こんにちはスタックオーバーフローの善良な人々、これは初めての質問です。
ともかく。かなり基本的な SSL コードに問題があります。このコードは、Java 1.4、Java 1.5、および Java 1.6 を使用して動作しますが、Java 1.7 を使用すると動作しません。
私は調査を行い、エクリピック曲線フィッティングを無効にし、SNIExtension を無効にするように求める多くの情報源に出くわしましたが、どちらも私の問題を解決しませんでした。私が得るエラーは、ハンドシェイクの早い段階で不正なパラメーターです。
コードの関連セクションを次に示します。
URL url = new URL("https", host, port, resource);
SSLSocketFactory sslsocketfactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
HttpsURLConnection conn = (HttpsURLConnection)url.openConnection();
conn.setSSLSocketFactory(sslsocketfactory);
conn.setDoOutput(true);
conn.setDoInput(true);
conn.setRequestMethod("POST");
conn.setRequestProperty("Content-Type", "text/xml");
conn.setRequestProperty("Content-Length", "" + messageText.length());
OutputStreamWriter or = new OutputStreamWriter(conn.getOutputStream());
or.write(messageText);
or.flush();
or.close();
int responseCode = conn.getResponseCode();
String responseMessage = conn.getResponseMessage();
System.out.println("Reply received response code " + responseCode + " responseMessage " + responseMessage);
Java 1.7までは扱いに使用されていました
SSL デバッグを実行しましたが、これが 1.7 で最初にエラーが発生した部分です。
X:\SSL\Tester>c:\Java\JDK\1.7.0.21\bin\java.exe SkeletonSender sender.properties
keyStore is : TestClient.jks
keyStore type is : jks
keyStore provider is :
init keystore
init keymanager of type SunX509
***
found key for : testclient
chain [0] = [
[
Version: V3
Subject: CN=TestClient, OU=ICT, O=ICT, L=Glasgow, ST=Scotland, C=uk
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 2048 bits
modulus: 281894743229814461433893659220337859518021808823877257886407468105662
51330817923461778159711290344934663005953455721569991088782892620298012641942067
77805800430782696400229604864155930289923131905403029352638836959843309439854495
87331858650015325696991324509157525262176922281654196445116037002097887156430840
85949229379224382478196384496094476326657439099652977679729641033790208122196386
05203036582912502162345141108565771874943895332553671804696249672777873222598786
23332810117778242147872943219464736907949646815206160841408282899310447529636472
69441413231852845198075704757502067162138114022617996914563346457287
public exponent: 65537
Validity: [From: Thu Mar 14 14:58:30 GMT 2013,
To: Fri Mar 14 14:58:30 GMT 2014]
Issuer: EMAILADDRESS=Lambert.Behnke@gmail.com, CN=DryRunCA, OU=ICT, O=ICT, L=Glasgow, ST=Scotland, C=uk
SerialNumber: [ 0113]
Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 1F 16 1D 4F 70 65 6E 53 53 4C 20 47 65 6E 65 ....OpenSSL Gene
0010: 72 61 74 65 64 20 43 65 72 74 69 66 69 63 61 74 rated Certificat
0020: 65 e
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 0A E4 E8 CB E1 49 24 A9 01 C3 C5 6D 38 C7 52 02 .....I$....m8.R.
0010: 2E 10 6B AA ..k.
]
]
[3]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
]
[4]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: ED CA A2 FE 22 32 3F DB 27 95 FD 22 DE DD 36 42 ...."2?.'.."..6B
0010: 86 EA 34 6D ..4m
]
]
]
Algorithm: [SHA1withRSA]
Signature:
0000: 83 19 31 C2 07 4C 71 39 93 46 F7 CD 53 90 A8 40 ..1..Lq9.F..S..@
0010: 18 E3 15 19 63 9E 52 A2 5E 15 88 3B F9 09 87 E5 ....c.R.^..;....
0020: 58 87 E3 41 F1 D6 29 94 B5 26 D2 25 01 3C 34 55 X..A..)..&.%.<4U
0030: 43 1C 14 41 84 35 C2 97 1E 37 BA AA 96 1F A8 6B C..A.5...7.....k
0040: 4C A1 6D 9A E7 70 9D C4 B4 22 22 35 47 90 70 46 L.m..p...""5G.pF
0050: 69 C7 69 1D 21 70 93 73 B7 EF 65 E9 E2 13 FF 26 i.i.!p.s..e....&
0060: CB E9 13 CD 63 75 9C DA 40 F2 09 BF C7 3F DA E7 ....cu..@....?..
0070: BE DA CD F0 B5 0C B9 23 02 CB B0 EC 04 C1 A0 3E .......#.......>
]
chain [1] = [
[
Version: V3
Subject: EMAILADDRESS=Lambert.Behnke@gmail.com, CN=DryRunCA, OU=ICT, O=ICT, L=Glasgow, ST=Scotland, C=uk
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 137292299507742706455767925967434456010895301904994564655627248322086
79595075315060425271513055101225808439401132512497814137099409782308869951604757
75858424606779754354741939707591463190368767278933757202872347784963445709252549
21352147964171767665208155530131632206401400598219922514054338623977470391109401
public exponent: 65537
Validity: [From: Wed Mar 13 10:19:32 GMT 2013,
To: Thu Mar 13 10:19:32 GMT 2014]
Issuer: EMAILADDRESS=Lambert.Behnke@gmail.com, CN=DryRunCA, OU=ICT, O=ICT, L=Glasgow, ST=Scotland, C=uk
SerialNumber: [ fdfbbcec a1e69dad]
Certificate Extensions: 3
[1]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 0A E4 E8 CB E1 49 24 A9 01 C3 C5 6D 38 C7 52 02 .....I$....m8.R.
0010: 2E 10 6B AA ..k.
]
]
[2]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
]
[3]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 0A E4 E8 CB E1 49 24 A9 01 C3 C5 6D 38 C7 52 02 .....I$....m8.R.
0010: 2E 10 6B AA ..k.
]
]
]
Algorithm: [SHA1withRSA]
Signature:
0000: B6 A1 A4 14 7F F6 5A 2B 63 06 B7 13 0E 7E 68 A4 ......Z+c.....h.
0010: F8 DF 9E 75 1E 69 55 2A 0D 56 B7 51 62 95 AF F5 ...u.iU*.V.Qb...
0020: E2 2F 18 B3 47 B1 13 6A 21 10 0E 45 08 97 28 88 ./..G..j!..E..(.
0030: CF 45 DB 19 60 BE 95 7A C3 34 2B D1 A5 54 93 30 .E..`..z.4+..T.0
0040: FB 51 0C 4D 1B 33 F8 EF 81 24 39 86 A5 B9 F4 8D .Q.M.3...$9.....
0050: 4B 98 55 DD 82 B1 1E FE 98 18 94 40 4D 8E EC B7 K.U........@M...
0060: AE E7 D6 8A A3 BD B9 17 6D 6E 60 B4 03 C4 76 C8 ........mn`...v.
0070: 75 5F 69 F8 DE 8A 02 D3 4B 67 EE 2F 00 57 7F 5C u_i.....Kg./.W.\
]
***
trustStore is: TestClient.jks
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
Subject: EMAILADDRESS=Lambert.Behnke@gmail.com, CN=DryRunCA, OU=ICT, O=ICT, L=Glasgow, ST=Scotland, C=uk
Issuer: EMAILADDRESS=Lambert.Behnke@gmail.com, CN=DryRunCA, OU=ICT, O=ICT, L=Glasgow, ST=Scotland, C=uk
Algorithm: RSA; Serial number: 0xfdfbbceca1e69dad
Valid from Wed Mar 13 10:19:32 GMT 2013 until Thu Mar 13 10:19:32 GMT 2014
adding as trusted cert:
Subject: CN=TestClient, OU=ICT, O=ICT, L=Glasgow, ST=Scotland, C=uk
Issuer: EMAILADDRESS=Lambert.Behnke@gmail.com, CN=DryRunCA, OU=ICT, O=ICT, L=Glasgow, ST=Scotland, C=uk
Algorithm: RSA; Serial number: 0x113
Valid from Thu Mar 14 14:58:30 GMT 2013 until Fri Mar 14 14:58:30 GMT 2014
trigger seeding of SecureRandom
done seeding SecureRandom
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
main, setSoTimeout(0) called
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1352376204 bytes = { 132, 114, 229, 238, 17, 49, 224, 49, 14
0, 237, 195, 202, 95, 198, 110, 197, 51, 146, 26, 207, 218, 224, 249, 197, 202,
139, 82, 202 }
Session ID: {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128
_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS
_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WI
TH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128
_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WI
TH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_E
DE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_
DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INF
O_SCSV]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp19
2r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1
, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, s
ect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension server_name, server_name: [host_name: myserver.mydomain.com]
***
main, WRITE: TLSv1 Handshake, length = 191
main, READ: TLSv1 Alert, length = 2
main, RECV TLSv1 ALERT: fatal, illegal_parameter
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLException: Received fatal alert: illegal_parameter
main, called close()
main, called closeInternal(true)
javax.net.ssl.SSLException: Received fatal alert: illegal_parameter
at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1961)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1077)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:515)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1090)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250)
at SkeletonSender.main(SkeletonSender.java:133)
そして、これは Java 1.6 で正常に動作している同じデバッグ情報です。
X:\SSL\Tester>c:\Java\JDK\1.6.0.26\bin\java.exe SkeletonSender sender.properties
keyStore is : TestClient.jks
keyStore type is : jks
keyStore provider is :
init keystore
init keymanager of type SunX509
***
found key for : testclient
chain [0] = [
[
Version: V3
Subject: CN=TestClient, OU=ICT, O=ICT, L=Glasgow, ST=Scotland, C=uk
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 2048 bits
modulus: <<REMOVED to save characters>>
public exponent: 65537
Validity: [From: Thu Mar 14 14:58:30 GMT 2013,
To: Fri Mar 14 14:58:30 GMT 2014]
Issuer: EMAILADDRESS=Lambert.Behnke@gmail.com, CN=DryRunCA, OU=ICT, O=ICT, L=Glasgow, ST=Scotland, C=uk
SerialNumber: [ 0113]
Certificate Extensions: 4
<<REMOVED>
]
Algorithm: [SHA1withRSA]
<<REMOVED>>
]
chain [1] = [
[
Version: V3
Subject: EMAILADDRESS=Lambert.Behnke@gmail.com, CN=DryRunCA, OU=ICT, O=ICT, L=Glasgow, ST=Scotland, C=uk
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: <<REMOVED>>
public exponent: 65537
Validity: [From: Wed Mar 13 10:19:32 GMT 2013,
To: Thu Mar 13 10:19:32 GMT 2014]
Issuer: EMAILADDRESS=Lambert.Behnke@gmail.com, CN=DryRunCA, OU=ICT, O=ICT, L=Glasgow, ST=Scotland, C=uk
SerialNumber: [ fdfbbcec a1e69dad]
Certificate Extensions: 3
<<REMOVED>>
]
Algorithm: [SHA1withRSA]
<<REMOVED>>
]
***
trustStore is: TestClient.jks
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
Subject: EMAILADDRESS=Lambert.Behnke@gmail.com, CN=DryRunCA, OU=ICT, O=ICT, L=Glasgow, ST=Scotland, C=uk
Issuer: EMAILADDRESS=Lambert.Behnke@gmail.com, CN=DryRunCA, OU=ICT, O=ICT, L=Glasgow, ST=Scotland, C=uk
Algorithm: RSA; Serial number: 0xfdfbbceca1e69dad
Valid from Wed Mar 13 10:19:32 GMT 2013 until Thu Mar 13 10:19:32 GMT 2014
adding as trusted cert:
Subject: CN=TestClient, OU=ICT, O=ICT, L=Glasgow, ST=Scotland, C=uk
Issuer: EMAILADDRESS=Lambert.Behnke@gmail.com, CN=DryRunCA, OU=ICT, O=ICT, L=Glasgow, ST=Scotland, C=uk
Algorithm: RSA; Serial number: 0x113
Valid from Thu Mar 14 14:58:30 GMT 2013 until Fri Mar 14 14:58:30 GMT 2014
trigger seeding of SecureRandom
done seeding SecureRandom
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1352375984 bytes = { 147, 36, 31, 138, 140, 6, 38, 60, 187,
73, 231, 64, 69, 240, 225, 86, 56, 186, 15, 182, 255, 247, 214, 58, 187, 230, 24
8, 85 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH
_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC
_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_
DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SH
A, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_
WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WI
TH_DES40_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
***
main, WRITE: TLSv1 Handshake, length = 75
main, WRITE: SSLv2 client hello message, length = 101
main, READ: TLSv1 Handshake, length = 58
*** ServerHello, TLSv1
RandomCookie: GMT: 1352375955 bytes = { 205, 0, 202, 103, 5, 247, 206, 74, 171,
147, 120, 157, 32, 180, 225, 119, 45, 1, 70, 149, 255, 12, 8, 170, 233, 253, 93
, 194 }
Session ID: {71, 126, 127, 231, 211, 122, 75, 124, 20, 27, 248, 53, 27, 194, 15
3, 51}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
***
Warning: No renegotiation indication extension in ServerHello
%% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
main, READ: TLSv1 Handshake, length = 1736
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: CN=myserver.mydomain.com, OU=ICT, O=ICT, L=Glasgow, ST=Lanarkshire, C=GB
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 2048 bits
modulus: <<REMOVED>>
public exponent: 65537
Validity: [From: Wed Mar 13 10:22:53 GMT 2013,
To: Thu Mar 13 10:22:53 GMT 2014]
Issuer: EMAILADDRESS=Lambert.Behnke@gmail.com, CN=DryRunCA, OU=ICT, O=ICT, L=Glasgow, ST=Scotland, C=uk
SerialNumber: [ 0110]
Certificate Extensions: 4
<<REMOVED>>
]
Algorithm: [SHA1withRSA]
<<REMOVED>>
]
chain [1] = [
[
Version: V3
Subject: EMAILADDRESS=Lambert.Behnke@gmail.com, CN=DryRunCA, OU=ICT, O=ICT, L=Glasgow, ST=Scotland, C=uk
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
<<REMOVED>>
public exponent: 65537
Validity: [From: Wed Mar 13 10:19:32 GMT 2013,
To: Thu Mar 13 10:19:32 GMT 2014]
Issuer: EMAILADDRESS=Lambert.Behnke@gmail.com, CN=DryRunCA, OU=ICT, O=ICT, L=Glasgow, ST=Scotland, C=uk
SerialNumber: [ fdfbbcec a1e69dad]
Certificate Extensions: 3
<<REMOVED>>
]
Algorithm: [SHA1withRSA]
<<REMOVED>>
]
***
Found trusted certificate:
[
[
Version: V3
Subject: EMAILADDRESS=Lambert.Behnke@gmail.com, CN=DryRunCA, OU=ICT, O=ICT, L=Glasgow, ST=Scotland, C=uk
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
<<REMOVED>>
public exponent: 65537
Validity: [From: Wed Mar 13 10:19:32 GMT 2013,
To: Thu Mar 13 10:19:32 GMT 2014]
Issuer: EMAILADDRESS=Lambert.Behnke@gmail.com, CN=DryRunCA, OU=ICT, O=ICT, L=Glasgow, ST=Scotland, C=uk
SerialNumber: [ fdfbbcec a1e69dad]
Certificate Extensions: 3
<<REMOVED>>
]
Algorithm: [SHA1withRSA]
<<REMOVED>>
]
main, READ: TLSv1 Handshake, length = 1337
*** CertificateRequest
Cert Types: RSA
Cert Authorities:
<OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US>
<OU=Class 2 Public Primary Certification Authority, O="VeriSign, Inc.", C=US>
<OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US>
<OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US>
<CN=GTE CyberTrust Root, O=GTE Corporation, C=US>
<CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US>
<CN=Entrust.net Secure Server Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), O=Entrust.net, C=US>
<CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net>
<CN=Entrust.net Secure Server Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/SSL_CPS incorp. by ref. (limits liab.), O=Entrust.net>
<EMAILADDRESS=Lambert.Behnke@gmail.com, CN=DryRunCA, OU=ICT, O=ICT, L=Glasgow, ST=Scotland, C=uk>
main, READ: TLSv1 Handshake, length = 4
*** ServerHelloDone
matching alias: testclient
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: CN=TestClient, OU=ICT, O=ICT, L=Glasgow, ST=Scotland, C=uk
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 2048 bits
<<REMOVED>>
public exponent: 65537
Validity: [From: Thu Mar 14 14:58:30 GMT 2013,
To: Fri Mar 14 14:58:30 GMT 2014]
Issuer: EMAILADDRESS=Lambert.Behnke@gmail.com, CN=DryRunCA, OU=ICT, O=ICT, L=Glasgow, ST=Scotland, C=uk
SerialNumber: [ 0113]
Certificate Extensions: 4
<<REMOVED>>
]
Algorithm: [SHA1withRSA]
<<REMOVED>>
]
chain [1] = [
[
Version: V3
Subject: EMAILADDRESS=Lambert.Behnke@gmail.com, CN=DryRunCA, OU=ICT, O=ICT, L=Glasgow, ST=Scotland, C=uk
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
<<REMOVED>>
public exponent: 65537
Validity: [From: Wed Mar 13 10:19:32 GMT 2013,
To: Thu Mar 13 10:19:32 GMT 2014]
Issuer: EMAILADDRESS=Lambert.Behnke@gmail.com, CN=DryRunCA, OU=ICT, O=ICT, L=Glasgow, ST=Scotland, C=uk
SerialNumber: [ fdfbbcec a1e69dad]
Certificate Extensions: 3
<<REMOVED>>
]
Algorithm: [SHA1withRSA]
<<REMOVED>>
]
***
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
main, WRITE: TLSv1 Handshake, length = 1962
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 7E 35 CB 8C 5B 95 48 74 C8 37 77 6B CD 08 ...5..[.Ht.7wk..
0010: C4 BC 67 4B 8D ED 3F 46 02 D3 CD F6 C8 7A AC 8D ..gK..?F.....z..
0020: 55 F5 0E D3 9B 15 07 76 4E FA B5 CC 66 56 BB 00 U......vN...fV..
CONNECTION KEYGEN:
Client Nonce:
0000: 51 9C 9F B0 93 24 1F 8A 8C 06 26 3C BB 49 E7 40 Q....$....&<.I.@
0010: 45 F0 E1 56 38 BA 0F B6 FF F7 D6 3A BB E6 F8 55 E..V8......:...U
Server Nonce:
0000: 51 9C 9F 93 CD 00 CA 67 05 F7 CE 4A AB 93 78 9D Q......g...J..x.
0010: 20 B4 E1 77 2D 01 46 95 FF 0C 08 AA E9 FD 5D C2 ..w-.F.......].
Master Secret:
0000: 8B CE 95 83 1A 02 4E A4 78 4D 69 EE 60 B4 9B C2 ......N.xMi.`...
0010: F9 43 0C 78 99 80 25 02 D4 0B 6E AA 37 6C A8 73 .C.x..%...n.7l.s
0020: 9D 6B D1 B5 2D 6A C5 AE D8 8E E2 80 A7 31 11 4B .k..-j.......1.K
Client MAC write Secret:
0000: 26 BE B8 6D 90 9E 27 19 68 B8 58 89 96 66 ED 47 &..m..'.h.X..f.G
Server MAC write Secret:
0000: 58 AF 92 80 64 BF D9 98 C9 45 8A 66 14 FB C5 EC X...d....E.f....
Client write key:
0000: CD 82 8F A8 D6 C9 F9 8A 4C 08 C4 37 F0 F1 33 28 ........L..7..3(
Server write key:
0000: 2D 0B B4 42 38 04 78 43 D5 49 6B 2E 51 F9 7C 00 -..B8.xC.Ik.Q...
... no IV used for this cipher
*** CertificateVerify
main, WRITE: TLSv1 Handshake, length = 262
main, WRITE: TLSv1 Change Cipher Spec, length = 1
*** Finished
verify_data: { 90, 148, 85, 204, 107, 42, 185, 36, 22, 147, 214, 238 }
***
main, WRITE: TLSv1 Handshake, length = 32
main, READ: TLSv1 Change Cipher Spec, length = 1
main, READ: TLSv1 Handshake, length = 32
*** Finished
verify_data: { 65, 186, 83, 65, 42, 203, 31, 52, 5, 161, 220, 82 }
***
%% Cached client session: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
main, WRITE: TLSv1 Application Data, length = 261
main, WRITE: TLSv1 Application Data, length = 424
main, READ: TLSv1 Application Data, length = 753
Reply received response code 200 responseMessage OK
安全でない暗号スイートを使用している可能性があると信じて少し掘り下げましたが、1.6 で使用されていた暗号スイートが 1.7 のリストに残っていることがわかりました。おそらく、最初に別のスイートを試行してエラーが発生し、機能するスイートに到達しない可能性があります。とにかく、誰かが過去に同様の問題に遭遇したか、私がやっていることを見つけてくれることを願っています.
お時間をいただき、ありがとうございました。
ランバート
PS: 本文は 30000 文字に制限されているため、モジュラス、証明書拡張ブロック、およびアルゴリズム署名を削除しました。それらが重要である場合は、それらを再度追加できます。