake states: client_key_exchange[16]
upcoming handshake states: certificate_verify[15](optional)
upcoming handshake states: client change_cipher_spec[-1]
upcoming handshake states: client finished[20]
upcoming handshake states: server change_cipher_spec[-1]
upcoming handshake states: server finished[20]
*** ECDH ServerKeyExchange
Signature Algorithm SHA256withRSA
Server key: Sun EC public key, 256 bits
public x coord: 63080481885842000889869033933951908473524368433833255089908062798703700253318
public y coord: 17031529858475965704322672986593754958216956478134681632478893295611510883286
parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7)
[read] MD5 and SHA1 hashes: len = 333
0000: 0C 00 01 49 03 00 17 41 04 8B 76 49 99 FE 2F C1 ...I...A..vI../.
0010: 8A 5B 3C E0 04 52 68 BF F7 9B 21 C0 58 BA AE 0C .[<..Rh...!.X...
0020: C3 36 B5 AF CF 3D B8 9A 86 25 A7 81 19 11 16 DE .6...=...%......
00F0: B9 37 23 CD 44 32 A1 8C AD 98 D1 03 95 AC B2 8C .7#.D2..........
0100: 17 22 4F 86 C5 0C 31 A0 E1 48 CC 39 4E 2C 64 F9 ."O...1..H.9N,d.
0110: DD A9 25 3E AF DC 47 B0 8F 24 5C 97 7D 7E E0 ED ..%>..G..$\.....
0120: 54 AB 36 66 79 1E 5C 50 65 B2 56 AF 2E 65 10 5F T.6fy.\Pe.V..e._
0130: 1B 4C 7B 4D 46 E9 74 CF B9 32 6B 5D F8 4C B6 58 .L.MF.t..2k].L.X
0140: CB 02 6B 17 EB 40 FF ED C5 20 75 9B 0D ..k..@... u..
[Raw read]: length = 5
0000: 16 03 03 00 75 ....u
[Raw read]: length = 117
0000: 0D 00 00 71 02 01 40 00 0E 04 03 04 01 05 03 05 ...q..@.........
0060: 73 64 69 31 10 30 0E 06 03 55 04 03 0C 07 63 61 sdi1.0...U....ca
0070: 2D 6C 73 64 69 -lsdi
MQTT Con: cliente-externo, READ: TLSv1.2 Handshake, length = 117
check handshake state: unknown[13]
*** CertificateRequest
Cert Types: RSA, ECDSA
Supported Signature Algorithms: SHA256withECDSA, SHA256withRSA, SHA384withECDSA, SHA384withRSA, SHA512withECDSA, SHA512withRSA, SHA1withRSA
Cert Authorities:
<CN=ca-lsdi, OU=lsdi, O=ufma, L=slz, ST=ma, C=br>
update handshake state: unknown[13]
upcoming handshake states: server_hello_done[14]
upcoming handshake states: client certificate[11](optional)
upcoming handshake states: client_key_exchange[16]
upcoming handshake states: certificate_verify[15](optional)
upcoming handshake states: client change_cipher_spec[-1]
upcoming handshake states: client finished[20]
upcoming handshake states: server change_cipher_spec[-1]
upcoming handshake states: server finished[20]
[read] MD5 and SHA1 hashes: len = 117
0000: 0D 00 00 71 02 01 40 00 0E 04 03 04 01 05 03 05 ...q..@.........
0070: 2D 6C 73 64 69 -lsdi
[Raw read]: length = 5
0000: 16 03 03 00 04 .....
[Raw read]: length = 4
0000: 0E 00 00 00 ....
MQTT Con: cliente-externo, READ: TLSv1.2 Handshake, length = 4
check handshake state: server_hello_done[14]
update handshake state: server_hello_done[14]
upcoming handshake states: client certificate[11](optional)
upcoming handshake states: client_key_exchange[16]
upcoming handshake states: certificate_verify[15](optional)
upcoming handshake states: client change_cipher_spec[-1]
upcoming handshake states: client finished[20]
upcoming handshake states: server change_cipher_spec[-1]
upcoming handshake states: server finished[20]
*** ServerHelloDone
[read] MD5 and SHA1 hashes: len = 4
0000: 0E 00 00 00 ....
matching alias: private-key
*** Certificate chain
chain [0] = [
[
Version: V1
Subject: CN=cliente externo, OU=lsdi, O=ufma, L=slz, ST=ma, C=br
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 2048 bits
modulus: 29117495739230712393462545551735561211933494734166812671336243903431145258876257112878861065792592013047750043602236523431977238494810101
public exponent: 65537
Validity: [From: Tue Feb 18 13:34:02 BRT 2020,
To: Fri Jul 02 13:34:02 BRT 2021]
Issuer: CN=ca-lsdi, OU=lsdi, O=ufma, L=slz, ST=ma, C=br
SerialNumber: [ 7e214139 cce17338 c6b7cfa2 32af30b0 924c7314]
]
Algorithm: [SHA256withRSA]
Signature:
0000: 62 EF 81 DE 0A 14 F5 69 19 ED 95 78 63 8D AC 56 b......i...xc..V
01F0: 40 02 AD 9B AF AA 69 C9 79 39 F1 6D 8D DF 36 8F @.....i.y9.m..6.
]
***
update handshake state: certificate[11]
upcoming handshake states: client_key_exchange[16]
upcoming handshake states: certificate_verify[15](optional)
upcoming handshake states: client change_cipher_spec[-1]
upcoming handshake states: client finished[20]
upcoming handshake states: server change_cipher_spec[-1]
upcoming handshake states: server finished[20]
*** ECDHClientKeyExchange
ECDH Public value: { 4, 94, 235, 42, 233, 136, 53, 73, 225, 77, 100, 199, 35, 212, 237, 86, 249, 17, 121, 241, 94, 142, 115, 7, 27, 247, 14, 101, 41, 47, 130, 205, 216, 112, 133, 37, 136, 170, 30, 214, 138, 58, 47, 77, 140, 106, 247, 114, 182, 211, 202, 113, 52, 98, 21, 200, 242, 97, 84, 8, 156, 203, 60, 10, 160 }
update handshake state: client_key_exchange[16]
upcoming handshake states: certificate_verify[15](optional)
upcoming handshake states: client change_cipher_spec[-1]
upcoming handshake states: client finished[20]
upcoming handshake states: server change_cipher_spec[-1]
upcoming handshake states: server finished[20]
[write] MD5 and SHA1 hashes: len = 1171
0000: 0B 00 04 49 00 04 46 00 04 43 30 82 04 3F 30 82 ...I..F..C0..?0.
0400: 67 23 3F 48 AF A1 D5 97 F9 81 D4 60 46 C9 E0 E8 g#?H.......`F...
0410: 5B 46 CD 36 DC D2 10 C4 67 E9 60 B8 A2 07 4A 89 [F.6....g.`...J.
0420: 2C A1 00 B1 0E 06 13 01 1D C5 3E 63 C7 BE 7B C4 ,.........>c....
0430: 06 28 4D 3A EF 3D 83 97 28 B2 04 B6 C6 40 02 AD .(M:.=..(....@..
0440: 9B AF AA 69 C9 79 39 F1 6D 8D DF 36 8F 10 00 00 ...i.y9.m..6....
0450: 42 41 04 5E EB 2A E9 88 35 49 E1 4D 64 C7 23 D4 BA.^.*..5I.Md.#.
0460: ED 56 F9 11 79 F1 5E 8E 73 07 1B F7 0E 65 29 2F .V..y.^.s....e)/
0470: 82 CD D8 70 85 25 88 AA 1E D6 8A 3A 2F 4D 8C 6A ...p.%.....:/M.j
0480: F7 72 B6 D3 CA 71 34 62 15 C8 F2 61 54 08 9C CB .r...q4b...aT...
0490: 3C 0A A0 <..
MQTT Con: cliente-externo, WRITE: TLSv1.2 Handshake, length = 1171
[Raw write]: length = 1176
0000: 16 03 03 04 93 0B 00 04 49 00 04 46 00 04 43 30 ........I..F..C0
0010: 82 04 3F 30 82 02 27 02 14 7E 21 41 39 CC E1 73 ..?0..'...!A9..s
0460: 4D 64 C7 23 D4 ED 56 F9 11 79 F1 5E 8E 73 07 1B Md.#..V..y.^.s..
0470: F7 0E 65 29 2F 82 CD D8 70 85 25 88 AA 1E D6 8A ..e)/...p.%.....
0480: 3A 2F 4D 8C 6A F7 72 B6 D3 CA 71 34 62 15 C8 F2 :/M.j.r...q4b...
0490: 61 54 08 9C CB 3C 0A A0 aT...<..
SESSION KEYGEN:
PreMaster Secret:
0000: 7E FD FD 6B 34 4A 99 23 21 CE 05 A7 B7 34 93 99 ...k4J.#!....4..
0010: 40 DE 5C 33 4E 69 1B E9 A2 5B 4B 7E DA 9D 7D BA @.\3Ni...[K.....
CONNECTION KEYGEN:
Client Nonce:
0000: 5E 4C 22 24 F5 A3 1F EF E7 3C 98 16 8B B2 49 68 ^L"$.....<....Ih
0010: F0 A3 05 BF 0A 46 85 63 2A D8 8F BC A7 F2 6D 6E .....F.c*.....mn
Server Nonce:
0000: 5E 4C 22 24 60 CC 27 59 EA 1A 5A 56 E7 C4 21 B9 ^L"$`.'Y..ZV..!.
0010: 6D BF 1C 4D BF B8 BC 68 48 BD 53 4E CA 94 DC 39 m..M...hH.SN...9
Master Secret:
0000: 5B E3 43 29 72 8D CB B3 6C 12 E7 0B 2F 86 67 8F [.C)r...l.../.g.
0010: 0C B6 E8 42 F7 04 BE 9E 6B 04 E7 2B 48 94 4F C2 ...B....k..+H.O.
0020: 13 D9 43 E8 31 CC 49 22 E7 C3 DB E8 8C B3 F6 77 ..C.1.I".......w
... no MAC keys used for this cipher
Client write key:
0000: 90 47 68 C8 F8 33 84 1C C7 7D C3 8E E6 61 7C F0 .Gh..3.......a..
Server write key:
0000: 20 4A BB DA 26 AF 4F CF C1 5B 93 A1 83 AC 30 9B J..&.O..[....0.
Client write IV:
0000: 4D 00 49 7B M.I.
Server write IV:
0000: 45 A5 2F A4 E./.
*** CertificateVerify
Signature Algorithm SHA256withRSA
update handshake state: certificate_verify[15]
upcoming handshake states: client change_cipher_spec[-1]
upcoming handshake states: client finished[20]
upcoming handshake states: server change_cipher_spec[-1]
upcoming handshake states: server finished[20]
[write] MD5 and SHA1 hashes: len = 264
0000: 0F 00 01 04 04 01 01 00 86 1C CB D6 60 5B 8C 4A ............`[.J
0010: 20 B5 24 FD 40 89 12 DF C4 47 27 5D 8E AE CC 82 .$.@....G']....
0020: 29 52 00 F5 E0 9F AB A0 DE 41 1D C5 D1 71 98 56 )R.......A...q.V
00D0: 04 14 8B F7 3D 5C 47 20 41 42 41 5E 5C 6E 8D D7 ....=\G ABA^\n..
00E0: C7 B0 35 6D FD 9F 72 11 9F EB D8 9C 8C 83 24 31 ..5m..r.......$1
00F0: 5B E0 23 81 D2 E5 5F 5F 6A 3E B9 88 C4 83 15 7E [.#...__j>......
0100: 11 14 83 F1 DD 9C D9 C3 ........
MQTT Con: cliente-externo, WRITE: TLSv1.2 Handshake, length = 264
MQTT Con: cliente-externo, waiting for close_notify or alert: state 1
MQTT Con: cliente-externo, received EOFException: error
MQTT Con: cliente-externo, Exception while waiting for close javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
MQTT Con: cliente-externo, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
%% Invalidated: [Session-1, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]
MQTT Con: cliente-externo, SEND TLSv1.2 ALERT: fatal, description = handshake_failure
MQTT Con: cliente-externo, WRITE: TLSv1.2 Alert, length = 2
MQTT Con: cliente-externo, Exception sending alert: java.net.SocketException: Broken pipe (Write failed)
MQTT Con: cliente-externo, called closeSocket()
MQTT Con: cliente-externo, called close()
MQTT Con: cliente-externo, called closeInternal(true)