johnshajiang
commented
11 months ago 是否提供一下Java端的debug日志?
在启动java程序时,请加上系统属性-Dcom.tencent.kona.ssl.debug=all。
Closed zhangshdn closed 11 months ago
johnshajiang
commented
11 months ago 是否提供一下Java端的debug日志?
在启动java程序时,请加上系统属性-Dcom.tencent.kona.ssl.debug=all。
johnshajiang
commented
11 months ago 另外,此处gmssl项目是指的哪个项目?
是https://github.com/guanzhi/GmSSL?
FYI
TencentKonaSMSuite与铜锁/Tongsuo,江南天安/TASSL都能正常通信。
liuzhanfu
commented
11 months ago @johnshajiang https://github.com/guanzhi/GmSSL 这个项目可以通讯吗
liuzhanfu
commented
11 months ago @johnshajiang 你好 ,你们项目的证书和私钥是怎么签出来的,有没有文档可以参考的
johnshajiang
commented
11 months ago @liuzhanfu
https://github.com/guanzhi/GmSSL 这个项目可以通讯吗
我们确实没有与这个项目进行过测试。 如我前面所说, 若在握手过程中有什么问题,请提供debug日志,以便于分析。
johnshajiang
commented
11 months ago @liuzhanfu
你们项目的证书和私钥是怎么签出来的,有没有文档可以参考的
测试中使用的证书是用Tongsuo(之前的BabaSSL)生成的,可参考下面脚本中的命令。 https://github.com/Tencent/TencentKonaSMSuite/blob/master/kona-ssl/src/test/resources/gen_certs.sh
zhangshdn
commented
11 months ago 以下是报错,您给看看,什么问题
com.tencent.kona.ssl|FINE|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.469 CST|X509TrustManagerImpl.java:83|adding as trusted certificates (
"certificate" : {
"version" : "v3",
"serial number" : "219CF4C5DBBB033E69D2326A4677AAF7A36B6852",
"signature algorithm": "SM3withSM2",
"issuer" : "CN=tlcp-ca",
"not before" : "2022-03-10 19:08:29.000 CST",
"not after" : "2032-03-07 19:08:29.000 CST",
"subject" : "CN=tlcp-intca",
"subject public key" : "EC",
"extensions" : [
{
ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 5A 6A 53 54 DC B7 80 2A 6B 56 C2 37 F8 18 F2 81 ZjST...*kV.7....
0010: A0 81 B3 4D ...M
]
]
},
{
ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen: no limit
]
},
{
ObjectId: 2.5.29.37 Criticality=true
ExtendedKeyUsages [
OCSPSigning
timeStamping
]
},
{
ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_Encipherment
Data_Encipherment
Key_Agreement
Key_CertSign
Crl_Sign
]
},
{
ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: CB 67 1D 38 EC 4A 66 5D 98 76 4D 71 5F 47 7D 43 .g.8.Jf].vMq_G.C
0010: 3E 59 07 FD >Y..
]
]
}
]}
)
com.tencent.kona.ssl|FINE|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.672 CST|SSLContextImpl.java:421|System property com.tencent.kona.ssl.client.cipherSuites is set to 'null'
com.tencent.kona.ssl|FINE|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.673 CST|SSLContextImpl.java:421|System property com.tencent.kona.ssl.server.cipherSuites is set to 'null'
com.tencent.kona.ssl|FINE|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.836 CST|SSLCipher.java:524|Transformation ChaCha20-Poly1305 is not available.
com.tencent.kona.ssl|FINE|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.837 CST|SSLCipher.java:475|jdk.tls.keyLimits: entry = AES/GCM/NoPadding KeyUpdate 2^37. AES/GCM/NOPADDING:KEYUPDATE = 137438953472
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.857 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLCP_ECC_SM4_GCM_SM3
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.857 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLCP_ECC_SM4_CBC_SM3
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.857 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLCP_ECDHE_SM4_GCM_SM3
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.858 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLCP_ECDHE_SM4_CBC_SM3
com.tencent.kona.ssl|FINE|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.873 CST|SSLContextImpl.java:395|Ignore disabled cipher suite: TLS_DH_anon_WITH_AES_256_GCM_SHA384
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.873 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_DH_anon_WITH_AES_256_GCM_SHA384
com.tencent.kona.ssl|FINE|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.873 CST|SSLContextImpl.java:395|Ignore disabled cipher suite: TLS_DH_anon_WITH_AES_128_GCM_SHA256
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.874 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_DH_anon_WITH_AES_128_GCM_SHA256
com.tencent.kona.ssl|FINE|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.875 CST|SSLContextImpl.java:395|Ignore disabled cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA256
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.875 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA256
com.tencent.kona.ssl|FINE|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.875 CST|SSLContextImpl.java:395|Ignore disabled cipher suite: TLS_ECDH_anon_WITH_AES_256_CBC_SHA
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.876 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDH_anon_WITH_AES_256_CBC_SHA
com.tencent.kona.ssl|FINE|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.876 CST|SSLContextImpl.java:395|Ignore disabled cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.876 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA
com.tencent.kona.ssl|FINE|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.876 CST|SSLContextImpl.java:395|Ignore disabled cipher suite: TLS_DH_anon_WITH_AES_128_CBC_SHA256
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.877 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_DH_anon_WITH_AES_128_CBC_SHA256
com.tencent.kona.ssl|FINE|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.877 CST|SSLContextImpl.java:395|Ignore disabled cipher suite: TLS_ECDH_anon_WITH_AES_128_CBC_SHA
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.878 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDH_anon_WITH_AES_128_CBC_SHA
com.tencent.kona.ssl|FINE|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.878 CST|SSLContextImpl.java:395|Ignore disabled cipher suite: TLS_DH_anon_WITH_AES_128_CBC_SHA
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.878 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_DH_anon_WITH_AES_128_CBC_SHA
com.tencent.kona.ssl|FINE|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.879 CST|SSLContextImpl.java:395|Ignore disabled cipher suite: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.882 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
com.tencent.kona.ssl|FINE|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.883 CST|SSLContextImpl.java:395|Ignore disabled cipher suite: TLS_ECDHE_RSA_WITH_RC4_128_SHA
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.886 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_RC4_128_SHA
com.tencent.kona.ssl|FINE|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.887 CST|SSLContextImpl.java:395|Ignore disabled cipher suite: SSL_RSA_WITH_RC4_128_SHA
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.888 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: SSL_RSA_WITH_RC4_128_SHA
com.tencent.kona.ssl|FINE|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.894 CST|SSLContextImpl.java:395|Ignore disabled cipher suite: TLS_ECDH_ECDSA_WITH_RC4_128_SHA
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.895 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_RC4_128_SHA
com.tencent.kona.ssl|FINE|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.895 CST|SSLContextImpl.java:395|Ignore disabled cipher suite: TLS_ECDH_RSA_WITH_RC4_128_SHA
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.895 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_RC4_128_SHA
com.tencent.kona.ssl|FINE|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.896 CST|SSLContextImpl.java:395|Ignore disabled cipher suite: SSL_RSA_WITH_RC4_128_MD5
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.896 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: SSL_RSA_WITH_RC4_128_MD5
com.tencent.kona.ssl|FINE|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.896 CST|SSLContextImpl.java:395|Ignore disabled cipher suite: TLS_ECDH_anon_WITH_RC4_128_SHA
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.896 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDH_anon_WITH_RC4_128_SHA
com.tencent.kona.ssl|FINE|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.896 CST|SSLContextImpl.java:395|Ignore disabled cipher suite: SSL_DH_anon_WITH_RC4_128_MD5
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.897 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: SSL_DH_anon_WITH_RC4_128_MD5
com.tencent.kona.ssl|FINE|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.897 CST|SSLContextImpl.java:395|Ignore disabled cipher suite: SSL_RSA_WITH_DES_CBC_SHA
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.897 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: SSL_RSA_WITH_DES_CBC_SHA
com.tencent.kona.ssl|FINE|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.897 CST|SSLContextImpl.java:395|Ignore disabled cipher suite: SSL_DHE_RSA_WITH_DES_CBC_SHA
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.898 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: SSL_DHE_RSA_WITH_DES_CBC_SHA
com.tencent.kona.ssl|FINE|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.898 CST|SSLContextImpl.java:395|Ignore disabled cipher suite: SSL_DHE_DSS_WITH_DES_CBC_SHA
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.898 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: SSL_DHE_DSS_WITH_DES_CBC_SHA
com.tencent.kona.ssl|FINE|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.898 CST|SSLContextImpl.java:395|Ignore disabled cipher suite: SSL_DH_anon_WITH_DES_CBC_SHA
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.898 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: SSL_DH_anon_WITH_DES_CBC_SHA
com.tencent.kona.ssl|FINE|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.899 CST|SSLContextImpl.java:395|Ignore disabled cipher suite: SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.899 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
com.tencent.kona.ssl|FINE|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.899 CST|SSLContextImpl.java:395|Ignore disabled cipher suite: SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.899 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
com.tencent.kona.ssl|FINE|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.900 CST|SSLContextImpl.java:395|Ignore disabled cipher suite: SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.900 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
com.tencent.kona.ssl|FINE|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.900 CST|SSLContextImpl.java:395|Ignore disabled cipher suite: SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.900 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA
com.tencent.kona.ssl|FINE|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.900 CST|SSLContextImpl.java:395|Ignore disabled cipher suite: SSL_RSA_EXPORT_WITH_RC4_40_MD5
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.901 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: SSL_RSA_EXPORT_WITH_RC4_40_MD5
com.tencent.kona.ssl|FINE|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.901 CST|SSLContextImpl.java:395|Ignore disabled cipher suite: SSL_DH_anon_EXPORT_WITH_RC4_40_MD5
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.901 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: SSL_DH_anon_EXPORT_WITH_RC4_40_MD5
com.tencent.kona.ssl|FINE|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.901 CST|SSLContextImpl.java:395|Ignore disabled cipher suite: TLS_RSA_WITH_NULL_SHA256
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.901 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_RSA_WITH_NULL_SHA256
com.tencent.kona.ssl|FINE|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.902 CST|SSLContextImpl.java:395|Ignore disabled cipher suite: TLS_ECDHE_ECDSA_WITH_NULL_SHA
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.902 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_NULL_SHA
com.tencent.kona.ssl|FINE|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.902 CST|SSLContextImpl.java:395|Ignore disabled cipher suite: TLS_ECDHE_RSA_WITH_NULL_SHA
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.902 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_NULL_SHA
com.tencent.kona.ssl|FINE|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.903 CST|SSLContextImpl.java:395|Ignore disabled cipher suite: SSL_RSA_WITH_NULL_SHA
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.903 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: SSL_RSA_WITH_NULL_SHA
com.tencent.kona.ssl|FINE|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.903 CST|SSLContextImpl.java:395|Ignore disabled cipher suite: TLS_ECDH_ECDSA_WITH_NULL_SHA
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.903 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_NULL_SHA
com.tencent.kona.ssl|FINE|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.903 CST|SSLContextImpl.java:395|Ignore disabled cipher suite: TLS_ECDH_RSA_WITH_NULL_SHA
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.904 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_NULL_SHA
com.tencent.kona.ssl|FINE|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.904 CST|SSLContextImpl.java:395|Ignore disabled cipher suite: TLS_ECDH_anon_WITH_NULL_SHA
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.904 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDH_anon_WITH_NULL_SHA
com.tencent.kona.ssl|FINE|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.904 CST|SSLContextImpl.java:395|Ignore disabled cipher suite: SSL_RSA_WITH_NULL_MD5
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.904 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: SSL_RSA_WITH_NULL_MD5
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.905 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLCP_ECC_SM4_GCM_SM3
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.905 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLCP_ECC_SM4_CBC_SM3
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.905 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLCP_ECDHE_SM4_GCM_SM3
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.905 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLCP_ECDHE_SM4_CBC_SM3
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.906 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_SM4_GCM_SM3
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.907 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_AES_256_GCM_SHA384
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.907 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_AES_128_GCM_SHA256
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.907 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.907 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.907 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.908 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.908 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.908 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.908 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.909 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.909 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.909 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.909 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.909 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.909 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.910 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.910 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.910 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.910 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.910 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.911 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.911 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.911 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.911 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.911 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.914 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.915 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.915 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.915 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.915 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.915 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.915 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.916 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.916 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.916 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.916 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.917 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.917 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.917 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.917 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_RSA_WITH_AES_128_GCM_SHA256
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.917 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.917 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.918 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.918 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.918 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.918 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_SM4_GCM_SM3
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.918 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_AES_256_GCM_SHA384
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.919 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_AES_128_GCM_SHA256
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.919 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.919 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.919 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.919 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.919 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.920 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.920 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.920 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.920 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.920 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.920 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.921 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.921 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.921 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.921 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.921 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.922 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.922 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.922 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.922 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.922 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.922 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.923 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.923 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.923 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.923 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.923 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.924 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.924 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.924 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.954 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.954 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.955 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.955 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.955 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.955 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.955 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.956 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_RSA_WITH_AES_128_GCM_SHA256
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.956 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.956 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.957 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.957 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.957 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.962 CST|SSLContextImpl.java:115|trigger seeding of SecureRandom
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:46.963 CST|SSLContextImpl.java:119|done seeding of SecureRandom
com.tencent.kona.ssl|FINE|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:47.106 CST|SSLConfiguration.java:486|System property com.tencent.kona.ssl.server.signatureSchemes is set to 'null'
com.tencent.kona.ssl|WARNING|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:47.124 CST|SignatureScheme.java:308|Signature algorithm, Ed25519, is not supported by the underlying providers
com.tencent.kona.ssl|WARNING|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:47.125 CST|SignatureScheme.java:308|Signature algorithm, Ed448, is not supported by the underlying providers
com.tencent.kona.ssl|FINE|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:47.185 CST|SSLEngineInputRecord.java:177|Raw read (
0000: 16 03 01 00 BF 01 00 00 BB 03 03 A0 7B C8 97 B8 ................
0010: F4 1C 2F 52 F7 AC 26 08 68 A6 6A C3 89 7C C0 A3 ../R..&.h.j.....
0020: 09 68 3F 7D 02 61 05 94 B2 59 EC 00 00 48 C0 2C .h?..a...Y...H.,
0030: C0 30 00 9F CC A9 CC A8 CC AA C0 2B C0 2F 00 9E .0.........+./..
0040: E1 07 C0 24 C0 28 00 6B C0 23 C0 27 00 67 E1 02 ...$.(.k.#.'.g..
0050: C0 0A C0 14 00 39 C0 09 C0 13 00 33 00 9D 00 9C .....9.....3....
0060: 00 3D 00 3C 00 35 E0 17 E0 15 E0 13 E0 11 00 2F .=.<.5........./
0070: E0 1A E0 19 00 FF 01 00 00 4A 00 0B 00 04 03 00 .........J......
0080: 01 02 00 0A 00 0C 00 0A 00 1E 00 1D 00 17 00 19 ................
0090: 00 18 00 23 00 00 00 0D 00 22 00 20 06 01 06 02 ...#.....". ....
00A0: 06 03 05 01 05 02 05 03 04 01 04 02 04 03 03 01 ................
00B0: 03 02 03 03 02 01 02 02 02 03 07 07 00 16 00 00 ................
00C0: 00 17 00 00 ....
)
com.tencent.kona.ssl|FINE|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:47.185 CST|SSLEngineInputRecord.java:214|READ: TLSv1 handshake, length = 191
com.tencent.kona.ssl|FINE|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:47.332 CST|SSLExtension.java:824|System property com.tencent.kona.ssl.server.disableExtensions is set to 'null'
com.tencent.kona.ssl|FINE|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:47.336 CST|SSLExtensions.java:147|Ignore unknown or unsupported extension (
"ec_point_formats (11)": {
0000: 03 00 01 02 ....
}
)
com.tencent.kona.ssl|FINE|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:47.336 CST|SSLExtensions.java:147|Ignore unknown or unsupported extension (
"supported_groups (10)": {
0000: 00 0A 00 1E 00 1D 00 17 00 19 00 18 ............
}
)
com.tencent.kona.ssl|FINE|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:47.337 CST|SSLExtensions.java:147|Ignore unknown or unsupported extension (
"signature_algorithms (13)": {
0000: 00 20 06 01 06 02 06 03 05 01 05 02 05 03 04 01 . ..............
0010: 04 02 04 03 03 01 03 02 03 03 02 01 02 02 02 03 ................
0020: 07 07 ..
}
)
com.tencent.kona.ssl|FINE|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:47.338 CST|SSLExtensions.java:147|Ignore unknown or unsupported extension (
"encrypt_then_mac (22)": {
}
)
com.tencent.kona.ssl|FINE|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:47.339 CST|SSLExtensions.java:147|Ignore unknown or unsupported extension (
"extended_master_secret (23)": {
}
)
com.tencent.kona.ssl|FINE|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:47.347 CST|ClientHello.java:799|Consuming ClientHello handshake message (
"ClientHello": {
"client version" : "TLSv1.2",
"random" : "A07BC897B8F41C2F52F7AC260868A66AC3897CC0A309683F7D02610594B259EC",
"session id" : "",
"cipher suites" : "[TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384(0xC02C), TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(0xC030), TLS_DHE_RSA_WITH_AES_256_GCM_SHA384(0x009F), TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256(0xCCA9), TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256(0xCCA8), TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256(0xCCAA), TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(0xC02B), TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(0xC02F), TLS_DHE_RSA_WITH_AES_128_GCM_SHA256(0x009E), UNKNOWN-CIPHER-SUITE(0xE107)(0xE107), TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384(0xC024), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384(0xC028), TLS_DHE_RSA_WITH_AES_256_CBC_SHA256(0x006B), TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256(0xC023), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256(0xC027), TLS_DHE_RSA_WITH_AES_128_CBC_SHA256(0x0067), UNKNOWN-CIPHER-SUITE(0xE102)(0xE102), TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA(0xC00A), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(0xC014), TLS_DHE_RSA_WITH_AES_256_CBC_SHA(0x0039), TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA(0xC009), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(0xC013), TLS_DHE_RSA_WITH_AES_128_CBC_SHA(0x0033), TLS_RSA_WITH_AES_256_GCM_SHA384(0x009D), TLS_RSA_WITH_AES_128_GCM_SHA256(0x009C), TLS_RSA_WITH_AES_256_CBC_SHA256(0x003D), TLS_RSA_WITH_AES_128_CBC_SHA256(0x003C), TLS_RSA_WITH_AES_256_CBC_SHA(0x0035), UNKNOWN-CIPHER-SUITE(0xE017)(0xE017), UNKNOWN-CIPHER-SUITE(0xE015)(0xE015), TLCP_ECC_SM4_CBC_SM3(0xE013), TLCP_ECDHE_SM4_CBC_SM3(0xE011), TLS_RSA_WITH_AES_128_CBC_SHA(0x002F), UNKNOWN-CIPHER-SUITE(0xE01A)(0xE01A), UNKNOWN-CIPHER-SUITE(0xE019)(0xE019), TLS_EMPTY_RENEGOTIATION_INFO_SCSV(0x00FF)]",
"compression methods" : "00",
"extensions" : [
"ec_point_formats (11)": {
"formats": [uncompressed, ansiX962_compressed_prime, ansiX962_compressed_char2]
},
"supported_groups (10)": {
"named groups": [UNDEFINED-NAMED-GROUP(30), UNDEFINED-NAMED-GROUP(29), secp256r1, secp521r1, secp384r1]
},
"session_ticket (35)": {
<empty>
},
"signature_algorithms (13)": {
"signature schemes": [rsa_pkcs1_sha512, dsa_sha512, ecdsa_secp521r1_sha512, rsa_pkcs1_sha384, dsa_sha384, ecdsa_secp384r1_sha384, rsa_pkcs1_sha256, dsa_sha256, ecdsa_secp256r1_sha256, rsa_sha224, dsa_sha224, ecdsa_sha224, rsa_pkcs1_sha1, dsa_sha1, ecdsa_sha1, UNDEFINED-SIGNATURE(7)_sm3]
},
"encrypt_then_mac (22)": {
},
"extended_master_secret (23)": {
<empty>
}
]
}
)
com.tencent.kona.ssl|FINE|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:47.347 CST|SSLExtensions.java:185|Ignore unavailable extension: supported_versions
com.tencent.kona.ssl|FINE|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:47.347 CST|ClientHello.java:829|Negotiated protocol version: TLCPv1.1
com.tencent.kona.ssl|FINE|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:47.349 CST|SessionTicketExtension.java:399|Client accepts session tickets.
com.tencent.kona.ssl|FINE|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:47.350 CST|SSLExtensions.java:204|Consumed extension: session_ticket
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:47.350 CST|TLCPClientHello.java:109|Can't resume, the existing session is not rejoinable
com.tencent.kona.ssl|FINE|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:47.351 CST|TLCPClientHello.java:183|Session not resumed.
com.tencent.kona.ssl|FINE|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:47.351 CST|SSLExtensions.java:185|Ignore unavailable extension: server_name
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:47.351 CST|SignatureScheme.java:429|Ignore inactive signature scheme: ecdsa_secp256r1_sha256
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:47.352 CST|SignatureScheme.java:429|Ignore inactive signature scheme: ecdsa_secp384r1_sha384
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:47.352 CST|SignatureScheme.java:429|Ignore inactive signature scheme: ecdsa_secp521r1_sha512
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:47.352 CST|SignatureScheme.java:405|Ignore unsupported signature scheme: ed25519
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:47.352 CST|SignatureScheme.java:405|Ignore unsupported signature scheme: ed448
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:47.353 CST|SignatureScheme.java:429|Ignore inactive signature scheme: rsa_pss_rsae_sha256
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:47.353 CST|SignatureScheme.java:429|Ignore inactive signature scheme: rsa_pss_rsae_sha384
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:47.353 CST|SignatureScheme.java:429|Ignore inactive signature scheme: rsa_pss_rsae_sha512
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:47.353 CST|SignatureScheme.java:429|Ignore inactive signature scheme: rsa_pss_pss_sha256
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:47.353 CST|SignatureScheme.java:429|Ignore inactive signature scheme: rsa_pss_pss_sha384
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:47.354 CST|SignatureScheme.java:429|Ignore inactive signature scheme: rsa_pss_pss_sha512
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:47.354 CST|SignatureScheme.java:429|Ignore inactive signature scheme: rsa_pkcs1_sha256
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:47.354 CST|SignatureScheme.java:429|Ignore inactive signature scheme: rsa_pkcs1_sha384
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:47.354 CST|SignatureScheme.java:429|Ignore inactive signature scheme: rsa_pkcs1_sha512
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:47.354 CST|SignatureScheme.java:429|Ignore inactive signature scheme: dsa_sha256
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:47.355 CST|SignatureScheme.java:405|Ignore unsupported signature scheme: ecdsa_sha224
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:47.355 CST|SignatureScheme.java:405|Ignore unsupported signature scheme: rsa_sha224
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:47.355 CST|SignatureScheme.java:405|Ignore unsupported signature scheme: dsa_sha224
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:47.355 CST|SignatureScheme.java:429|Ignore inactive signature scheme: ecdsa_sha1
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:47.355 CST|SignatureScheme.java:429|Ignore inactive signature scheme: rsa_pkcs1_sha1
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:47.355 CST|SignatureScheme.java:429|Ignore inactive signature scheme: dsa_sha1
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:47.356 CST|SignatureScheme.java:429|Ignore inactive signature scheme: rsa_md5
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:47.356 CST|SSLSessionImpl.java:220|Session initialized: Session(1700538287356|SSL_NULL_WITH_NULL_NULL)
com.tencent.kona.ssl|FINE|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:47.356 CST|SSLExtensions.java:219|Ignore unavailable extension: server_name
com.tencent.kona.ssl|FINE|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:47.358 CST|SSLExtensions.java:219|Ignore unavailable extension: application_layer_protocol_negotiation
com.tencent.kona.ssl|WARNING|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:47.358 CST|SSLExtensions.java:227|Ignore impact of unsupported extension: session_ticket
com.tencent.kona.ssl|FINE|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:47.384 CST|X509KeyManagerImpl.java:455|KeyMgr: getting aliases (
[tlcp-sign-ee-demo (verified: EXTENSION_MISMATCH), tlcp-enc-ee-demo (verified: EXTENSION_MISMATCH)]
)
com.tencent.kona.ssl|FINE|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:47.493 CST|TLCPServerHello.java:242|use cipher suite TLCP_ECC_SM4_CBC_SM3
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:47.494 CST|SSLSessionImpl.java:948|Negotiating session: Session(1700538287356|TLCP_ECC_SM4_CBC_SM3)
com.tencent.kona.ssl|FINE|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:47.504 CST|StatusResponseManager.java:608|Staping disabled or is a resumed session
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:47.507 CST|ServerNameExtension.java:445|Ignore unavailable extension: server_name
com.tencent.kona.ssl|FINE|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:47.508 CST|SSLExtensions.java:272|Ignore, context unavailable extension: server_name
com.tencent.kona.ssl|FINE|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:47.508 CST|AlpnExtension.java:384|Ignore unavailable extension: application_layer_protocol_negotiation
com.tencent.kona.ssl|FINE|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:47.508 CST|SSLExtensions.java:272|Ignore, context unavailable extension: application_layer_protocol_negotiation
com.tencent.kona.ssl|FINE|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:47.509 CST|TLCPServerHello.java:173|Produced ServerHello handshake message (
"ServerHello": {
"server version" : "TLCPv1.1",
"random" : "2AE00DFA065EF2ECC3C2B9A43C55BF1F83F44F993550D536002BBDBD2DDA6992",
"session id" : "0B093D4F6F0E434DE52077CFFF652453EA359D4A2ECE8B34CEDEF87633712C99",
"cipher suite" : "TLCP_ECC_SM4_CBC_SM3(0xE013)",
"compression methods" : "00",
"extensions" : [
"session_ticket (35)": {
<empty>
}
]
}
)
com.tencent.kona.ssl|FINE|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:47.516 CST|TLCPCertificate.java:261|Produced server Certificate handshake message (
"Certificates": [
"certificate" : {
"version" : "v3",
"serial number" : "4D98A4226FC7F9748D56C61C7E7E12B6528179",
"signature algorithm": "SM3withSM2",
"issuer" : "CN=tlcp-intca",
"not before" : "2022-04-04 07:58:03.000 CST",
"not after" : "2032-04-01 07:58:03.000 CST",
"subject" : "CN=localhost",
"subject public key" : "EC",
"extensions" : [
{
ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: CB 67 1D 38 EC 4A 66 5D 98 76 4D 71 5F 47 7D 43 .g.8.Jf].vMq_G.C
0010: 3E 59 07 FD >Y..
]
]
},
{
ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:false
PathLen: undefined
]
},
{
ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_CertSign
Crl_Sign
]
},
{
ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: DA 85 F0 6C 9D E9 17 89 A6 48 3D 18 F5 8B D1 50 ...l.....H=....P
0010: BF 6A 13 59 .j.Y
]
]
}
]},
"certificate" : {
"version" : "v3",
"serial number" : "4D98A4226FC7F9748D56C61C7E7E12B6528178",
"signature algorithm": "SM3withSM2",
"issuer" : "CN=tlcp-intca",
"not before" : "2022-04-04 07:57:39.000 CST",
"not after" : "2032-04-01 07:57:39.000 CST",
"subject" : "CN=localhost",
"subject public key" : "EC",
"extensions" : [
{
ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: CB 67 1D 38 EC 4A 66 5D 98 76 4D 71 5F 47 7D 43 .g.8.Jf].vMq_G.C
0010: 3E 59 07 FD >Y..
]
]
},
{
ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:false
PathLen: undefined
]
},
{
ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_Encipherment
Data_Encipherment
Key_Agreement
]
},
{
ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 64 35 36 FB 4E 6E 16 44 7E 21 A9 FE 2E FF BC 91 d56.Nn.D.!......
0010: 9B ED 15 6D ...m
]
]
}
]}
]
)
com.tencent.kona.ssl|FINE|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:47.646 CST|SM2ServerKeyExchange.java:308|Produced SM2 ServerKeyExchange handshake message (
"SM2 ServerKeyExchange": {
"digital signature": {
"signature": {
0000: 30 44 02 20 45 D7 55 5A 2F 97 3C 62 B7 D5 CB 25 0D. E.UZ/.<b...%
0010: 49 2C 5B A5 B2 28 2C B4 66 F5 C0 2A 18 32 59 62 I,[..(,.f..*.2Yb
0020: 0D B1 0B A0 02 20 43 4E 97 45 46 50 4A AA F8 25 ..... CN.EFPJ..%
0030: 64 19 42 54 74 5F 3F 90 F3 3B 44 63 A2 32 50 7B d.BTt_?..;Dc.2P.
0040: 95 51 93 24 3E D4 .Q.$>.
},
}
}
)
com.tencent.kona.ssl|FINE|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:47.649 CST|TLCPCertificateRequest.java:284|Produced CertificateRequest handshake message (
"CertificateRequest": {
"certificate types": [ecdsa_sign, rsa_sign]
"supported signature algorithms": []
"certificate authorities": [CN=tlcp-intca]
}
)
com.tencent.kona.ssl|FINE|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:47.650 CST|ServerHelloDone.java:98|Produced ServerHelloDone handshake message (
<empty>
)
com.tencent.kona.ssl|FINE|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:47.657 CST|SSLEngineOutputRecord.java:530|WRITE: TLCPv1.1 handshake, length = 1003
com.tencent.kona.ssl|FINE|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:47.660 CST|SSLEngineOutputRecord.java:551|Raw write (
0000: 16 01 01 03 EB 02 00 00 4C 01 01 2A E0 0D FA 06 ........L..*....
0010: 5E F2 EC C3 C2 B9 A4 3C 55 BF 1F 83 F4 4F 99 35 ^......<U....O.5
0020: 50 D5 36 00 2B BD BD 2D DA 69 92 20 0B 09 3D 4F P.6.+..-.i. ..=O
0030: 6F 0E 43 4D E5 20 77 CF FF 65 24 53 EA 35 9D 4A o.CM. w..e$S.5.J
0040: 2E CE 8B 34 CE DE F8 76 33 71 2C 99 E0 13 00 00 ...4...v3q,.....
0050: 04 00 23 00 00 0B 00 03 25 00 03 22 00 01 8D 30 ..#.....%.."...0
0060: 82 01 89 30 82 01 30 A0 03 02 01 02 02 13 4D 98 ...0..0.......M.
0070: A4 22 6F C7 F9 74 8D 56 C6 1C 7E 7E 12 B6 52 81 ."o..t.V......R.
0080: 79 30 0A 06 08 2A 81 1C CF 55 01 83 75 30 15 31 y0...*...U..u0.1
0090: 13 30 11 06 03 55 04 03 0C 0A 74 6C 63 70 2D 69 .0...U....tlcp-i
00A0: 6E 74 63 61 30 1E 17 0D 32 32 30 34 30 33 32 33 ntca0...22040323
00B0: 35 38 30 33 5A 17 0D 33 32 30 33 33 31 32 33 35 5803Z..320331235
00C0: 38 30 33 5A 30 14 31 12 30 10 06 03 55 04 03 0C 803Z0.1.0...U...
00D0: 09 6C 6F 63 61 6C 68 6F 73 74 30 59 30 13 06 07 .localhost0Y0...
00E0: 2A 86 48 CE 3D 02 01 06 08 2A 81 1C CF 55 01 82 *.H.=....*...U..
00F0: 2D 03 42 00 04 63 D7 44 3B 17 45 96 F4 D7 FF A2 -.B..c.D;.E.....
0100: 2C 1D 34 BF 81 6E AA 2F 25 AF F0 5D E0 75 1C 40 ,.4..n./%..].u.@
0110: 31 DD 8C 8D 29 8D C0 FE 20 3E 2A F8 97 36 31 D0 1...)... >*..61.
0120: BB 65 6B 87 AD 6A A6 26 20 05 05 AA A4 C3 00 C6 .ek..j.& .......
0130: 79 62 18 9B A5 A3 60 30 5E 30 1D 06 03 55 1D 0E yb....`0^0...U..
0140: 04 16 04 14 DA 85 F0 6C 9D E9 17 89 A6 48 3D 18 .......l.....H=.
0150: F5 8B D1 50 BF 6A 13 59 30 1F 06 03 55 1D 23 04 ...P.j.Y0...U.#.
0160: 18 30 16 80 14 CB 67 1D 38 EC 4A 66 5D 98 76 4D .0....g.8.Jf].vM
0170: 71 5F 47 7D 43 3E 59 07 FD 30 0C 06 03 55 1D 13 q_G.C>Y..0...U..
0180: 01 01 FF 04 02 30 00 30 0E 06 03 55 1D 0F 01 01 .....0.0...U....
0190: FF 04 04 03 02 01 86 30 0A 06 08 2A 81 1C CF 55 .......0...*...U
01A0: 01 83 75 03 47 00 30 44 02 20 55 DC E4 91 84 68 ..u.G.0D. U....h
01B0: 72 E9 40 4C CC E0 A4 8B CE 17 05 47 64 1B E4 BB r.@L.......Gd...
01C0: 15 B4 E2 8F F3 B9 A9 B5 81 CD 02 20 75 B2 50 7F ........... u.P.
01D0: D1 49 79 A5 24 A1 BC D7 E4 19 56 9E E2 40 A9 29 .Iy.$.....V..@.)
01E0: C1 C9 83 38 10 79 FB 2C FA 2A BE 50 00 01 8F 30 ...8.y.,.*.P...0
01F0: 82 01 8B 30 82 01 30 A0 03 02 01 02 02 13 4D 98 ...0..0.......M.
0200: A4 22 6F C7 F9 74 8D 56 C6 1C 7E 7E 12 B6 52 81 ."o..t.V......R.
0210: 78 30 0A 06 08 2A 81 1C CF 55 01 83 75 30 15 31 x0...*...U..u0.1
0220: 13 30 11 06 03 55 04 03 0C 0A 74 6C 63 70 2D 69 .0...U....tlcp-i
0230: 6E 74 63 61 30 1E 17 0D 32 32 30 34 30 33 32 33 ntca0...22040323
0240: 35 37 33 39 5A 17 0D 33 32 30 33 33 31 32 33 35 5739Z..320331235
0250: 37 33 39 5A 30 14 31 12 30 10 06 03 55 04 03 0C 739Z0.1.0...U...
0260: 09 6C 6F 63 61 6C 68 6F 73 74 30 59 30 13 06 07 .localhost0Y0...
0270: 2A 86 48 CE 3D 02 01 06 08 2A 81 1C CF 55 01 82 *.H.=....*...U..
0280: 2D 03 42 00 04 AB 85 DE 73 98 9E 44 01 23 2C 8C -.B.....s..D.#,.
0290: F8 53 29 AE F5 1E 66 F1 6D 25 1F 22 69 7D B4 9B .S)...f.m%."i...
02A0: 89 86 1E 9A 65 09 7D 2C DF FB B8 41 EA FF C1 73 ....e..,...A...s
02B0: D0 F6 60 E0 F7 BD 73 2E A6 BE C6 B5 C5 D5 13 01 ..`...s.........
02C0: 1F FE 2A 28 A6 A3 60 30 5E 30 1D 06 03 55 1D 0E ..*(..`0^0...U..
02D0: 04 16 04 14 64 35 36 FB 4E 6E 16 44 7E 21 A9 FE ....d56.Nn.D.!..
02E0: 2E FF BC 91 9B ED 15 6D 30 1F 06 03 55 1D 23 04 .......m0...U.#.
02F0: 18 30 16 80 14 CB 67 1D 38 EC 4A 66 5D 98 76 4D .0....g.8.Jf].vM
0300: 71 5F 47 7D 43 3E 59 07 FD 30 0C 06 03 55 1D 13 q_G.C>Y..0...U..
0310: 01 01 FF 04 02 30 00 30 0E 06 03 55 1D 0F 01 01 .....0.0...U....
0320: FF 04 04 03 02 03 38 30 0A 06 08 2A 81 1C CF 55 ......80...*...U
0330: 01 83 75 03 49 00 30 46 02 21 00 B2 1B 8D 78 A2 ..u.I.0F.!....x.
0340: 19 BD 39 63 5B 6C 24 69 50 E2 85 B6 2B A2 B8 15 ..9c[l$iP...+...
0350: B9 29 64 60 B2 07 F1 77 F1 70 7E 02 21 00 BE D2 .)d`...w.p..!...
0360: F1 D7 A8 A1 CD F3 5E 25 06 C1 9F 5E EC 67 9B 4D ......^%...^.g.M
0370: 06 9B 39 84 34 07 C9 D1 B7 81 14 33 21 21 0C 00 ..9.4......3!!..
0380: 00 48 00 46 30 44 02 20 45 D7 55 5A 2F 97 3C 62 .H.F0D. E.UZ/.<b
0390: B7 D5 CB 25 49 2C 5B A5 B2 28 2C B4 66 F5 C0 2A ...%I,[..(,.f..*
03A0: 18 32 59 62 0D B1 0B A0 02 20 43 4E 97 45 46 50 .2Yb..... CN.EFP
03B0: 4A AA F8 25 64 19 42 54 74 5F 3F 90 F3 3B 44 63 J..%d.BTt_?..;Dc
03C0: A2 32 50 7B 95 51 93 24 3E D4 0D 00 00 1E 02 40 .2P..Q.$>......@
03D0: 01 00 19 00 17 30 15 31 13 30 11 06 03 55 04 03 .....0.1.0...U..
03E0: 0C 0A 74 6C 63 70 2D 69 6E 74 63 61 0E 00 00 00 ..tlcp-intca....
)
com.tencent.kona.ssl|FINE|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:47.699 CST|SSLEngineInputRecord.java:177|Raw read (
0000: 15 01 01 00 02 02 50 ......P
)
com.tencent.kona.ssl|FINE|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:47.699 CST|SSLEngineInputRecord.java:214|READ: TLCPv1.1 alert, length = 2
com.tencent.kona.ssl|FINE|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:47.703 CST|Alert.java:238|Received alert message (
"Alert": {
"level" : "fatal",
"description": "internal_error"
}
)
com.tencent.kona.ssl|SEVERE|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:47.705 CST|TransportContext.java:370|Fatal (INTERNAL_ERROR): Received fatal alert: internal_error (
"throwable" : {
javax.net.ssl.SSLException: Received fatal alert: internal_error
at com.tencent.kona.sun.security.ssl.Alert.createSSLException(Alert.java:133)
at com.tencent.kona.sun.security.ssl.Alert.createSSLException(Alert.java:117)
at com.tencent.kona.sun.security.ssl.TransportContext.fatal(TransportContext.java:365)
at com.tencent.kona.sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:293)
at com.tencent.kona.sun.security.ssl.TransportContext.dispatch(TransportContext.java:204)
at com.tencent.kona.sun.security.ssl.SSLTransport.decode(SSLTransport.java:172)
at com.tencent.kona.sun.security.ssl.SSLEngineImpl.decode(SSLEngineImpl.java:736)
at com.tencent.kona.sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:691)
at com.tencent.kona.sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:505)
at com.tencent.kona.sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:481)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:626)
at io.netty.handler.ssl.SslHandler$SslEngineType$3.unwrap(SslHandler.java:295)
at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1342)
at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1235)
at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1284)
at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:510)
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:449)
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:279)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357)
at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919)
at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:166)
at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:722)
at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:658)
at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:584)
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:496)
at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:986)
at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
at java.lang.Thread.run(Thread.java:750)}
)
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:47.705 CST|SSLSessionImpl.java:1268|Invalidated session: Session(1700538287139|SSL_NULL_WITH_NULL_NULL)
com.tencent.kona.ssl|ALL|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:47.706 CST|SSLSessionImpl.java:1268|Invalidated session: Session(1700538287356|TLCP_ECC_SM4_CBC_SM3)是否提供一下Java端的debug日志? 在启动java程序时,请加上系统属性
-Dcom.tencent.kona.ssl.debug=all。
您好,上面提供了,麻烦了 上面我是利用gmssl的客户端工具,连接TLCPWithNettyDemo生成的服务端,报错
johnshajiang
commented
11 months ago 客户端没有返回ClientKeyExchange消息,而是发送了fatal alert: internal_error,使得握手失败。
也许它在计算共享密钥时出了什么问题。
另外,服务端发送了CertificateRequest消息,希望客户端发送证书。但TLCPWithNettyDemo中的服务端应该没有这个要求吧。
com.tencent.kona.ssl|FINE|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:47.649 CST|TLCPCertificateRequest.java:284|Produced CertificateRequest handshake message (
"CertificateRequest": {
"certificate types": [ecdsa_sign, rsa_sign]
"supported signature algorithms": []
"certificate authorities": [CN=tlcp-intca]
}建议让Java程序作为客户端试试,再看看日志。
zhangshdn
commented
11 months ago 客户端没有返回
ClientKeyExchange消息,而是发送了fatal alert: internal_error,使得握手失败。 也许它在计算共享密钥时出了什么问题。另外,服务端发送了
CertificateRequest消息,希望客户端发送证书。但TLCPWithNettyDemo中的服务端应该没有这个要求吧。com.tencent.kona.ssl|FINE|D0|nioEventLoopGroup-3-1|2023-11-21 11:44:47.649 CST|TLCPCertificateRequest.java:284|Produced CertificateRequest handshake message ( "CertificateRequest": { "certificate types": [ecdsa_sign, rsa_sign] "supported signature algorithms": [] "certificate authorities": [CN=tlcp-intca] }
确实是我的服务端有行代码除了问题,我指定了sslEngine.setWantClientAuth(true); 改成false就可以了,这样gmssl的客户端已经能和服务端通讯了。 但是现在出现了另外一个问题,我们使用guanzhi的gmssl签出来的CA证书,服务端加签证书+key和加密证书+key,代入TLCPWithNettyDemo后,服务端会报错,错误内容如下, 客户端报错:
No client certificate CA names sent
---
SSL handshake has read 1040 bytes and written 203 bytes
Verification error: unable to verify the first certificate
---
New, (NONE), Cipher is (NONE)
Server public key is 256 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : GMTLSv1.1
Cipher : 0000
Session-ID: 5630EABA31E86B91D553915ED2C2CA303EF77297311772CFC2F5FD4DBD90C016
Session-ID-ctx:
Master-Key:
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1700542484
Timeout : 7200 (sec)
Verify return code: 21 (unable to verify the first certificate)
Extended master secret: no服务端报错:
com.tencent.kona.ssl|FINE|D0|nioEventLoopGroup-3-1|2023-11-21 12:54:46.007 CST|SSLEngineInputRecord.java:177|Raw read (
0000: 15 01 01 00 02 02 33 ......3
)
com.tencent.kona.ssl|FINE|D0|nioEventLoopGroup-3-1|2023-11-21 12:54:46.008 CST|SSLEngineInputRecord.java:214|READ: TLCPv1.1 alert, length = 2
com.tencent.kona.ssl|FINE|D0|nioEventLoopGroup-3-1|2023-11-21 12:54:46.012 CST|Alert.java:238|Received alert message (
"Alert": {
"level" : "fatal",
"description": "decrypt_error"
}
)
com.tencent.kona.ssl|SEVERE|D0|nioEventLoopGroup-3-1|2023-11-21 12:54:46.013 CST|TransportContext.java:370|Fatal (DECRYPT_ERROR): Received fatal alert: decrypt_error (
"throwable" : {
javax.net.ssl.SSLHandshakeException: Received fatal alert: decrypt_error麻烦您给看看吧,另外,我们想做成双向认证,您能给指导下,如何操作吗
zhangshdn
commented
11 months ago 我签名的方式是这样的
# 生成CA证书
gmssl ecparam -genkey -name SM2 -noout -out root.key
gmssl req -new -key root.key -out root.req -subj "/C=CN/ST=Shandong/L=JiNan/O=ZF/CN=root"
gmssl x509 -req -days 3650 -sm3 -in root.req -extfile openssl.cnf -extensions v3_ca -signkey root.key -out root.crt
# Server签名证书
gmssl ecparam -name SM2 -genkey -noout -out server.key
gmssl req -new -SM3 -key server.key -out server.csr -subj /C=CN/ST=Shandong/L=JiNan/O=ZFS/CN="127.0.0.1"
gmssl x509 -req -SM3 -days 3650 -in server.csr -extfile openssl.cnf -extensions v3_req -CA root.crt -CAkey root.key -set_serial 1000000001 -out server.crt
# Server加密证书
gmssl ecparam -name SM2 -genkey -noout -out server_en.key
gmssl req -new -SM3 -key server_en.key -out server_en.csr -subj /C=CN/ST=Shandong/L=JiNan/O=ZFS/CN="127.0.0.1"
gmssl x509 -req -SM3 -days 3650 -in server_en.csr -extfile openssl.cnf -extensions v3enc_req -CA root.crt -CAkey root.key -set_serial 1000002001 -out server_en.crt让服务端和客户端都是Java程序,此时使用你上面生成的私钥和证书,看看会报什么错误?
我们想做成双向认证,您能给指导下,如何操作吗
启用clientauth时,客户端也需要配置证书。
zhangshdn
commented
11 months ago 报错如下,貌似不认这个私钥的格式
Exception in thread "main" java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: Unable to decode key
at com.tencent.kona.sun.security.ec.ECKeyFactory.engineGeneratePrivate(ECKeyFactory.java:170)
at java.security.KeyFactory.generatePrivate(KeyFactory.java:366)
at net.zfsy.TLCPWithNettyDemo.loadPrivateKey(TLCPWithNettyDemo.java:483)
at net.zfsy.TLCPWithNettyDemo.createKeyStore(TLCPWithNettyDemo.java:453)
at net.zfsy.TLCPWithNettyDemo.createContext(TLCPWithNettyDemo.java:425)
at net.zfsy.TLCPWithNettyDemo.createJdkContext(TLCPWithNettyDemo.java:406)
at net.zfsy.TLCPWithNettyDemo.main(TLCPWithNettyDemo.java:337)
Caused by: java.security.InvalidKeyException: Unable to decode key
at com.tencent.kona.sun.security.pkcs.PKCS8Key.decode(PKCS8Key.java:142)
at com.tencent.kona.sun.security.pkcs.PKCS8Key.<init>(PKCS8Key.java:101)
at com.tencent.kona.sun.security.ec.ECPrivateKeyImpl.<init>(ECPrivateKeyImpl.java:89)
at com.tencent.kona.sun.security.ec.ECKeyFactory.implGeneratePrivate(ECKeyFactory.java:245)
at com.tencent.kona.sun.security.ec.ECKeyFactory.engineGeneratePrivate(ECKeyFactory.java:166)
... 6 more
Caused by: java.io.IOException: algid parse error, not a sequence
at com.tencent.kona.sun.security.x509.AlgorithmId.parse(AlgorithmId.java:394)
at com.tencent.kona.sun.security.pkcs.PKCS8Key.decode(PKCS8Key.java:117)
... 10 more@johnshajiang 老师,安装完这个BabaSSL-8.3.2 bin目录下怎么没有babassl这个命令
johnshajiang
commented
11 months ago gmssl生成的私钥看起来不是PKCS#8格式的。 建议还是用Tongsuo去生成。
安装完这个BabaSSL-8.3.2 bin目录下怎么没有babassl这个命令
BabaSSL是OpenSSL的分支,所以那个命令还是openssl。
另外,BabaSSL已经转到[Tongsuo]项目了,建议使用Tongsuo。
[Tongsuo]: https://github.com/Tongsuo-Project/Tongsuo
zhangshdn
commented
11 months ago 报错如下,貌似不认这个私钥的格式
Exception in thread "main" java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: Unable to decode key at com.tencent.kona.sun.security.ec.ECKeyFactory.engineGeneratePrivate(ECKeyFactory.java:170) at java.security.KeyFactory.generatePrivate(KeyFactory.java:366) at net.zfsy.TLCPWithNettyDemo.loadPrivateKey(TLCPWithNettyDemo.java:483) at net.zfsy.TLCPWithNettyDemo.createKeyStore(TLCPWithNettyDemo.java:453) at net.zfsy.TLCPWithNettyDemo.createContext(TLCPWithNettyDemo.java:425) at net.zfsy.TLCPWithNettyDemo.createJdkContext(TLCPWithNettyDemo.java:406) at net.zfsy.TLCPWithNettyDemo.main(TLCPWithNettyDemo.java:337) Caused by: java.security.InvalidKeyException: Unable to decode key at com.tencent.kona.sun.security.pkcs.PKCS8Key.decode(PKCS8Key.java:142) at com.tencent.kona.sun.security.pkcs.PKCS8Key.<init>(PKCS8Key.java:101) at com.tencent.kona.sun.security.ec.ECPrivateKeyImpl.<init>(ECPrivateKeyImpl.java:89) at com.tencent.kona.sun.security.ec.ECKeyFactory.implGeneratePrivate(ECKeyFactory.java:245) at com.tencent.kona.sun.security.ec.ECKeyFactory.engineGeneratePrivate(ECKeyFactory.java:166) ... 6 more Caused by: java.io.IOException: algid parse error, not a sequence at com.tencent.kona.sun.security.x509.AlgorithmId.parse(AlgorithmId.java:394) at com.tencent.kona.sun.security.pkcs.PKCS8Key.decode(PKCS8Key.java:117) ... 10 more
老师帮忙看看吧,我的这个私钥是通过gmssl ecparam -genkey -name SM2 -noout -out root.key执行获得的,但是通过loadPrivateKey这个方法解析不了,不知道为什么
johnshajiang
commented
11 months ago 我的这个私钥是通过gmssl ecparam -genkey -name SM2 -noout -out root.key执行获得的,但是通过loadPrivateKey这个方法解析不了,不知道为什么
gmssl生成的私钥看起来不是PKCS#8格式的。 建议还是用Tongsuo去生成。
johnshajiang
commented
11 months ago loadPrivateKey使用PKCS8EncodedKeySpec,所以它认为私钥格式必须是PKCS#8。
private static PrivateKey loadPrivateKey(String keyPEM) throws Exception {
PKCS8EncodedKeySpec privateKeySpec = new PKCS8EncodedKeySpec(
Base64.getMimeDecoder().decode(keyPEM));
KeyFactory keyFactory = CryptoInsts.getKeyFactory("EC");
return keyFactory.generatePrivate(privateKeySpec);
}我的这个私钥是通过gmssl ecparam -genkey -name SM2 -noout -out root.key执行获得的,但是通过loadPrivateKey这个方法解析不了,不知道为什么
gmssl生成的私钥看起来不是PKCS#8格式的。 建议还是用Tongsuo去生成。
感谢感谢,我将证书改成pkcs#8格式后,自签的证书和私钥也可以用了, 现在单向的我已经调通了,多谢多谢。 我现在在搞双向的认证,通过客户端发送请求后,服务端后台报错,您看我哪个地方除了问题,麻烦给指个方向吧
com.tencent.kona.ssl|FINE|11|nioEventLoopGroup-3-2|2023-11-21 15:50:03.257 CST|SSLEngineInputRecord.java:177|Raw read (
0000: 16 03 01 00 BF 01 00 00 BB 03 03 83 0C 9C CF 27 ...............'
0010: 23 47 6A B3 55 31 2E 7A 2C C8 BD 25 48 F0 5C 0E #Gj.U1.z,..%H.\.
0020: 15 B0 B5 86 85 04 76 06 47 59 BF 00 00 48 C0 2C ......v.GY...H.,
0030: C0 30 00 9F CC A9 CC A8 CC AA C0 2B C0 2F 00 9E .0.........+./..
0040: E1 07 C0 24 C0 28 00 6B C0 23 C0 27 00 67 E1 02 ...$.(.k.#.'.g..
0050: C0 0A C0 14 00 39 C0 09 C0 13 00 33 00 9D 00 9C .....9.....3....
0060: 00 3D 00 3C 00 35 E0 17 E0 15 E0 13 E0 11 00 2F .=.<.5........./
0070: E0 1A E0 19 00 FF 01 00 00 4A 00 0B 00 04 03 00 .........J......
0080: 01 02 00 0A 00 0C 00 0A 00 1E 00 1D 00 17 00 19 ................
0090: 00 18 00 23 00 00 00 0D 00 22 00 20 06 01 06 02 ...#.....". ....
00A0: 06 03 05 01 05 02 05 03 04 01 04 02 04 03 03 01 ................
00B0: 03 02 03 03 02 01 02 02 02 03 07 07 00 16 00 00 ................
00C0: 00 17 00 00 ....
)
com.tencent.kona.ssl|FINE|11|nioEventLoopGroup-3-2|2023-11-21 15:50:03.257 CST|SSLEngineInputRecord.java:214|READ: TLSv1 handshake, length = 191
com.tencent.kona.ssl|FINE|11|nioEventLoopGroup-3-2|2023-11-21 15:50:03.258 CST|SSLExtensions.java:147|Ignore unknown or unsupported extension (
"ec_point_formats (11)": {
0000: 03 00 01 02 ....
}
)
com.tencent.kona.ssl|FINE|11|nioEventLoopGroup-3-2|2023-11-21 15:50:03.258 CST|SSLExtensions.java:147|Ignore unknown or unsupported extension (
"supported_groups (10)": {
0000: 00 0A 00 1E 00 1D 00 17 00 19 00 18 ............
}
)
com.tencent.kona.ssl|FINE|11|nioEventLoopGroup-3-2|2023-11-21 15:50:03.259 CST|SSLExtensions.java:147|Ignore unknown or unsupported extension (
"signature_algorithms (13)": {
0000: 00 20 06 01 06 02 06 03 05 01 05 02 05 03 04 01 . ..............
0010: 04 02 04 03 03 01 03 02 03 03 02 01 02 02 02 03 ................
0020: 07 07 ..
}
)
com.tencent.kona.ssl|FINE|11|nioEventLoopGroup-3-2|2023-11-21 15:50:03.259 CST|SSLExtensions.java:147|Ignore unknown or unsupported extension (
"encrypt_then_mac (22)": {
}
)
com.tencent.kona.ssl|FINE|11|nioEventLoopGroup-3-2|2023-11-21 15:50:03.259 CST|SSLExtensions.java:147|Ignore unknown or unsupported extension (
"extended_master_secret (23)": {
}
)
com.tencent.kona.ssl|FINE|11|nioEventLoopGroup-3-2|2023-11-21 15:50:03.260 CST|ClientHello.java:799|Consuming ClientHello handshake message (
"ClientHello": {
"client version" : "TLSv1.2",
"random" : "830C9CCF2723476AB355312E7A2CC8BD2548F05C0E15B0B586850476064759BF",
"session id" : "",
"cipher suites" : "[TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384(0xC02C), TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(0xC030), TLS_DHE_RSA_WITH_AES_256_GCM_SHA384(0x009F), TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256(0xCCA9), TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256(0xCCA8), TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256(0xCCAA), TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(0xC02B), TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(0xC02F), TLS_DHE_RSA_WITH_AES_128_GCM_SHA256(0x009E), UNKNOWN-CIPHER-SUITE(0xE107)(0xE107), TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384(0xC024), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384(0xC028), TLS_DHE_RSA_WITH_AES_256_CBC_SHA256(0x006B), TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256(0xC023), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256(0xC027), TLS_DHE_RSA_WITH_AES_128_CBC_SHA256(0x0067), UNKNOWN-CIPHER-SUITE(0xE102)(0xE102), TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA(0xC00A), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(0xC014), TLS_DHE_RSA_WITH_AES_256_CBC_SHA(0x0039), TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA(0xC009), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(0xC013), TLS_DHE_RSA_WITH_AES_128_CBC_SHA(0x0033), TLS_RSA_WITH_AES_256_GCM_SHA384(0x009D), TLS_RSA_WITH_AES_128_GCM_SHA256(0x009C), TLS_RSA_WITH_AES_256_CBC_SHA256(0x003D), TLS_RSA_WITH_AES_128_CBC_SHA256(0x003C), TLS_RSA_WITH_AES_256_CBC_SHA(0x0035), UNKNOWN-CIPHER-SUITE(0xE017)(0xE017), UNKNOWN-CIPHER-SUITE(0xE015)(0xE015), TLCP_ECC_SM4_CBC_SM3(0xE013), TLCP_ECDHE_SM4_CBC_SM3(0xE011), TLS_RSA_WITH_AES_128_CBC_SHA(0x002F), UNKNOWN-CIPHER-SUITE(0xE01A)(0xE01A), UNKNOWN-CIPHER-SUITE(0xE019)(0xE019), TLS_EMPTY_RENEGOTIATION_INFO_SCSV(0x00FF)]",
"compression methods" : "00",
"extensions" : [
"ec_point_formats (11)": {
"formats": [uncompressed, ansiX962_compressed_prime, ansiX962_compressed_char2]
},
"supported_groups (10)": {
"named groups": [UNDEFINED-NAMED-GROUP(30), UNDEFINED-NAMED-GROUP(29), secp256r1, secp521r1, secp384r1]
},
"session_ticket (35)": {
<empty>
},
"signature_algorithms (13)": {
"signature schemes": [rsa_pkcs1_sha512, dsa_sha512, ecdsa_secp521r1_sha512, rsa_pkcs1_sha384, dsa_sha384, ecdsa_secp384r1_sha384, rsa_pkcs1_sha256, dsa_sha256, ecdsa_secp256r1_sha256, rsa_sha224, dsa_sha224, ecdsa_sha224, rsa_pkcs1_sha1, dsa_sha1, ecdsa_sha1, UNDEFINED-SIGNATURE(7)_sm3]
},
"encrypt_then_mac (22)": {
},
"extended_master_secret (23)": {
<empty>
}
]
}
)
com.tencent.kona.ssl|FINE|11|nioEventLoopGroup-3-2|2023-11-21 15:50:03.261 CST|SSLExtensions.java:185|Ignore unavailable extension: supported_versions
com.tencent.kona.ssl|FINE|11|nioEventLoopGroup-3-2|2023-11-21 15:50:03.261 CST|ClientHello.java:829|Negotiated protocol version: TLCPv1.1
com.tencent.kona.ssl|FINE|11|nioEventLoopGroup-3-2|2023-11-21 15:50:03.261 CST|SessionTicketExtension.java:399|Client accepts session tickets.
com.tencent.kona.ssl|FINE|11|nioEventLoopGroup-3-2|2023-11-21 15:50:03.261 CST|SSLExtensions.java:204|Consumed extension: session_ticket
com.tencent.kona.ssl|ALL|11|nioEventLoopGroup-3-2|2023-11-21 15:50:03.261 CST|TLCPClientHello.java:109|Can't resume, the existing session is not rejoinable
com.tencent.kona.ssl|FINE|11|nioEventLoopGroup-3-2|2023-11-21 15:50:03.261 CST|TLCPClientHello.java:183|Session not resumed.
com.tencent.kona.ssl|FINE|11|nioEventLoopGroup-3-2|2023-11-21 15:50:03.262 CST|SSLExtensions.java:185|Ignore unavailable extension: server_name
com.tencent.kona.ssl|ALL|11|nioEventLoopGroup-3-2|2023-11-21 15:50:03.262 CST|SignatureScheme.java:429|Ignore inactive signature scheme: ecdsa_secp256r1_sha256
com.tencent.kona.ssl|ALL|11|nioEventLoopGroup-3-2|2023-11-21 15:50:03.262 CST|SignatureScheme.java:429|Ignore inactive signature scheme: ecdsa_secp384r1_sha384
com.tencent.kona.ssl|ALL|11|nioEventLoopGroup-3-2|2023-11-21 15:50:03.262 CST|SignatureScheme.java:429|Ignore inactive signature scheme: ecdsa_secp521r1_sha512
com.tencent.kona.ssl|ALL|11|nioEventLoopGroup-3-2|2023-11-21 15:50:03.262 CST|SignatureScheme.java:405|Ignore unsupported signature scheme: ed25519
com.tencent.kona.ssl|ALL|11|nioEventLoopGroup-3-2|2023-11-21 15:50:03.262 CST|SignatureScheme.java:405|Ignore unsupported signature scheme: ed448
com.tencent.kona.ssl|ALL|11|nioEventLoopGroup-3-2|2023-11-21 15:50:03.263 CST|SignatureScheme.java:429|Ignore inactive signature scheme: rsa_pss_rsae_sha256
com.tencent.kona.ssl|ALL|11|nioEventLoopGroup-3-2|2023-11-21 15:50:03.263 CST|SignatureScheme.java:429|Ignore inactive signature scheme: rsa_pss_rsae_sha384
com.tencent.kona.ssl|ALL|11|nioEventLoopGroup-3-2|2023-11-21 15:50:03.263 CST|SignatureScheme.java:429|Ignore inactive signature scheme: rsa_pss_rsae_sha512
com.tencent.kona.ssl|ALL|11|nioEventLoopGroup-3-2|2023-11-21 15:50:03.263 CST|SignatureScheme.java:429|Ignore inactive signature scheme: rsa_pss_pss_sha256
com.tencent.kona.ssl|ALL|11|nioEventLoopGroup-3-2|2023-11-21 15:50:03.263 CST|SignatureScheme.java:429|Ignore inactive signature scheme: rsa_pss_pss_sha384
com.tencent.kona.ssl|ALL|11|nioEventLoopGroup-3-2|2023-11-21 15:50:03.263 CST|SignatureScheme.java:429|Ignore inactive signature scheme: rsa_pss_pss_sha512
com.tencent.kona.ssl|ALL|11|nioEventLoopGroup-3-2|2023-11-21 15:50:03.263 CST|SignatureScheme.java:429|Ignore inactive signature scheme: rsa_pkcs1_sha256
com.tencent.kona.ssl|ALL|11|nioEventLoopGroup-3-2|2023-11-21 15:50:03.263 CST|SignatureScheme.java:429|Ignore inactive signature scheme: rsa_pkcs1_sha384
com.tencent.kona.ssl|ALL|11|nioEventLoopGroup-3-2|2023-11-21 15:50:03.264 CST|SignatureScheme.java:429|Ignore inactive signature scheme: rsa_pkcs1_sha512
com.tencent.kona.ssl|ALL|11|nioEventLoopGroup-3-2|2023-11-21 15:50:03.264 CST|SignatureScheme.java:429|Ignore inactive signature scheme: dsa_sha256
com.tencent.kona.ssl|ALL|11|nioEventLoopGroup-3-2|2023-11-21 15:50:03.264 CST|SignatureScheme.java:405|Ignore unsupported signature scheme: ecdsa_sha224
com.tencent.kona.ssl|ALL|11|nioEventLoopGroup-3-2|2023-11-21 15:50:03.264 CST|SignatureScheme.java:405|Ignore unsupported signature scheme: rsa_sha224
com.tencent.kona.ssl|ALL|11|nioEventLoopGroup-3-2|2023-11-21 15:50:03.264 CST|SignatureScheme.java:405|Ignore unsupported signature scheme: dsa_sha224
com.tencent.kona.ssl|ALL|11|nioEventLoopGroup-3-2|2023-11-21 15:50:03.264 CST|SignatureScheme.java:429|Ignore inactive signature scheme: ecdsa_sha1
com.tencent.kona.ssl|ALL|11|nioEventLoopGroup-3-2|2023-11-21 15:50:03.264 CST|SignatureScheme.java:429|Ignore inactive signature scheme: rsa_pkcs1_sha1
com.tencent.kona.ssl|ALL|11|nioEventLoopGroup-3-2|2023-11-21 15:50:03.264 CST|SignatureScheme.java:429|Ignore inactive signature scheme: dsa_sha1
com.tencent.kona.ssl|ALL|11|nioEventLoopGroup-3-2|2023-11-21 15:50:03.265 CST|SignatureScheme.java:429|Ignore inactive signature scheme: rsa_md5
com.tencent.kona.ssl|ALL|11|nioEventLoopGroup-3-2|2023-11-21 15:50:03.265 CST|SSLSessionImpl.java:220|Session initialized: Session(1700553003265|SSL_NULL_WITH_NULL_NULL)
com.tencent.kona.ssl|FINE|11|nioEventLoopGroup-3-2|2023-11-21 15:50:03.265 CST|SSLExtensions.java:219|Ignore unavailable extension: server_name
com.tencent.kona.ssl|FINE|11|nioEventLoopGroup-3-2|2023-11-21 15:50:03.266 CST|SSLExtensions.java:219|Ignore unavailable extension: application_layer_protocol_negotiation
com.tencent.kona.ssl|WARNING|11|nioEventLoopGroup-3-2|2023-11-21 15:50:03.266 CST|SSLExtensions.java:227|Ignore impact of unsupported extension: session_ticket
com.tencent.kona.ssl|FINE|11|nioEventLoopGroup-3-2|2023-11-21 15:50:03.266 CST|X509KeyManagerImpl.java:455|KeyMgr: getting aliases (
[tlcp-sign-ee-demo (verified: EXTENSION_MISMATCH), tlcp-enc-ee-demo (verified: EXTENSION_MISMATCH)]
)
com.tencent.kona.ssl|FINE|11|nioEventLoopGroup-3-2|2023-11-21 15:50:03.267 CST|TLCPServerHello.java:242|use cipher suite TLCP_ECC_SM4_CBC_SM3
com.tencent.kona.ssl|ALL|11|nioEventLoopGroup-3-2|2023-11-21 15:50:03.267 CST|SSLSessionImpl.java:948|Negotiating session: Session(1700553003265|TLCP_ECC_SM4_CBC_SM3)
com.tencent.kona.ssl|FINE|11|nioEventLoopGroup-3-2|2023-11-21 15:50:03.267 CST|StatusResponseManager.java:608|Staping disabled or is a resumed session
com.tencent.kona.ssl|ALL|11|nioEventLoopGroup-3-2|2023-11-21 15:50:03.268 CST|ServerNameExtension.java:445|Ignore unavailable extension: server_name
com.tencent.kona.ssl|FINE|11|nioEventLoopGroup-3-2|2023-11-21 15:50:03.268 CST|SSLExtensions.java:272|Ignore, context unavailable extension: server_name
com.tencent.kona.ssl|FINE|11|nioEventLoopGroup-3-2|2023-11-21 15:50:03.268 CST|AlpnExtension.java:384|Ignore unavailable extension: application_layer_protocol_negotiation
com.tencent.kona.ssl|FINE|11|nioEventLoopGroup-3-2|2023-11-21 15:50:03.268 CST|SSLExtensions.java:272|Ignore, context unavailable extension: application_layer_protocol_negotiation
com.tencent.kona.ssl|FINE|11|nioEventLoopGroup-3-2|2023-11-21 15:50:03.268 CST|TLCPServerHello.java:173|Produced ServerHello handshake message (
"ServerHello": {
"server version" : "TLCPv1.1",
"random" : "247D96067B7A6779AA47325E1174DE222A2A254587C7F79FADF9638CDC213EB1",
"session id" : "66C3F14CCA425E71DC23C6E1428F085FC7E1057A6B79052CE99265F8CAA98C3F",
"cipher suite" : "TLCP_ECC_SM4_CBC_SM3(0xE013)",
"compression methods" : "00",
"extensions" : [
"session_ticket (35)": {
<empty>
}
]
}
)
com.tencent.kona.ssl|FINE|11|nioEventLoopGroup-3-2|2023-11-21 15:50:03.270 CST|TLCPCertificate.java:261|Produced server Certificate handshake message (
"Certificates": [
"certificate" : {
"version" : "v3",
"serial number" : "3B9ACA01",
"signature algorithm": "SM3withSM2",
"issuer" : "CN=root, O=ZF, L=JiNan, ST=Shandong, C=CN",
"not before" : "2023-11-21 10:01:26.000 CST",
"not after" : "2033-11-18 10:01:26.000 CST",
"subject" : "CN=localhost, OU=MBWS, O=ZF, L=Jinan, ST=Shandong, C=CN",
"subject public key" : "EC",
"extensions" : [
{
ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
]
},
{
ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
DigitalSignature
Non_repudiation
]
}
]},
"certificate" : {
"version" : "v3",
"serial number" : "3B9AD1D1",
"signature algorithm": "SM3withSM2",
"issuer" : "CN=root, O=ZF, L=JiNan, ST=Shandong, C=CN",
"not before" : "2023-11-21 10:02:18.000 CST",
"not after" : "2033-11-18 10:02:18.000 CST",
"subject" : "CN=localhost, OU=MB, O=ZF, L=Jinan, ST=Shandong, C=CN",
"subject public key" : "EC",
"extensions" : [
{
ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
]
},
{
ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
Key_Encipherment
Data_Encipherment
Key_Agreement
]
}
]}
]
)
com.tencent.kona.ssl|FINE|11|nioEventLoopGroup-3-2|2023-11-21 15:50:03.273 CST|SM2ServerKeyExchange.java:308|Produced SM2 ServerKeyExchange handshake message (
"SM2 ServerKeyExchange": {
"digital signature": {
"signature": {
0000: 30 46 02 21 00 D2 C1 37 A2 F6 76 25 21 6A F1 38 0F.!...7..v%!j.8
0010: DA 41 71 48 70 E3 E2 15 B7 19 96 62 D3 77 14 B8 .AqHp......b.w..
0020: FD 6B A4 58 53 02 21 00 F5 89 F9 44 C1 8F 08 B6 .k.XS.!....D....
0030: 33 69 7F FC 63 A3 69 85 36 72 C0 87 8E 12 73 11 3i..c.i.6r....s.
0040: 56 6D 4A 81 C4 B0 C7 B0 VmJ.....
},
}
}
)
com.tencent.kona.ssl|FINE|11|nioEventLoopGroup-3-2|2023-11-21 15:50:03.273 CST|TLCPCertificateRequest.java:284|Produced CertificateRequest handshake message (
"CertificateRequest": {
"certificate types": [ecdsa_sign, rsa_sign]
"supported signature algorithms": []
"certificate authorities": [CN=root, O=ZF, L=JiNan, ST=Shandong, C=CN]
}
)
com.tencent.kona.ssl|FINE|11|nioEventLoopGroup-3-2|2023-11-21 15:50:03.274 CST|ServerHelloDone.java:98|Produced ServerHelloDone handshake message (
<empty>
)
com.tencent.kona.ssl|FINE|11|nioEventLoopGroup-3-2|2023-11-21 15:50:03.275 CST|SSLEngineOutputRecord.java:530|WRITE: TLCPv1.1 handshake, length = 1149
com.tencent.kona.ssl|FINE|11|nioEventLoopGroup-3-2|2023-11-21 15:50:03.276 CST|SSLEngineOutputRecord.java:551|Raw write (
0000: 16 01 01 04 7D 02 00 00 4C 01 01 24 7D 96 06 7B ........L..$....
0010: 7A 67 79 AA 47 32 5E 11 74 DE 22 2A 2A 25 45 87 zgy.G2^.t."**%E.
0020: C7 F7 9F AD F9 63 8C DC 21 3E B1 20 66 C3 F1 4C .....c..!>. f..L
0030: CA 42 5E 71 DC 23 C6 E1 42 8F 08 5F C7 E1 05 7A .B^q.#..B.._...z
0040: 6B 79 05 2C E9 92 65 F8 CA A9 8C 3F E0 13 00 00 ky.,..e....?....
0050: 04 00 23 00 00 0B 00 03 7E 00 03 7B 00 01 BB 30 ..#............0
0060: 82 01 B7 30 82 01 5E A0 03 02 01 02 02 04 3B 9A ...0..^.......;.
0070: CA 01 30 0A 06 08 2A 81 1C CF 55 01 83 75 30 4C ..0...*...U..u0L
0080: 31 0B 30 09 06 03 55 04 06 13 02 43 4E 31 11 30 1.0...U....CN1.0
0090: 0F 06 03 55 04 08 0C 08 53 68 61 6E 64 6F 6E 67 ...U....Shandong
00A0: 31 0E 30 0C 06 03 55 04 07 0C 05 4A 69 4E 61 6E 1.0...U....JiNan
00B0: 31 0B 30 09 06 03 55 04 0A 0C 02 5A 46 31 0D 30 1.0...U....ZF1.0
00C0: 0B 06 03 55 04 03 0C 04 72 6F 6F 74 30 1E 17 0D ...U....root0...
00D0: 32 33 31 31 32 31 30 32 30 31 32 36 5A 17 0D 33 231121020126Z..3
00E0: 33 31 31 31 38 30 32 30 31 32 36 5A 30 60 31 0B 31118020126Z0`1.
00F0: 30 09 06 03 55 04 06 13 02 43 4E 31 11 30 0F 06 0...U....CN1.0..
0100: 03 55 04 08 0C 08 53 68 61 6E 64 6F 6E 67 31 0E .U....Shandong1.
0110: 30 0C 06 03 55 04 07 0C 05 4A 69 6E 61 6E 31 0B 0...U....Jinan1.
0120: 30 09 06 03 55 04 0A 0C 02 5A 46 31 0D 30 0B 06 0...U....ZF1.0..
0130: 03 55 04 0B 0C 04 4D 42 57 53 31 12 30 10 06 03 .U....MBWS1.0...
0140: 55 04 03 0C 09 6C 6F 63 61 6C 68 6F 73 74 30 59 U....localhost0Y
0150: 30 13 06 07 2A 86 48 CE 3D 02 01 06 08 2A 81 1C 0...*.H.=....*..
0160: CF 55 01 82 2D 03 42 00 04 2E 38 56 B8 E9 83 6D .U..-.B...8V...m
0170: C5 8A DA A3 48 75 F1 95 2F 7C 5C 00 76 7F EA 8A ....Hu../.\.v...
0180: C5 13 66 2C 21 28 55 35 D0 06 26 66 CA FC AF 0D ..f,!(U5..&f....
0190: 82 52 B4 14 21 41 E8 57 9D BF 73 C8 6F 57 8F ED .R..!A.W..s.oW..
01A0: 8D D2 F2 FA 7A BB 4D 95 36 A3 1A 30 18 30 09 06 ....z.M.6..0.0..
01B0: 03 55 1D 13 04 02 30 00 30 0B 06 03 55 1D 0F 04 .U....0.0...U...
01C0: 04 03 02 06 C0 30 0A 06 08 2A 81 1C CF 55 01 83 .....0...*...U..
01D0: 75 03 47 00 30 44 02 20 5B 4E DE 7D 8D ED AE 7D u.G.0D. [N......
01E0: 65 C8 03 2D F2 BB A6 2D 9B ED D5 E9 60 44 1C 6B e..-...-....`D.k
01F0: 61 60 A1 8E 70 D9 71 EC 02 20 39 55 C0 F9 55 97 a`..p.q.. 9U..U.
0200: 32 0E D8 BB F0 F9 B0 E5 5F 12 F4 37 2C BF 40 CD 2......._..7,.@.
0210: 64 92 EE E4 28 4C 8E F9 6C 8F 00 01 BA 30 82 01 d...(L..l....0..
0220: B6 30 82 01 5C A0 03 02 01 02 02 04 3B 9A D1 D1 .0..\.......;...
0230: 30 0A 06 08 2A 81 1C CF 55 01 83 75 30 4C 31 0B 0...*...U..u0L1.
0240: 30 09 06 03 55 04 06 13 02 43 4E 31 11 30 0F 06 0...U....CN1.0..
0250: 03 55 04 08 0C 08 53 68 61 6E 64 6F 6E 67 31 0E .U....Shandong1.
0260: 30 0C 06 03 55 04 07 0C 05 4A 69 4E 61 6E 31 0B 0...U....JiNan1.
0270: 30 09 06 03 55 04 0A 0C 02 5A 46 31 0D 30 0B 06 0...U....ZF1.0..
0280: 03 55 04 03 0C 04 72 6F 6F 74 30 1E 17 0D 32 33 .U....root0...23
0290: 31 31 32 31 30 32 30 32 31 38 5A 17 0D 33 33 31 1121020218Z..331
02A0: 31 31 38 30 32 30 32 31 38 5A 30 5E 31 0B 30 09 118020218Z0^1.0.
02B0: 06 03 55 04 06 13 02 43 4E 31 11 30 0F 06 03 55 ..U....CN1.0...U
02C0: 04 08 0C 08 53 68 61 6E 64 6F 6E 67 31 0E 30 0C ....Shandong1.0.
02D0: 06 03 55 04 07 0C 05 4A 69 6E 61 6E 31 0B 30 09 ..U....Jinan1.0.
02E0: 06 03 55 04 0A 0C 02 5A 46 31 0B 30 09 06 03 55 ..U....ZF1.0...U
02F0: 04 0B 0C 02 4D 42 31 12 30 10 06 03 55 04 03 0C ....MB1.0...U...
0300: 09 6C 6F 63 61 6C 68 6F 73 74 30 59 30 13 06 07 .localhost0Y0...
0310: 2A 86 48 CE 3D 02 01 06 08 2A 81 1C CF 55 01 82 *.H.=....*...U..
0320: 2D 03 42 00 04 DF AC AB 29 67 59 4B B6 78 C7 CC -.B.....)gYK.x..
0330: 14 E0 16 09 07 73 B4 08 91 33 D3 6F EC 41 1F E2 .....s...3.o.A..
0340: 47 FE 79 74 23 18 5F 6E 9C EB 81 38 01 42 0C B3 G.yt#._n...8.B..
0350: 49 C7 7F 63 98 D3 CF 66 22 44 7D 18 EB A0 C8 6D I..c...f"D.....m
0360: 92 C9 A7 30 0C A3 1A 30 18 30 09 06 03 55 1D 13 ...0...0.0...U..
0370: 04 02 30 00 30 0B 06 03 55 1D 0F 04 04 03 02 03 ..0.0...U.......
0380: 38 30 0A 06 08 2A 81 1C CF 55 01 83 75 03 48 00 80...*...U..u.H.
0390: 30 45 02 21 00 C6 1B 11 49 78 49 75 00 93 96 E7 0E.!....IxIu....
03A0: F0 52 D2 AF 10 82 82 66 24 6D CB B3 1F 33 A4 85 .R.....f$m...3..
03B0: 28 F8 76 E0 60 02 20 3E 02 B8 23 60 FB 9B 64 58 (.v.`. >..#`..dX
03C0: 22 FE 79 31 85 15 FC 72 12 FF 08 FA FB D5 4C 6F ".y1...r......Lo
03D0: 3A B2 1B E2 09 AC E2 0C 00 00 4A 00 48 30 46 02 :.........J.H0F.
03E0: 21 00 D2 C1 37 A2 F6 76 25 21 6A F1 38 DA 41 71 !...7..v%!j.8.Aq
03F0: 48 70 E3 E2 15 B7 19 96 62 D3 77 14 B8 FD 6B A4 Hp......b.w...k.
0400: 58 53 02 21 00 F5 89 F9 44 C1 8F 08 B6 33 69 7F XS.!....D....3i.
0410: FC 63 A3 69 85 36 72 C0 87 8E 12 73 11 56 6D 4A .c.i.6r....s.VmJ
0420: 81 C4 B0 C7 B0 0D 00 00 55 02 40 01 00 50 00 4E ........U.@..P.N
0430: 30 4C 31 0B 30 09 06 03 55 04 06 13 02 43 4E 31 0L1.0...U....CN1
0440: 11 30 0F 06 03 55 04 08 0C 08 53 68 61 6E 64 6F .0...U....Shando
0450: 6E 67 31 0E 30 0C 06 03 55 04 07 0C 05 4A 69 4E ng1.0...U....JiN
0460: 61 6E 31 0B 30 09 06 03 55 04 0A 0C 02 5A 46 31 an1.0...U....ZF1
0470: 0D 30 0B 06 03 55 04 03 0C 04 72 6F 6F 74 0E 00 .0...U....root..
0480: 00 00 ..
)
com.tencent.kona.ssl|FINE|11|nioEventLoopGroup-3-2|2023-11-21 15:50:03.289 CST|SSLEngineInputRecord.java:177|Raw read (
0000: 16 01 01 05 69 0B 00 05 65 00 05 62 00 01 B2 30 ....i...e..b...0
0010: 82 01 AE 30 82 01 55 A0 03 02 01 02 02 09 00 D3 ...0..U.........
0020: 46 D4 7B 13 9D 94 D6 30 0A 06 08 2A 81 1C CF 55 F......0...*...U
0030: 01 83 75 30 4C 31 0B 30 09 06 03 55 04 06 13 02 ..u0L1.0...U....
0040: 43 4E 31 11 30 0F 06 03 55 04 08 0C 08 53 68 61 CN1.0...U....Sha
0050: 6E 64 6F 6E 67 31 0E 30 0C 06 03 55 04 07 0C 05 ndong1.0...U....
0060: 4A 69 4E 61 6E 31 0B 30 09 06 03 55 04 0A 0C 02 JiNan1.0...U....
0070: 5A 46 31 0D 30 0B 06 03 55 04 03 0C 04 72 6F 6F ZF1.0...U....roo
0080: 74 30 1E 17 0D 32 33 31 31 32 31 30 37 34 33 30 t0...23112107430
0090: 38 5A 17 0D 33 33 31 31 31 38 30 37 34 33 30 38 8Z..331118074308
00A0: 5A 30 52 31 0B 30 09 06 03 55 04 06 13 02 43 4E Z0R1.0...U....CN
00B0: 31 11 30 0F 06 03 55 04 08 0C 08 53 68 61 6E 64 1.0...U....Shand
00C0: 6F 6E 67 31 0E 30 0C 06 03 55 04 07 0C 05 4A 69 ong1.0...U....Ji
00D0: 4E 61 6E 31 0C 30 0A 06 03 55 04 0A 0C 03 5A 46 Nan1.0...U....ZF
00E0: 43 31 12 30 10 06 03 55 04 03 0C 09 6C 6F 63 61 C1.0...U....loca
00F0: 6C 68 6F 73 74 30 59 30 13 06 07 2A 86 48 CE 3D lhost0Y0...*.H.=
0100: 02 01 06 08 2A 81 1C CF 55 01 82 2D 03 42 00 04 ....*...U..-.B..
0110: CD 4B B8 66 1A 60 1E FC 1E 96 FF EB BF 03 5B 8E .K.f.`........[.
0120: CD 6F F7 9F E0 7D 44 90 B5 BD 5B 77 F7 1A 1C 81 .o....D...[w....
0130: 0A 42 E3 48 98 A7 3B BC 73 0E FE FF CD 7E 2F 2B .B.H..;.s...../+
0140: CC 2D 2D 05 64 94 E3 B5 3C 14 EE 76 91 81 AF B6 .--.d...<..v....
0150: A3 1A 30 18 30 09 06 03 55 1D 13 04 02 30 00 30 ..0.0...U....0.0
0160: 0B 06 03 55 1D 0F 04 04 03 02 06 C0 30 0A 06 08 ...U........0...
0170: 2A 81 1C CF 55 01 83 75 03 47 00 30 44 02 20 3A *...U..u.G.0D. :
0180: 18 37 34 D0 87 6D D1 95 F2 51 F8 EE 21 CE 8C FB .74..m...Q..!...
0190: 58 EF 28 68 6B A2 D2 C3 86 A1 B0 FF 75 F7 36 02 X.(hk.......u.6.
01A0: 20 21 A2 1B 1A 27 AA 6A 1F C1 A7 4A AA 23 3C 10 !...'.j...J.#<.
01B0: 11 5A E2 93 91 E2 72 6D DB 4E 37 FD E4 81 78 BF .Z....rm.N7...x.
01C0: C5 00 01 B4 30 82 01 B0 30 82 01 55 A0 03 02 01 ....0...0..U....
01D0: 02 02 09 00 D3 46 D4 7B 13 9D 94 D7 30 0A 06 08 .....F......0...
01E0: 2A 81 1C CF 55 01 83 75 30 4C 31 0B 30 09 06 03 *...U..u0L1.0...
01F0: 55 04 06 13 02 43 4E 31 11 30 0F 06 03 55 04 08 U....CN1.0...U..
0200: 0C 08 53 68 61 6E 64 6F 6E 67 31 0E 30 0C 06 03 ..Shandong1.0...
0210: 55 04 07 0C 05 4A 69 4E 61 6E 31 0B 30 09 06 03 U....JiNan1.0...
0220: 55 04 0A 0C 02 5A 46 31 0D 30 0B 06 03 55 04 03 U....ZF1.0...U..
0230: 0C 04 72 6F 6F 74 30 1E 17 0D 32 33 31 31 32 31 ..root0...231121
0240: 30 37 34 33 32 33 5A 17 0D 33 33 31 31 31 38 30 074323Z..3311180
0250: 37 34 33 32 33 5A 30 52 31 0B 30 09 06 03 55 04 74323Z0R1.0...U.
0260: 06 13 02 43 4E 31 11 30 0F 06 03 55 04 08 0C 08 ...CN1.0...U....
0270: 53 68 61 6E 64 6F 6E 67 31 0E 30 0C 06 03 55 04 Shandong1.0...U.
0280: 07 0C 05 4A 69 4E 61 6E 31 0C 30 0A 06 03 55 04 ...JiNan1.0...U.
0290: 0A 0C 03 5A 46 43 31 12 30 10 06 03 55 04 03 0C ...ZFC1.0...U...
02A0: 09 6C 6F 63 61 6C 68 6F 73 74 30 59 30 13 06 07 .localhost0Y0...
02B0: 2A 86 48 CE 3D 02 01 06 08 2A 81 1C CF 55 01 82 *.H.=....*...U..
02C0: 2D 03 42 00 04 2C BE EB CC 0F EB 37 AF AC BE DE -.B..,.....7....
02D0: 52 CF 8D 26 12 1E 63 FE 99 1C 32 62 B4 08 92 66 R..&..c...2b...f
02E0: 17 8C CF 75 2E EE AE 78 02 FE E1 EB 82 D6 37 07 ...u...x......7.
02F0: 50 ED 13 06 9D 88 5B FC 9B E0 ED 50 4D C5 DB AF P.....[....PM...
0300: D8 66 F9 81 C9 A3 1A 30 18 30 09 06 03 55 1D 13 .f.....0.0...U..
0310: 04 02 30 00 30 0B 06 03 55 1D 0F 04 04 03 02 03 ..0.0...U.......
0320: 38 30 0A 06 08 2A 81 1C CF 55 01 83 75 03 49 00 80...*...U..u.I.
0330: 30 46 02 21 00 99 76 C7 27 36 E0 E5 2B 53 FA E8 0F.!..v.'6..+S..
0340: 8D C3 79 CE AA 0C 58 D5 F3 F9 31 62 B1 06 85 94 ..y...X...1b....
0350: 4B 1A 1B E8 04 02 21 00 D0 7E 58 83 CF FC CB 86 K.....!...X.....
0360: 5A 3A 91 77 9E 18 5A BE FE 48 36 2E 95 02 FE 6E Z:.w..Z..H6....n
0370: D7 31 FB DA 74 0E AF A6 00 01 F3 30 82 01 EF 30 .1..t......0...0
0380: 82 01 95 A0 03 02 01 02 02 09 00 9F 0F BE DA F6 ................
0390: C9 AB A3 30 0A 06 08 2A 81 1C CF 55 01 83 75 30 ...0...*...U..u0
03A0: 4C 31 0B 30 09 06 03 55 04 06 13 02 43 4E 31 11 L1.0...U....CN1.
03B0: 30 0F 06 03 55 04 08 0C 08 53 68 61 6E 64 6F 6E 0...U....Shandon
03C0: 67 31 0E 30 0C 06 03 55 04 07 0C 05 4A 69 4E 61 g1.0...U....JiNa
03D0: 6E 31 0B 30 09 06 03 55 04 0A 0C 02 5A 46 31 0D n1.0...U....ZF1.
03E0: 30 0B 06 03 55 04 03 0C 04 72 6F 6F 74 30 1E 17 0...U....root0..
03F0: 0D 32 33 31 31 32 31 30 32 30 30 32 38 5A 17 0D .231121020028Z..
0400: 33 33 31 31 31 38 30 32 30 30 32 38 5A 30 4C 31 331118020028Z0L1
0410: 0B 30 09 06 03 55 04 06 13 02 43 4E 31 11 30 0F .0...U....CN1.0.
0420: 06 03 55 04 08 0C 08 53 68 61 6E 64 6F 6E 67 31 ..U....Shandong1
0430: 0E 30 0C 06 03 55 04 07 0C 05 4A 69 4E 61 6E 31 .0...U....JiNan1
0440: 0B 30 09 06 03 55 04 0A 0C 02 5A 46 31 0D 30 0B .0...U....ZF1.0.
0450: 06 03 55 04 03 0C 04 72 6F 6F 74 30 59 30 13 06 ..U....root0Y0..
0460: 07 2A 86 48 CE 3D 02 01 06 08 2A 81 1C CF 55 01 .*.H.=....*...U.
0470: 82 2D 03 42 00 04 C8 15 67 C5 0B 67 B2 D3 F4 81 .-.B....g..g....
0480: 3C 25 AE F2 9C EA 3E 1F 0E BB 9F 14 87 89 3B D2 <%....>.......;.
0490: 66 5D 00 6C 2B 71 69 AE 04 CE C9 06 87 E1 36 13 f].l+qi.......6.
04A0: 26 F3 C3 F0 E0 1E F5 1B A9 16 2E A6 FB 8F 50 19 &.............P.
04B0: BC B7 1E 19 18 4D A3 60 30 5E 30 1D 06 03 55 1D .....M.`0^0...U.
04C0: 0E 04 16 04 14 C8 59 77 6A A8 EB E7 88 9B 7A 73 ......Ywj.....zs
04D0: 58 AD FB FC FB 45 0C 25 BF 30 1F 06 03 55 1D 23 X....E.%.0...U.#
04E0: 04 18 30 16 80 14 C8 59 77 6A A8 EB E7 88 9B 7A ..0....Ywj.....z
04F0: 73 58 AD FB FC FB 45 0C 25 BF 30 0F 06 03 55 1D sX....E.%.0...U.
0500: 13 01 01 FF 04 05 30 03 01 01 FF 30 0B 06 03 55 ......0....0...U
0510: 1D 0F 04 04 03 02 01 06 30 0A 06 08 2A 81 1C CF ........0...*...
0520: 55 01 83 75 03 48 00 30 45 02 21 00 F3 72 4C A6 U..u.H.0E.!..rL.
0530: 78 F0 F7 32 C2 6E B2 12 08 F6 F1 F1 DF DD AC B1 x..2.n..........
0540: 55 13 68 B5 B8 01 2C D8 92 8E B0 B8 02 20 4C F8 U.h...,...... L.
0550: DB EB A1 E1 70 A8 D9 54 64 4D AE 8D B5 B2 A3 07 ....p..TdM......
0560: 6B 5A 2D CC F9 E8 C9 EC 15 AD 69 3C 05 F3 kZ-.......i<..
)
com.tencent.kona.ssl|FINE|11|nioEventLoopGroup-3-2|2023-11-21 15:50:03.289 CST|SSLEngineInputRecord.java:214|READ: TLCPv1.1 handshake, length = 1385
com.tencent.kona.ssl|FINE|11|nioEventLoopGroup-3-2|2023-11-21 15:50:03.291 CST|TLCPCertificate.java:387|Consuming client Certificate handshake message (
"Certificates": [
"certificate" : {
"version" : "v3",
"serial number" : "00D346D47B139D94D6",
"signature algorithm": "SM3withSM2",
"issuer" : "CN=root, O=ZF, L=JiNan, ST=Shandong, C=CN",
"not before" : "2023-11-21 15:43:08.000 CST",
"not after" : "2033-11-18 15:43:08.000 CST",
"subject" : "CN=localhost, O=ZFC, L=JiNan, ST=Shandong, C=CN",
"subject public key" : "EC",
"extensions" : [
{
ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
]
},
{
ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
DigitalSignature
Non_repudiation
]
}
]},
"certificate" : {
"version" : "v3",
"serial number" : "00D346D47B139D94D7",
"signature algorithm": "SM3withSM2",
"issuer" : "CN=root, O=ZF, L=JiNan, ST=Shandong, C=CN",
"not before" : "2023-11-21 15:43:23.000 CST",
"not after" : "2033-11-18 15:43:23.000 CST",
"subject" : "CN=localhost, O=ZFC, L=JiNan, ST=Shandong, C=CN",
"subject public key" : "EC",
"extensions" : [
{
ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
]
},
{
ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
Key_Encipherment
Data_Encipherment
Key_Agreement
]
}
]},
"certificate" : {
"version" : "v3",
"serial number" : "009F0FBEDAF6C9ABA3",
"signature algorithm": "SM3withSM2",
"issuer" : "CN=root, O=ZF, L=JiNan, ST=Shandong, C=CN",
"not before" : "2023-11-21 10:00:28.000 CST",
"not after" : "2033-11-18 10:00:28.000 CST",
"subject" : "CN=root, O=ZF, L=JiNan, ST=Shandong, C=CN",
"subject public key" : "EC",
"extensions" : [
{
ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: C8 59 77 6A A8 EB E7 88 9B 7A 73 58 AD FB FC FB .Ywj.....zsX....
0010: 45 0C 25 BF E.%.
]
]
},
{
ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen: no limit
]
},
{
ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
Key_CertSign
Crl_Sign
]
},
{
ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: C8 59 77 6A A8 EB E7 88 9B 7A 73 58 AD FB FC FB .Ywj.....zsX....
0010: 45 0C 25 BF E.%.
]
]
}
]}
]
)
com.tencent.kona.ssl|FINE|11|nioEventLoopGroup-3-2|2023-11-21 15:50:03.293 CST|X509TrustManagerImpl.java:302|Found trusted certificate (
"certificate" : {
"version" : "v3",
"serial number" : "009F0FBEDAF6C9ABA3",
"signature algorithm": "SM3withSM2",
"issuer" : "CN=root, O=ZF, L=JiNan, ST=Shandong, C=CN",
"not before" : "2023-11-21 10:00:28.000 CST",
"not after" : "2033-11-18 10:00:28.000 CST",
"subject" : "CN=root, O=ZF, L=JiNan, ST=Shandong, C=CN",
"subject public key" : "EC",
"extensions" : [
{
ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: C8 59 77 6A A8 EB E7 88 9B 7A 73 58 AD FB FC FB .Ywj.....zsX....
0010: 45 0C 25 BF E.%.
]
]
},
{
ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen: no limit
]
},
{
ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
Key_CertSign
Crl_Sign
]
},
{
ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: C8 59 77 6A A8 EB E7 88 9B 7A 73 58 AD FB FC FB .Ywj.....zsX....
0010: 45 0C 25 BF E.%.
]
]
}
]}
)
com.tencent.kona.ssl|FINE|11|nioEventLoopGroup-3-2|2023-11-21 15:50:03.294 CST|SSLEngineInputRecord.java:177|Raw read (
0000: 16 01 01 00 A1 10 00 00 9D 00 9B 30 81 98 02 20 ...........0...
0010: 4A C8 9C 0D AA 1D 5D 5D 32 8A 0E 10 EF 00 14 17 J.....]]2.......
0020: 72 17 F0 18 79 44 C2 15 3E 62 70 CE AA 5B 0F EE r...yD..>bp..[..
0030: 02 20 68 23 EB FC E6 A3 AB A5 AC F0 F7 83 A5 C7 . h#............
0040: 92 B4 46 E9 A6 4D 04 BF E4 16 67 4D 56 10 9B FE ..F..M....gMV...
0050: 30 61 04 20 68 E0 D8 CC 65 BC 8A 7C A2 DE 73 6A 0a. h...e.....sj
0060: 7D 12 B6 23 00 9B 0A EC 69 CD D9 F2 28 01 B6 9A ...#....i...(...
0070: 80 22 DB 81 04 30 82 61 37 6C 67 6E 15 D2 A8 0B ."...0.a7lgn....
0080: 1D AC 96 CF 4A B8 14 C4 C3 E6 34 30 BF 7E F9 6B ....J.....40...k
0090: 54 83 41 6B ED 5F 06 7B 18 AA A4 DC 97 32 DE E9 T.Ak._.......2..
00A0: 47 75 F5 72 50 CB Gu.rP.
)
com.tencent.kona.ssl|FINE|11|nioEventLoopGroup-3-2|2023-11-21 15:50:03.294 CST|SSLEngineInputRecord.java:214|READ: TLCPv1.1 handshake, length = 161
com.tencent.kona.ssl|FINE|11|nioEventLoopGroup-3-2|2023-11-21 15:50:03.295 CST|SM2ClientKeyExchange.java:248|Consuming SM2 ClientKeyExchange handshake message (
"SM2 ClientKeyExchange": {
"client_version": TLSv1.2
"encncrypted": {
0000: 30 81 98 02 20 4A C8 9C 0D AA 1D 5D 5D 32 8A 0E 0... J.....]]2..
0010: 10 EF 00 14 17 72 17 F0 18 79 44 C2 15 3E 62 70 .....r...yD..>bp
0020: CE AA 5B 0F EE 02 20 68 23 EB FC E6 A3 AB A5 AC ..[... h#.......
0030: F0 F7 83 A5 C7 92 B4 46 E9 A6 4D 04 BF E4 16 67 .......F..M....g
0040: 4D 56 10 9B FE 30 61 04 20 68 E0 D8 CC 65 BC 8A MV...0a. h...e..
0050: 7C A2 DE 73 6A 7D 12 B6 23 00 9B 0A EC 69 CD D9 ...sj...#....i..
0060: F2 28 01 B6 9A 80 22 DB 81 04 30 82 61 37 6C 67 .(...."...0.a7lg
0070: 6E 15 D2 A8 0B 1D AC 96 CF 4A B8 14 C4 C3 E6 34 n........J.....4
0080: 30 BF 7E F9 6B 54 83 41 6B ED 5F 06 7B 18 AA A4 0...kT.Ak._.....
0090: DC 97 32 DE E9 47 75 F5 72 50 CB ..2..Gu.rP.
}
}
)
com.tencent.kona.ssl|FINE|11|nioEventLoopGroup-3-2|2023-11-21 15:50:03.300 CST|SSLEngineInputRecord.java:177|Raw read (
0000: 16 01 01 00 4D 0F 00 00 49 00 47 30 45 02 20 40 ....M...I.G0E. @
0010: F4 53 80 4F 40 72 7E A0 D4 50 07 72 22 08 94 7E .S.O@r...P.r"...
0020: 48 83 D6 04 17 DA 53 DF 19 41 CC B3 03 82 72 02 H.....S..A....r.
0030: 21 00 C9 F5 8A 36 AB 0F 7E 7B 2F B6 42 BA 51 ED !....6..../.B.Q.
0040: 01 55 A5 D9 3B E1 CF 4A 34 67 DD 90 F3 F5 2B F3 .U..;..J4g....+.
0050: 1B F1 ..
)
com.tencent.kona.ssl|FINE|11|nioEventLoopGroup-3-2|2023-11-21 15:50:03.300 CST|SSLEngineInputRecord.java:214|READ: TLCPv1.1 handshake, length = 77
com.tencent.kona.ssl|SEVERE|11|nioEventLoopGroup-3-2|2023-11-21 15:50:03.304 CST|TransportContext.java:370|Fatal (HANDSHAKE_FAILURE): Invalid CertificateVerify signature (
"throwable" : {
javax.net.ssl.SSLHandshakeException: Invalid CertificateVerify signature
at com.tencent.kona.sun.security.ssl.Alert.createSSLException(Alert.java:131)
at com.tencent.kona.sun.security.ssl.Alert.createSSLException(Alert.java:117)
at com.tencent.kona.sun.security.ssl.TransportContext.fatal(TransportContext.java:365)
at com.tencent.kona.sun.security.ssl.TransportContext.fatal(TransportContext.java:321)
at com.tencent.kona.sun.security.ssl.TransportContext.fatal(TransportContext.java:312)
at com.tencent.kona.sun.security.ssl.TLCPCertificateVerify$TLCPCertificateVerifyMessage.<init>(TLCPCertificateVerify.java:163)
at com.tencent.kona.sun.security.ssl.TLCPCertificateVerify$TLCPCertificateVerifyConsumer.consume(TLCPCertificateVerify.java:292)
at com.tencent.kona.sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:464)
at com.tencent.kona.sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:502)
at com.tencent.kona.sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277)
at com.tencent.kona.sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1263)
at java.security.AccessController.doPrivileged(Native Method)
at com.tencent.kona.sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1208)
at io.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1548)
at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1394)
at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1235)
at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1284)
at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:510)
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:449)
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:279)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357)
at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919)
at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:166)
at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:722)
at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:658)
at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:584)
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:496)
at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:986)
at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
at java.lang.Thread.run(Thread.java:750)}
)
com.tencent.kona.ssl|ALL|11|nioEventLoopGroup-3-2|2023-11-21 15:50:03.305 CST|SSLSessionImpl.java:1268|Invalidated session: Session(1700553003254|SSL_NULL_WITH_NULL_NULL)
com.tencent.kona.ssl|ALL|11|nioEventLoopGroup-3-2|2023-11-21 15:50:03.305 CST|SSLSessionImpl.java:1268|Invalidated session: Session(1700553003265|TLCP_ECC_SM4_CBC_SM3)
com.tencent.kona.ssl|WARNING|11|nioEventLoopGroup-3-2|2023-11-21 15:50:03.305 CST|SSLEngineOutputRecord.java:182|outbound has closed, ignore outbound application data
com.tencent.kona.ssl|FINE|11|nioEventLoopGroup-3-2|2023-11-21 15:50:03.305 CST|SSLEngineOutputRecord.java:530|WRITE: TLCPv1.1 alert, length = 2
com.tencent.kona.ssl|FINE|11|nioEventLoopGroup-3-2|2023-11-21 15:50:03.305 CST|SSLEngineOutputRecord.java:551|Raw write (
0000: 15 01 01 00 02 02 28 ......(
)附上我现在用的证书和私钥 server_en_pkcs8.zip
zhangshdn
commented
11 months ago 我服务端开启双认证的代码如下
sslEngine = TLCPWithNettyDemo.createContext().createSSLEngine();
sslEngine.setUseClientMode(false);
sslEngine.setWantClientAuth(true);
sslEngine.setNeedClientAuth(true);
ctx.pipeline().addLast(new SslHandler(sslEngine));我把上面的true改成false,去掉双认证就没问题,增加上后,就报上面的错误。麻烦老师给指点下
johnshajiang
commented
11 months ago 这需要看看为什么服务端无法验证客户端的CertificateVerify消息中的签名。
这个签名应该是用认证证书关联的密钥对去生成/验证。
建议用Tongsuo的s_client去测试一下。
zhangshdn
commented
11 months ago 这需要看看为什么服务端无法验证客户端的
CertificateVerify消息中的签名。 这个签名应该是用认证证书关联的密钥对去生成/验证。建议用Tongsuo的s_client去测试一下。
我现在也同步进行着Tongsuo。 我的思路是这样的:
johnshajiang
commented
11 months ago 我客户端签名和加密的crt证书,是通过CA的私钥和证书签的。按道理服务端有CA的trustStore,应该能解析客户端的证书才对,不知道哪个地方出了问题
目前的错误,应该不在于服务端验证客户端的证书。而是客户端传递的CertificateVerify消息中的一个”签名“。
这个签名是用客户端的认证证书对应的私钥生成的,然后服务端收到它之后,会使用客户端认证证书中的公钥去进行验证。
现在,就是这个验证操作失败了。
失败的原因可能是,使用的公钥与私钥不匹配;或者服务端与客户端使用的握手消息不同,即两边使用的待签名数据不同。
zhangshdn
commented
11 months ago Tongsuo的s_client没找到双证书的命令呢, 当前通过Tongsuo已经把服务端,客户端的签出证书了,但是不知道如何验证客户端的双向认证,老师给指导下吧 我当前程序已经使用证书监听,单向认证也没问题,就是不知道通过s_client如何验证双向认证
johnshajiang
commented
11 months ago 下面是使用s_client进行TLCP通信的示例, https://github.com/Tencent/TencentKonaSMSuite/blob/master/kona-ssl/src/test/java/com/tencent/kona/ssl/tlcp/JdkServerBabaSSLClientTest.java
看看如何在s_client中配置双证书, https://github.com/Tencent/TencentKonaSMSuite/blob/master/kona-ssl/src/test/java/com/tencent/kona/ssl/interop/BabaSSLClient.java
"-sign_cert " + signEeCert.certPath(),
"-sign_key " + signEeCert.keyPath(),
"-enc_cert " + encEeCert.certPath(),
"-enc_key " + encEeCert.keyPath(),老师,以上的问题已经解决,现在铜锁的双向认证也完成了,就是当前gmssl的双向认证还有问题,这个您看有什么思路吗,以下是报的错误
com.tencent.kona.ssl|FINE|01|nioEventLoopGroup-3-3|2023-11-22 08:01:16.488 CST|SSLEngineInputRecord.java:214|READ: TLCPv1.1 handshake, length = 77
com.tencent.kona.ssl|SEVERE|01|nioEventLoopGroup-3-3|2023-11-22 08:01:16.492 CST|TransportContext.java:370|Fatal (HANDSHAKE_FAILURE): Invalid CertificateVerify signature (
"throwable" : {
javax.net.ssl.SSLHandshakeException: Invalid CertificateVerify signature
at com.tencent.kona.sun.security.ssl.Alert.createSSLException(Alert.java:131)
at com.tencent.kona.sun.security.ssl.Alert.createSSLException(Alert.java:117)
at com.tencent.kona.sun.security.ssl.TransportContext.fatal(TransportContext.java:365)
at com.tencent.kona.sun.security.ssl.TransportContext.fatal(TransportContext.java:321)
at com.tencent.kona.sun.security.ssl.TransportContext.fatal(TransportContext.java:312)
at com.tencent.kona.sun.security.ssl.TLCPCertificateVerify$TLCPCertificateVerifyMessage.<init>(TLCPCertificateVerify.java:163)
at com.tencent.kona.sun.security.ssl.TLCPCertificateVerify$TLCPCertificateVerifyConsumer.consume(TLCPCertificateVerify.java:292)
at com.tencent.kona.sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:464)
at com.tencent.kona.sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:502)
at com.tencent.kona.sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277)
at com.tencent.kona.sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1263)
at java.security.AccessController.doPrivileged(Native Method)
at com.tencent.kona.sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1208)
at io.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1548)
at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1394)
at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1235)
at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1284)
at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:510)
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:449)
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:279)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357)
at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919)
at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:166)
at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:722)
at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:658)
at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:584)
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:496)
at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:986)
at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
at java.lang.Thread.run(Thread.java:750)}
)对于服务端来说,单向认证没问题,双向认证就报上面的错。而gmssl的客户端报如下错误
gmssl s_client -connect 192.168.56.1:15003 -key tlcp-client-sign.key -dkey tlcp-client-enc.key -cert tlcp-client-sign.crt -dcert tlcp-client-enc.crt -CAfile cas.pem
报错如下
depth=2 CN = tlcp-ca
verify return:1
depth=1 CN = tlcp-intca
verify return:1
depth=0 CN = tlcp-server-sign
verify return:1
Z=5252A2ABFD16839A02442F92ABC2C6927624C363E7BAB25CA8904CBCC62A5053
C=0001943082019030820137A003020102021418890B033EC3E2DB6A727F8EFCDABA7BBC5497C7300A06082A811CCF5501837530153113301106035504030C0A746C63702D696E746361301E170D3233313132313039303530385A170D3333313131383039303530385A301A3118301606035504030C0F746C63702D7365727665722D656E633059301306072A8648CE3D020106082A811CCF5501822D034200048015E842308D8C94679BCD470DFD8056C754D577D5D841A3ABA8961A4E272F20575E088D74212B5F9F4A4A0AA80905B6552BC41BBA41CEA661158F82289A05B6A360305E301D0603551D0E04160414E0619CF077B93EAA2834B7692D50338638FBEB49301F0603551D2304183016801482F99607D3D76271A4172DD7BBCFC78B46E4C54B300C0603551D130101FF04023000300E0603551D0F0101FF040403020338300A06082A811CCF55018375034700304402205F2E4FB4CF2F38C544134452A9BD1FB221855CEE20E8ADBD3BF14D00FA2E9C370220364E26AC1F516471D66329EEFA6A0CEF26C59FD222987A701E73A9A57A1B5FBB
ssl_get_algorithm2=2ac4e8a008x
140416087914304:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:ssl/record/rec_layer_s3.c:1385:SSL alert number 40
Certificate chain
0 s:/CN=tlcp-server-sign
i:/CN=tlcp-intca
1 s:/CN=tlcp-server-enc
i:/CN=tlcp-intca
Server certificate
--BEGIN CERTIFICATE--
MIIBkzCCATigAwIBAgIUGIkLAz7D4ttqcn+O/Nq6e7xUl8YwCgYIKoEcz1UBg3Uw
FTETMBEGA1UEAwwKdGxjcC1pbnRjYTAeFw0yMzExMjEwOTA0MTRaFw0zMzExMTgw
OTA0MTRaMBsxGTAXBgNVBAMMEHRsY3Atc2VydmVyLXNpZ24wWTATBgcqhkjOPQIB
BggqgRzPVQGCLQNCAATFXb4kfSCQa3+b1gRN0M7abGu1jF4D0DEMAc2zvmoxQgiF
4HJD+uWCURKFCVSqigj1nC5b2cYIFITQWcUP9spvo2AwXjAdBgNVHQ4EFgQUB+D1
NXhTr7dwhiAR5XwMTaqFy2wwHwYDVR0jBBgwFoAUgvmWB9PXYnGkFy3Xu8/Hi0bk
xUswDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCB4AwCgYIKoEcz1UBg3UDSQAw
RgIhAMRY3w7pvjMgFccGllqBgvQPTADHsEzv35IABCNR9KUNAiEAsIEE+oMazxFz
h6b5YxGwr/bF+z3noPCFzAJMH8o3aMs=
--END CERTIFICATE--
subject=/CN=tlcp-server-sign
issuer=/CN=tlcp-intca
Acceptable client certificate CA names
/CN=tlcp-intca
Client Certificate Types: ECDSA sign, RSA sign
SSL handshake has read 1031 bytes and written 2165 bytes
Verification: OK
New, GMTLSv1.1, Cipher is SM2-WITH-SMS4-SM3
Server public key is 256 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : GMTLSv1.1
Cipher : SM2-WITH-SMS4-SM3
Session-ID: 9FA607461CDB1DAF9B02A0B252D8A0FA8EA9026AE5BBF2BA6E25124779ABEDAD
Session-ID-ctx:
Master-Key: D88E3474FA30F0E7F7408A84F386B72DD7AFEEEC8A8CB9E6E4B61DD26C10DA64EFB863CFA968E557DB4368B0A1ACA827
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1700612454
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no老师,您看有时间给指导下吗,gmssl自身的双向认证能通,
gmssl s_server -verify 1 -accept 15003 -key tlcp-server-sign.key -cert tlcp-server-sign.crt -dkey tlcp-server-enc.key -dcert tlcp-server-enc.crt -CAfile cas.pem
gmssl s_client -connect 127.0.0.1:15003 -key tlcp-client-sign.key -dkey tlcp-client-enc.key -cert tlcp-client-sign.crt -dcert tlcp-client-enc.crt -CAfile cas.pem -state但是通过gmssl s_client连接程序的服务器就报上面的错,通过铜锁ssl连接是没问题的
openssl s_client -connect 192.168.56.1:15003 -sign_key tlcp-client-sign.key -sign_cert tlcp-client-sign.crt -enc_cert tlcp-client-enc.crt -enc_key tlcp-client-enc.key -CAfile cas.pem -enable_ntls -ntls万分感谢
johnshajiang
commented
11 months ago 对于服务端来说,单向认证没问题,双向认证就报上面的错。而gmssl的客户端报如下错误
首先,它报了错误
140416087914304:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:ssl/record/rec_layer_s3.c:1385:SSL alert number 40但它最终似乎还是显示握手成功了(?)
New, GMTLSv1.1, Cipher is SM2-WITH-SMS4-SM3
Server public key is 256 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
...而且从日志看,也没有发现客户端发送证书过去。
如果只是gmssl有问题的话,是不是也可以去问问它的开发者呢?
johnshajiang
commented
11 months ago 你是否试过将gmssl作为服务端,而Java程序作为客户端? 这种场景下,是否也会报错?
zhangshdn
commented
11 months ago 你是否试过将gmssl作为服务端,而Java程序作为客户端? 这种场景下,是否也会报错?
我尝试过这样,也是报错,日志如下
com.tencent.kona.ssl|FINE|10|main|2023-11-22 10:26:17.830 CST|X509TrustManagerImpl.java:83|adding as trusted certificates (
"certificate" : {
"version" : "v3",
"serial number" : "4E21677D35B41F8D510F83AAE50DC392324E036D",
"signature algorithm": "SM3withSM2",
"issuer" : "CN=tlcp-ca",
"not before" : "2023-11-21 17:01:01.000 CST",
"not after" : "2033-11-18 17:01:01.000 CST",
"subject" : "CN=tlcp-intca",
"subject public key" : "EC",
"extensions" : [
{
ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: F1 E9 02 D6 17 EA 59 01 17 96 17 85 1A 3E 6C 27 ......Y......>l'
0010: 26 8E DC B7 &...
]
]
},
{
ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen: no limit
]
},
{
ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_CertSign
Crl_Sign
]
},
{
ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 82 F9 96 07 D3 D7 62 71 A4 17 2D D7 BB CF C7 8B ......bq..-.....
0010: 46 E4 C5 4B F..K
]
]
}
]}
)
com.tencent.kona.ssl|FINE|10|main|2023-11-22 10:26:17.978 CST|SSLContextImpl.java:421|System property com.tencent.kona.ssl.client.cipherSuites is set to 'null'
com.tencent.kona.ssl|FINE|10|main|2023-11-22 10:26:17.979 CST|SSLContextImpl.java:421|System property com.tencent.kona.ssl.server.cipherSuites is set to 'null'
com.tencent.kona.ssl|FINE|10|main|2023-11-22 10:26:18.098 CST|SSLCipher.java:524|Transformation ChaCha20-Poly1305 is not available.
com.tencent.kona.ssl|FINE|10|main|2023-11-22 10:26:18.099 CST|SSLCipher.java:475|jdk.tls.keyLimits: entry = AES/GCM/NoPadding KeyUpdate 2^37. AES/GCM/NOPADDING:KEYUPDATE = 137438953472
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.115 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLCP_ECC_SM4_GCM_SM3
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.115 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLCP_ECC_SM4_CBC_SM3
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.115 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLCP_ECDHE_SM4_GCM_SM3
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.115 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLCP_ECDHE_SM4_CBC_SM3
com.tencent.kona.ssl|FINE|10|main|2023-11-22 10:26:18.128 CST|SSLContextImpl.java:395|Ignore disabled cipher suite: TLS_DH_anon_WITH_AES_256_GCM_SHA384
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.129 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_DH_anon_WITH_AES_256_GCM_SHA384
com.tencent.kona.ssl|FINE|10|main|2023-11-22 10:26:18.129 CST|SSLContextImpl.java:395|Ignore disabled cipher suite: TLS_DH_anon_WITH_AES_128_GCM_SHA256
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.129 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_DH_anon_WITH_AES_128_GCM_SHA256
com.tencent.kona.ssl|FINE|10|main|2023-11-22 10:26:18.130 CST|SSLContextImpl.java:395|Ignore disabled cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA256
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.130 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA256
com.tencent.kona.ssl|FINE|10|main|2023-11-22 10:26:18.130 CST|SSLContextImpl.java:395|Ignore disabled cipher suite: TLS_ECDH_anon_WITH_AES_256_CBC_SHA
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.130 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDH_anon_WITH_AES_256_CBC_SHA
com.tencent.kona.ssl|FINE|10|main|2023-11-22 10:26:18.130 CST|SSLContextImpl.java:395|Ignore disabled cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.131 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA
com.tencent.kona.ssl|FINE|10|main|2023-11-22 10:26:18.131 CST|SSLContextImpl.java:395|Ignore disabled cipher suite: TLS_DH_anon_WITH_AES_128_CBC_SHA256
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.131 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_DH_anon_WITH_AES_128_CBC_SHA256
com.tencent.kona.ssl|FINE|10|main|2023-11-22 10:26:18.131 CST|SSLContextImpl.java:395|Ignore disabled cipher suite: TLS_ECDH_anon_WITH_AES_128_CBC_SHA
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.131 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDH_anon_WITH_AES_128_CBC_SHA
com.tencent.kona.ssl|FINE|10|main|2023-11-22 10:26:18.132 CST|SSLContextImpl.java:395|Ignore disabled cipher suite: TLS_DH_anon_WITH_AES_128_CBC_SHA
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.132 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_DH_anon_WITH_AES_128_CBC_SHA
com.tencent.kona.ssl|FINE|10|main|2023-11-22 10:26:18.132 CST|SSLContextImpl.java:395|Ignore disabled cipher suite: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.132 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
com.tencent.kona.ssl|FINE|10|main|2023-11-22 10:26:18.132 CST|SSLContextImpl.java:395|Ignore disabled cipher suite: TLS_ECDHE_RSA_WITH_RC4_128_SHA
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.133 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_RC4_128_SHA
com.tencent.kona.ssl|FINE|10|main|2023-11-22 10:26:18.133 CST|SSLContextImpl.java:395|Ignore disabled cipher suite: SSL_RSA_WITH_RC4_128_SHA
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.133 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: SSL_RSA_WITH_RC4_128_SHA
com.tencent.kona.ssl|FINE|10|main|2023-11-22 10:26:18.133 CST|SSLContextImpl.java:395|Ignore disabled cipher suite: TLS_ECDH_ECDSA_WITH_RC4_128_SHA
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.133 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_RC4_128_SHA
com.tencent.kona.ssl|FINE|10|main|2023-11-22 10:26:18.134 CST|SSLContextImpl.java:395|Ignore disabled cipher suite: TLS_ECDH_RSA_WITH_RC4_128_SHA
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.134 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_RC4_128_SHA
com.tencent.kona.ssl|FINE|10|main|2023-11-22 10:26:18.134 CST|SSLContextImpl.java:395|Ignore disabled cipher suite: SSL_RSA_WITH_RC4_128_MD5
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.134 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: SSL_RSA_WITH_RC4_128_MD5
com.tencent.kona.ssl|FINE|10|main|2023-11-22 10:26:18.135 CST|SSLContextImpl.java:395|Ignore disabled cipher suite: TLS_ECDH_anon_WITH_RC4_128_SHA
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.135 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDH_anon_WITH_RC4_128_SHA
com.tencent.kona.ssl|FINE|10|main|2023-11-22 10:26:18.135 CST|SSLContextImpl.java:395|Ignore disabled cipher suite: SSL_DH_anon_WITH_RC4_128_MD5
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.135 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: SSL_DH_anon_WITH_RC4_128_MD5
com.tencent.kona.ssl|FINE|10|main|2023-11-22 10:26:18.135 CST|SSLContextImpl.java:395|Ignore disabled cipher suite: SSL_RSA_WITH_DES_CBC_SHA
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.135 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: SSL_RSA_WITH_DES_CBC_SHA
com.tencent.kona.ssl|FINE|10|main|2023-11-22 10:26:18.137 CST|SSLContextImpl.java:395|Ignore disabled cipher suite: SSL_DHE_RSA_WITH_DES_CBC_SHA
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.137 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: SSL_DHE_RSA_WITH_DES_CBC_SHA
com.tencent.kona.ssl|FINE|10|main|2023-11-22 10:26:18.138 CST|SSLContextImpl.java:395|Ignore disabled cipher suite: SSL_DHE_DSS_WITH_DES_CBC_SHA
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.138 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: SSL_DHE_DSS_WITH_DES_CBC_SHA
com.tencent.kona.ssl|FINE|10|main|2023-11-22 10:26:18.138 CST|SSLContextImpl.java:395|Ignore disabled cipher suite: SSL_DH_anon_WITH_DES_CBC_SHA
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.138 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: SSL_DH_anon_WITH_DES_CBC_SHA
com.tencent.kona.ssl|FINE|10|main|2023-11-22 10:26:18.139 CST|SSLContextImpl.java:395|Ignore disabled cipher suite: SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.139 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
com.tencent.kona.ssl|FINE|10|main|2023-11-22 10:26:18.139 CST|SSLContextImpl.java:395|Ignore disabled cipher suite: SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.139 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
com.tencent.kona.ssl|FINE|10|main|2023-11-22 10:26:18.140 CST|SSLContextImpl.java:395|Ignore disabled cipher suite: SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.140 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
com.tencent.kona.ssl|FINE|10|main|2023-11-22 10:26:18.140 CST|SSLContextImpl.java:395|Ignore disabled cipher suite: SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.140 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA
com.tencent.kona.ssl|FINE|10|main|2023-11-22 10:26:18.140 CST|SSLContextImpl.java:395|Ignore disabled cipher suite: SSL_RSA_EXPORT_WITH_RC4_40_MD5
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.141 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: SSL_RSA_EXPORT_WITH_RC4_40_MD5
com.tencent.kona.ssl|FINE|10|main|2023-11-22 10:26:18.141 CST|SSLContextImpl.java:395|Ignore disabled cipher suite: SSL_DH_anon_EXPORT_WITH_RC4_40_MD5
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.141 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: SSL_DH_anon_EXPORT_WITH_RC4_40_MD5
com.tencent.kona.ssl|FINE|10|main|2023-11-22 10:26:18.142 CST|SSLContextImpl.java:395|Ignore disabled cipher suite: TLS_RSA_WITH_NULL_SHA256
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.142 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_RSA_WITH_NULL_SHA256
com.tencent.kona.ssl|FINE|10|main|2023-11-22 10:26:18.143 CST|SSLContextImpl.java:395|Ignore disabled cipher suite: TLS_ECDHE_ECDSA_WITH_NULL_SHA
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.144 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_NULL_SHA
com.tencent.kona.ssl|FINE|10|main|2023-11-22 10:26:18.145 CST|SSLContextImpl.java:395|Ignore disabled cipher suite: TLS_ECDHE_RSA_WITH_NULL_SHA
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.145 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_NULL_SHA
com.tencent.kona.ssl|FINE|10|main|2023-11-22 10:26:18.146 CST|SSLContextImpl.java:395|Ignore disabled cipher suite: SSL_RSA_WITH_NULL_SHA
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.146 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: SSL_RSA_WITH_NULL_SHA
com.tencent.kona.ssl|FINE|10|main|2023-11-22 10:26:18.146 CST|SSLContextImpl.java:395|Ignore disabled cipher suite: TLS_ECDH_ECDSA_WITH_NULL_SHA
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.146 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_NULL_SHA
com.tencent.kona.ssl|FINE|10|main|2023-11-22 10:26:18.147 CST|SSLContextImpl.java:395|Ignore disabled cipher suite: TLS_ECDH_RSA_WITH_NULL_SHA
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.147 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_NULL_SHA
com.tencent.kona.ssl|FINE|10|main|2023-11-22 10:26:18.147 CST|SSLContextImpl.java:395|Ignore disabled cipher suite: TLS_ECDH_anon_WITH_NULL_SHA
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.147 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDH_anon_WITH_NULL_SHA
com.tencent.kona.ssl|FINE|10|main|2023-11-22 10:26:18.147 CST|SSLContextImpl.java:395|Ignore disabled cipher suite: SSL_RSA_WITH_NULL_MD5
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.147 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: SSL_RSA_WITH_NULL_MD5
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.147 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLCP_ECC_SM4_GCM_SM3
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.147 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLCP_ECC_SM4_CBC_SM3
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.148 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLCP_ECDHE_SM4_GCM_SM3
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.148 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLCP_ECDHE_SM4_CBC_SM3
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.148 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_SM4_GCM_SM3
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.148 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_AES_256_GCM_SHA384
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.149 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_AES_128_GCM_SHA256
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.149 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.149 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.149 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.149 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.149 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.149 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.150 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.150 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.150 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.150 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.150 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.150 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.150 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.150 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.150 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.151 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.151 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.151 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.151 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.152 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.152 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.153 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.153 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.153 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.154 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.154 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.154 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.154 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.155 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.155 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.155 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.155 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.155 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.155 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.155 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.155 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.155 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.156 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_RSA_WITH_AES_128_GCM_SHA256
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.156 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.156 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.156 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.156 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.156 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.157 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_SM4_GCM_SM3
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.157 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_AES_256_GCM_SHA384
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.157 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_AES_128_GCM_SHA256
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.157 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.158 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.158 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.158 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.158 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.158 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.158 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.158 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.158 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.158 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.158 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.159 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.159 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.159 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.159 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.159 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.159 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.159 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.160 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.160 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.160 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.160 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.161 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.161 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.161 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.162 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.162 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.162 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.162 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.162 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.162 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.163 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.163 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.163 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.163 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.163 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.163 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.163 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_RSA_WITH_AES_128_GCM_SHA256
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.163 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.164 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.164 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.164 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.164 CST|SSLContextImpl.java:404|Ignore unsupported cipher suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.168 CST|SSLContextImpl.java:115|trigger seeding of SecureRandom
com.tencent.kona.ssl|ALL|10|main|2023-11-22 10:26:18.168 CST|SSLContextImpl.java:119|done seeding of SecureRandom
com.tencent.kona.ssl|FINE|10|main|2023-11-22 10:26:18.292 CST|SSLConfiguration.java:486|System property com.tencent.kona.ssl.server.signatureSchemes is set to 'null'
com.tencent.kona.ssl|WARNING|10|main|2023-11-22 10:26:18.307 CST|SignatureScheme.java:308|Signature algorithm, Ed25519, is not supported by the underlying providers
com.tencent.kona.ssl|WARNING|10|main|2023-11-22 10:26:18.308 CST|SignatureScheme.java:308|Signature algorithm, Ed448, is not supported by the underlying providers
com.tencent.kona.ssl|FINE|C0|nioEventLoopGroup-2-1|2023-11-22 10:26:19.755 CST|SSLConfiguration.java:486|System property com.tencent.kona.ssl.client.signatureSchemes is set to 'null'
com.tencent.kona.ssl|FINE|C0|nioEventLoopGroup-2-1|2023-11-22 10:26:19.868 CST|SSLExtension.java:824|System property com.tencent.kona.ssl.client.disableExtensions is set to 'null'
com.tencent.kona.ssl|WARNING|C0|nioEventLoopGroup-2-1|2023-11-22 10:26:19.868 CST|ServerNameExtension.java:265|Unable to indicate server name
com.tencent.kona.ssl|FINE|C0|nioEventLoopGroup-2-1|2023-11-22 10:26:19.868 CST|SSLExtensions.java:272|Ignore, context unavailable extension: server_name
com.tencent.kona.ssl|FINE|C0|nioEventLoopGroup-2-1|2023-11-22 10:26:19.869 CST|SessionTicketExtension.java:350|Stateless resumption supported
com.tencent.kona.ssl|FINE|C0|nioEventLoopGroup-2-1|2023-11-22 10:26:19.871 CST|ClientHello.java:643|Produced ClientHello handshake message (
"ClientHello": {
"client version" : "TLCPv1.1",
"random" : "4EF1B3174740578C361831D4ACBE643646D87A1603B1D74B96B335C0B3132ADD",
"session id" : "",
"cipher suites" : "[TLCP_ECC_SM4_CBC_SM3(0xE013)]",
"compression methods" : "00",
"extensions" : [
"application_layer_protocol_negotiation (16)": {
[h2, HTTP/1.1]
},
"session_ticket (35)": {
<empty>
}
]
}
)
com.tencent.kona.ssl|FINE|C0|nioEventLoopGroup-2-1|2023-11-22 10:26:19.898 CST|SSLEngineOutputRecord.java:530|WRITE: TLCPv1.1 handshake, length = 69
com.tencent.kona.ssl|FINE|C0|nioEventLoopGroup-2-1|2023-11-22 10:26:19.899 CST|SSLEngineOutputRecord.java:551|Raw write (
0000: 16 01 01 00 45 01 00 00 41 01 01 4E F1 B3 17 47 ....E...A..N...G
0010: 40 57 8C 36 18 31 D4 AC BE 64 36 46 D8 7A 16 03 @W.6.1...d6F.z..
0020: B1 D7 4B 96 B3 35 C0 B3 13 2A DD 00 00 02 E0 13 ..K..5...*......
0030: 01 00 00 16 00 10 00 0E 00 0C 02 68 32 08 48 54 ...........h2.HT
0040: 54 50 2F 31 2E 31 00 23 00 00 TP/1.1.#..
)
com.tencent.kona.ssl|FINE|C0|nioEventLoopGroup-2-1|2023-11-22 10:26:19.915 CST|SSLEngineInputRecord.java:177|Raw read (
0000: 16 01 01 00 2A 02 00 00 26 01 01 F2 9A 80 54 B1 ....*...&.....T.
0010: 15 9D EF AA 61 E0 B2 C7 62 C9 A4 82 62 B6 69 E2 ....a...b...b.i.
0020: 49 D6 E2 20 27 1D EF 04 97 D5 72 00 E0 13 00 I.. '.....r....
)
com.tencent.kona.ssl|FINE|C0|nioEventLoopGroup-2-1|2023-11-22 10:26:19.915 CST|SSLEngineInputRecord.java:214|READ: TLCPv1.1 handshake, length = 42
com.tencent.kona.ssl|FINE|C0|nioEventLoopGroup-2-1|2023-11-22 10:26:19.918 CST|ServerHello.java:890|Consuming ServerHello handshake message (
"ServerHello": {
"server version" : "TLCPv1.1",
"random" : "F29A8054B1159DEFAA61E0B2C762C9A48262B669E249D6E220271DEF0497D572",
"session id" : "",
"cipher suite" : "TLCP_ECC_SM4_CBC_SM3(0xE013)",
"compression methods" : "00",
"extensions" : [
<no extension>
]
}
)
com.tencent.kona.ssl|FINE|C0|nioEventLoopGroup-2-1|2023-11-22 10:26:19.918 CST|SSLExtensions.java:185|Ignore unavailable extension: supported_versions
com.tencent.kona.ssl|FINE|C0|nioEventLoopGroup-2-1|2023-11-22 10:26:19.918 CST|ServerHello.java:986|Negotiated protocol version: TLCPv1.1
gog
com.tencent.kona.ssl|FINE|C0|nioEventLoopGroup-2-1|2023-11-22 10:26:19.920 CST|SSLExtensions.java:175|Ignore unsupported extension: renegotiation_info
com.tencent.kona.ssl|FINE|C0|nioEventLoopGroup-2-1|2023-11-22 10:26:19.921 CST|SSLExtensions.java:185|Ignore unavailable extension: server_name
com.tencent.kona.ssl|FINE|C0|nioEventLoopGroup-2-1|2023-11-22 10:26:19.921 CST|SSLExtensions.java:185|Ignore unavailable extension: session_ticket
com.tencent.kona.ssl|ALL|C0|nioEventLoopGroup-2-1|2023-11-22 10:26:19.921 CST|SSLSessionImpl.java:220|Session initialized: Session(1700619979921|TLCP_ECC_SM4_CBC_SM3)
com.tencent.kona.ssl|FINE|C0|nioEventLoopGroup-2-1|2023-11-22 10:26:19.921 CST|TLCPServerHello.java:373|Locally assigned Session Id: 36D94B5743FCD75677D5165F05D4AE37F277798E543AD40E76D4FD0672668E9A
com.tencent.kona.ssl|FINE|C0|nioEventLoopGroup-2-1|2023-11-22 10:26:19.922 CST|SSLExtensions.java:219|Ignore unavailable extension: server_name
com.tencent.kona.ssl|FINE|C0|nioEventLoopGroup-2-1|2023-11-22 10:26:19.922 CST|SSLExtensions.java:219|Ignore unavailable extension: application_layer_protocol_negotiation
com.tencent.kona.ssl|FINE|C0|nioEventLoopGroup-2-1|2023-11-22 10:26:19.922 CST|SSLExtensions.java:219|Ignore unavailable extension: session_ticket
com.tencent.kona.ssl|FINE|C0|nioEventLoopGroup-2-1|2023-11-22 10:26:19.940 CST|SSLEngineInputRecord.java:177|Raw read (
0000: 16 01 01 06 5A 0B 00 06 56 00 06 53 00 01 97 30 ....Z...V..S...0
0010: 82 01 93 30 82 01 38 A0 03 02 01 02 02 14 18 89 ...0..8.........
0020: 0B 03 3E C3 E2 DB 6A 72 7F 8E FC DA BA 7B BC 54 ..>...jr.......T
0030: 97 C6 30 0A 06 08 2A 81 1C CF 55 01 83 75 30 15 ..0...*...U..u0.
0040: 31 13 30 11 06 03 55 04 03 0C 0A 74 6C 63 70 2D 1.0...U....tlcp-
0050: 69 6E 74 63 61 30 1E 17 0D 32 33 31 31 32 31 30 intca0...2311210
0060: 39 30 34 31 34 5A 17 0D 33 33 31 31 31 38 30 39 90414Z..33111809
0070: 30 34 31 34 5A 30 1B 31 19 30 17 06 03 55 04 03 0414Z0.1.0...U..
0080: 0C 10 74 6C 63 70 2D 73 65 72 76 65 72 2D 73 69 ..tlcp-server-si
0090: 67 6E 30 59 30 13 06 07 2A 86 48 CE 3D 02 01 06 gn0Y0...*.H.=...
00A0: 08 2A 81 1C CF 55 01 82 2D 03 42 00 04 C5 5D BE .*...U..-.B...].
00B0: 24 7D 20 90 6B 7F 9B D6 04 4D D0 CE DA 6C 6B B5 $. .k....M...lk.
00C0: 8C 5E 03 D0 31 0C 01 CD B3 BE 6A 31 42 08 85 E0 .^..1.....j1B...
00D0: 72 43 FA E5 82 51 12 85 09 54 AA 8A 08 F5 9C 2E rC...Q...T......
00E0: 5B D9 C6 08 14 84 D0 59 C5 0F F6 CA 6F A3 60 30 [......Y....o.`0
00F0: 5E 30 1D 06 03 55 1D 0E 04 16 04 14 07 E0 F5 35 ^0...U.........5
0100: 78 53 AF B7 70 86 20 11 E5 7C 0C 4D AA 85 CB 6C xS..p. ....M...l
0110: 30 1F 06 03 55 1D 23 04 18 30 16 80 14 82 F9 96 0...U.#..0......
0120: 07 D3 D7 62 71 A4 17 2D D7 BB CF C7 8B 46 E4 C5 ...bq..-.....F..
0130: 4B 30 0C 06 03 55 1D 13 01 01 FF 04 02 30 00 30 K0...U.......0.0
0140: 0E 06 03 55 1D 0F 01 01 FF 04 04 03 02 07 80 30 ...U...........0
0150: 0A 06 08 2A 81 1C CF 55 01 83 75 03 49 00 30 46 ...*...U..u.I.0F
0160: 02 21 00 C4 58 DF 0E E9 BE 33 20 15 C7 06 96 5A .!..X....3 ....Z
0170: 81 82 F4 0F 4C 00 C7 B0 4C EF DF 92 00 04 23 51 ....L...L.....#Q
0180: F4 A5 0D 02 21 00 B0 81 04 FA 83 1A CF 11 73 87 ....!.........s.
0190: A6 F9 63 11 B0 AF F6 C5 FB 3D E7 A0 F0 85 CC 02 ..c......=......
01A0: 4C 1F CA 37 68 CB 00 01 94 30 82 01 90 30 82 01 L..7h....0...0..
01B0: 37 A0 03 02 01 02 02 14 18 89 0B 03 3E C3 E2 DB 7...........>...
01C0: 6A 72 7F 8E FC DA BA 7B BC 54 97 C7 30 0A 06 08 jr.......T..0...
01D0: 2A 81 1C CF 55 01 83 75 30 15 31 13 30 11 06 03 *...U..u0.1.0...
01E0: 55 04 03 0C 0A 74 6C 63 70 2D 69 6E 74 63 61 30 U....tlcp-intca0
01F0: 1E 17 0D 32 33 31 31 32 31 30 39 30 35 30 38 5A ...231121090508Z
0200: 17 0D 33 33 31 31 31 38 30 39 30 35 30 38 5A 30 ..331118090508Z0
0210: 1A 31 18 30 16 06 03 55 04 03 0C 0F 74 6C 63 70 .1.0...U....tlcp
0220: 2D 73 65 72 76 65 72 2D 65 6E 63 30 59 30 13 06 -server-enc0Y0..
0230: 07 2A 86 48 CE 3D 02 01 06 08 2A 81 1C CF 55 01 .*.H.=....*...U.
0240: 82 2D 03 42 00 04 80 15 E8 42 30 8D 8C 94 67 9B .-.B.....B0...g.
0250: CD 47 0D FD 80 56 C7 54 D5 77 D5 D8 41 A3 AB A8 .G...V.T.w..A...
0260: 96 1A 4E 27 2F 20 57 5E 08 8D 74 21 2B 5F 9F 4A ..N'/ W^..t!+_.J
0270: 4A 0A A8 09 05 B6 55 2B C4 1B BA 41 CE A6 61 15 J.....U+...A..a.
0280: 8F 82 28 9A 05 B6 A3 60 30 5E 30 1D 06 03 55 1D ..(....`0^0...U.
0290: 0E 04 16 04 14 E0 61 9C F0 77 B9 3E AA 28 34 B7 ......a..w.>.(4.
02A0: 69 2D 50 33 86 38 FB EB 49 30 1F 06 03 55 1D 23 i-P3.8..I0...U.#
02B0: 04 18 30 16 80 14 82 F9 96 07 D3 D7 62 71 A4 17 ..0.........bq..
02C0: 2D D7 BB CF C7 8B 46 E4 C5 4B 30 0C 06 03 55 1D -.....F..K0...U.
02D0: 13 01 01 FF 04 02 30 00 30 0E 06 03 55 1D 0F 01 ......0.0...U...
02E0: 01 FF 04 04 03 02 03 38 30 0A 06 08 2A 81 1C CF .......80...*...
02F0: 55 01 83 75 03 47 00 30 44 02 20 5F 2E 4F B4 CF U..u.G.0D. _.O..
0300: 2F 38 C5 44 13 44 52 A9 BD 1F B2 21 85 5C EE 20 /8.D.DR....!.\.
0310: E8 AD BD 3B F1 4D 00 FA 2E 9C 37 02 20 36 4E 26 ...;.M....7. 6N&
0320: AC 1F 51 64 71 D6 63 29 EE FA 6A 0C EF 26 C5 9F ..Qdq.c)..j..&..
0330: D2 22 98 7A 70 1E 73 A9 A5 7A 1B 5F BB 00 01 90 .".zp.s..z._....
0340: 30 82 01 8C 30 82 01 32 A0 03 02 01 02 02 14 4E 0...0..2.......N
0350: 21 67 7D 35 B4 1F 8D 51 0F 83 AA E5 0D C3 92 32 !g.5...Q.......2
0360: 4E 03 6D 30 0A 06 08 2A 81 1C CF 55 01 83 75 30 N.m0...*...U..u0
0370: 12 31 10 30 0E 06 03 55 04 03 0C 07 74 6C 63 70 .1.0...U....tlcp
0380: 2D 63 61 30 1E 17 0D 32 33 31 31 32 31 30 39 30 -ca0...231121090
0390: 31 30 31 5A 17 0D 33 33 31 31 31 38 30 39 30 31 101Z..3311180901
03A0: 30 31 5A 30 15 31 13 30 11 06 03 55 04 03 0C 0A 01Z0.1.0...U....
03B0: 74 6C 63 70 2D 69 6E 74 63 61 30 59 30 13 06 07 tlcp-intca0Y0...
03C0: 2A 86 48 CE 3D 02 01 06 08 2A 81 1C CF 55 01 82 *.H.=....*...U..
03D0: 2D 03 42 00 04 BB 79 12 8A A3 14 EC 18 E4 C5 32 -.B...y........2
03E0: E7 93 4A 38 14 DA 47 E4 9A C3 A7 D4 FE E5 64 61 ..J8..G.......da
03F0: 9F 3E 62 71 EF 95 BA 38 24 89 C5 01 2C 4B F9 55 .>bq...8$...,K.U
0400: 05 B6 28 8D 92 6E A9 F1 56 AF BA 96 A2 F9 2B A5 ..(..n..V.....+.
0410: 4B D9 7C 1F 01 A3 63 30 61 30 1D 06 03 55 1D 0E K.....c0a0...U..
0420: 04 16 04 14 82 F9 96 07 D3 D7 62 71 A4 17 2D D7 ..........bq..-.
0430: BB CF C7 8B 46 E4 C5 4B 30 1F 06 03 55 1D 23 04 ....F..K0...U.#.
0440: 18 30 16 80 14 F1 E9 02 D6 17 EA 59 01 17 96 17 .0.........Y....
0450: 85 1A 3E 6C 27 26 8E DC B7 30 0F 06 03 55 1D 13 ..>l'&...0...U..
0460: 01 01 FF 04 05 30 03 01 01 FF 30 0E 06 03 55 1D .....0....0...U.
0470: 0F 01 01 FF 04 04 03 02 01 86 30 0A 06 08 2A 81 ..........0...*.
0480: 1C CF 55 01 83 75 03 48 00 30 45 02 21 00 AB D4 ..U..u.H.0E.!...
0490: F4 DB DD 37 98 BF F4 B2 E5 17 2A 8D A5 BC C3 37 ...7......*....7
04A0: 09 71 75 1C 1B 4C F7 BC 4F AA F7 86 B9 CC 02 20 .qu..L..O......
04B0: 22 B0 06 05 A4 A0 90 FF 2F 40 EB 7D B0 2D C9 ED "......./@...-..
04C0: 3A 18 2F F5 CB 73 CA 62 58 3D 64 C4 CE 2F 72 7E :./..s.bX=d../r.
04D0: 00 01 8C 30 82 01 88 30 82 01 2F A0 03 02 01 02 ...0...0../.....
04E0: 02 14 2B BD 00 12 A9 61 60 30 ED 75 B0 71 AA AA ..+....a`0.u.q..
04F0: 81 93 66 FB 03 11 30 0A 06 08 2A 81 1C CF 55 01 ..f...0...*...U.
0500: 83 75 30 12 31 10 30 0E 06 03 55 04 03 0C 07 74 .u0.1.0...U....t
0510: 6C 63 70 2D 63 61 30 1E 17 0D 32 33 31 31 32 31 lcp-ca0...231121
0520: 30 38 35 39 35 39 5A 17 0D 33 33 31 31 31 38 30 085959Z..3311180
0530: 38 35 39 35 39 5A 30 12 31 10 30 0E 06 03 55 04 85959Z0.1.0...U.
0540: 03 0C 07 74 6C 63 70 2D 63 61 30 59 30 13 06 07 ...tlcp-ca0Y0...
0550: 2A 86 48 CE 3D 02 01 06 08 2A 81 1C CF 55 01 82 *.H.=....*...U..
0560: 2D 03 42 00 04 B9 BE 4E DE 41 87 B5 58 B4 CA 01 -.B....N.A..X...
0570: 54 52 B0 2E D1 00 55 D9 98 D1 2E F7 17 94 53 01 TR....U.......S.
0580: 36 D0 4F 64 8F FC E3 63 BE 7D 56 ED CB E8 A1 DA 6.Od...c..V.....
0590: 35 27 F5 61 06 2F 5A 49 43 5D 68 4B 27 D8 68 D1 5'.a./ZIC]hK'.h.
05A0: 88 BA CA 82 F7 A3 63 30 61 30 1D 06 03 55 1D 0E ......c0a0...U..
05B0: 04 16 04 14 F1 E9 02 D6 17 EA 59 01 17 96 17 85 ..........Y.....
05C0: 1A 3E 6C 27 26 8E DC B7 30 1F 06 03 55 1D 23 04 .>l'&...0...U.#.
05D0: 18 30 16 80 14 F1 E9 02 D6 17 EA 59 01 17 96 17 .0.........Y....
05E0: 85 1A 3E 6C 27 26 8E DC B7 30 0F 06 03 55 1D 13 ..>l'&...0...U..
05F0: 01 01 FF 04 05 30 03 01 01 FF 30 0E 06 03 55 1D .....0....0...U.
0600: 0F 01 01 FF 04 04 03 02 01 86 30 0A 06 08 2A 81 ..........0...*.
0610: 1C CF 55 01 83 75 03 47 00 30 44 02 20 7E 90 66 ..U..u.G.0D. ..f
0620: CE 47 B0 F5 FB CE 17 48 69 2F AE 69 04 89 80 3D .G.....Hi/.i...=
0630: 13 D9 46 1B A5 20 70 CE E2 B0 39 14 BC 02 20 02 ..F.. p...9... .
0640: C0 89 4F B2 4C 96 14 71 D5 3C F7 B1 EC 4B 3A 77 ..O.L..q.<...K:w
0650: EA 92 68 95 FF 22 B8 18 50 4D E8 B3 AF 7E 00 ..h.."..PM.....
)
com.tencent.kona.ssl|FINE|C0|nioEventLoopGroup-2-1|2023-11-22 10:26:19.940 CST|SSLEngineInputRecord.java:214|READ: TLCPv1.1 handshake, length = 1626
com.tencent.kona.ssl|FINE|C0|nioEventLoopGroup-2-1|2023-11-22 10:26:19.946 CST|TLCPCertificate.java:381|Consuming server Certificate handshake message (
"Certificates": [
"certificate" : {
"version" : "v3",
"serial number" : "18890B033EC3E2DB6A727F8EFCDABA7BBC5497C6",
"signature algorithm": "SM3withSM2",
"issuer" : "CN=tlcp-intca",
"not before" : "2023-11-21 17:04:14.000 CST",
"not after" : "2033-11-18 17:04:14.000 CST",
"subject" : "CN=tlcp-server-sign",
"subject public key" : "EC",
"extensions" : [
{
ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 82 F9 96 07 D3 D7 62 71 A4 17 2D D7 BB CF C7 8B ......bq..-.....
0010: 46 E4 C5 4B F..K
]
]
},
{
ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:false
PathLen: undefined
]
},
{
ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
]
},
{
ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 07 E0 F5 35 78 53 AF B7 70 86 20 11 E5 7C 0C 4D ...5xS..p. ....M
0010: AA 85 CB 6C ...l
]
]
}
]},
"certificate" : {
"version" : "v3",
"serial number" : "18890B033EC3E2DB6A727F8EFCDABA7BBC5497C7",
"signature algorithm": "SM3withSM2",
"issuer" : "CN=tlcp-intca",
"not before" : "2023-11-21 17:05:08.000 CST",
"not after" : "2033-11-18 17:05:08.000 CST",
"subject" : "CN=tlcp-server-enc",
"subject public key" : "EC",
"extensions" : [
{
ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 82 F9 96 07 D3 D7 62 71 A4 17 2D D7 BB CF C7 8B ......bq..-.....
0010: 46 E4 C5 4B F..K
]
]
},
{
ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:false
PathLen: undefined
]
},
{
ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_Encipherment
Data_Encipherment
Key_Agreement
]
},
{
ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: E0 61 9C F0 77 B9 3E AA 28 34 B7 69 2D 50 33 86 .a..w.>.(4.i-P3.
0010: 38 FB EB 49 8..I
]
]
}
]},
"certificate" : {
"version" : "v3",
"serial number" : "4E21677D35B41F8D510F83AAE50DC392324E036D",
"signature algorithm": "SM3withSM2",
"issuer" : "CN=tlcp-ca",
"not before" : "2023-11-21 17:01:01.000 CST",
"not after" : "2033-11-18 17:01:01.000 CST",
"subject" : "CN=tlcp-intca",
"subject public key" : "EC",
"extensions" : [
{
ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: F1 E9 02 D6 17 EA 59 01 17 96 17 85 1A 3E 6C 27 ......Y......>l'
0010: 26 8E DC B7 &...
]
]
},
{
ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen: no limit
]
},
{
ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_CertSign
Crl_Sign
]
},
{
ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 82 F9 96 07 D3 D7 62 71 A4 17 2D D7 BB CF C7 8B ......bq..-.....
0010: 46 E4 C5 4B F..K
]
]
}
]},
"certificate" : {
"version" : "v3",
"serial number" : "2BBD0012A9616030ED75B071AAAA819366FB0311",
"signature algorithm": "SM3withSM2",
"issuer" : "CN=tlcp-ca",
"not before" : "2023-11-21 16:59:59.000 CST",
"not after" : "2033-11-18 16:59:59.000 CST",
"subject" : "CN=tlcp-ca",
"subject public key" : "EC",
"extensions" : [
{
ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: F1 E9 02 D6 17 EA 59 01 17 96 17 85 1A 3E 6C 27 ......Y......>l'
0010: 26 8E DC B7 &...
]
]
},
{
ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen: no limit
]
},
{
ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_CertSign
Crl_Sign
]
},
{
ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: F1 E9 02 D6 17 EA 59 01 17 96 17 85 1A 3E 6C 27 ......Y......>l'
0010: 26 8E DC B7 &...
]
]
}
]}
]
)
com.tencent.kona.ssl|FINE|C0|nioEventLoopGroup-2-1|2023-11-22 10:26:20.071 CST|X509TrustManagerImpl.java:302|Found trusted certificate (
"certificate" : {
"version" : "v3",
"serial number" : "4E21677D35B41F8D510F83AAE50DC392324E036D",
"signature algorithm": "SM3withSM2",
"issuer" : "CN=tlcp-ca",
"not before" : "2023-11-21 17:01:01.000 CST",
"not after" : "2033-11-18 17:01:01.000 CST",
"subject" : "CN=tlcp-intca",
"subject public key" : "EC",
"extensions" : [
{
ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: F1 E9 02 D6 17 EA 59 01 17 96 17 85 1A 3E 6C 27 ......Y......>l'
0010: 26 8E DC B7 &...
]
]
},
{
ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen: no limit
]
},
{
ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_CertSign
Crl_Sign
]
},
{
ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 82 F9 96 07 D3 D7 62 71 A4 17 2D D7 BB CF C7 8B ......bq..-.....
0010: 46 E4 C5 4B F..K
]
]
}
]}
)
com.tencent.kona.ssl|FINE|C0|nioEventLoopGroup-2-1|2023-11-22 10:26:20.072 CST|SSLEngineInputRecord.java:177|Raw read (
0000: 16 01 01 00 4E 0C 00 00 4A 00 48 30 46 02 21 00 ....N...J.H0F.!.
0010: C6 F4 3D 08 3A BC C7 3C 56 B6 64 DB 8E 60 63 15 ..=.:..<V.d..`c.
0020: 7A B4 7B 3C 83 A9 6C ED 89 2E 08 CD 3E 42 A7 E1 z..<..l.....>B..
0030: 02 21 00 F9 6B F7 C0 F7 E5 92 E3 4E 21 2C 9D BC .!..k......N!,..
0040: 21 D9 3C 41 30 8F F5 C6 85 FE A7 81 A9 2F B5 3D !.<A0......../.=
0050: 50 BC 5C P.\
)
com.tencent.kona.ssl|FINE|C0|nioEventLoopGroup-2-1|2023-11-22 10:26:20.072 CST|SSLEngineInputRecord.java:214|READ: TLCPv1.1 handshake, length = 78
com.tencent.kona.ssl|FINE|C0|nioEventLoopGroup-2-1|2023-11-22 10:26:20.083 CST|SM2ServerKeyExchange.java:339|Consuming SM2 ServerKeyExchange handshake message (
"SM2 ServerKeyExchange": {
"digital signature": {
"signature": {
0000: 30 46 02 21 00 C6 F4 3D 08 3A BC C7 3C 56 B6 64 0F.!...=.:..<V.d
0010: DB 8E 60 63 15 7A B4 7B 3C 83 A9 6C ED 89 2E 08 ..`c.z..<..l....
0020: CD 3E 42 A7 E1 02 21 00 F9 6B F7 C0 F7 E5 92 E3 .>B...!..k......
0030: 4E 21 2C 9D BC 21 D9 3C 41 30 8F F5 C6 85 FE A7 N!,..!.<A0......
0040: 81 A9 2F B5 3D 50 BC 5C ../.=P.\
},
}
}
)
com.tencent.kona.ssl|FINE|C0|nioEventLoopGroup-2-1|2023-11-22 10:26:20.084 CST|SSLEngineInputRecord.java:177|Raw read (
0000: 16 01 01 00 38 0D 00 00 34 02 01 02 00 2F 00 17 ....8...4..../..
0010: 30 15 31 13 30 11 06 03 55 04 03 0C 0A 74 6C 63 0.1.0...U....tlc
0020: 70 2D 69 6E 74 63 61 00 14 30 12 31 10 30 0E 06 p-intca..0.1.0..
0030: 03 55 04 03 0C 07 74 6C 63 70 2D 63 61 .U....tlcp-ca
)
com.tencent.kona.ssl|FINE|C0|nioEventLoopGroup-2-1|2023-11-22 10:26:20.084 CST|SSLEngineInputRecord.java:214|READ: TLCPv1.1 handshake, length = 56
com.tencent.kona.ssl|FINE|C0|nioEventLoopGroup-2-1|2023-11-22 10:26:20.086 CST|TLCPCertificateRequest.java:344|Consuming CertificateRequest handshake message (
"CertificateRequest": {
"certificate types": [rsa_sign, dss_sign]
"supported signature algorithms": []
"certificate authorities": [CN=tlcp-intca, CN=tlcp-ca]
}
)
com.tencent.kona.ssl|FINE|C0|nioEventLoopGroup-2-1|2023-11-22 10:26:20.091 CST|X509KeyManagerImpl.java:455|KeyMgr: getting aliases (
[tlcp-sign-ee-demo (verified: OK), tlcp-enc-ee-demo (verified: EXTENSION_MISMATCH)]
)
com.tencent.kona.ssl|FINE|C0|nioEventLoopGroup-2-1|2023-11-22 10:26:20.165 CST|SSLEngineInputRecord.java:177|Raw read (
0000: 16 01 01 00 04 0E 00 00 00 .........
)
com.tencent.kona.ssl|FINE|C0|nioEventLoopGroup-2-1|2023-11-22 10:26:20.165 CST|SSLEngineInputRecord.java:214|READ: TLCPv1.1 handshake, length = 4
com.tencent.kona.ssl|FINE|C0|nioEventLoopGroup-2-1|2023-11-22 10:26:20.166 CST|ServerHelloDone.java:152|Consuming ServerHelloDone handshake message (
<empty>
)
com.tencent.kona.ssl|FINE|C0|nioEventLoopGroup-2-1|2023-11-22 10:26:20.168 CST|TLCPCertificate.java:323|Produced client Certificate handshake message (
"Certificates": [
"certificate" : {
"version" : "v3",
"serial number" : "18890B033EC3E2DB6A727F8EFCDABA7BBC5497C8",
"signature algorithm": "SM3withSM2",
"issuer" : "CN=tlcp-intca",
"not before" : "2023-11-21 17:05:45.000 CST",
"not after" : "2033-11-18 17:05:45.000 CST",
"subject" : "CN=tlcp-client-sign",
"subject public key" : "EC",
"extensions" : [
{
ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 82 F9 96 07 D3 D7 62 71 A4 17 2D D7 BB CF C7 8B ......bq..-.....
0010: 46 E4 C5 4B F..K
]
]
},
{
ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:false
PathLen: undefined
]
},
{
ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
]
},
{
ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 9F 31 70 7B 41 8D 33 4A 4D 3D 1B 84 87 85 0A 6B .1p.A.3JM=.....k
0010: 97 A3 EA FD ....
]
]
}
]},
"certificate" : {
"version" : "v3",
"serial number" : "18890B033EC3E2DB6A727F8EFCDABA7BBC5497C9",
"signature algorithm": "SM3withSM2",
"issuer" : "CN=tlcp-intca",
"not before" : "2023-11-21 17:06:13.000 CST",
"not after" : "2033-11-18 17:06:13.000 CST",
"subject" : "CN=tlcp-client-enc",
"subject public key" : "EC",
"extensions" : [
{
ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 82 F9 96 07 D3 D7 62 71 A4 17 2D D7 BB CF C7 8B ......bq..-.....
0010: 46 E4 C5 4B F..K
]
]
},
{
ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:false
PathLen: undefined
]
},
{
ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_Encipherment
Data_Encipherment
Key_Agreement
]
},
{
ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 3D 36 7D F8 02 30 A4 35 94 EA 4B C3 A9 EC 20 A2 =6...0.5..K... .
0010: 74 A8 62 51 t.bQ
]
]
}
]}
]
)
com.tencent.kona.ssl|FINE|C0|nioEventLoopGroup-2-1|2023-11-22 10:26:20.269 CST|SM2ClientKeyExchange.java:170|Produced SM2 ClientKeyExchange handshake message (
"SM2 ClientKeyExchange": {
"client_version": TLCPv1.1
"encncrypted": {
0000: 30 81 98 02 20 12 66 3D FA 1F D5 B1 C9 DD 61 E0 0... .f=......a.
0010: C1 13 31 1D 40 1F 24 DE 0C 1A 6C 79 0A 42 F1 8E ..1.@.$...ly.B..
0020: 2D DE D4 A6 91 02 20 48 0A DF 59 B4 DE 25 50 48 -..... H..Y..%PH
0030: DB E4 3F 26 EE 61 9F 65 88 27 A0 02 78 E9 D7 DE ..?&.a.e.'..x...
0040: 2A C6 17 63 D1 93 12 04 20 32 A1 B1 FD 6F 73 60 *..c.... 2...os`
0050: 2C B3 50 99 9C 51 05 03 2D D7 F3 BB 5A 61 8A 8D ,.P..Q..-...Za..
0060: 0C 9F CB B5 DE 50 CC B5 53 04 30 C2 77 F7 11 CA .....P..S.0.w...
0070: 2B EC 77 B9 81 35 76 BE 06 C3 70 DB DB 90 01 BE +.w..5v...p.....
0080: ED DD 2A 12 51 95 2D A2 A9 51 3E A7 31 08 6A 84 ..*.Q.-..Q>.1.j.
0090: F1 E2 8C 9F 13 C3 89 B0 02 97 EF ...........
}
}
)
com.tencent.kona.ssl|FINE|C0|nioEventLoopGroup-2-1|2023-11-22 10:26:20.291 CST|TLCPCertificateVerify.java:257|Produced CertificateVerify handshake message (
"CertificateVerify": {
"signature algorithm":
"signature": {
0000: 30 45 02 21 00 FF 93 C3 80 C6 0E 9A A9 44 F4 B4 0E.!.........D..
0010: A3 3F F5 AC A4 7B 06 42 DF D2 8E A7 62 64 CD F1 .?.....B....bd..
0020: A9 AF 76 9C 1B 02 20 27 F5 D8 A2 B8 E2 EF 63 3E ..v... '......c>
0030: 06 28 D0 7D 8C 42 39 D9 61 D7 84 E4 2A D5 FB 30 .(...B9.a...*..0
0040: 76 3C 13 12 79 03 B9 v<..y..
}
}
)
com.tencent.kona.ssl|FINE|C0|nioEventLoopGroup-2-1|2023-11-22 10:26:20.307 CST|TLCPChangeCipherSpec.java:109|Produced ChangeCipherSpec message
com.tencent.kona.ssl|FINE|C0|nioEventLoopGroup-2-1|2023-11-22 10:26:20.307 CST|TLCPFinished.java:400|Produced client Finished handshake message (
"Finished": {
"verify data": {
0000: 3A 8E EA 3B C8 58 2A C8 04 C0 83 4D
}
}
)
com.tencent.kona.ssl|FINE|C0|nioEventLoopGroup-2-1|2023-11-22 10:26:20.307 CST|SSLEngineOutputRecord.java:530|WRITE: TLCPv1.1 handshake, length = 1060
com.tencent.kona.ssl|FINE|C0|nioEventLoopGroup-2-1|2023-11-22 10:26:20.313 CST|SSLEngineOutputRecord.java:551|Raw write (
0000: 16 01 01 04 24 0B 00 03 32 00 03 2F 00 01 95 30 ....$...2../...0
0010: 82 01 91 30 82 01 38 A0 03 02 01 02 02 14 18 89 ...0..8.........
0020: 0B 03 3E C3 E2 DB 6A 72 7F 8E FC DA BA 7B BC 54 ..>...jr.......T
0030: 97 C8 30 0A 06 08 2A 81 1C CF 55 01 83 75 30 15 ..0...*...U..u0.
0040: 31 13 30 11 06 03 55 04 03 0C 0A 74 6C 63 70 2D 1.0...U....tlcp-
0050: 69 6E 74 63 61 30 1E 17 0D 32 33 31 31 32 31 30 intca0...2311210
0060: 39 30 35 34 35 5A 17 0D 33 33 31 31 31 38 30 39 90545Z..33111809
0070: 30 35 34 35 5A 30 1B 31 19 30 17 06 03 55 04 03 0545Z0.1.0...U..
0080: 0C 10 74 6C 63 70 2D 63 6C 69 65 6E 74 2D 73 69 ..tlcp-client-si
0090: 67 6E 30 59 30 13 06 07 2A 86 48 CE 3D 02 01 06 gn0Y0...*.H.=...
00A0: 08 2A 81 1C CF 55 01 82 2D 03 42 00 04 69 0F 51 .*...U..-.B..i.Q
00B0: F2 7A E0 8A 33 C2 BE A4 A4 93 D2 CC 9A 3F 3A EE .z..3........?:.
00C0: 46 6B 5D 18 09 F7 EC 20 04 F2 DC 88 AF 8D 66 A0 Fk].... ......f.
00D0: 33 04 24 7F F4 B2 02 6D 6D 65 40 CC B7 ED 9C D4 3.$....mme@.....
00E0: 2E 17 3A D6 31 22 2D AA 8E BA 91 8B FC A3 60 30 ..:.1"-.......`0
00F0: 5E 30 1D 06 03 55 1D 0E 04 16 04 14 9F 31 70 7B ^0...U.......1p.
0100: 41 8D 33 4A 4D 3D 1B 84 87 85 0A 6B 97 A3 EA FD A.3JM=.....k....
0110: 30 1F 06 03 55 1D 23 04 18 30 16 80 14 82 F9 96 0...U.#..0......
0120: 07 D3 D7 62 71 A4 17 2D D7 BB CF C7 8B 46 E4 C5 ...bq..-.....F..
0130: 4B 30 0C 06 03 55 1D 13 01 01 FF 04 02 30 00 30 K0...U.......0.0
0140: 0E 06 03 55 1D 0F 01 01 FF 04 04 03 02 07 80 30 ...U...........0
0150: 0A 06 08 2A 81 1C CF 55 01 83 75 03 47 00 30 44 ...*...U..u.G.0D
0160: 02 20 4F 73 7B 63 A2 0D AC DD E1 DC 81 69 F5 1F . Os.c.......i..
0170: 0A ED 65 37 FC 3E A4 29 65 CC F8 D1 D7 58 28 C3 ..e7.>.)e....X(.
0180: 2F E1 02 20 3B 2C 9C F6 45 E6 99 91 EC FB B7 05 /.. ;,..E.......
0190: C0 3D 0A 90 94 1F 31 8C 1F 7E 3F 21 DC 81 A6 7D .=....1...?!....
01A0: 93 A0 0A D8 00 01 94 30 82 01 90 30 82 01 37 A0 .......0...0..7.
01B0: 03 02 01 02 02 14 18 89 0B 03 3E C3 E2 DB 6A 72 ..........>...jr
01C0: 7F 8E FC DA BA 7B BC 54 97 C9 30 0A 06 08 2A 81 .......T..0...*.
01D0: 1C CF 55 01 83 75 30 15 31 13 30 11 06 03 55 04 ..U..u0.1.0...U.
01E0: 03 0C 0A 74 6C 63 70 2D 69 6E 74 63 61 30 1E 17 ...tlcp-intca0..
01F0: 0D 32 33 31 31 32 31 30 39 30 36 31 33 5A 17 0D .231121090613Z..
0200: 33 33 31 31 31 38 30 39 30 36 31 33 5A 30 1A 31 331118090613Z0.1
0210: 18 30 16 06 03 55 04 03 0C 0F 74 6C 63 70 2D 63 .0...U....tlcp-c
0220: 6C 69 65 6E 74 2D 65 6E 63 30 59 30 13 06 07 2A lient-enc0Y0...*
0230: 86 48 CE 3D 02 01 06 08 2A 81 1C CF 55 01 82 2D .H.=....*...U..-
0240: 03 42 00 04 AB 86 72 71 A1 1E 74 7F C6 10 4B C8 .B....rq..t...K.
0250: C7 CA 42 72 0B B0 54 AD D1 41 2C AC 6A E1 7C 44 ..Br..T..A,.j..D
0260: A8 B0 E3 39 25 31 F3 F4 7D 92 25 29 83 DD 85 EF ...9%1....%)....
0270: 0E 38 6D 3C BC 56 B2 6B 9E FE ED 06 66 2D F8 94 .8m<.V.k....f-..
0280: 1A 28 44 CC A3 60 30 5E 30 1D 06 03 55 1D 0E 04 .(D..`0^0...U...
0290: 16 04 14 3D 36 7D F8 02 30 A4 35 94 EA 4B C3 A9 ...=6...0.5..K..
02A0: EC 20 A2 74 A8 62 51 30 1F 06 03 55 1D 23 04 18 . .t.bQ0...U.#..
02B0: 30 16 80 14 82 F9 96 07 D3 D7 62 71 A4 17 2D D7 0.........bq..-.
02C0: BB CF C7 8B 46 E4 C5 4B 30 0C 06 03 55 1D 13 01 ....F..K0...U...
02D0: 01 FF 04 02 30 00 30 0E 06 03 55 1D 0F 01 01 FF ....0.0...U.....
02E0: 04 04 03 02 03 38 30 0A 06 08 2A 81 1C CF 55 01 .....80...*...U.
02F0: 83 75 03 47 00 30 44 02 20 24 7B 27 56 DB CD 6E .u.G.0D. $.'V..n
0300: 2C 79 E2 45 DD 9E 37 F1 E0 F0 B3 F8 CA 43 B3 BB ,y.E..7......C..
0310: DD 2C DE 05 31 F6 DA B6 03 02 20 26 6A 76 93 18 .,..1..... &jv..
0320: CF FC 4D A0 55 01 FB B6 D1 FD DC A4 7F 7B 99 0C ..M.U...........
0330: 53 8E 32 42 21 BC 6E 2D 29 39 91 10 00 00 9D 00 S.2B!.n-)9......
0340: 9B 30 81 98 02 20 12 66 3D FA 1F D5 B1 C9 DD 61 .0... .f=......a
0350: E0 C1 13 31 1D 40 1F 24 DE 0C 1A 6C 79 0A 42 F1 ...1.@.$...ly.B.
0360: 8E 2D DE D4 A6 91 02 20 48 0A DF 59 B4 DE 25 50 .-..... H..Y..%P
0370: 48 DB E4 3F 26 EE 61 9F 65 88 27 A0 02 78 E9 D7 H..?&.a.e.'..x..
0380: DE 2A C6 17 63 D1 93 12 04 20 32 A1 B1 FD 6F 73 .*..c.... 2...os
0390: 60 2C B3 50 99 9C 51 05 03 2D D7 F3 BB 5A 61 8A `,.P..Q..-...Za.
03A0: 8D 0C 9F CB B5 DE 50 CC B5 53 04 30 C2 77 F7 11 ......P..S.0.w..
03B0: CA 2B EC 77 B9 81 35 76 BE 06 C3 70 DB DB 90 01 .+.w..5v...p....
03C0: BE ED DD 2A 12 51 95 2D A2 A9 51 3E A7 31 08 6A ...*.Q.-..Q>.1.j
03D0: 84 F1 E2 8C 9F 13 C3 89 B0 02 97 EF 0F 00 00 49 ...............I
03E0: 00 47 30 45 02 21 00 FF 93 C3 80 C6 0E 9A A9 44 .G0E.!.........D
03F0: F4 B4 A3 3F F5 AC A4 7B 06 42 DF D2 8E A7 62 64 ...?.....B....bd
0400: CD F1 A9 AF 76 9C 1B 02 20 27 F5 D8 A2 B8 E2 EF ....v... '......
0410: 63 3E 06 28 D0 7D 8C 42 39 D9 61 D7 84 E4 2A D5 c>.(...B9.a...*.
0420: FB 30 76 3C 13 12 79 03 B9 .0v<..y..
)
com.tencent.kona.ssl|FINE|C0|nioEventLoopGroup-2-1|2023-11-22 10:26:20.313 CST|SSLEngineOutputRecord.java:530|WRITE: TLCPv1.1 change_cipher_spec, length = 1
com.tencent.kona.ssl|FINE|C0|nioEventLoopGroup-2-1|2023-11-22 10:26:20.314 CST|SSLEngineOutputRecord.java:551|Raw write (
0000: 14 01 01 00 01 01 ......
)
com.tencent.kona.ssl|FINE|C0|nioEventLoopGroup-2-1|2023-11-22 10:26:20.314 CST|SSLEngineOutputRecord.java:530|WRITE: TLCPv1.1 handshake, length = 16
com.tencent.kona.ssl|FINE|C0|nioEventLoopGroup-2-1|2023-11-22 10:26:20.315 CST|TLCPCipher.java:269|Padded plaintext before ENCRYPTION (
0000: A0 1E D3 E1 74 B8 88 15 CC F3 88 EE ED D9 3B 41 ....t.........;A
0010: 14 00 00 0C 3A 8E EA 3B C8 58 2A C8 04 C0 83 4D ....:..;.X*....M
0020: 95 5C C0 BE 8B BA 52 A7 E7 14 A0 F7 2A E7 A5 6A .\....R.....*..j
0030: 32 86 D1 98 84 6F 6C 03 9F 07 3A 92 FE 94 8A DB 2....ol...:.....
0040: 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F ................
)
com.tencent.kona.ssl|FINE|C0|nioEventLoopGroup-2-1|2023-11-22 10:26:20.316 CST|SSLEngineOutputRecord.java:551|Raw write (
0000: 16 01 01 00 50 8F 31 F3 4C 8C 9F 86 FD 3A 37 21 ....P.1.L....:7!
0010: F1 27 40 C7 49 1B 2F D4 EC 12 46 B8 97 32 DD C8 .'@.I./...F..2..
0020: D1 20 61 8A 70 3F A1 BE EB D8 82 95 D3 EF 6C EF . a.p?........l.
0030: A1 C5 BF 42 F9 C5 72 4D 37 4D AF 85 9F B5 2C 74 ...B..rM7M....,t
0040: 08 9B 27 75 50 36 E1 D5 41 EF AD 95 4E 11 FB 21 ..'uP6..A...N..!
0050: A5 13 04 DA 5F ...._
)
com.tencent.kona.ssl|FINE|C0|nioEventLoopGroup-2-1|2023-11-22 10:26:20.319 CST|SSLEngineInputRecord.java:177|Raw read (
0000: 15 01 01 00 02 02 33 ......3
)
com.tencent.kona.ssl|FINE|C0|nioEventLoopGroup-2-1|2023-11-22 10:26:20.319 CST|SSLEngineInputRecord.java:214|READ: TLCPv1.1 alert, length = 2
com.tencent.kona.ssl|FINE|C0|nioEventLoopGroup-2-1|2023-11-22 10:26:20.323 CST|Alert.java:238|Received alert message (
"Alert": {
"level" : "fatal",
"description": "decrypt_error"
}
)
com.tencent.kona.ssl|SEVERE|C0|nioEventLoopGroup-2-1|2023-11-22 10:26:20.324 CST|TransportContext.java:370|Fatal (DECRYPT_ERROR): Received fatal alert: decrypt_error (
"throwable" : {
javax.net.ssl.SSLHandshakeException: Received fatal alert: decrypt_error
at com.tencent.kona.sun.security.ssl.Alert.createSSLException(Alert.java:131)
at com.tencent.kona.sun.security.ssl.Alert.createSSLException(Alert.java:117)
at com.tencent.kona.sun.security.ssl.TransportContext.fatal(TransportContext.java:365)
at com.tencent.kona.sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:293)
at com.tencent.kona.sun.security.ssl.TransportContext.dispatch(TransportContext.java:204)
at com.tencent.kona.sun.security.ssl.SSLTransport.decode(SSLTransport.java:172)
at com.tencent.kona.sun.security.ssl.SSLEngineImpl.decode(SSLEngineImpl.java:736)
at com.tencent.kona.sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:691)
at com.tencent.kona.sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:505)
at com.tencent.kona.sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:481)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:626)
at io.netty.handler.ssl.JdkSslEngine.unwrap(JdkSslEngine.java:92)
at io.netty.handler.ssl.JdkAlpnSslEngine.unwrap(JdkAlpnSslEngine.java:163)
at io.netty.handler.ssl.SslHandler$SslEngineType$3.unwrap(SslHandler.java:295)
at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1342)
at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1235)
at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1284)
at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:510)
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:449)
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:279)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357)
at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919)
at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:166)
at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:722)
at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:658)
at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:584)
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:496)
at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:986)
at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
at java.lang.Thread.run(Thread.java:750)}
)
com.tencent.kona.ssl|ALL|C0|nioEventLoopGroup-2-1|2023-11-22 10:26:20.324 CST|SSLSessionImpl.java:1268|Invalidated session: Session(1700619979754|SSL_NULL_WITH_NULL_NULL)
com.tencent.kona.ssl|ALL|C0|nioEventLoopGroup-2-1|2023-11-22 10:26:20.325 CST|SSLSessionImpl.java:1268|Invalidated session: Session(1700619979921|TLCP_ECC_SM4_CBC_SM3)
2023-11-22 10:26:20.338 [nioEventLoopGroup-2-1] WARN io.netty.channel.DefaultChannelPipeline - An exceptionCaught() event was fired, and it reached at the tail of the pipeline. It usually means the last handler in the pipeline did not handle the exception.
io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: Received fatal alert: decrypt_error
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:480)
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:279)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357)
at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919)
at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:166)
at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:722)
at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:658)
at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:584)
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:496)
at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:986)
at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
at java.lang.Thread.run(Thread.java:750)
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: decrypt_error我使用gmssl的s_client和s_server是正常的,您方便加下联系方式吗QQ:806632419,感谢,现在就差这一步了
johnshajiang
commented
11 months ago 从日志看,客户端没什么问题。
"SM2 ClientKeyExchange": {
"client_version": TLCPv1.1
"encncrypted": {
0000: 30 81 98 02 20 12 66 3D FA 1F D5 B1 C9 DD 61 E0 0... .f=......a.
0010: C1 13 31 1D 40 1F 24 DE 0C 1A 6C 79 0A 42 F1 8E ..1.@.$...ly.B..
0020: 2D DE D4 A6 91 02 20 48 0A DF 59 B4 DE 25 50 48 -..... H..Y..%PH
0030: DB E4 3F 26 EE 61 9F 65 88 27 A0 02 78 E9 D7 DE ..?&.a.e.'..x...
0040: 2A C6 17 63 D1 93 12 04 20 32 A1 B1 FD 6F 73 60 *..c.... 2...os`
0050: 2C B3 50 99 9C 51 05 03 2D D7 F3 BB 5A 61 8A 8D ,.P..Q..-...Za..
0060: 0C 9F CB B5 DE 50 CC B5 53 04 30 C2 77 F7 11 CA .....P..S.0.w...
0070: 2B EC 77 B9 81 35 76 BE 06 C3 70 DB DB 90 01 BE +.w..5v...p.....
0080: ED DD 2A 12 51 95 2D A2 A9 51 3E A7 31 08 6A 84 ..*.Q.-..Q>.1.j.
0090: F1 E2 8C 9F 13 C3 89 B0 02 97 EF ...........
}
}
"CertificateVerify": {
"signature algorithm":
"signature": {
0000: 30 45 02 21 00 FF 93 C3 80 C6 0E 9A A9 44 F4 B4 0E.!.........D..
0010: A3 3F F5 AC A4 7B 06 42 DF D2 8E A7 62 64 CD F1 .?.....B....bd..
0020: A9 AF 76 9C 1B 02 20 27 F5 D8 A2 B8 E2 EF 63 3E ..v... '......c>
0030: 06 28 D0 7D 8C 42 39 D9 61 D7 84 E4 2A D5 FB 30 .(...B9.a...*..0
0040: 76 3C 13 12 79 03 B9 v<..y..
}
}
"Finished": {
"verify data": {
0000: 3A 8E EA 3B C8 58 2A C8 04 C0 83 4D
}
}最终还是服务端报错了,也许是它无法验证客户端的CertificateVerify。
com.tencent.kona.ssl|FINE|C0|nioEventLoopGroup-2-1|2023-11-22 10:26:20.323 CST|Alert.java:238|Received alert message (
"Alert": {
"level" : "fatal",
"description": "decrypt_error"
}我建议你再使用Tongsuo与gmssl进行交互测试。
如果这种测试还有问题的话,那么gmssl自身出问题的可能性就比较大了。
也许它在生成/验证CertificateVerify时,错误地使用了密钥对呢?
zhangshdn
commented
11 months ago 我建议你再使用Tongsuo与gmssl进行交互测试。 如果这种测试还有问题的话,那么gmssl自身出问题的可能性就比较大了。 也许它在生成/验证
CertificateVerify时,错误地使用了密钥对呢?
以下是铜锁作为客户端的报错,gmssl作为服务端
[root@localhost zsh]# openssl s_client -connect 192.168.56.132:15003 -sign_key tlcp-client-sign.key -sign_cert tlcp-client-sign.crt -enc_cert tlcp-client-enc.crt -enc_key tlcp-client-enc.key -CAfile cas.pem -enable_ntls -ntls
CONNECTED(00000003)
Can't use SSL_get_servername
depth=2 CN = tlcp-ca
verify return:1
depth=1 CN = tlcp-intca
verify return:1
depth=0 CN = tlcp-server-enc
verify return:1
depth=2 CN = tlcp-ca
verify return:1
depth=1 CN = tlcp-intca
verify return:1
depth=0 CN = tlcp-server-sign
verify return:1
140299320743744:error:1409441B:SSL routines:ssl3_read_bytes:tlsv1 alert decrypt error:ssl/record/rec_layer_s3.c:1548:SSL alert number 51
---
Certificate chain
0 s:CN = tlcp-server-sign
i:CN = tlcp-intca
1 s:CN = tlcp-server-enc
i:CN = tlcp-intca
2 s:CN = tlcp-intca
i:CN = tlcp-ca
3 s:CN = tlcp-ca
i:CN = tlcp-ca
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIBkzCCATigAwIBAgIUGIkLAz7D4ttqcn+O/Nq6e7xUl8YwCgYIKoEcz1UBg3Uw
FTETMBEGA1UEAwwKdGxjcC1pbnRjYTAeFw0yMzExMjEwOTA0MTRaFw0zMzExMTgw
OTA0MTRaMBsxGTAXBgNVBAMMEHRsY3Atc2VydmVyLXNpZ24wWTATBgcqhkjOPQIB
BggqgRzPVQGCLQNCAATFXb4kfSCQa3+b1gRN0M7abGu1jF4D0DEMAc2zvmoxQgiF
4HJD+uWCURKFCVSqigj1nC5b2cYIFITQWcUP9spvo2AwXjAdBgNVHQ4EFgQUB+D1
NXhTr7dwhiAR5XwMTaqFy2wwHwYDVR0jBBgwFoAUgvmWB9PXYnGkFy3Xu8/Hi0bk
xUswDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCB4AwCgYIKoEcz1UBg3UDSQAw
RgIhAMRY3w7pvjMgFccGllqBgvQPTADHsEzv35IABCNR9KUNAiEAsIEE+oMazxFz
h6b5YxGwr/bF+z3noPCFzAJMH8o3aMs=
-----END CERTIFICATE-----
subject=CN = tlcp-server-sign
issuer=CN = tlcp-intca
---
Acceptable client certificate CA names
CN = tlcp-intca
CN = tlcp-ca
Client Certificate Types: RSA sign, DSA sign
---
SSL handshake has read 1836 bytes and written 2040 bytes
Verification: OK
---
New, NTLSv1.1, Cipher is ECC-SM2-SM4-CBC-SM3
Server public key is 256 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : NTLSv1.1
Cipher : ECC-SM2-SM4-CBC-SM3
Session-ID:
Session-ID-ctx:
Master-Key: 01FD0D259FF150F880C8EAD80D2DD3068EDEE69AA109250685183624E1ECF1A751546C9DC6E1ED10B1F71784321FA25B
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1700622055
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
QUIC: no
---然后我使用铜锁作为服务端,gmssl作为客户端,是正常的
[root@localhost zsh]# gmssl s_client -gmtls -connect 192.168.56.134:15003 -key tlcp-client-sign.key -dkey tlcp-client-enc.key -cert tlcp-client-sign.crt -dcert tlcp-client-enc.crt -CAfile cas.pem -state
[GMTLS_DEBUG] set sm2 signing certificate
[GMTLS_DEBUG] set sm2 signing private key
[GMTLS_DEBUG] set sm2 encryption certificate
[GMTLS_DEBUG] set sm2 decryption private key
CONNECTED(00000003)
SSL_connect:before SSL initialization
SSL_connect:SSLv3/TLS write client hello
SSL_connect:SSLv3/TLS write client hello
SSL_connect:SSLv3/TLS read server hello
depth=2 CN = tlcp-ca
verify return:1
depth=1 CN = tlcp-intca
verify return:1
depth=0 CN = tlcp-server-sign
verify return:1
SSL_connect:SSLv3/TLS read server certificate
Z=5252A2ABFD16839A02442F92ABC2C6927624C363E7BAB25CA8904CBCC62A5053
C=0001943082019030820137A003020102021418890B033EC3E2DB6A727F8EFCDABA7BBC5497C7300A06082A811CCF5501837530153113301106035504030C0A746C63702D696E746361301E170D3233313132313039303530385A170D3333313131383039303530385A301A3118301606035504030C0F746C63702D7365727665722D656E633059301306072A8648CE3D020106082A811CCF5501822D034200048015E842308D8C94679BCD470DFD8056C754D577D5D841A3ABA8961A4E272F20575E088D74212B5F9F4A4A0AA80905B6552BC41BBA41CEA661158F82289A05B6A360305E301D0603551D0E04160414E0619CF077B93EAA2834B7692D50338638FBEB49301F0603551D2304183016801482F99607D3D76271A4172DD7BBCFC78B46E4C54B300C0603551D130101FF04023000300E0603551D0F0101FF040403020338300A06082A811CCF55018375034700304402205F2E4FB4CF2F38C544134452A9BD1FB221855CEE20E8ADBD3BF14D00FA2E9C370220364E26AC1F516471D66329EEFA6A0CEF26C59FD222987A701E73A9A57A1B5FBB
SSL_connect:SSLv3/TLS read server key exchange
SSL_connect:SSLv3/TLS read server done
SSL_connect:SSLv3/TLS write client key exchange
SSL_connect:SSLv3/TLS write change cipher spec
ssl_get_algorithm2=37fa8a008x
SSL_connect:SSLv3/TLS write finished
SSL_connect:SSLv3/TLS write finished
SSL_connect:SSLv3/TLS read change cipher spec
SSL_connect:SSLv3/TLS read finished
---
Certificate chain
0 s:/CN=tlcp-server-sign
i:/CN=tlcp-intca
1 s:/CN=tlcp-server-enc
i:/CN=tlcp-intca
2 s:/CN=tlcp-intca
i:/CN=tlcp-ca
3 s:/CN=tlcp-ca
i:/CN=tlcp-ca
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIBkzCCATigAwIBAgIUGIkLAz7D4ttqcn+O/Nq6e7xUl8YwCgYIKoEcz1UBg3Uw
FTETMBEGA1UEAwwKdGxjcC1pbnRjYTAeFw0yMzExMjEwOTA0MTRaFw0zMzExMTgw
OTA0MTRaMBsxGTAXBgNVBAMMEHRsY3Atc2VydmVyLXNpZ24wWTATBgcqhkjOPQIB
BggqgRzPVQGCLQNCAATFXb4kfSCQa3+b1gRN0M7abGu1jF4D0DEMAc2zvmoxQgiF
4HJD+uWCURKFCVSqigj1nC5b2cYIFITQWcUP9spvo2AwXjAdBgNVHQ4EFgQUB+D1
NXhTr7dwhiAR5XwMTaqFy2wwHwYDVR0jBBgwFoAUgvmWB9PXYnGkFy3Xu8/Hi0bk
xUswDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCB4AwCgYIKoEcz1UBg3UDSQAw
RgIhAMRY3w7pvjMgFccGllqBgvQPTADHsEzv35IABCNR9KUNAiEAsIEE+oMazxFz
h6b5YxGwr/bF+z3noPCFzAJMH8o3aMs=
-----END CERTIFICATE-----
subject=/CN=tlcp-server-sign
issuer=/CN=tlcp-intca
---
No client certificate CA names sent
---
SSL handshake has read 1892 bytes and written 319 bytes
Verification: OK
---
New, GMTLSv1.1, Cipher is SM2-WITH-SMS4-SM3
Server public key is 256 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : GMTLSv1.1
Cipher : SM2-WITH-SMS4-SM3
Session-ID: 04FF492B433B92D5B8F91EE5CED9BC37918974DC845C548DD7E6FBD01D9E06C6
Session-ID-ctx:
Master-Key: C8FDB6D887BD2A440C1566F76F38909EAAC6C8C9401CB00A16DACAFCEF381A3EA4FE4EF6975365BF009C1C75E22CB944
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1700622941
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
---看现象是gmssl都没问题,铜锁作为客户端时,不能访问gmssl服务端
johnshajiang
commented
11 months ago 看现象是gmssl都没问题,铜锁作为客户端时,不能访问gmssl服务端
Tonsuo的s_server启用了ClientAuth吗?
另外,能否看看它们的详细日志,最好是trace级别的?或者,至少加上命令参数-debug。
zhangshdn
commented
11 months ago 看现象是gmssl都没问题,铜锁作为客户端时,不能访问gmssl服务端
Tonsuo的s_server启用了ClientAuth吗?
另外,能否看看它们的详细日志,最好是trace级别的?或者,至少加上命令参数
-debug。
# 铜锁的服务端命令
openssl s_server -state -debug -accept 15003 -sign_key tlcp-server-sign.key -sign_cert tlcp-server-sign.crt -enc_key tlcp-server-enc.key -enc_cert tlcp-server-enc.crt -CAfile cas.pem -enable_ntls -Verify 2您说的对,我确实没开铜锁的双向认证,以下是开起铜锁的双向认证后,gmssl的客户端的报错
[root@localhost zsh]# gmssl s_client -debug -gmtls -connect 192.168.56.134:15003 -key tlcp-client-sign.key -dkey tlcp-client-enc.key -cert tlcp-client-sign.crt -dcert tlcp-client-enc.crt -CAfile cas.pem -state
[GMTLS_DEBUG] set sm2 signing certificate
[GMTLS_DEBUG] set sm2 signing private key
[GMTLS_DEBUG] set sm2 encryption certificate
[GMTLS_DEBUG] set sm2 decryption private key
CONNECTED(00000003)
SSL_connect:before SSL initialization
write to 0x1b5e060 [0x1b6e340] (62 bytes => 62 (0x3E))
0000 - 16 01 01 00 39 01 00 00-35 01 01 f9 0a 8f f5 6d ....9...5......m
0010 - 83 94 a7 bc 53 34 f1 19-d0 e7 c1 b6 7d 73 f0 6e ....S4......}s.n
0020 - 7c e5 ef eb 6c 80 92 10-4c f8 ae 00 00 0e e0 17 |...l...L.......
0030 - e0 15 e0 13 e0 11 e0 1a-e0 19 00 ff 01 .............
003e - <SPACES/NULS>
SSL_connect:SSLv3/TLS write client hello
read from 0x1b5e060 [0x1b65123] (5 bytes => 5 (0x5))
0000 - 16 01 01 00 4a ....J
read from 0x1b5e060 [0x1b65128] (74 bytes => 74 (0x4A))
0000 - 02 00 00 46 01 01 ed 6f-97 ee f3 55 1c 36 61 e2 ...F...o...U.6a.
0010 - e1 3c 10 74 5f 5c 23 b9-7b ff ce 6a b8 e7 44 4f .<.t_\#.{..j..DO
0020 - 57 4e 47 52 44 00 20 ad-7a 9f 6f 8f 54 7b 47 5e WNGRD. .z.o.T{G^
0030 - 38 23 f4 bb e6 30 9c c2-7a a4 d6 82 30 74 ac 2e 8#...0..z...0t..
0040 - e7 af 4e 5d 19 a1 e8 e0-13 ..N].....
004a - <SPACES/NULS>
SSL_connect:SSLv3/TLS write client hello
read from 0x1b5e060 [0x1b65123] (5 bytes => 5 (0x5))
0000 - 16 01 01 06 5a ....Z
read from 0x1b5e060 [0x1b65128] (1626 bytes => 1626 (0x65A))
0000 - 0b 00 06 56 00 06 53 00-01 97 30 82 01 93 30 82 ...V..S...0...0.
0010 - 01 38 a0 03 02 01 02 02-14 18 89 0b 03 3e c3 e2 .8...........>..
0020 - db 6a 72 7f 8e fc da ba-7b bc 54 97 c6 30 0a 06 .jr.....{.T..0..
0030 - 08 2a 81 1c cf 55 01 83-75 30 15 31 13 30 11 06 .*...U..u0.1.0..
0040 - 03 55 04 03 0c 0a 74 6c-63 70 2d 69 6e 74 63 61 .U....tlcp-intca
0050 - 30 1e 17 0d 32 33 31 31-32 31 30 39 30 34 31 34 0...231121090414
0060 - 5a 17 0d 33 33 31 31 31-38 30 39 30 34 31 34 5a Z..331118090414Z
0070 - 30 1b 31 19 30 17 06 03-55 04 03 0c 10 74 6c 63 0.1.0...U....tlc
0080 - 70 2d 73 65 72 76 65 72-2d 73 69 67 6e 30 59 30 p-server-sign0Y0
0090 - 13 06 07 2a 86 48 ce 3d-02 01 06 08 2a 81 1c cf ...*.H.=....*...
00a0 - 55 01 82 2d 03 42 00 04-c5 5d be 24 7d 20 90 6b U..-.B...].$} .k
00b0 - 7f 9b d6 04 4d d0 ce da-6c 6b b5 8c 5e 03 d0 31 ....M...lk..^..1
00c0 - 0c 01 cd b3 be 6a 31 42-08 85 e0 72 43 fa e5 82 .....j1B...rC...
00d0 - 51 12 85 09 54 aa 8a 08-f5 9c 2e 5b d9 c6 08 14 Q...T......[....
00e0 - 84 d0 59 c5 0f f6 ca 6f-a3 60 30 5e 30 1d 06 03 ..Y....o.`0^0...
00f0 - 55 1d 0e 04 16 04 14 07-e0 f5 35 78 53 af b7 70 U.........5xS..p
0100 - 86 20 11 e5 7c 0c 4d aa-85 cb 6c 30 1f 06 03 55 . ..|.M...l0...U
0110 - 1d 23 04 18 30 16 80 14-82 f9 96 07 d3 d7 62 71 .#..0.........bq
0120 - a4 17 2d d7 bb cf c7 8b-46 e4 c5 4b 30 0c 06 03 ..-.....F..K0...
0130 - 55 1d 13 01 01 ff 04 02-30 00 30 0e 06 03 55 1d U.......0.0...U.
0140 - 0f 01 01 ff 04 04 03 02-07 80 30 0a 06 08 2a 81 ..........0...*.
0150 - 1c cf 55 01 83 75 03 49-00 30 46 02 21 00 c4 58 ..U..u.I.0F.!..X
0160 - df 0e e9 be 33 20 15 c7-06 96 5a 81 82 f4 0f 4c ....3 ....Z....L
0170 - 00 c7 b0 4c ef df 92 00-04 23 51 f4 a5 0d 02 21 ...L.....#Q....!
0180 - 00 b0 81 04 fa 83 1a cf-11 73 87 a6 f9 63 11 b0 .........s...c..
0190 - af f6 c5 fb 3d e7 a0 f0-85 cc 02 4c 1f ca 37 68 ....=......L..7h
01a0 - cb 00 01 94 30 82 01 90-30 82 01 37 a0 03 02 01 ....0...0..7....
01b0 - 02 02 14 18 89 0b 03 3e-c3 e2 db 6a 72 7f 8e fc .......>...jr...
01c0 - da ba 7b bc 54 97 c7 30-0a 06 08 2a 81 1c cf 55 ..{.T..0...*...U
01d0 - 01 83 75 30 15 31 13 30-11 06 03 55 04 03 0c 0a ..u0.1.0...U....
01e0 - 74 6c 63 70 2d 69 6e 74-63 61 30 1e 17 0d 32 33 tlcp-intca0...23
01f0 - 31 31 32 31 30 39 30 35-30 38 5a 17 0d 33 33 31 1121090508Z..331
0200 - 31 31 38 30 39 30 35 30-38 5a 30 1a 31 18 30 16 118090508Z0.1.0.
0210 - 06 03 55 04 03 0c 0f 74-6c 63 70 2d 73 65 72 76 ..U....tlcp-serv
0220 - 65 72 2d 65 6e 63 30 59-30 13 06 07 2a 86 48 ce er-enc0Y0...*.H.
0230 - 3d 02 01 06 08 2a 81 1c-cf 55 01 82 2d 03 42 00 =....*...U..-.B.
0240 - 04 80 15 e8 42 30 8d 8c-94 67 9b cd 47 0d fd 80 ....B0...g..G...
0250 - 56 c7 54 d5 77 d5 d8 41-a3 ab a8 96 1a 4e 27 2f V.T.w..A.....N'/
0260 - 20 57 5e 08 8d 74 21 2b-5f 9f 4a 4a 0a a8 09 05 W^..t!+_.JJ....
0270 - b6 55 2b c4 1b ba 41 ce-a6 61 15 8f 82 28 9a 05 .U+...A..a...(..
0280 - b6 a3 60 30 5e 30 1d 06-03 55 1d 0e 04 16 04 14 ..`0^0...U......
0290 - e0 61 9c f0 77 b9 3e aa-28 34 b7 69 2d 50 33 86 .a..w.>.(4.i-P3.
02a0 - 38 fb eb 49 30 1f 06 03-55 1d 23 04 18 30 16 80 8..I0...U.#..0..
02b0 - 14 82 f9 96 07 d3 d7 62-71 a4 17 2d d7 bb cf c7 .......bq..-....
02c0 - 8b 46 e4 c5 4b 30 0c 06-03 55 1d 13 01 01 ff 04 .F..K0...U......
02d0 - 02 30 00 30 0e 06 03 55-1d 0f 01 01 ff 04 04 03 .0.0...U........
02e0 - 02 03 38 30 0a 06 08 2a-81 1c cf 55 01 83 75 03 ..80...*...U..u.
02f0 - 47 00 30 44 02 20 5f 2e-4f b4 cf 2f 38 c5 44 13 G.0D. _.O../8.D.
0300 - 44 52 a9 bd 1f b2 21 85-5c ee 20 e8 ad bd 3b f1 DR....!.\. ...;.
0310 - 4d 00 fa 2e 9c 37 02 20-36 4e 26 ac 1f 51 64 71 M....7. 6N&..Qdq
0320 - d6 63 29 ee fa 6a 0c ef-26 c5 9f d2 22 98 7a 70 .c)..j..&...".zp
0330 - 1e 73 a9 a5 7a 1b 5f bb-00 01 90 30 82 01 8c 30 .s..z._....0...0
0340 - 82 01 32 a0 03 02 01 02-02 14 4e 21 67 7d 35 b4 ..2.......N!g}5.
0350 - 1f 8d 51 0f 83 aa e5 0d-c3 92 32 4e 03 6d 30 0a ..Q.......2N.m0.
0360 - 06 08 2a 81 1c cf 55 01-83 75 30 12 31 10 30 0e ..*...U..u0.1.0.
0370 - 06 03 55 04 03 0c 07 74-6c 63 70 2d 63 61 30 1e ..U....tlcp-ca0.
0380 - 17 0d 32 33 31 31 32 31-30 39 30 31 30 31 5a 17 ..231121090101Z.
0390 - 0d 33 33 31 31 31 38 30-39 30 31 30 31 5a 30 15 .331118090101Z0.
03a0 - 31 13 30 11 06 03 55 04-03 0c 0a 74 6c 63 70 2d 1.0...U....tlcp-
03b0 - 69 6e 74 63 61 30 59 30-13 06 07 2a 86 48 ce 3d intca0Y0...*.H.=
03c0 - 02 01 06 08 2a 81 1c cf-55 01 82 2d 03 42 00 04 ....*...U..-.B..
03d0 - bb 79 12 8a a3 14 ec 18-e4 c5 32 e7 93 4a 38 14 .y........2..J8.
03e0 - da 47 e4 9a c3 a7 d4 fe-e5 64 61 9f 3e 62 71 ef .G.......da.>bq.
03f0 - 95 ba 38 24 89 c5 01 2c-4b f9 55 05 b6 28 8d 92 ..8$...,K.U..(..
0400 - 6e a9 f1 56 af ba 96 a2-f9 2b a5 4b d9 7c 1f 01 n..V.....+.K.|..
0410 - a3 63 30 61 30 1d 06 03-55 1d 0e 04 16 04 14 82 .c0a0...U.......
0420 - f9 96 07 d3 d7 62 71 a4-17 2d d7 bb cf c7 8b 46 .....bq..-.....F
0430 - e4 c5 4b 30 1f 06 03 55-1d 23 04 18 30 16 80 14 ..K0...U.#..0...
0440 - f1 e9 02 d6 17 ea 59 01-17 96 17 85 1a 3e 6c 27 ......Y......>l'
0450 - 26 8e dc b7 30 0f 06 03-55 1d 13 01 01 ff 04 05 &...0...U.......
0460 - 30 03 01 01 ff 30 0e 06-03 55 1d 0f 01 01 ff 04 0....0...U......
0470 - 04 03 02 01 86 30 0a 06-08 2a 81 1c cf 55 01 83 .....0...*...U..
0480 - 75 03 48 00 30 45 02 21-00 ab d4 f4 db dd 37 98 u.H.0E.!......7.
0490 - bf f4 b2 e5 17 2a 8d a5-bc c3 37 09 71 75 1c 1b .....*....7.qu..
04a0 - 4c f7 bc 4f aa f7 86 b9-cc 02 20 22 b0 06 05 a4 L..O...... "....
04b0 - a0 90 ff 2f 40 eb 7d b0-2d c9 ed 3a 18 2f f5 cb .../@.}.-..:./..
04c0 - 73 ca 62 58 3d 64 c4 ce-2f 72 7e 00 01 8c 30 82 s.bX=d../r~...0.
04d0 - 01 88 30 82 01 2f a0 03-02 01 02 02 14 2b bd 00 ..0../.......+..
04e0 - 12 a9 61 60 30 ed 75 b0-71 aa aa 81 93 66 fb 03 ..a`0.u.q....f..
04f0 - 11 30 0a 06 08 2a 81 1c-cf 55 01 83 75 30 12 31 .0...*...U..u0.1
0500 - 10 30 0e 06 03 55 04 03-0c 07 74 6c 63 70 2d 63 .0...U....tlcp-c
0510 - 61 30 1e 17 0d 32 33 31-31 32 31 30 38 35 39 35 a0...23112108595
0520 - 39 5a 17 0d 33 33 31 31-31 38 30 38 35 39 35 39 9Z..331118085959
0530 - 5a 30 12 31 10 30 0e 06-03 55 04 03 0c 07 74 6c Z0.1.0...U....tl
0540 - 63 70 2d 63 61 30 59 30-13 06 07 2a 86 48 ce 3d cp-ca0Y0...*.H.=
0550 - 02 01 06 08 2a 81 1c cf-55 01 82 2d 03 42 00 04 ....*...U..-.B..
0560 - b9 be 4e de 41 87 b5 58-b4 ca 01 54 52 b0 2e d1 ..N.A..X...TR...
0570 - 00 55 d9 98 d1 2e f7 17-94 53 01 36 d0 4f 64 8f .U.......S.6.Od.
0580 - fc e3 63 be 7d 56 ed cb-e8 a1 da 35 27 f5 61 06 ..c.}V.....5'.a.
0590 - 2f 5a 49 43 5d 68 4b 27-d8 68 d1 88 ba ca 82 f7 /ZIC]hK'.h......
05a0 - a3 63 30 61 30 1d 06 03-55 1d 0e 04 16 04 14 f1 .c0a0...U.......
05b0 - e9 02 d6 17 ea 59 01 17-96 17 85 1a 3e 6c 27 26 .....Y......>l'&
05c0 - 8e dc b7 30 1f 06 03 55-1d 23 04 18 30 16 80 14 ...0...U.#..0...
05d0 - f1 e9 02 d6 17 ea 59 01-17 96 17 85 1a 3e 6c 27 ......Y......>l'
05e0 - 26 8e dc b7 30 0f 06 03-55 1d 13 01 01 ff 04 05 &...0...U.......
05f0 - 30 03 01 01 ff 30 0e 06-03 55 1d 0f 01 01 ff 04 0....0...U......
0600 - 04 03 02 01 86 30 0a 06-08 2a 81 1c cf 55 01 83 .....0...*...U..
0610 - 75 03 47 00 30 44 02 20-7e 90 66 ce 47 b0 f5 fb u.G.0D. ~.f.G...
0620 - ce 17 48 69 2f ae 69 04-89 80 3d 13 d9 46 1b a5 ..Hi/.i...=..F..
0630 - 20 70 ce e2 b0 39 14 bc-02 20 02 c0 89 4f b2 4c p...9... ...O.L
0640 - 96 14 71 d5 3c f7 b1 ec-4b 3a 77 ea 92 68 95 ff ..q.<...K:w..h..
0650 - 22 b8 18 50 4d e8 b3 af-7e "..PM...~
065a - <SPACES/NULS>
SSL_connect:SSLv3/TLS read server hello
depth=2 CN = tlcp-ca
verify return:1
depth=1 CN = tlcp-intca
verify return:1
depth=0 CN = tlcp-server-sign
verify return:1
read from 0x1b5e060 [0x1b65123] (5 bytes => 5 (0x5))
0000 - 16 01 01 00 4d ....M
read from 0x1b5e060 [0x1b65128] (77 bytes => 77 (0x4D))
0000 - 0c 00 00 49 00 47 30 45-02 21 00 90 73 51 1c 18 ...I.G0E.!..sQ..
0010 - fe 22 c9 cc b4 cd 15 46-36 6e 31 c5 83 03 05 42 .".....F6n1....B
0020 - d1 66 7b 47 75 d5 f1 39-dd 30 16 02 20 32 03 b2 .f{Gu..9.0.. 2..
0030 - 18 87 7c 2d 2c 1f 6d 97-ae 09 4c a5 f7 e6 12 0e ..|-,.m...L.....
0040 - 67 e1 35 7c 9a 32 39 c8-c1 e8 d1 cb df g.5|.29......
SSL_connect:SSLv3/TLS read server certificate
Z=5252A2ABFD16839A02442F92ABC2C6927624C363E7BAB25CA8904CBCC62A5053
C=0001943082019030820137A003020102021418890B033EC3E2DB6A727F8EFCDABA7BBC5497C7300A06082A811CCF5501837530153113301106035504030C0A746C63702D696E746361301E170D3233313132313039303530385A170D3333313131383039303530385A301A3118301606035504030C0F746C63702D7365727665722D656E633059301306072A8648CE3D020106082A811CCF5501822D034200048015E842308D8C94679BCD470DFD8056C754D577D5D841A3ABA8961A4E272F20575E088D74212B5F9F4A4A0AA80905B6552BC41BBA41CEA661158F82289A05B6A360305E301D0603551D0E04160414E0619CF077B93EAA2834B7692D50338638FBEB49301F0603551D2304183016801482F99607D3D76271A4172DD7BBCFC78B46E4C54B300C0603551D130101FF04023000300E0603551D0F0101FF040403020338300A06082A811CCF55018375034700304402205F2E4FB4CF2F38C544134452A9BD1FB221855CEE20E8ADBD3BF14D00FA2E9C370220364E26AC1F516471D66329EEFA6A0CEF26C59FD222987A701E73A9A57A1B5FBB
read from 0x1b5e060 [0x1b65123] (5 bytes => 5 (0x5))
0000 - 16 01 01 00 38 ....8
read from 0x1b5e060 [0x1b65128] (56 bytes => 56 (0x38))
0000 - 0d 00 00 34 02 01 40 00-2f 00 17 30 15 31 13 30 ...4..@./..0.1.0
0010 - 11 06 03 55 04 03 0c 0a-74 6c 63 70 2d 69 6e 74 ...U....tlcp-int
0020 - 63 61 00 14 30 12 31 10-30 0e 06 03 55 04 03 0c ca..0.1.0...U...
0030 - 07 74 6c 63 70 2d 63 61- .tlcp-ca
SSL_connect:SSLv3/TLS read server key exchange
read from 0x1b5e060 [0x1b65123] (5 bytes => 5 (0x5))
0000 - 16 01 01 00 04 .....
read from 0x1b5e060 [0x1b65128] (4 bytes => 4 (0x4))
0000 - 0e .
0004 - <SPACES/NULS>
SSL_connect:SSLv3/TLS read server certificate request
SSL_connect:SSLv3/TLS read server done
SSL_connect:SSLv3/TLS write client certificate
SSL_connect:SSLv3/TLS write client key exchange
ssl_get_algorithm2=eb6208a008x
SSL_connect:SSLv3/TLS write certificate verify
SSL_connect:SSLv3/TLS write change cipher spec
write to 0x1b5e060 [0x1b6e340] (1970 bytes => 1970 (0x7B2))
0000 - 16 01 01 06 58 0b 00 06-54 00 06 51 00 01 95 30 ....X...T..Q...0
0010 - 82 01 91 30 82 01 38 a0-03 02 01 02 02 14 18 89 ...0..8.........
0020 - 0b 03 3e c3 e2 db 6a 72-7f 8e fc da ba 7b bc 54 ..>...jr.....{.T
0030 - 97 c8 30 0a 06 08 2a 81-1c cf 55 01 83 75 30 15 ..0...*...U..u0.
0040 - 31 13 30 11 06 03 55 04-03 0c 0a 74 6c 63 70 2d 1.0...U....tlcp-
0050 - 69 6e 74 63 61 30 1e 17-0d 32 33 31 31 32 31 30 intca0...2311210
0060 - 39 30 35 34 35 5a 17 0d-33 33 31 31 31 38 30 39 90545Z..33111809
0070 - 30 35 34 35 5a 30 1b 31-19 30 17 06 03 55 04 03 0545Z0.1.0...U..
0080 - 0c 10 74 6c 63 70 2d 63-6c 69 65 6e 74 2d 73 69 ..tlcp-client-si
0090 - 67 6e 30 59 30 13 06 07-2a 86 48 ce 3d 02 01 06 gn0Y0...*.H.=...
00a0 - 08 2a 81 1c cf 55 01 82-2d 03 42 00 04 69 0f 51 .*...U..-.B..i.Q
00b0 - f2 7a e0 8a 33 c2 be a4-a4 93 d2 cc 9a 3f 3a ee .z..3........?:.
00c0 - 46 6b 5d 18 09 f7 ec 20-04 f2 dc 88 af 8d 66 a0 Fk].... ......f.
00d0 - 33 04 24 7f f4 b2 02 6d-6d 65 40 cc b7 ed 9c d4 3.$....mme@.....
00e0 - 2e 17 3a d6 31 22 2d aa-8e ba 91 8b fc a3 60 30 ..:.1"-.......`0
00f0 - 5e 30 1d 06 03 55 1d 0e-04 16 04 14 9f 31 70 7b ^0...U.......1p{
0100 - 41 8d 33 4a 4d 3d 1b 84-87 85 0a 6b 97 a3 ea fd A.3JM=.....k....
0110 - 30 1f 06 03 55 1d 23 04-18 30 16 80 14 82 f9 96 0...U.#..0......
0120 - 07 d3 d7 62 71 a4 17 2d-d7 bb cf c7 8b 46 e4 c5 ...bq..-.....F..
0130 - 4b 30 0c 06 03 55 1d 13-01 01 ff 04 02 30 00 30 K0...U.......0.0
0140 - 0e 06 03 55 1d 0f 01 01-ff 04 04 03 02 07 80 30 ...U...........0
0150 - 0a 06 08 2a 81 1c cf 55-01 83 75 03 47 00 30 44 ...*...U..u.G.0D
0160 - 02 20 4f 73 7b 63 a2 0d-ac dd e1 dc 81 69 f5 1f . Os{c.......i..
0170 - 0a ed 65 37 fc 3e a4 29-65 cc f8 d1 d7 58 28 c3 ..e7.>.)e....X(.
0180 - 2f e1 02 20 3b 2c 9c f6-45 e6 99 91 ec fb b7 05 /.. ;,..E.......
0190 - c0 3d 0a 90 94 1f 31 8c-1f 7e 3f 21 dc 81 a6 7d .=....1..~?!...}
01a0 - 93 a0 0a d8 00 01 94 30-82 01 90 30 82 01 37 a0 .......0...0..7.
01b0 - 03 02 01 02 02 14 18 89-0b 03 3e c3 e2 db 6a 72 ..........>...jr
01c0 - 7f 8e fc da ba 7b bc 54-97 c9 30 0a 06 08 2a 81 .....{.T..0...*.
01d0 - 1c cf 55 01 83 75 30 15-31 13 30 11 06 03 55 04 ..U..u0.1.0...U.
01e0 - 03 0c 0a 74 6c 63 70 2d-69 6e 74 63 61 30 1e 17 ...tlcp-intca0..
01f0 - 0d 32 33 31 31 32 31 30-39 30 36 31 33 5a 17 0d .231121090613Z..
0200 - 33 33 31 31 31 38 30 39-30 36 31 33 5a 30 1a 31 331118090613Z0.1
0210 - 18 30 16 06 03 55 04 03-0c 0f 74 6c 63 70 2d 63 .0...U....tlcp-c
0220 - 6c 69 65 6e 74 2d 65 6e-63 30 59 30 13 06 07 2a lient-enc0Y0...*
0230 - 86 48 ce 3d 02 01 06 08-2a 81 1c cf 55 01 82 2d .H.=....*...U..-
0240 - 03 42 00 04 ab 86 72 71-a1 1e 74 7f c6 10 4b c8 .B....rq..t...K.
0250 - c7 ca 42 72 0b b0 54 ad-d1 41 2c ac 6a e1 7c 44 ..Br..T..A,.j.|D
0260 - a8 b0 e3 39 25 31 f3 f4-7d 92 25 29 83 dd 85 ef ...9%1..}.%)....
0270 - 0e 38 6d 3c bc 56 b2 6b-9e fe ed 06 66 2d f8 94 .8m<.V.k....f-..
0280 - 1a 28 44 cc a3 60 30 5e-30 1d 06 03 55 1d 0e 04 .(D..`0^0...U...
0290 - 16 04 14 3d 36 7d f8 02-30 a4 35 94 ea 4b c3 a9 ...=6}..0.5..K..
02a0 - ec 20 a2 74 a8 62 51 30-1f 06 03 55 1d 23 04 18 . .t.bQ0...U.#..
02b0 - 30 16 80 14 82 f9 96 07-d3 d7 62 71 a4 17 2d d7 0.........bq..-.
02c0 - bb cf c7 8b 46 e4 c5 4b-30 0c 06 03 55 1d 13 01 ....F..K0...U...
02d0 - 01 ff 04 02 30 00 30 0e-06 03 55 1d 0f 01 01 ff ....0.0...U.....
02e0 - 04 04 03 02 03 38 30 0a-06 08 2a 81 1c cf 55 01 .....80...*...U.
02f0 - 83 75 03 47 00 30 44 02-20 24 7b 27 56 db cd 6e .u.G.0D. ${'V..n
0300 - 2c 79 e2 45 dd 9e 37 f1-e0 f0 b3 f8 ca 43 b3 bb ,y.E..7......C..
0310 - dd 2c de 05 31 f6 da b6-03 02 20 26 6a 76 93 18 .,..1..... &jv..
0320 - cf fc 4d a0 55 01 fb b6-d1 fd dc a4 7f 7b 99 0c ..M.U........{..
0330 - 53 8e 32 42 21 bc 6e 2d-29 39 91 00 01 90 30 82 S.2B!.n-)9....0.
0340 - 01 8c 30 82 01 32 a0 03-02 01 02 02 14 4e 21 67 ..0..2.......N!g
0350 - 7d 35 b4 1f 8d 51 0f 83-aa e5 0d c3 92 32 4e 03 }5...Q.......2N.
0360 - 6d 30 0a 06 08 2a 81 1c-cf 55 01 83 75 30 12 31 m0...*...U..u0.1
0370 - 10 30 0e 06 03 55 04 03-0c 07 74 6c 63 70 2d 63 .0...U....tlcp-c
0380 - 61 30 1e 17 0d 32 33 31-31 32 31 30 39 30 31 30 a0...23112109010
0390 - 31 5a 17 0d 33 33 31 31-31 38 30 39 30 31 30 31 1Z..331118090101
03a0 - 5a 30 15 31 13 30 11 06-03 55 04 03 0c 0a 74 6c Z0.1.0...U....tl
03b0 - 63 70 2d 69 6e 74 63 61-30 59 30 13 06 07 2a 86 cp-intca0Y0...*.
03c0 - 48 ce 3d 02 01 06 08 2a-81 1c cf 55 01 82 2d 03 H.=....*...U..-.
03d0 - 42 00 04 bb 79 12 8a a3-14 ec 18 e4 c5 32 e7 93 B...y........2..
03e0 - 4a 38 14 da 47 e4 9a c3-a7 d4 fe e5 64 61 9f 3e J8..G.......da.>
03f0 - 62 71 ef 95 ba 38 24 89-c5 01 2c 4b f9 55 05 b6 bq...8$...,K.U..
0400 - 28 8d 92 6e a9 f1 56 af-ba 96 a2 f9 2b a5 4b d9 (..n..V.....+.K.
0410 - 7c 1f 01 a3 63 30 61 30-1d 06 03 55 1d 0e 04 16 |...c0a0...U....
0420 - 04 14 82 f9 96 07 d3 d7-62 71 a4 17 2d d7 bb cf ........bq..-...
0430 - c7 8b 46 e4 c5 4b 30 1f-06 03 55 1d 23 04 18 30 ..F..K0...U.#..0
0440 - 16 80 14 f1 e9 02 d6 17-ea 59 01 17 96 17 85 1a .........Y......
0450 - 3e 6c 27 26 8e dc b7 30-0f 06 03 55 1d 13 01 01 >l'&...0...U....
0460 - ff 04 05 30 03 01 01 ff-30 0e 06 03 55 1d 0f 01 ...0....0...U...
0470 - 01 ff 04 04 03 02 01 86-30 0a 06 08 2a 81 1c cf ........0...*...
0480 - 55 01 83 75 03 48 00 30-45 02 21 00 ab d4 f4 db U..u.H.0E.!.....
0490 - dd 37 98 bf f4 b2 e5 17-2a 8d a5 bc c3 37 09 71 .7......*....7.q
04a0 - 75 1c 1b 4c f7 bc 4f aa-f7 86 b9 cc 02 20 22 b0 u..L..O...... ".
04b0 - 06 05 a4 a0 90 ff 2f 40-eb 7d b0 2d c9 ed 3a 18 ....../@.}.-..:.
04c0 - 2f f5 cb 73 ca 62 58 3d-64 c4 ce 2f 72 7e 00 01 /..s.bX=d../r~..
04d0 - 8c 30 82 01 88 30 82 01-2f a0 03 02 01 02 02 14 .0...0../.......
04e0 - 2b bd 00 12 a9 61 60 30-ed 75 b0 71 aa aa 81 93 +....a`0.u.q....
04f0 - 66 fb 03 11 30 0a 06 08-2a 81 1c cf 55 01 83 75 f...0...*...U..u
0500 - 30 12 31 10 30 0e 06 03-55 04 03 0c 07 74 6c 63 0.1.0...U....tlc
0510 - 70 2d 63 61 30 1e 17 0d-32 33 31 31 32 31 30 38 p-ca0...23112108
0520 - 35 39 35 39 5a 17 0d 33-33 31 31 31 38 30 38 35 5959Z..331118085
0530 - 39 35 39 5a 30 12 31 10-30 0e 06 03 55 04 03 0c 959Z0.1.0...U...
0540 - 07 74 6c 63 70 2d 63 61-30 59 30 13 06 07 2a 86 .tlcp-ca0Y0...*.
0550 - 48 ce 3d 02 01 06 08 2a-81 1c cf 55 01 82 2d 03 H.=....*...U..-.
0560 - 42 00 04 b9 be 4e de 41-87 b5 58 b4 ca 01 54 52 B....N.A..X...TR
0570 - b0 2e d1 00 55 d9 98 d1-2e f7 17 94 53 01 36 d0 ....U.......S.6.
0580 - 4f 64 8f fc e3 63 be 7d-56 ed cb e8 a1 da 35 27 Od...c.}V.....5'
0590 - f5 61 06 2f 5a 49 43 5d-68 4b 27 d8 68 d1 88 ba .a./ZIC]hK'.h...
05a0 - ca 82 f7 a3 63 30 61 30-1d 06 03 55 1d 0e 04 16 ....c0a0...U....
05b0 - 04 14 f1 e9 02 d6 17 ea-59 01 17 96 17 85 1a 3e ........Y......>
05c0 - 6c 27 26 8e dc b7 30 1f-06 03 55 1d 23 04 18 30 l'&...0...U.#..0
05d0 - 16 80 14 f1 e9 02 d6 17-ea 59 01 17 96 17 85 1a .........Y......
05e0 - 3e 6c 27 26 8e dc b7 30-0f 06 03 55 1d 13 01 01 >l'&...0...U....
05f0 - ff 04 05 30 03 01 01 ff-30 0e 06 03 55 1d 0f 01 ...0....0...U...
0600 - 01 ff 04 04 03 02 01 86-30 0a 06 08 2a 81 1c cf ........0...*...
0610 - 55 01 83 75 03 47 00 30-44 02 20 7e 90 66 ce 47 U..u.G.0D. ~.f.G
0620 - b0 f5 fb ce 17 48 69 2f-ae 69 04 89 80 3d 13 d9 .....Hi/.i...=..
0630 - 46 1b a5 20 70 ce e2 b0-39 14 bc 02 20 02 c0 89 F.. p...9... ...
0640 - 4f b2 4c 96 14 71 d5 3c-f7 b1 ec 4b 3a 77 ea 92 O.L..q.<...K:w..
0650 - 68 95 ff 22 b8 18 50 4d-e8 b3 af 7e 00 16 01 01 h.."..PM...~....
0660 - 00 a3 10 00 00 9f 00 9d-30 81 9a 02 21 00 86 a3 ........0...!...
0670 - 5c 1c 7c eb ec 2a c9 09-b1 92 b5 a2 9a 6d 7b 36 \.|..*.......m{6
0680 - 1a 6a 88 59 f6 f4 ac f4-5a 90 33 5d 64 49 02 21 .j.Y....Z.3]dI.!
0690 - 00 f7 9f c6 d1 09 79 af-81 a0 a6 18 7f c9 a6 d5 ......y.........
06a0 - 57 9d 56 a8 6b a4 e6 8c-5b ff 72 79 e5 9b c8 df W.V.k...[.ry....
06b0 - e6 04 20 94 c5 e2 05 04-01 e5 e8 3a 63 96 75 aa .. ........:c.u.
06c0 - 4a 00 e4 37 b6 07 a6 69-33 df ef aa dc a0 ef 97 J..7...i3.......
06d0 - 69 41 f3 04 30 3a 50 15-e1 6b 92 df af c8 ee cd iA..0:P..k......
06e0 - 8c aa 4d bd 5b 24 43 26-64 10 b4 a0 a2 59 be c3 ..M.[$C&d....Y..
06f0 - ae cb 1d 44 af de 82 08-97 d1 e5 1e c9 63 f8 81 ...D.........c..
0700 - d6 6f 97 ec c2 16 01 01-00 4d 0f 00 00 49 00 47 .o.......M...I.G
0710 - 30 45 02 21 00 e5 56 40-47 6f 22 3c 5e 6f 6a 7f 0E.!..V@Go"<^oj.
0720 - 45 22 17 7a 21 a0 e0 08-59 39 e3 ad 17 dc 89 ea E".z!...Y9......
0730 - 59 9c ef f6 40 02 20 2c-cd 7e 11 dc 53 48 29 e0 Y...@. ,.~..SH).
0740 - 27 12 95 20 3e f3 76 0d-5d d5 c8 50 fe ac 74 76 '.. >.v.]..P..tv
0750 - 3d 2c 6c 75 17 e1 a5 14-01 01 00 01 01 16 01 01 =,lu............
0760 - 00 50 73 0e c8 ca 7a 0b-ec d6 c5 89 11 6d 89 92 .Ps...z......m..
0770 - e0 88 91 2e 0c fa 18 41-2e fd df b1 41 73 16 02 .......A....As..
0780 - af 6f a4 64 7a 5c ab 6a-6f ab ab 76 4d fd f3 f5 .o.dz\.jo..vM...
0790 - d0 47 da 79 0d f9 32 e2-c3 e7 2d b5 02 ef ef 7c .G.y..2...-....|
07a0 - 8b 93 40 5b a9 47 d7 2a-5d aa 34 41 91 ee 69 d9 ..@[.G.*].4A..i.
07b0 - 3b e4 ;.
SSL_connect:SSLv3/TLS write finished
read from 0x1b5e060 [0x1b65123] (5 bytes => 5 (0x5))
0000 - 15 01 01 00 02 .....
read from 0x1b5e060 [0x1b65128] (2 bytes => 2 (0x2))
0000 - 02 33 .3
SSL3 alert read:fatal:decrypt error
SSL_connect:error in SSLv3/TLS write finished
140110081791808:error:1409441B:SSL routines:ssl3_read_bytes:tlsv1 alert decrypt error:ssl/record/rec_layer_s3.c:1385:SSL alert number 51
---
Certificate chain
0 s:/CN=tlcp-server-sign
i:/CN=tlcp-intca
1 s:/CN=tlcp-server-enc
i:/CN=tlcp-intca
2 s:/CN=tlcp-intca
i:/CN=tlcp-ca
3 s:/CN=tlcp-ca
i:/CN=tlcp-ca
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIBkzCCATigAwIBAgIUGIkLAz7D4ttqcn+O/Nq6e7xUl8YwCgYIKoEcz1UBg3Uw
FTETMBEGA1UEAwwKdGxjcC1pbnRjYTAeFw0yMzExMjEwOTA0MTRaFw0zMzExMTgw
OTA0MTRaMBsxGTAXBgNVBAMMEHRsY3Atc2VydmVyLXNpZ24wWTATBgcqhkjOPQIB
BggqgRzPVQGCLQNCAATFXb4kfSCQa3+b1gRN0M7abGu1jF4D0DEMAc2zvmoxQgiF
4HJD+uWCURKFCVSqigj1nC5b2cYIFITQWcUP9spvo2AwXjAdBgNVHQ4EFgQUB+D1
NXhTr7dwhiAR5XwMTaqFy2wwHwYDVR0jBBgwFoAUgvmWB9PXYnGkFy3Xu8/Hi0bk
xUswDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCB4AwCgYIKoEcz1UBg3UDSQAw
RgIhAMRY3w7pvjMgFccGllqBgvQPTADHsEzv35IABCNR9KUNAiEAsIEE+oMazxFz
h6b5YxGwr/bF+z3noPCFzAJMH8o3aMs=
-----END CERTIFICATE-----
subject=/CN=tlcp-server-sign
issuer=/CN=tlcp-intca
---
Acceptable client certificate CA names
/CN=tlcp-intca
/CN=tlcp-ca
Client Certificate Types: RSA sign, ECDSA sign
---
SSL handshake has read 1869 bytes and written 2032 bytes
Verification: OK
---
New, GMTLSv1.1, Cipher is SM2-WITH-SMS4-SM3
Server public key is 256 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : GMTLSv1.1
Cipher : SM2-WITH-SMS4-SM3
Session-ID: AD7A9F6F8F547B475E3823F4BBE6309CC27AA4D6823074AC2EE7AF4E5D19A1E8
Session-ID-ctx:
Master-Key: 53F258FD0BFEEE87ED8350BE72F4D7D5E4A87CDEDFCA25B1A74C12E3E62E579AC044310B84EC20F75B7C0BF9C5426C28
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1700624015
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
---铜锁的服务端日志如下
SSL_accept:before SSL initialization
read from 0xab6040 [0xac3463] (5 bytes => 5 (0x5))
0000 - 16 01 01 00 39 ....9
read from 0xab6040 [0xac3468] (57 bytes => 57 (0x39))
0000 - 01 00 00 35 01 01 12 09-4c 3d d9 fd 39 e1 a6 9b ...5....L=..9...
0010 - 06 a8 53 87 cc ca 92 5a-ce 1e b4 ef 79 25 cf ec ..S....Z....y%..
0020 - 35 21 c2 da f1 08 00 00-0e e0 17 e0 15 e0 13 e0 5!..............
0030 - 11 e0 1a e0 19 00 ff 01-00 .........
SSL_accept:before SSL initialization
SSL_accept:SSLv3/TLS read client hello
SSL_accept:SSLv3/TLS write server hello
SSL_accept:SSLv3/TLS write certificate
SSL_accept:SSLv3/TLS write key exchange
SSL_accept:SSLv3/TLS write certificate request
write to 0xab6040 [0xacc680] (1861 bytes => 1861 (0x745))
0000 - 16 01 01 00 4a 02 00 00-46 01 01 9a 21 f7 7a 13 ....J...F...!.z.
0010 - 3c 23 e6 49 94 ea f3 ce-e1 63 74 cd b3 cb 10 dd <#.I.....ct.....
0020 - 27 6c 17 44 4f 57 4e 47-52 44 00 20 f9 76 a5 2b 'l.DOWNGRD. .v.+
0030 - 3f a1 0a 38 ec e2 41 1d-1b 34 6a bd c5 4a 9d 50 ?..8..A..4j..J.P
0040 - a4 bf a3 c5 8f 53 53 04-c0 a4 96 d6 e0 13 00 16 .....SS.........
0050 - 01 01 06 5a 0b 00 06 56-00 06 53 00 01 97 30 82 ...Z...V..S...0.
0060 - 01 93 30 82 01 38 a0 03-02 01 02 02 14 18 89 0b ..0..8..........
0070 - 03 3e c3 e2 db 6a 72 7f-8e fc da ba 7b bc 54 97 .>...jr.....{.T.
0080 - c6 30 0a 06 08 2a 81 1c-cf 55 01 83 75 30 15 31 .0...*...U..u0.1
0090 - 13 30 11 06 03 55 04 03-0c 0a 74 6c 63 70 2d 69 .0...U....tlcp-i
00a0 - 6e 74 63 61 30 1e 17 0d-32 33 31 31 32 31 30 39 ntca0...23112109
00b0 - 30 34 31 34 5a 17 0d 33-33 31 31 31 38 30 39 30 0414Z..331118090
00c0 - 34 31 34 5a 30 1b 31 19-30 17 06 03 55 04 03 0c 414Z0.1.0...U...
00d0 - 10 74 6c 63 70 2d 73 65-72 76 65 72 2d 73 69 67 .tlcp-server-sig
00e0 - 6e 30 59 30 13 06 07 2a-86 48 ce 3d 02 01 06 08 n0Y0...*.H.=....
00f0 - 2a 81 1c cf 55 01 82 2d-03 42 00 04 c5 5d be 24 *...U..-.B...].$
0100 - 7d 20 90 6b 7f 9b d6 04-4d d0 ce da 6c 6b b5 8c } .k....M...lk..
0110 - 5e 03 d0 31 0c 01 cd b3-be 6a 31 42 08 85 e0 72 ^..1.....j1B...r
0120 - 43 fa e5 82 51 12 85 09-54 aa 8a 08 f5 9c 2e 5b C...Q...T......[
0130 - d9 c6 08 14 84 d0 59 c5-0f f6 ca 6f a3 60 30 5e ......Y....o.`0^
0140 - 30 1d 06 03 55 1d 0e 04-16 04 14 07 e0 f5 35 78 0...U.........5x
0150 - 53 af b7 70 86 20 11 e5-7c 0c 4d aa 85 cb 6c 30 S..p. ..|.M...l0
0160 - 1f 06 03 55 1d 23 04 18-30 16 80 14 82 f9 96 07 ...U.#..0.......
0170 - d3 d7 62 71 a4 17 2d d7-bb cf c7 8b 46 e4 c5 4b ..bq..-.....F..K
0180 - 30 0c 06 03 55 1d 13 01-01 ff 04 02 30 00 30 0e 0...U.......0.0.
0190 - 06 03 55 1d 0f 01 01 ff-04 04 03 02 07 80 30 0a ..U...........0.
01a0 - 06 08 2a 81 1c cf 55 01-83 75 03 49 00 30 46 02 ..*...U..u.I.0F.
01b0 - 21 00 c4 58 df 0e e9 be-33 20 15 c7 06 96 5a 81 !..X....3 ....Z.
01c0 - 82 f4 0f 4c 00 c7 b0 4c-ef df 92 00 04 23 51 f4 ...L...L.....#Q.
01d0 - a5 0d 02 21 00 b0 81 04-fa 83 1a cf 11 73 87 a6 ...!.........s..
01e0 - f9 63 11 b0 af f6 c5 fb-3d e7 a0 f0 85 cc 02 4c .c......=......L
01f0 - 1f ca 37 68 cb 00 01 94-30 82 01 90 30 82 01 37 ..7h....0...0..7
0200 - a0 03 02 01 02 02 14 18-89 0b 03 3e c3 e2 db 6a ...........>...j
0210 - 72 7f 8e fc da ba 7b bc-54 97 c7 30 0a 06 08 2a r.....{.T..0...*
0220 - 81 1c cf 55 01 83 75 30-15 31 13 30 11 06 03 55 ...U..u0.1.0...U
0230 - 04 03 0c 0a 74 6c 63 70-2d 69 6e 74 63 61 30 1e ....tlcp-intca0.
0240 - 17 0d 32 33 31 31 32 31-30 39 30 35 30 38 5a 17 ..231121090508Z.
0250 - 0d 33 33 31 31 31 38 30-39 30 35 30 38 5a 30 1a .331118090508Z0.
0260 - 31 18 30 16 06 03 55 04-03 0c 0f 74 6c 63 70 2d 1.0...U....tlcp-
0270 - 73 65 72 76 65 72 2d 65-6e 63 30 59 30 13 06 07 server-enc0Y0...
0280 - 2a 86 48 ce 3d 02 01 06-08 2a 81 1c cf 55 01 82 *.H.=....*...U..
0290 - 2d 03 42 00 04 80 15 e8-42 30 8d 8c 94 67 9b cd -.B.....B0...g..
02a0 - 47 0d fd 80 56 c7 54 d5-77 d5 d8 41 a3 ab a8 96 G...V.T.w..A....
02b0 - 1a 4e 27 2f 20 57 5e 08-8d 74 21 2b 5f 9f 4a 4a .N'/ W^..t!+_.JJ
02c0 - 0a a8 09 05 b6 55 2b c4-1b ba 41 ce a6 61 15 8f .....U+...A..a..
02d0 - 82 28 9a 05 b6 a3 60 30-5e 30 1d 06 03 55 1d 0e .(....`0^0...U..
02e0 - 04 16 04 14 e0 61 9c f0-77 b9 3e aa 28 34 b7 69 .....a..w.>.(4.i
02f0 - 2d 50 33 86 38 fb eb 49-30 1f 06 03 55 1d 23 04 -P3.8..I0...U.#.
0300 - 18 30 16 80 14 82 f9 96-07 d3 d7 62 71 a4 17 2d .0.........bq..-
0310 - d7 bb cf c7 8b 46 e4 c5-4b 30 0c 06 03 55 1d 13 .....F..K0...U..
0320 - 01 01 ff 04 02 30 00 30-0e 06 03 55 1d 0f 01 01 .....0.0...U....
0330 - ff 04 04 03 02 03 38 30-0a 06 08 2a 81 1c cf 55 ......80...*...U
0340 - 01 83 75 03 47 00 30 44-02 20 5f 2e 4f b4 cf 2f ..u.G.0D. _.O../
0350 - 38 c5 44 13 44 52 a9 bd-1f b2 21 85 5c ee 20 e8 8.D.DR....!.\. .
0360 - ad bd 3b f1 4d 00 fa 2e-9c 37 02 20 36 4e 26 ac ..;.M....7. 6N&.
0370 - 1f 51 64 71 d6 63 29 ee-fa 6a 0c ef 26 c5 9f d2 .Qdq.c)..j..&...
0380 - 22 98 7a 70 1e 73 a9 a5-7a 1b 5f bb 00 01 90 30 ".zp.s..z._....0
0390 - 82 01 8c 30 82 01 32 a0-03 02 01 02 02 14 4e 21 ...0..2.......N!
03a0 - 67 7d 35 b4 1f 8d 51 0f-83 aa e5 0d c3 92 32 4e g}5...Q.......2N
03b0 - 03 6d 30 0a 06 08 2a 81-1c cf 55 01 83 75 30 12 .m0...*...U..u0.
03c0 - 31 10 30 0e 06 03 55 04-03 0c 07 74 6c 63 70 2d 1.0...U....tlcp-
03d0 - 63 61 30 1e 17 0d 32 33-31 31 32 31 30 39 30 31 ca0...2311210901
03e0 - 30 31 5a 17 0d 33 33 31-31 31 38 30 39 30 31 30 01Z..33111809010
03f0 - 31 5a 30 15 31 13 30 11-06 03 55 04 03 0c 0a 74 1Z0.1.0...U....t
0400 - 6c 63 70 2d 69 6e 74 63-61 30 59 30 13 06 07 2a lcp-intca0Y0...*
0410 - 86 48 ce 3d 02 01 06 08-2a 81 1c cf 55 01 82 2d .H.=....*...U..-
0420 - 03 42 00 04 bb 79 12 8a-a3 14 ec 18 e4 c5 32 e7 .B...y........2.
0430 - 93 4a 38 14 da 47 e4 9a-c3 a7 d4 fe e5 64 61 9f .J8..G.......da.
0440 - 3e 62 71 ef 95 ba 38 24-89 c5 01 2c 4b f9 55 05 >bq...8$...,K.U.
0450 - b6 28 8d 92 6e a9 f1 56-af ba 96 a2 f9 2b a5 4b .(..n..V.....+.K
0460 - d9 7c 1f 01 a3 63 30 61-30 1d 06 03 55 1d 0e 04 .|...c0a0...U...
0470 - 16 04 14 82 f9 96 07 d3-d7 62 71 a4 17 2d d7 bb .........bq..-..
0480 - cf c7 8b 46 e4 c5 4b 30-1f 06 03 55 1d 23 04 18 ...F..K0...U.#..
0490 - 30 16 80 14 f1 e9 02 d6-17 ea 59 01 17 96 17 85 0.........Y.....
04a0 - 1a 3e 6c 27 26 8e dc b7-30 0f 06 03 55 1d 13 01 .>l'&...0...U...
04b0 - 01 ff 04 05 30 03 01 01-ff 30 0e 06 03 55 1d 0f ....0....0...U..
04c0 - 01 01 ff 04 04 03 02 01-86 30 0a 06 08 2a 81 1c .........0...*..
04d0 - cf 55 01 83 75 03 48 00-30 45 02 21 00 ab d4 f4 .U..u.H.0E.!....
04e0 - db dd 37 98 bf f4 b2 e5-17 2a 8d a5 bc c3 37 09 ..7......*....7.
04f0 - 71 75 1c 1b 4c f7 bc 4f-aa f7 86 b9 cc 02 20 22 qu..L..O...... "
0500 - b0 06 05 a4 a0 90 ff 2f-40 eb 7d b0 2d c9 ed 3a ......./@.}.-..:
0510 - 18 2f f5 cb 73 ca 62 58-3d 64 c4 ce 2f 72 7e 00 ./..s.bX=d../r~.
0520 - 01 8c 30 82 01 88 30 82-01 2f a0 03 02 01 02 02 ..0...0../......
0530 - 14 2b bd 00 12 a9 61 60-30 ed 75 b0 71 aa aa 81 .+....a`0.u.q...
0540 - 93 66 fb 03 11 30 0a 06-08 2a 81 1c cf 55 01 83 .f...0...*...U..
0550 - 75 30 12 31 10 30 0e 06-03 55 04 03 0c 07 74 6c u0.1.0...U....tl
0560 - 63 70 2d 63 61 30 1e 17-0d 32 33 31 31 32 31 30 cp-ca0...2311210
0570 - 38 35 39 35 39 5a 17 0d-33 33 31 31 31 38 30 38 85959Z..33111808
0580 - 35 39 35 39 5a 30 12 31-10 30 0e 06 03 55 04 03 5959Z0.1.0...U..
0590 - 0c 07 74 6c 63 70 2d 63-61 30 59 30 13 06 07 2a ..tlcp-ca0Y0...*
05a0 - 86 48 ce 3d 02 01 06 08-2a 81 1c cf 55 01 82 2d .H.=....*...U..-
05b0 - 03 42 00 04 b9 be 4e de-41 87 b5 58 b4 ca 01 54 .B....N.A..X...T
05c0 - 52 b0 2e d1 00 55 d9 98-d1 2e f7 17 94 53 01 36 R....U.......S.6
05d0 - d0 4f 64 8f fc e3 63 be-7d 56 ed cb e8 a1 da 35 .Od...c.}V.....5
05e0 - 27 f5 61 06 2f 5a 49 43-5d 68 4b 27 d8 68 d1 88 '.a./ZIC]hK'.h..
05f0 - ba ca 82 f7 a3 63 30 61-30 1d 06 03 55 1d 0e 04 .....c0a0...U...
0600 - 16 04 14 f1 e9 02 d6 17-ea 59 01 17 96 17 85 1a .........Y......
0610 - 3e 6c 27 26 8e dc b7 30-1f 06 03 55 1d 23 04 18 >l'&...0...U.#..
0620 - 30 16 80 14 f1 e9 02 d6-17 ea 59 01 17 96 17 85 0.........Y.....
0630 - 1a 3e 6c 27 26 8e dc b7-30 0f 06 03 55 1d 13 01 .>l'&...0...U...
0640 - 01 ff 04 05 30 03 01 01-ff 30 0e 06 03 55 1d 0f ....0....0...U..
0650 - 01 01 ff 04 04 03 02 01-86 30 0a 06 08 2a 81 1c .........0...*..
0660 - cf 55 01 83 75 03 47 00-30 44 02 20 7e 90 66 ce .U..u.G.0D. ~.f.
0670 - 47 b0 f5 fb ce 17 48 69-2f ae 69 04 89 80 3d 13 G.....Hi/.i...=.
0680 - d9 46 1b a5 20 70 ce e2-b0 39 14 bc 02 20 02 c0 .F.. p...9... ..
0690 - 89 4f b2 4c 96 14 71 d5-3c f7 b1 ec 4b 3a 77 ea .O.L..q.<...K:w.
06a0 - 92 68 95 ff 22 b8 18 50-4d e8 b3 af 7e 00 16 01 .h.."..PM...~...
06b0 - 01 00 4c 0c 00 00 48 00-46 30 44 02 20 6f 58 fa ..L...H.F0D. oX.
06c0 - 2d a8 28 bf 30 ee d4 a5-81 ca 1d 7f 15 4f da 08 -.(.0........O..
06d0 - d9 d4 fb 24 0c f1 2a d6-7f a7 62 df 3b 02 20 29 ...$..*...b.;. )
06e0 - 46 e1 4b 02 64 7e 1b fa-82 13 06 67 0a fa f3 fc F.K.d~.....g....
06f0 - af 53 f2 03 ab 0e a6 4c-6b fe 63 aa 2f 45 2f 16 .S.....Lk.c./E/.
0700 - 01 01 00 38 0d 00 00 34-02 01 40 00 2f 00 17 30 ...8...4..@./..0
0710 - 15 31 13 30 11 06 03 55-04 03 0c 0a 74 6c 63 70 .1.0...U....tlcp
0720 - 2d 69 6e 74 63 61 00 14-30 12 31 10 30 0e 06 03 -intca..0.1.0...
0730 - 55 04 03 0c 07 74 6c 63-70 2d 63 61 16 01 01 00 U....tlcp-ca....
0740 - 04 0e 00 00 00 .....
SSL_accept:SSLv3/TLS write server done
read from 0xab6040 [0xac3463] (5 bytes => 5 (0x5))
0000 - 16 01 01 06 58 ....X
read from 0xab6040 [0xac3468] (1624 bytes => 1624 (0x658))
0000 - 0b 00 06 54 00 06 51 00-01 95 30 82 01 91 30 82 ...T..Q...0...0.
0010 - 01 38 a0 03 02 01 02 02-14 18 89 0b 03 3e c3 e2 .8...........>..
0020 - db 6a 72 7f 8e fc da ba-7b bc 54 97 c8 30 0a 06 .jr.....{.T..0..
0030 - 08 2a 81 1c cf 55 01 83-75 30 15 31 13 30 11 06 .*...U..u0.1.0..
0040 - 03 55 04 03 0c 0a 74 6c-63 70 2d 69 6e 74 63 61 .U....tlcp-intca
0050 - 30 1e 17 0d 32 33 31 31-32 31 30 39 30 35 34 35 0...231121090545
0060 - 5a 17 0d 33 33 31 31 31-38 30 39 30 35 34 35 5a Z..331118090545Z
0070 - 30 1b 31 19 30 17 06 03-55 04 03 0c 10 74 6c 63 0.1.0...U....tlc
0080 - 70 2d 63 6c 69 65 6e 74-2d 73 69 67 6e 30 59 30 p-client-sign0Y0
0090 - 13 06 07 2a 86 48 ce 3d-02 01 06 08 2a 81 1c cf ...*.H.=....*...
00a0 - 55 01 82 2d 03 42 00 04-69 0f 51 f2 7a e0 8a 33 U..-.B..i.Q.z..3
00b0 - c2 be a4 a4 93 d2 cc 9a-3f 3a ee 46 6b 5d 18 09 ........?:.Fk]..
00c0 - f7 ec 20 04 f2 dc 88 af-8d 66 a0 33 04 24 7f f4 .. ......f.3.$..
00d0 - b2 02 6d 6d 65 40 cc b7-ed 9c d4 2e 17 3a d6 31 ..mme@.......:.1
00e0 - 22 2d aa 8e ba 91 8b fc-a3 60 30 5e 30 1d 06 03 "-.......`0^0...
00f0 - 55 1d 0e 04 16 04 14 9f-31 70 7b 41 8d 33 4a 4d U.......1p{A.3JM
0100 - 3d 1b 84 87 85 0a 6b 97-a3 ea fd 30 1f 06 03 55 =.....k....0...U
0110 - 1d 23 04 18 30 16 80 14-82 f9 96 07 d3 d7 62 71 .#..0.........bq
0120 - a4 17 2d d7 bb cf c7 8b-46 e4 c5 4b 30 0c 06 03 ..-.....F..K0...
0130 - 55 1d 13 01 01 ff 04 02-30 00 30 0e 06 03 55 1d U.......0.0...U.
0140 - 0f 01 01 ff 04 04 03 02-07 80 30 0a 06 08 2a 81 ..........0...*.
0150 - 1c cf 55 01 83 75 03 47-00 30 44 02 20 4f 73 7b ..U..u.G.0D. Os{
0160 - 63 a2 0d ac dd e1 dc 81-69 f5 1f 0a ed 65 37 fc c.......i....e7.
0170 - 3e a4 29 65 cc f8 d1 d7-58 28 c3 2f e1 02 20 3b >.)e....X(./.. ;
0180 - 2c 9c f6 45 e6 99 91 ec-fb b7 05 c0 3d 0a 90 94 ,..E........=...
0190 - 1f 31 8c 1f 7e 3f 21 dc-81 a6 7d 93 a0 0a d8 00 .1..~?!...}.....
01a0 - 01 94 30 82 01 90 30 82-01 37 a0 03 02 01 02 02 ..0...0..7......
01b0 - 14 18 89 0b 03 3e c3 e2-db 6a 72 7f 8e fc da ba .....>...jr.....
01c0 - 7b bc 54 97 c9 30 0a 06-08 2a 81 1c cf 55 01 83 {.T..0...*...U..
01d0 - 75 30 15 31 13 30 11 06-03 55 04 03 0c 0a 74 6c u0.1.0...U....tl
01e0 - 63 70 2d 69 6e 74 63 61-30 1e 17 0d 32 33 31 31 cp-intca0...2311
01f0 - 32 31 30 39 30 36 31 33-5a 17 0d 33 33 31 31 31 21090613Z..33111
0200 - 38 30 39 30 36 31 33 5a-30 1a 31 18 30 16 06 03 8090613Z0.1.0...
0210 - 55 04 03 0c 0f 74 6c 63-70 2d 63 6c 69 65 6e 74 U....tlcp-client
0220 - 2d 65 6e 63 30 59 30 13-06 07 2a 86 48 ce 3d 02 -enc0Y0...*.H.=.
0230 - 01 06 08 2a 81 1c cf 55-01 82 2d 03 42 00 04 ab ...*...U..-.B...
0240 - 86 72 71 a1 1e 74 7f c6-10 4b c8 c7 ca 42 72 0b .rq..t...K...Br.
0250 - b0 54 ad d1 41 2c ac 6a-e1 7c 44 a8 b0 e3 39 25 .T..A,.j.|D...9%
0260 - 31 f3 f4 7d 92 25 29 83-dd 85 ef 0e 38 6d 3c bc 1..}.%).....8m<.
0270 - 56 b2 6b 9e fe ed 06 66-2d f8 94 1a 28 44 cc a3 V.k....f-...(D..
0280 - 60 30 5e 30 1d 06 03 55-1d 0e 04 16 04 14 3d 36 `0^0...U......=6
0290 - 7d f8 02 30 a4 35 94 ea-4b c3 a9 ec 20 a2 74 a8 }..0.5..K... .t.
02a0 - 62 51 30 1f 06 03 55 1d-23 04 18 30 16 80 14 82 bQ0...U.#..0....
02b0 - f9 96 07 d3 d7 62 71 a4-17 2d d7 bb cf c7 8b 46 .....bq..-.....F
02c0 - e4 c5 4b 30 0c 06 03 55-1d 13 01 01 ff 04 02 30 ..K0...U.......0
02d0 - 00 30 0e 06 03 55 1d 0f-01 01 ff 04 04 03 02 03 .0...U..........
02e0 - 38 30 0a 06 08 2a 81 1c-cf 55 01 83 75 03 47 00 80...*...U..u.G.
02f0 - 30 44 02 20 24 7b 27 56-db cd 6e 2c 79 e2 45 dd 0D. ${'V..n,y.E.
0300 - 9e 37 f1 e0 f0 b3 f8 ca-43 b3 bb dd 2c de 05 31 .7......C...,..1
0310 - f6 da b6 03 02 20 26 6a-76 93 18 cf fc 4d a0 55 ..... &jv....M.U
0320 - 01 fb b6 d1 fd dc a4 7f-7b 99 0c 53 8e 32 42 21 ........{..S.2B!
0330 - bc 6e 2d 29 39 91 00 01-90 30 82 01 8c 30 82 01 .n-)9....0...0..
0340 - 32 a0 03 02 01 02 02 14-4e 21 67 7d 35 b4 1f 8d 2.......N!g}5...
0350 - 51 0f 83 aa e5 0d c3 92-32 4e 03 6d 30 0a 06 08 Q.......2N.m0...
0360 - 2a 81 1c cf 55 01 83 75-30 12 31 10 30 0e 06 03 *...U..u0.1.0...
0370 - 55 04 03 0c 07 74 6c 63-70 2d 63 61 30 1e 17 0d U....tlcp-ca0...
0380 - 32 33 31 31 32 31 30 39-30 31 30 31 5a 17 0d 33 231121090101Z..3
0390 - 33 31 31 31 38 30 39 30-31 30 31 5a 30 15 31 13 31118090101Z0.1.
03a0 - 30 11 06 03 55 04 03 0c-0a 74 6c 63 70 2d 69 6e 0...U....tlcp-in
03b0 - 74 63 61 30 59 30 13 06-07 2a 86 48 ce 3d 02 01 tca0Y0...*.H.=..
03c0 - 06 08 2a 81 1c cf 55 01-82 2d 03 42 00 04 bb 79 ..*...U..-.B...y
03d0 - 12 8a a3 14 ec 18 e4 c5-32 e7 93 4a 38 14 da 47 ........2..J8..G
03e0 - e4 9a c3 a7 d4 fe e5 64-61 9f 3e 62 71 ef 95 ba .......da.>bq...
03f0 - 38 24 89 c5 01 2c 4b f9-55 05 b6 28 8d 92 6e a9 8$...,K.U..(..n.
0400 - f1 56 af ba 96 a2 f9 2b-a5 4b d9 7c 1f 01 a3 63 .V.....+.K.|...c
0410 - 30 61 30 1d 06 03 55 1d-0e 04 16 04 14 82 f9 96 0a0...U.........
0420 - 07 d3 d7 62 71 a4 17 2d-d7 bb cf c7 8b 46 e4 c5 ...bq..-.....F..
0430 - 4b 30 1f 06 03 55 1d 23-04 18 30 16 80 14 f1 e9 K0...U.#..0.....
0440 - 02 d6 17 ea 59 01 17 96-17 85 1a 3e 6c 27 26 8e ....Y......>l'&.
0450 - dc b7 30 0f 06 03 55 1d-13 01 01 ff 04 05 30 03 ..0...U.......0.
0460 - 01 01 ff 30 0e 06 03 55-1d 0f 01 01 ff 04 04 03 ...0...U........
0470 - 02 01 86 30 0a 06 08 2a-81 1c cf 55 01 83 75 03 ...0...*...U..u.
0480 - 48 00 30 45 02 21 00 ab-d4 f4 db dd 37 98 bf f4 H.0E.!......7...
0490 - b2 e5 17 2a 8d a5 bc c3-37 09 71 75 1c 1b 4c f7 ...*....7.qu..L.
04a0 - bc 4f aa f7 86 b9 cc 02-20 22 b0 06 05 a4 a0 90 .O...... "......
04b0 - ff 2f 40 eb 7d b0 2d c9-ed 3a 18 2f f5 cb 73 ca ./@.}.-..:./..s.
04c0 - 62 58 3d 64 c4 ce 2f 72-7e 00 01 8c 30 82 01 88 bX=d../r~...0...
04d0 - 30 82 01 2f a0 03 02 01-02 02 14 2b bd 00 12 a9 0../.......+....
04e0 - 61 60 30 ed 75 b0 71 aa-aa 81 93 66 fb 03 11 30 a`0.u.q....f...0
04f0 - 0a 06 08 2a 81 1c cf 55-01 83 75 30 12 31 10 30 ...*...U..u0.1.0
0500 - 0e 06 03 55 04 03 0c 07-74 6c 63 70 2d 63 61 30 ...U....tlcp-ca0
0510 - 1e 17 0d 32 33 31 31 32-31 30 38 35 39 35 39 5a ...231121085959Z
0520 - 17 0d 33 33 31 31 31 38-30 38 35 39 35 39 5a 30 ..331118085959Z0
0530 - 12 31 10 30 0e 06 03 55-04 03 0c 07 74 6c 63 70 .1.0...U....tlcp
0540 - 2d 63 61 30 59 30 13 06-07 2a 86 48 ce 3d 02 01 -ca0Y0...*.H.=..
0550 - 06 08 2a 81 1c cf 55 01-82 2d 03 42 00 04 b9 be ..*...U..-.B....
0560 - 4e de 41 87 b5 58 b4 ca-01 54 52 b0 2e d1 00 55 N.A..X...TR....U
0570 - d9 98 d1 2e f7 17 94 53-01 36 d0 4f 64 8f fc e3 .......S.6.Od...
0580 - 63 be 7d 56 ed cb e8 a1-da 35 27 f5 61 06 2f 5a c.}V.....5'.a./Z
0590 - 49 43 5d 68 4b 27 d8 68-d1 88 ba ca 82 f7 a3 63 IC]hK'.h.......c
05a0 - 30 61 30 1d 06 03 55 1d-0e 04 16 04 14 f1 e9 02 0a0...U.........
05b0 - d6 17 ea 59 01 17 96 17-85 1a 3e 6c 27 26 8e dc ...Y......>l'&..
05c0 - b7 30 1f 06 03 55 1d 23-04 18 30 16 80 14 f1 e9 .0...U.#..0.....
05d0 - 02 d6 17 ea 59 01 17 96-17 85 1a 3e 6c 27 26 8e ....Y......>l'&.
05e0 - dc b7 30 0f 06 03 55 1d-13 01 01 ff 04 05 30 03 ..0...U.......0.
05f0 - 01 01 ff 30 0e 06 03 55-1d 0f 01 01 ff 04 04 03 ...0...U........
0600 - 02 01 86 30 0a 06 08 2a-81 1c cf 55 01 83 75 03 ...0...*...U..u.
0610 - 47 00 30 44 02 20 7e 90-66 ce 47 b0 f5 fb ce 17 G.0D. ~.f.G.....
0620 - 48 69 2f ae 69 04 89 80-3d 13 d9 46 1b a5 20 70 Hi/.i...=..F.. p
0630 - ce e2 b0 39 14 bc 02 20-02 c0 89 4f b2 4c 96 14 ...9... ...O.L..
0640 - 71 d5 3c f7 b1 ec 4b 3a-77 ea 92 68 95 ff 22 b8 q.<...K:w..h..".
0650 - 18 50 4d e8 b3 af 7e 00- .PM...~.
SSL_accept:SSLv3/TLS write server done
depth=2 CN = tlcp-ca
verify return:1
depth=1 CN = tlcp-intca
verify return:1
depth=0 CN = tlcp-client-enc
verify return:1
depth=2 CN = tlcp-ca
verify return:1
depth=1 CN = tlcp-intca
verify return:1
depth=0 CN = tlcp-client-sign
verify return:1
read from 0xab6040 [0xac3463] (5 bytes => 5 (0x5))
0000 - 16 01 01 00 a1 .....
read from 0xab6040 [0xac3468] (161 bytes => 161 (0xA1))
0000 - 10 00 00 9d 00 9b 30 81-98 02 20 2a 62 1c b7 bf ......0... *b...
0010 - b3 a4 ca 74 3e d0 63 4e-3d 23 45 d0 74 e8 21 60 ...t>.cN=#E.t.!`
0020 - 1c 80 04 3a 46 a5 bf 9a-e5 d7 07 02 20 3a 62 d3 ...:F....... :b.
0030 - 08 d4 9b ad b2 7d 73 55-aa 28 69 1f 8f 4d 16 a5 .....}sU.(i..M..
0040 - aa c8 73 34 e7 27 5b 18-8d 48 bf dc 9e 04 20 6f ..s4.'[..H.... o
0050 - 35 07 c4 f7 da 77 b6 d9-8d 95 56 92 9f 6b 44 e7 5....w....V..kD.
0060 - 5d 0f c6 80 e0 35 48 33-06 73 b9 9f 8d c5 05 04 ]....5H3.s......
0070 - 30 6a 5e fa dd e3 f8 b8-b8 b1 77 2c 9a 13 4e ce 0j^.......w,..N.
0080 - 76 ba 26 08 74 34 53 d6-a1 1c 34 90 a9 82 68 4e v.&.t4S...4...hN
0090 - a5 c3 4a 3e 04 6b b1 c7-07 b0 74 f5 91 8c ed f9 ..J>.k....t.....
00a0 - de .
SSL_accept:SSLv3/TLS read 开启双向认证后,gmssl客户端不能连接铜锁的服务端
johnshajiang
commented
11 months ago 从gmssl s_client的日志来看,
SSL_connect:SSLv3/TLS read server certificate request
SSL_connect:SSLv3/TLS read server done
SSL_connect:SSLv3/TLS write client certificate
SSL_connect:SSLv3/TLS write client key exchange
ssl_get_algorithm2=eb6208a008x
SSL_connect:SSLv3/TLS write certificate verify
SSL_connect:SSLv3/TLS write change cipher spec
SSL_connect:SSLv3/TLS write finished
SSL3 alert read:fatal:decrypt error
SSL_connect:error in SSLv3/TLS write finished
140110081791808:error:1409441B:SSL routines:ssl3_read_bytes:tlsv1 alert decrypt error:ssl/record/rec_layer_s3.c:1385:SSL alert number 51它这边是正常的,但Tongsuo那边报了decrypt error。
但Tongsuo s_server的日志,看着并不完整,没有看到错误。
不过,可能还是验证CertificateVerify的问题。
由于这种问题只出现在ClientAuth,那么还是推测使用的密钥对不正确。
而且刚才出现的问题,与Java程序和gmssl交互出现的问题是一样的,那么,依然推测是gmssl的问题。 所以,建议去gmssl那边问问。
johnshajiang
commented
11 months ago 由于这种问题只出现在ClientAuth,那么还是推测使用的密钥对不正确。
我只是怀疑,gmssl是用的加密证书对应的密钥对去签名/验证CertificateVerify。
只要它使用的规则是确定的,它自己交互肯定是没问题的。但与别人交互,还是可能有问题。
zhangshdn
commented
11 months ago 由于这种问题只出现在ClientAuth,那么还是推测使用的密钥对不正确。
我只是怀疑,gmssl是用的加密证书对应的密钥对去签名/验证
CertificateVerify。 只要它使用的规则是确定的,它自己交互肯定是没问题的。但与别人交互,还是可能有问题。
gmssl项目很长时间没人回复了。我们这边C++程序也出现问题了,gmssl集成asio,作为客户端,访问gmssl的服务端,开启ClientAuth就不通,单向认证就没问题
zhangshdn
commented
11 months ago gmssl命令如下:
gmssl s_server -debug -verify 2 -accept 15003 -key tlcp-server-sign.key -cert tlcp-server-sign.crt -dkey tlcp-server-enc.key -dcert tlcp-server-enc.crt -CAfile cas.pem铜锁命令如下:
openssl s_client -state -debug -connect 192.168.56.132:15003 -sign_key tlcp-client-sign.key -sign_cert tlcp-client-sign.crt -enc_cert tlcp-client-enc.crt -enc_key tlcp-client-enc.key -CAfile cas.pem -enable_ntls -ntlsCONNECTED(00000003)
SSL_connect:before SSL initialization
write to 0x1ff3be0 [0x20063d0] (72 bytes => 72 (0x48))
0000 - 16 01 01 00 43 01 00 00-3f 01 01 cc f5 69 08 99 ....C...?....i..
0010 - ea 3d e3 0e f6 db 5a 0b-60 64 1b d7 5a b9 94 b8 .=....Z.`d..Z...
0020 - 12 a0 f1 bb e2 28 86 90-af ed 5f 00 00 12 e0 53 .....(...._....S
0030 - e0 51 e0 5a e0 59 e0 13-e0 11 e0 1c e0 19 00 ff .Q.Z.Y..........
0040 - 01 00 00 04 00 23 00 00- .....#..
SSL_connect:SSLv3/TLS write client hello
read from 0x1ff3be0 [0x1ffd1b3] (5 bytes => 5 (0x5))
0000 - 16 01 01 00 2a ....*
read from 0x1ff3be0 [0x1ffd1b8] (42 bytes => 42 (0x2A))
0000 - 02 00 00 26 01 01 76 d9-4b 40 e4 86 d1 f5 2a be ...&..v.K@....*.
0010 - e6 3b fa 10 c1 cf f2 e9-e3 db 69 f0 e4 15 1e a3 .;........i.....
0020 - b9 ff 3d 5c d1 3f 00 e0-13 00 ..=\.?....
SSL_connect:SSLv3/TLS write client hello
Can't use SSL_get_servername
read from 0x1ff3be0 [0x1ffd1b3] (5 bytes => 5 (0x5))
0000 - 16 01 01 06 5a ....Z
read from 0x1ff3be0 [0x1ffd1b8] (1626 bytes => 1626 (0x65A))
0000 - 0b 00 06 56 00 06 53 00-01 97 30 82 01 93 30 82 ...V..S...0...0.
0010 - 01 38 a0 03 02 01 02 02-14 18 89 0b 03 3e c3 e2 .8...........>..
0020 - db 6a 72 7f 8e fc da ba-7b bc 54 97 c6 30 0a 06 .jr.....{.T..0..
0030 - 08 2a 81 1c cf 55 01 83-75 30 15 31 13 30 11 06 .*...U..u0.1.0..
0040 - 03 55 04 03 0c 0a 74 6c-63 70 2d 69 6e 74 63 61 .U....tlcp-intca
0050 - 30 1e 17 0d 32 33 31 31-32 31 30 39 30 34 31 34 0...231121090414
0060 - 5a 17 0d 33 33 31 31 31-38 30 39 30 34 31 34 5a Z..331118090414Z
0070 - 30 1b 31 19 30 17 06 03-55 04 03 0c 10 74 6c 63 0.1.0...U....tlc
0080 - 70 2d 73 65 72 76 65 72-2d 73 69 67 6e 30 59 30 p-server-sign0Y0
0090 - 13 06 07 2a 86 48 ce 3d-02 01 06 08 2a 81 1c cf ...*.H.=....*...
00a0 - 55 01 82 2d 03 42 00 04-c5 5d be 24 7d 20 90 6b U..-.B...].$} .k
00b0 - 7f 9b d6 04 4d d0 ce da-6c 6b b5 8c 5e 03 d0 31 ....M...lk..^..1
00c0 - 0c 01 cd b3 be 6a 31 42-08 85 e0 72 43 fa e5 82 .....j1B...rC...
00d0 - 51 12 85 09 54 aa 8a 08-f5 9c 2e 5b d9 c6 08 14 Q...T......[....
00e0 - 84 d0 59 c5 0f f6 ca 6f-a3 60 30 5e 30 1d 06 03 ..Y....o.`0^0...
00f0 - 55 1d 0e 04 16 04 14 07-e0 f5 35 78 53 af b7 70 U.........5xS..p
0100 - 86 20 11 e5 7c 0c 4d aa-85 cb 6c 30 1f 06 03 55 . ..|.M...l0...U
0110 - 1d 23 04 18 30 16 80 14-82 f9 96 07 d3 d7 62 71 .#..0.........bq
0120 - a4 17 2d d7 bb cf c7 8b-46 e4 c5 4b 30 0c 06 03 ..-.....F..K0...
0130 - 55 1d 13 01 01 ff 04 02-30 00 30 0e 06 03 55 1d U.......0.0...U.
0140 - 0f 01 01 ff 04 04 03 02-07 80 30 0a 06 08 2a 81 ..........0...*.
0150 - 1c cf 55 01 83 75 03 49-00 30 46 02 21 00 c4 58 ..U..u.I.0F.!..X
0160 - df 0e e9 be 33 20 15 c7-06 96 5a 81 82 f4 0f 4c ....3 ....Z....L
0170 - 00 c7 b0 4c ef df 92 00-04 23 51 f4 a5 0d 02 21 ...L.....#Q....!
0180 - 00 b0 81 04 fa 83 1a cf-11 73 87 a6 f9 63 11 b0 .........s...c..
0190 - af f6 c5 fb 3d e7 a0 f0-85 cc 02 4c 1f ca 37 68 ....=......L..7h
01a0 - cb 00 01 94 30 82 01 90-30 82 01 37 a0 03 02 01 ....0...0..7....
01b0 - 02 02 14 18 89 0b 03 3e-c3 e2 db 6a 72 7f 8e fc .......>...jr...
01c0 - da ba 7b bc 54 97 c7 30-0a 06 08 2a 81 1c cf 55 ..{.T..0...*...U
01d0 - 01 83 75 30 15 31 13 30-11 06 03 55 04 03 0c 0a ..u0.1.0...U....
01e0 - 74 6c 63 70 2d 69 6e 74-63 61 30 1e 17 0d 32 33 tlcp-intca0...23
01f0 - 31 31 32 31 30 39 30 35-30 38 5a 17 0d 33 33 31 1121090508Z..331
0200 - 31 31 38 30 39 30 35 30-38 5a 30 1a 31 18 30 16 118090508Z0.1.0.
0210 - 06 03 55 04 03 0c 0f 74-6c 63 70 2d 73 65 72 76 ..U....tlcp-serv
0220 - 65 72 2d 65 6e 63 30 59-30 13 06 07 2a 86 48 ce er-enc0Y0...*.H.
0230 - 3d 02 01 06 08 2a 81 1c-cf 55 01 82 2d 03 42 00 =....*...U..-.B.
0240 - 04 80 15 e8 42 30 8d 8c-94 67 9b cd 47 0d fd 80 ....B0...g..G...
0250 - 56 c7 54 d5 77 d5 d8 41-a3 ab a8 96 1a 4e 27 2f V.T.w..A.....N'/
0260 - 20 57 5e 08 8d 74 21 2b-5f 9f 4a 4a 0a a8 09 05 W^..t!+_.JJ....
0270 - b6 55 2b c4 1b ba 41 ce-a6 61 15 8f 82 28 9a 05 .U+...A..a...(..
0280 - b6 a3 60 30 5e 30 1d 06-03 55 1d 0e 04 16 04 14 ..`0^0...U......
0290 - e0 61 9c f0 77 b9 3e aa-28 34 b7 69 2d 50 33 86 .a..w.>.(4.i-P3.
02a0 - 38 fb eb 49 30 1f 06 03-55 1d 23 04 18 30 16 80 8..I0...U.#..0..
02b0 - 14 82 f9 96 07 d3 d7 62-71 a4 17 2d d7 bb cf c7 .......bq..-....
02c0 - 8b 46 e4 c5 4b 30 0c 06-03 55 1d 13 01 01 ff 04 .F..K0...U......
02d0 - 02 30 00 30 0e 06 03 55-1d 0f 01 01 ff 04 04 03 .0.0...U........
02e0 - 02 03 38 30 0a 06 08 2a-81 1c cf 55 01 83 75 03 ..80...*...U..u.
02f0 - 47 00 30 44 02 20 5f 2e-4f b4 cf 2f 38 c5 44 13 G.0D. _.O../8.D.
0300 - 44 52 a9 bd 1f b2 21 85-5c ee 20 e8 ad bd 3b f1 DR....!.\. ...;.
0310 - 4d 00 fa 2e 9c 37 02 20-36 4e 26 ac 1f 51 64 71 M....7. 6N&..Qdq
0320 - d6 63 29 ee fa 6a 0c ef-26 c5 9f d2 22 98 7a 70 .c)..j..&...".zp
0330 - 1e 73 a9 a5 7a 1b 5f bb-00 01 90 30 82 01 8c 30 .s..z._....0...0
0340 - 82 01 32 a0 03 02 01 02-02 14 4e 21 67 7d 35 b4 ..2.......N!g}5.
0350 - 1f 8d 51 0f 83 aa e5 0d-c3 92 32 4e 03 6d 30 0a ..Q.......2N.m0.
0360 - 06 08 2a 81 1c cf 55 01-83 75 30 12 31 10 30 0e ..*...U..u0.1.0.
0370 - 06 03 55 04 03 0c 07 74-6c 63 70 2d 63 61 30 1e ..U....tlcp-ca0.
0380 - 17 0d 32 33 31 31 32 31-30 39 30 31 30 31 5a 17 ..231121090101Z.
0390 - 0d 33 33 31 31 31 38 30-39 30 31 30 31 5a 30 15 .331118090101Z0.
03a0 - 31 13 30 11 06 03 55 04-03 0c 0a 74 6c 63 70 2d 1.0...U....tlcp-
03b0 - 69 6e 74 63 61 30 59 30-13 06 07 2a 86 48 ce 3d intca0Y0...*.H.=
03c0 - 02 01 06 08 2a 81 1c cf-55 01 82 2d 03 42 00 04 ....*...U..-.B..
03d0 - bb 79 12 8a a3 14 ec 18-e4 c5 32 e7 93 4a 38 14 .y........2..J8.
03e0 - da 47 e4 9a c3 a7 d4 fe-e5 64 61 9f 3e 62 71 ef .G.......da.>bq.
03f0 - 95 ba 38 24 89 c5 01 2c-4b f9 55 05 b6 28 8d 92 ..8$...,K.U..(..
0400 - 6e a9 f1 56 af ba 96 a2-f9 2b a5 4b d9 7c 1f 01 n..V.....+.K.|..
0410 - a3 63 30 61 30 1d 06 03-55 1d 0e 04 16 04 14 82 .c0a0...U.......
0420 - f9 96 07 d3 d7 62 71 a4-17 2d d7 bb cf c7 8b 46 .....bq..-.....F
0430 - e4 c5 4b 30 1f 06 03 55-1d 23 04 18 30 16 80 14 ..K0...U.#..0...
0440 - f1 e9 02 d6 17 ea 59 01-17 96 17 85 1a 3e 6c 27 ......Y......>l'
0450 - 26 8e dc b7 30 0f 06 03-55 1d 13 01 01 ff 04 05 &...0...U.......
0460 - 30 03 01 01 ff 30 0e 06-03 55 1d 0f 01 01 ff 04 0....0...U......
0470 - 04 03 02 01 86 30 0a 06-08 2a 81 1c cf 55 01 83 .....0...*...U..
0480 - 75 03 48 00 30 45 02 21-00 ab d4 f4 db dd 37 98 u.H.0E.!......7.
0490 - bf f4 b2 e5 17 2a 8d a5-bc c3 37 09 71 75 1c 1b .....*....7.qu..
04a0 - 4c f7 bc 4f aa f7 86 b9-cc 02 20 22 b0 06 05 a4 L..O...... "....
04b0 - a0 90 ff 2f 40 eb 7d b0-2d c9 ed 3a 18 2f f5 cb .../@.}.-..:./..
04c0 - 73 ca 62 58 3d 64 c4 ce-2f 72 7e 00 01 8c 30 82 s.bX=d../r~...0.
04d0 - 01 88 30 82 01 2f a0 03-02 01 02 02 14 2b bd 00 ..0../.......+..
04e0 - 12 a9 61 60 30 ed 75 b0-71 aa aa 81 93 66 fb 03 ..a`0.u.q....f..
04f0 - 11 30 0a 06 08 2a 81 1c-cf 55 01 83 75 30 12 31 .0...*...U..u0.1
0500 - 10 30 0e 06 03 55 04 03-0c 07 74 6c 63 70 2d 63 .0...U....tlcp-c
0510 - 61 30 1e 17 0d 32 33 31-31 32 31 30 38 35 39 35 a0...23112108595
0520 - 39 5a 17 0d 33 33 31 31-31 38 30 38 35 39 35 39 9Z..331118085959
0530 - 5a 30 12 31 10 30 0e 06-03 55 04 03 0c 07 74 6c Z0.1.0...U....tl
0540 - 63 70 2d 63 61 30 59 30-13 06 07 2a 86 48 ce 3d cp-ca0Y0...*.H.=
0550 - 02 01 06 08 2a 81 1c cf-55 01 82 2d 03 42 00 04 ....*...U..-.B..
0560 - b9 be 4e de 41 87 b5 58-b4 ca 01 54 52 b0 2e d1 ..N.A..X...TR...
0570 - 00 55 d9 98 d1 2e f7 17-94 53 01 36 d0 4f 64 8f .U.......S.6.Od.
0580 - fc e3 63 be 7d 56 ed cb-e8 a1 da 35 27 f5 61 06 ..c.}V.....5'.a.
0590 - 2f 5a 49 43 5d 68 4b 27-d8 68 d1 88 ba ca 82 f7 /ZIC]hK'.h......
05a0 - a3 63 30 61 30 1d 06 03-55 1d 0e 04 16 04 14 f1 .c0a0...U.......
05b0 - e9 02 d6 17 ea 59 01 17-96 17 85 1a 3e 6c 27 26 .....Y......>l'&
05c0 - 8e dc b7 30 1f 06 03 55-1d 23 04 18 30 16 80 14 ...0...U.#..0...
05d0 - f1 e9 02 d6 17 ea 59 01-17 96 17 85 1a 3e 6c 27 ......Y......>l'
05e0 - 26 8e dc b7 30 0f 06 03-55 1d 13 01 01 ff 04 05 &...0...U.......
05f0 - 30 03 01 01 ff 30 0e 06-03 55 1d 0f 01 01 ff 04 0....0...U......
0600 - 04 03 02 01 86 30 0a 06-08 2a 81 1c cf 55 01 83 .....0...*...U..
0610 - 75 03 47 00 30 44 02 20-7e 90 66 ce 47 b0 f5 fb u.G.0D. ~.f.G...
0620 - ce 17 48 69 2f ae 69 04-89 80 3d 13 d9 46 1b a5 ..Hi/.i...=..F..
0630 - 20 70 ce e2 b0 39 14 bc-02 20 02 c0 89 4f b2 4c p...9... ...O.L
0640 - 96 14 71 d5 3c f7 b1 ec-4b 3a 77 ea 92 68 95 ff ..q.<...K:w..h..
0650 - 22 b8 18 50 4d e8 b3 af-7e 00 "..PM...~.
SSL_connect:SSLv3/TLS read server hello
depth=2 CN = tlcp-ca
verify return:1
depth=1 CN = tlcp-intca
verify return:1
depth=0 CN = tlcp-server-enc
verify return:1
depth=2 CN = tlcp-ca
verify return:1
depth=1 CN = tlcp-intca
verify return:1
depth=0 CN = tlcp-server-sign
verify return:1
read from 0x1ff3be0 [0x1ffd1b3] (5 bytes => 5 (0x5))
0000 - 16 01 01 00 4e ....N
read from 0x1ff3be0 [0x1ffd1b8] (78 bytes => 78 (0x4E))
0000 - 0c 00 00 4a 00 48 30 46-02 21 00 cf 19 58 4a 25 ...J.H0F.!...XJ%
0010 - de b3 97 1e 28 46 dd dd-20 aa 17 61 89 29 26 4b ....(F.. ..a.)&K
0020 - 43 65 38 5b c4 16 cc 54-fe 7b c2 02 21 00 f2 93 Ce8[...T.{..!...
0030 - 1f 43 56 68 27 41 fa 3a-e8 fd 6c 67 2b 20 19 aa .CVh'A.:..lg+ ..
0040 - d9 a2 b0 1d de 1f de 80-3e 7a 13 cd 27 3c ........>z..'<
SSL_connect:SSLv3/TLS read server certificate
read from 0x1ff3be0 [0x1ffd1b3] (5 bytes => 5 (0x5))
0000 - 16 01 01 00 38 ....8
read from 0x1ff3be0 [0x1ffd1b8] (56 bytes => 56 (0x38))
0000 - 0d 00 00 34 02 01 02 00-2f 00 17 30 15 31 13 30 ...4..../..0.1.0
0010 - 11 06 03 55 04 03 0c 0a-74 6c 63 70 2d 69 6e 74 ...U....tlcp-int
0020 - 63 61 00 14 30 12 31 10-30 0e 06 03 55 04 03 0c ca..0.1.0...U...
0030 - 07 74 6c 63 70 2d 63 61- .tlcp-ca
SSL_connect:SSLv3/TLS read server key exchange
read from 0x1ff3be0 [0x1ffd1b3] (5 bytes => 5 (0x5))
0000 - 16 01 01 00 04 .....
read from 0x1ff3be0 [0x1ffd1b8] (4 bytes => 4 (0x4))
0000 - 0e 00 00 00 ....
SSL_connect:SSLv3/TLS read server certificate request
SSL_connect:SSLv3/TLS read server done
SSL_connect:SSLv3/TLS write client certificate
SSL_connect:SSLv3/TLS write client key exchange
SSL_connect:SSLv3/TLS write certificate verify
SSL_connect:SSLv3/TLS write change cipher spec
write to 0x1ff3be0 [0x20063d0] (1970 bytes => 1970 (0x7B2))
0000 - 16 01 01 06 58 0b 00 06-54 00 06 51 00 01 95 30 ....X...T..Q...0
0010 - 82 01 91 30 82 01 38 a0-03 02 01 02 02 14 18 89 ...0..8.........
0020 - 0b 03 3e c3 e2 db 6a 72-7f 8e fc da ba 7b bc 54 ..>...jr.....{.T
0030 - 97 c8 30 0a 06 08 2a 81-1c cf 55 01 83 75 30 15 ..0...*...U..u0.
0040 - 31 13 30 11 06 03 55 04-03 0c 0a 74 6c 63 70 2d 1.0...U....tlcp-
0050 - 69 6e 74 63 61 30 1e 17-0d 32 33 31 31 32 31 30 intca0...2311210
0060 - 39 30 35 34 35 5a 17 0d-33 33 31 31 31 38 30 39 90545Z..33111809
0070 - 30 35 34 35 5a 30 1b 31-19 30 17 06 03 55 04 03 0545Z0.1.0...U..
0080 - 0c 10 74 6c 63 70 2d 63-6c 69 65 6e 74 2d 73 69 ..tlcp-client-si
0090 - 67 6e 30 59 30 13 06 07-2a 86 48 ce 3d 02 01 06 gn0Y0...*.H.=...
00a0 - 08 2a 81 1c cf 55 01 82-2d 03 42 00 04 69 0f 51 .*...U..-.B..i.Q
00b0 - f2 7a e0 8a 33 c2 be a4-a4 93 d2 cc 9a 3f 3a ee .z..3........?:.
00c0 - 46 6b 5d 18 09 f7 ec 20-04 f2 dc 88 af 8d 66 a0 Fk].... ......f.
00d0 - 33 04 24 7f f4 b2 02 6d-6d 65 40 cc b7 ed 9c d4 3.$....mme@.....
00e0 - 2e 17 3a d6 31 22 2d aa-8e ba 91 8b fc a3 60 30 ..:.1"-.......`0
00f0 - 5e 30 1d 06 03 55 1d 0e-04 16 04 14 9f 31 70 7b ^0...U.......1p{
0100 - 41 8d 33 4a 4d 3d 1b 84-87 85 0a 6b 97 a3 ea fd A.3JM=.....k....
0110 - 30 1f 06 03 55 1d 23 04-18 30 16 80 14 82 f9 96 0...U.#..0......
0120 - 07 d3 d7 62 71 a4 17 2d-d7 bb cf c7 8b 46 e4 c5 ...bq..-.....F..
0130 - 4b 30 0c 06 03 55 1d 13-01 01 ff 04 02 30 00 30 K0...U.......0.0
0140 - 0e 06 03 55 1d 0f 01 01-ff 04 04 03 02 07 80 30 ...U...........0
0150 - 0a 06 08 2a 81 1c cf 55-01 83 75 03 47 00 30 44 ...*...U..u.G.0D
0160 - 02 20 4f 73 7b 63 a2 0d-ac dd e1 dc 81 69 f5 1f . Os{c.......i..
0170 - 0a ed 65 37 fc 3e a4 29-65 cc f8 d1 d7 58 28 c3 ..e7.>.)e....X(.
0180 - 2f e1 02 20 3b 2c 9c f6-45 e6 99 91 ec fb b7 05 /.. ;,..E.......
0190 - c0 3d 0a 90 94 1f 31 8c-1f 7e 3f 21 dc 81 a6 7d .=....1..~?!...}
01a0 - 93 a0 0a d8 00 01 94 30-82 01 90 30 82 01 37 a0 .......0...0..7.
01b0 - 03 02 01 02 02 14 18 89-0b 03 3e c3 e2 db 6a 72 ..........>...jr
01c0 - 7f 8e fc da ba 7b bc 54-97 c9 30 0a 06 08 2a 81 .....{.T..0...*.
01d0 - 1c cf 55 01 83 75 30 15-31 13 30 11 06 03 55 04 ..U..u0.1.0...U.
01e0 - 03 0c 0a 74 6c 63 70 2d-69 6e 74 63 61 30 1e 17 ...tlcp-intca0..
01f0 - 0d 32 33 31 31 32 31 30-39 30 36 31 33 5a 17 0d .231121090613Z..
0200 - 33 33 31 31 31 38 30 39-30 36 31 33 5a 30 1a 31 331118090613Z0.1
0210 - 18 30 16 06 03 55 04 03-0c 0f 74 6c 63 70 2d 63 .0...U....tlcp-c
0220 - 6c 69 65 6e 74 2d 65 6e-63 30 59 30 13 06 07 2a lient-enc0Y0...*
0230 - 86 48 ce 3d 02 01 06 08-2a 81 1c cf 55 01 82 2d .H.=....*...U..-
0240 - 03 42 00 04 ab 86 72 71-a1 1e 74 7f c6 10 4b c8 .B....rq..t...K.
0250 - c7 ca 42 72 0b b0 54 ad-d1 41 2c ac 6a e1 7c 44 ..Br..T..A,.j.|D
0260 - a8 b0 e3 39 25 31 f3 f4-7d 92 25 29 83 dd 85 ef ...9%1..}.%)....
0270 - 0e 38 6d 3c bc 56 b2 6b-9e fe ed 06 66 2d f8 94 .8m<.V.k....f-..
0280 - 1a 28 44 cc a3 60 30 5e-30 1d 06 03 55 1d 0e 04 .(D..`0^0...U...
0290 - 16 04 14 3d 36 7d f8 02-30 a4 35 94 ea 4b c3 a9 ...=6}..0.5..K..
02a0 - ec 20 a2 74 a8 62 51 30-1f 06 03 55 1d 23 04 18 . .t.bQ0...U.#..
02b0 - 30 16 80 14 82 f9 96 07-d3 d7 62 71 a4 17 2d d7 0.........bq..-.
02c0 - bb cf c7 8b 46 e4 c5 4b-30 0c 06 03 55 1d 13 01 ....F..K0...U...
02d0 - 01 ff 04 02 30 00 30 0e-06 03 55 1d 0f 01 01 ff ....0.0...U.....
02e0 - 04 04 03 02 03 38 30 0a-06 08 2a 81 1c cf 55 01 .....80...*...U.
02f0 - 83 75 03 47 00 30 44 02-20 24 7b 27 56 db cd 6e .u.G.0D. ${'V..n
0300 - 2c 79 e2 45 dd 9e 37 f1-e0 f0 b3 f8 ca 43 b3 bb ,y.E..7......C..
0310 - dd 2c de 05 31 f6 da b6-03 02 20 26 6a 76 93 18 .,..1..... &jv..
0320 - cf fc 4d a0 55 01 fb b6-d1 fd dc a4 7f 7b 99 0c ..M.U........{..
0330 - 53 8e 32 42 21 bc 6e 2d-29 39 91 00 01 90 30 82 S.2B!.n-)9....0.
0340 - 01 8c 30 82 01 32 a0 03-02 01 02 02 14 4e 21 67 ..0..2.......N!g
0350 - 7d 35 b4 1f 8d 51 0f 83-aa e5 0d c3 92 32 4e 03 }5...Q.......2N.
0360 - 6d 30 0a 06 08 2a 81 1c-cf 55 01 83 75 30 12 31 m0...*...U..u0.1
0370 - 10 30 0e 06 03 55 04 03-0c 07 74 6c 63 70 2d 63 .0...U....tlcp-c
0380 - 61 30 1e 17 0d 32 33 31-31 32 31 30 39 30 31 30 a0...23112109010
0390 - 31 5a 17 0d 33 33 31 31-31 38 30 39 30 31 30 31 1Z..331118090101
03a0 - 5a 30 15 31 13 30 11 06-03 55 04 03 0c 0a 74 6c Z0.1.0...U....tl
03b0 - 63 70 2d 69 6e 74 63 61-30 59 30 13 06 07 2a 86 cp-intca0Y0...*.
03c0 - 48 ce 3d 02 01 06 08 2a-81 1c cf 55 01 82 2d 03 H.=....*...U..-.
03d0 - 42 00 04 bb 79 12 8a a3-14 ec 18 e4 c5 32 e7 93 B...y........2..
03e0 - 4a 38 14 da 47 e4 9a c3-a7 d4 fe e5 64 61 9f 3e J8..G.......da.>
03f0 - 62 71 ef 95 ba 38 24 89-c5 01 2c 4b f9 55 05 b6 bq...8$...,K.U..
0400 - 28 8d 92 6e a9 f1 56 af-ba 96 a2 f9 2b a5 4b d9 (..n..V.....+.K.
0410 - 7c 1f 01 a3 63 30 61 30-1d 06 03 55 1d 0e 04 16 |...c0a0...U....
0420 - 04 14 82 f9 96 07 d3 d7-62 71 a4 17 2d d7 bb cf ........bq..-...
0430 - c7 8b 46 e4 c5 4b 30 1f-06 03 55 1d 23 04 18 30 ..F..K0...U.#..0
0440 - 16 80 14 f1 e9 02 d6 17-ea 59 01 17 96 17 85 1a .........Y......
0450 - 3e 6c 27 26 8e dc b7 30-0f 06 03 55 1d 13 01 01 >l'&...0...U....
0460 - ff 04 05 30 03 01 01 ff-30 0e 06 03 55 1d 0f 01 ...0....0...U...
0470 - 01 ff 04 04 03 02 01 86-30 0a 06 08 2a 81 1c cf ........0...*...
0480 - 55 01 83 75 03 48 00 30-45 02 21 00 ab d4 f4 db U..u.H.0E.!.....
0490 - dd 37 98 bf f4 b2 e5 17-2a 8d a5 bc c3 37 09 71 .7......*....7.q
04a0 - 75 1c 1b 4c f7 bc 4f aa-f7 86 b9 cc 02 20 22 b0 u..L..O...... ".
04b0 - 06 05 a4 a0 90 ff 2f 40-eb 7d b0 2d c9 ed 3a 18 ....../@.}.-..:.
04c0 - 2f f5 cb 73 ca 62 58 3d-64 c4 ce 2f 72 7e 00 01 /..s.bX=d../r~..
04d0 - 8c 30 82 01 88 30 82 01-2f a0 03 02 01 02 02 14 .0...0../.......
04e0 - 2b bd 00 12 a9 61 60 30-ed 75 b0 71 aa aa 81 93 +....a`0.u.q....
04f0 - 66 fb 03 11 30 0a 06 08-2a 81 1c cf 55 01 83 75 f...0...*...U..u
0500 - 30 12 31 10 30 0e 06 03-55 04 03 0c 07 74 6c 63 0.1.0...U....tlc
0510 - 70 2d 63 61 30 1e 17 0d-32 33 31 31 32 31 30 38 p-ca0...23112108
0520 - 35 39 35 39 5a 17 0d 33-33 31 31 31 38 30 38 35 5959Z..331118085
0530 - 39 35 39 5a 30 12 31 10-30 0e 06 03 55 04 03 0c 959Z0.1.0...U...
0540 - 07 74 6c 63 70 2d 63 61-30 59 30 13 06 07 2a 86 .tlcp-ca0Y0...*.
0550 - 48 ce 3d 02 01 06 08 2a-81 1c cf 55 01 82 2d 03 H.=....*...U..-.
0560 - 42 00 04 b9 be 4e de 41-87 b5 58 b4 ca 01 54 52 B....N.A..X...TR
0570 - b0 2e d1 00 55 d9 98 d1-2e f7 17 94 53 01 36 d0 ....U.......S.6.
0580 - 4f 64 8f fc e3 63 be 7d-56 ed cb e8 a1 da 35 27 Od...c.}V.....5'
0590 - f5 61 06 2f 5a 49 43 5d-68 4b 27 d8 68 d1 88 ba .a./ZIC]hK'.h...
05a0 - ca 82 f7 a3 63 30 61 30-1d 06 03 55 1d 0e 04 16 ....c0a0...U....
05b0 - 04 14 f1 e9 02 d6 17 ea-59 01 17 96 17 85 1a 3e ........Y......>
05c0 - 6c 27 26 8e dc b7 30 1f-06 03 55 1d 23 04 18 30 l'&...0...U.#..0
05d0 - 16 80 14 f1 e9 02 d6 17-ea 59 01 17 96 17 85 1a .........Y......
05e0 - 3e 6c 27 26 8e dc b7 30-0f 06 03 55 1d 13 01 01 >l'&...0...U....
05f0 - ff 04 05 30 03 01 01 ff-30 0e 06 03 55 1d 0f 01 ...0....0...U...
0600 - 01 ff 04 04 03 02 01 86-30 0a 06 08 2a 81 1c cf ........0...*...
0610 - 55 01 83 75 03 47 00 30-44 02 20 7e 90 66 ce 47 U..u.G.0D. ~.f.G
0620 - b0 f5 fb ce 17 48 69 2f-ae 69 04 89 80 3d 13 d9 .....Hi/.i...=..
0630 - 46 1b a5 20 70 ce e2 b0-39 14 bc 02 20 02 c0 89 F.. p...9... ...
0640 - 4f b2 4c 96 14 71 d5 3c-f7 b1 ec 4b 3a 77 ea 92 O.L..q.<...K:w..
0650 - 68 95 ff 22 b8 18 50 4d-e8 b3 af 7e 00 16 01 01 h.."..PM...~....
0660 - 00 a3 10 00 00 9f 00 9d-30 81 9a 02 21 00 9b e4 ........0...!...
0670 - 36 ce 57 db be 7e d2 c2-4c 42 2c 59 2e ed e4 60 6.W..~..LB,Y...`
0680 - 6f 19 59 5b f7 cc 5f 6c-ee 9e b6 61 73 4f 02 21 o.Y[.._l...asO.!
0690 - 00 fe 78 40 86 e0 e9 e2-8f fa 9a 4a 7d c9 cb 8a ..x@.......J}...
06a0 - 76 77 90 52 fa 51 9e 68-28 2b fb 4b ae 77 28 ae vw.R.Q.h(+.K.w(.
06b0 - 35 04 20 45 44 3b e5 a1-30 67 0e 33 32 32 04 65 5. ED;..0g.322.e
06c0 - 3c 58 30 68 8b d0 a2 4b-48 b5 11 bb 15 2c ae ec <X0h...KH....,..
06d0 - 93 11 1b 04 30 55 06 cf-e7 14 f5 b9 7e 10 0a c0 ....0U......~...
06e0 - 7a af fa 1a f3 35 af 81-79 01 fc 82 b4 b7 da ab z....5..y.......
06f0 - 40 6a 2e 3d 5b ff 7a 65-d5 1b f8 68 83 ca 5b 35 @j.=[.ze...h..[5
0700 - 9b 11 9d a8 16 16 01 01-00 4d 0f 00 00 49 00 47 .........M...I.G
0710 - 30 45 02 20 7c 6c 9d d4-15 10 49 91 43 ed 3c 0e 0E. |l....I.C.<.
0720 - be d1 3e e1 7c 65 b8 f0-fe 35 8e 99 6a 4f 65 8a ..>.|e...5..jOe.
0730 - e9 8c e4 5e 02 21 00 bc-53 00 a6 48 ea 68 5b 17 ...^.!..S..H.h[.
0740 - 8c ed a1 14 06 b4 3e ec-2d c4 7e 73 77 67 98 6d ......>.-.~swg.m
0750 - f2 34 36 64 31 33 8a 14-01 01 00 01 01 16 01 01 .46d13..........
0760 - 00 50 b8 15 0c de 56 35-f3 b4 5e c0 6c 40 04 93 .P....V5..^.l@..
0770 - d0 44 8f 34 48 ed 55 77-8a e1 c1 50 04 27 b8 12 .D.4H.Uw...P.'..
0780 - 8e fd 9b 2d b1 53 1e eb-ef 27 c0 68 c7 c8 73 6f ...-.S...'.h..so
0790 - ad d8 41 df 63 c2 6b 72-03 81 30 60 dd b8 bc e7 ..A.c.kr..0`....
07a0 - 09 a4 38 ea 13 93 6a ba-58 62 68 59 4b a1 3d b5 ..8...j.XbhYK.=.
07b0 - 0e fb ..
SSL_connect:SSLv3/TLS write finished
read from 0x1ff3be0 [0x1ffd1b3] (5 bytes => 5 (0x5))
0000 - 15 01 01 00 02 .....
read from 0x1ff3be0 [0x1ffd1b8] (2 bytes => 2 (0x2))
0000 - 02 33 .3
SSL3 alert read:fatal:decrypt error
SSL_connect:error in error
140092231092032:error:1409441B:SSL routines:ssl3_read_bytes:tlsv1 alert decrypt error:ssl/record/rec_layer_s3.c:1548:SSL alert number 51
---
Certificate chain
0 s:CN = tlcp-server-sign
i:CN = tlcp-intca
1 s:CN = tlcp-server-enc
i:CN = tlcp-intca
2 s:CN = tlcp-intca
i:CN = tlcp-ca
3 s:CN = tlcp-ca
i:CN = tlcp-ca
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIBkzCCATigAwIBAgIUGIkLAz7D4ttqcn+O/Nq6e7xUl8YwCgYIKoEcz1UBg3Uw
FTETMBEGA1UEAwwKdGxjcC1pbnRjYTAeFw0yMzExMjEwOTA0MTRaFw0zMzExMTgw
OTA0MTRaMBsxGTAXBgNVBAMMEHRsY3Atc2VydmVyLXNpZ24wWTATBgcqhkjOPQIB
BggqgRzPVQGCLQNCAATFXb4kfSCQa3+b1gRN0M7abGu1jF4D0DEMAc2zvmoxQgiF
4HJD+uWCURKFCVSqigj1nC5b2cYIFITQWcUP9spvo2AwXjAdBgNVHQ4EFgQUB+D1
NXhTr7dwhiAR5XwMTaqFy2wwHwYDVR0jBBgwFoAUgvmWB9PXYnGkFy3Xu8/Hi0bk
xUswDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCB4AwCgYIKoEcz1UBg3UDSQAw
RgIhAMRY3w7pvjMgFccGllqBgvQPTADHsEzv35IABCNR9KUNAiEAsIEE+oMazxFz
h6b5YxGwr/bF+z3noPCFzAJMH8o3aMs=
-----END CERTIFICATE-----
subject=CN = tlcp-server-sign
issuer=CN = tlcp-intca
---
Acceptable client certificate CA names
CN = tlcp-intca
CN = tlcp-ca
Client Certificate Types: RSA sign, DSA sign
---
SSL handshake has read 1838 bytes and written 2042 bytes
Verification: OK
---
New, NTLSv1.1, Cipher is ECC-SM2-SM4-CBC-SM3
Server public key is 256 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : NTLSv1.1
Cipher : ECC-SM2-SM4-CBC-SM3
Session-ID:
Session-ID-ctx:
Master-Key: 5BBBDE83D5210923505E97DA33E5CBC1CC0E48C76ABA655201EAB2ED5225BCF69F6F2A29D78753D589C43D3B4F20DD12
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1700627344
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
QUIC: no
---
read from 0x1ff3be0 [0x1fe1430] (8192 bytes => -1 (0xFFFFFFFFFFFFFFFF))read from 0xae9da0 [0xaf8d33] (5 bytes => 5 (0x5))
0000 - 16 01 01 00 43 ....C
read from 0xae9da0 [0xaf8d38] (67 bytes => 67 (0x43))
0000 - 01 00 00 3f 01 01 a2 45-bc ab af ad ed 51 44 86 ...?...E.....QD.
0010 - 33 4a d9 16 13 e1 4a 9a-45 31 be a3 bb 81 ae d9 3J....J.E1......
0020 - 4a 8d 65 65 13 f7 00 00-12 e0 53 e0 51 e0 5a e0 J.ee......S.Q.Z.
0030 - 59 e0 13 e0 11 e0 1c e0-19 00 ff 01 00 00 04 00 Y...............
0040 - 23 #
0043 - <SPACES/NULS>
write to 0xae9da0 [0xb01f50] (1830 bytes => 1830 (0x726))
0000 - 16 01 01 00 2a 02 00 00-26 01 01 94 0e c3 70 0d ....*...&.....p.
0010 - fb a5 b4 08 41 cb 5b b5-3c 28 3e ea e6 76 03 1a ....A.[.<(>..v..
0020 - ae 53 76 f0 e3 f9 cc 20-2d 79 55 00 e0 13 00 16 .Sv.... -yU.....
0030 - 01 01 06 5a 0b 00 06 56-00 06 53 00 01 97 30 82 ...Z...V..S...0.
0040 - 01 93 30 82 01 38 a0 03-02 01 02 02 14 18 89 0b ..0..8..........
0050 - 03 3e c3 e2 db 6a 72 7f-8e fc da ba 7b bc 54 97 .>...jr.....{.T.
0060 - c6 30 0a 06 08 2a 81 1c-cf 55 01 83 75 30 15 31 .0...*...U..u0.1
0070 - 13 30 11 06 03 55 04 03-0c 0a 74 6c 63 70 2d 69 .0...U....tlcp-i
0080 - 6e 74 63 61 30 1e 17 0d-32 33 31 31 32 31 30 39 ntca0...23112109
0090 - 30 34 31 34 5a 17 0d 33-33 31 31 31 38 30 39 30 0414Z..331118090
00a0 - 34 31 34 5a 30 1b 31 19-30 17 06 03 55 04 03 0c 414Z0.1.0...U...
00b0 - 10 74 6c 63 70 2d 73 65-72 76 65 72 2d 73 69 67 .tlcp-server-sig
00c0 - 6e 30 59 30 13 06 07 2a-86 48 ce 3d 02 01 06 08 n0Y0...*.H.=....
00d0 - 2a 81 1c cf 55 01 82 2d-03 42 00 04 c5 5d be 24 *...U..-.B...].$
00e0 - 7d 20 90 6b 7f 9b d6 04-4d d0 ce da 6c 6b b5 8c } .k....M...lk..
00f0 - 5e 03 d0 31 0c 01 cd b3-be 6a 31 42 08 85 e0 72 ^..1.....j1B...r
0100 - 43 fa e5 82 51 12 85 09-54 aa 8a 08 f5 9c 2e 5b C...Q...T......[
0110 - d9 c6 08 14 84 d0 59 c5-0f f6 ca 6f a3 60 30 5e ......Y....o.`0^
0120 - 30 1d 06 03 55 1d 0e 04-16 04 14 07 e0 f5 35 78 0...U.........5x
0130 - 53 af b7 70 86 20 11 e5-7c 0c 4d aa 85 cb 6c 30 S..p. ..|.M...l0
0140 - 1f 06 03 55 1d 23 04 18-30 16 80 14 82 f9 96 07 ...U.#..0.......
0150 - d3 d7 62 71 a4 17 2d d7-bb cf c7 8b 46 e4 c5 4b ..bq..-.....F..K
0160 - 30 0c 06 03 55 1d 13 01-01 ff 04 02 30 00 30 0e 0...U.......0.0.
0170 - 06 03 55 1d 0f 01 01 ff-04 04 03 02 07 80 30 0a ..U...........0.
0180 - 06 08 2a 81 1c cf 55 01-83 75 03 49 00 30 46 02 ..*...U..u.I.0F.
0190 - 21 00 c4 58 df 0e e9 be-33 20 15 c7 06 96 5a 81 !..X....3 ....Z.
01a0 - 82 f4 0f 4c 00 c7 b0 4c-ef df 92 00 04 23 51 f4 ...L...L.....#Q.
01b0 - a5 0d 02 21 00 b0 81 04-fa 83 1a cf 11 73 87 a6 ...!.........s..
01c0 - f9 63 11 b0 af f6 c5 fb-3d e7 a0 f0 85 cc 02 4c .c......=......L
01d0 - 1f ca 37 68 cb 00 01 94-30 82 01 90 30 82 01 37 ..7h....0...0..7
01e0 - a0 03 02 01 02 02 14 18-89 0b 03 3e c3 e2 db 6a ...........>...j
01f0 - 72 7f 8e fc da ba 7b bc-54 97 c7 30 0a 06 08 2a r.....{.T..0...*
0200 - 81 1c cf 55 01 83 75 30-15 31 13 30 11 06 03 55 ...U..u0.1.0...U
0210 - 04 03 0c 0a 74 6c 63 70-2d 69 6e 74 63 61 30 1e ....tlcp-intca0.
0220 - 17 0d 32 33 31 31 32 31-30 39 30 35 30 38 5a 17 ..231121090508Z.
0230 - 0d 33 33 31 31 31 38 30-39 30 35 30 38 5a 30 1a .331118090508Z0.
0240 - 31 18 30 16 06 03 55 04-03 0c 0f 74 6c 63 70 2d 1.0...U....tlcp-
0250 - 73 65 72 76 65 72 2d 65-6e 63 30 59 30 13 06 07 server-enc0Y0...
0260 - 2a 86 48 ce 3d 02 01 06-08 2a 81 1c cf 55 01 82 *.H.=....*...U..
0270 - 2d 03 42 00 04 80 15 e8-42 30 8d 8c 94 67 9b cd -.B.....B0...g..
0280 - 47 0d fd 80 56 c7 54 d5-77 d5 d8 41 a3 ab a8 96 G...V.T.w..A....
0290 - 1a 4e 27 2f 20 57 5e 08-8d 74 21 2b 5f 9f 4a 4a .N'/ W^..t!+_.JJ
02a0 - 0a a8 09 05 b6 55 2b c4-1b ba 41 ce a6 61 15 8f .....U+...A..a..
02b0 - 82 28 9a 05 b6 a3 60 30-5e 30 1d 06 03 55 1d 0e .(....`0^0...U..
02c0 - 04 16 04 14 e0 61 9c f0-77 b9 3e aa 28 34 b7 69 .....a..w.>.(4.i
02d0 - 2d 50 33 86 38 fb eb 49-30 1f 06 03 55 1d 23 04 -P3.8..I0...U.#.
02e0 - 18 30 16 80 14 82 f9 96-07 d3 d7 62 71 a4 17 2d .0.........bq..-
02f0 - d7 bb cf c7 8b 46 e4 c5-4b 30 0c 06 03 55 1d 13 .....F..K0...U..
0300 - 01 01 ff 04 02 30 00 30-0e 06 03 55 1d 0f 01 01 .....0.0...U....
0310 - ff 04 04 03 02 03 38 30-0a 06 08 2a 81 1c cf 55 ......80...*...U
0320 - 01 83 75 03 47 00 30 44-02 20 5f 2e 4f b4 cf 2f ..u.G.0D. _.O../
0330 - 38 c5 44 13 44 52 a9 bd-1f b2 21 85 5c ee 20 e8 8.D.DR....!.\. .
0340 - ad bd 3b f1 4d 00 fa 2e-9c 37 02 20 36 4e 26 ac ..;.M....7. 6N&.
0350 - 1f 51 64 71 d6 63 29 ee-fa 6a 0c ef 26 c5 9f d2 .Qdq.c)..j..&...
0360 - 22 98 7a 70 1e 73 a9 a5-7a 1b 5f bb 00 01 90 30 ".zp.s..z._....0
0370 - 82 01 8c 30 82 01 32 a0-03 02 01 02 02 14 4e 21 ...0..2.......N!
0380 - 67 7d 35 b4 1f 8d 51 0f-83 aa e5 0d c3 92 32 4e g}5...Q.......2N
0390 - 03 6d 30 0a 06 08 2a 81-1c cf 55 01 83 75 30 12 .m0...*...U..u0.
03a0 - 31 10 30 0e 06 03 55 04-03 0c 07 74 6c 63 70 2d 1.0...U....tlcp-
03b0 - 63 61 30 1e 17 0d 32 33-31 31 32 31 30 39 30 31 ca0...2311210901
03c0 - 30 31 5a 17 0d 33 33 31-31 31 38 30 39 30 31 30 01Z..33111809010
03d0 - 31 5a 30 15 31 13 30 11-06 03 55 04 03 0c 0a 74 1Z0.1.0...U....t
03e0 - 6c 63 70 2d 69 6e 74 63-61 30 59 30 13 06 07 2a lcp-intca0Y0...*
03f0 - 86 48 ce 3d 02 01 06 08-2a 81 1c cf 55 01 82 2d .H.=....*...U..-
0400 - 03 42 00 04 bb 79 12 8a-a3 14 ec 18 e4 c5 32 e7 .B...y........2.
0410 - 93 4a 38 14 da 47 e4 9a-c3 a7 d4 fe e5 64 61 9f .J8..G.......da.
0420 - 3e 62 71 ef 95 ba 38 24-89 c5 01 2c 4b f9 55 05 >bq...8$...,K.U.
0430 - b6 28 8d 92 6e a9 f1 56-af ba 96 a2 f9 2b a5 4b .(..n..V.....+.K
0440 - d9 7c 1f 01 a3 63 30 61-30 1d 06 03 55 1d 0e 04 .|...c0a0...U...
0450 - 16 04 14 82 f9 96 07 d3-d7 62 71 a4 17 2d d7 bb .........bq..-..
0460 - cf c7 8b 46 e4 c5 4b 30-1f 06 03 55 1d 23 04 18 ...F..K0...U.#..
0470 - 30 16 80 14 f1 e9 02 d6-17 ea 59 01 17 96 17 85 0.........Y.....
0480 - 1a 3e 6c 27 26 8e dc b7-30 0f 06 03 55 1d 13 01 .>l'&...0...U...
0490 - 01 ff 04 05 30 03 01 01-ff 30 0e 06 03 55 1d 0f ....0....0...U..
04a0 - 01 01 ff 04 04 03 02 01-86 30 0a 06 08 2a 81 1c .........0...*..
04b0 - cf 55 01 83 75 03 48 00-30 45 02 21 00 ab d4 f4 .U..u.H.0E.!....
04c0 - db dd 37 98 bf f4 b2 e5-17 2a 8d a5 bc c3 37 09 ..7......*....7.
04d0 - 71 75 1c 1b 4c f7 bc 4f-aa f7 86 b9 cc 02 20 22 qu..L..O...... "
04e0 - b0 06 05 a4 a0 90 ff 2f-40 eb 7d b0 2d c9 ed 3a ......./@.}.-..:
04f0 - 18 2f f5 cb 73 ca 62 58-3d 64 c4 ce 2f 72 7e 00 ./..s.bX=d../r~.
0500 - 01 8c 30 82 01 88 30 82-01 2f a0 03 02 01 02 02 ..0...0../......
0510 - 14 2b bd 00 12 a9 61 60-30 ed 75 b0 71 aa aa 81 .+....a`0.u.q...
0520 - 93 66 fb 03 11 30 0a 06-08 2a 81 1c cf 55 01 83 .f...0...*...U..
0530 - 75 30 12 31 10 30 0e 06-03 55 04 03 0c 07 74 6c u0.1.0...U....tl
0540 - 63 70 2d 63 61 30 1e 17-0d 32 33 31 31 32 31 30 cp-ca0...2311210
0550 - 38 35 39 35 39 5a 17 0d-33 33 31 31 31 38 30 38 85959Z..33111808
0560 - 35 39 35 39 5a 30 12 31-10 30 0e 06 03 55 04 03 5959Z0.1.0...U..
0570 - 0c 07 74 6c 63 70 2d 63-61 30 59 30 13 06 07 2a ..tlcp-ca0Y0...*
0580 - 86 48 ce 3d 02 01 06 08-2a 81 1c cf 55 01 82 2d .H.=....*...U..-
0590 - 03 42 00 04 b9 be 4e de-41 87 b5 58 b4 ca 01 54 .B....N.A..X...T
05a0 - 52 b0 2e d1 00 55 d9 98-d1 2e f7 17 94 53 01 36 R....U.......S.6
05b0 - d0 4f 64 8f fc e3 63 be-7d 56 ed cb e8 a1 da 35 .Od...c.}V.....5
05c0 - 27 f5 61 06 2f 5a 49 43-5d 68 4b 27 d8 68 d1 88 '.a./ZIC]hK'.h..
05d0 - ba ca 82 f7 a3 63 30 61-30 1d 06 03 55 1d 0e 04 .....c0a0...U...
05e0 - 16 04 14 f1 e9 02 d6 17-ea 59 01 17 96 17 85 1a .........Y......
05f0 - 3e 6c 27 26 8e dc b7 30-1f 06 03 55 1d 23 04 18 >l'&...0...U.#..
0600 - 30 16 80 14 f1 e9 02 d6-17 ea 59 01 17 96 17 85 0.........Y.....
0610 - 1a 3e 6c 27 26 8e dc b7-30 0f 06 03 55 1d 13 01 .>l'&...0...U...
0620 - 01 ff 04 05 30 03 01 01-ff 30 0e 06 03 55 1d 0f ....0....0...U..
0630 - 01 01 ff 04 04 03 02 01-86 30 0a 06 08 2a 81 1c .........0...*..
0640 - cf 55 01 83 75 03 47 00-30 44 02 20 7e 90 66 ce .U..u.G.0D. ~.f.
0650 - 47 b0 f5 fb ce 17 48 69-2f ae 69 04 89 80 3d 13 G.....Hi/.i...=.
0660 - d9 46 1b a5 20 70 ce e2-b0 39 14 bc 02 20 02 c0 .F.. p...9... ..
0670 - 89 4f b2 4c 96 14 71 d5-3c f7 b1 ec 4b 3a 77 ea .O.L..q.<...K:w.
0680 - 92 68 95 ff 22 b8 18 50-4d e8 b3 af 7e 00 16 01 .h.."..PM...~...
0690 - 01 00 4d 0c 00 00 49 00-47 30 45 02 21 00 99 55 ..M...I.G0E.!..U
06a0 - 21 d3 f8 06 c9 69 0d 66-bd 66 ac 09 79 62 d6 c5 !....i.f.f..yb..
06b0 - d7 51 47 a3 77 37 07 e1-1f 19 03 fd 65 2c 02 20 .QG.w7......e,.
06c0 - 25 88 fa 07 1d 70 d7 ec-3f 73 ed 5a 21 74 10 6c %....p..?s.Z!t.l
06d0 - cd e5 0b 97 f2 ab d8 84-35 99 b5 37 3f 20 ad a0 ........5..7? ..
06e0 - 16 01 01 00 38 0d 00 00-34 02 01 02 00 2f 00 17 ....8...4..../..
06f0 - 30 15 31 13 30 11 06 03-55 04 03 0c 0a 74 6c 63 0.1.0...U....tlc
0700 - 70 2d 69 6e 74 63 61 00-14 30 12 31 10 30 0e 06 p-intca..0.1.0..
0710 - 03 55 04 03 0c 07 74 6c-63 70 2d 63 61 16 01 01 .U....tlcp-ca...
0720 - 00 04 0e ...
0726 - <SPACES/NULS>
read from 0xae9da0 [0xaf8d33] (5 bytes => 5 (0x5))
0000 - 16 01 01 06 58 ....X
read from 0xae9da0 [0xaf8d38] (1624 bytes => 1624 (0x658))
0000 - 0b 00 06 54 00 06 51 00-01 95 30 82 01 91 30 82 ...T..Q...0...0.
0010 - 01 38 a0 03 02 01 02 02-14 18 89 0b 03 3e c3 e2 .8...........>..
0020 - db 6a 72 7f 8e fc da ba-7b bc 54 97 c8 30 0a 06 .jr.....{.T..0..
0030 - 08 2a 81 1c cf 55 01 83-75 30 15 31 13 30 11 06 .*...U..u0.1.0..
0040 - 03 55 04 03 0c 0a 74 6c-63 70 2d 69 6e 74 63 61 .U....tlcp-intca
0050 - 30 1e 17 0d 32 33 31 31-32 31 30 39 30 35 34 35 0...231121090545
0060 - 5a 17 0d 33 33 31 31 31-38 30 39 30 35 34 35 5a Z..331118090545Z
0070 - 30 1b 31 19 30 17 06 03-55 04 03 0c 10 74 6c 63 0.1.0...U....tlc
0080 - 70 2d 63 6c 69 65 6e 74-2d 73 69 67 6e 30 59 30 p-client-sign0Y0
0090 - 13 06 07 2a 86 48 ce 3d-02 01 06 08 2a 81 1c cf ...*.H.=....*...
00a0 - 55 01 82 2d 03 42 00 04-69 0f 51 f2 7a e0 8a 33 U..-.B..i.Q.z..3
00b0 - c2 be a4 a4 93 d2 cc 9a-3f 3a ee 46 6b 5d 18 09 ........?:.Fk]..
00c0 - f7 ec 20 04 f2 dc 88 af-8d 66 a0 33 04 24 7f f4 .. ......f.3.$..
00d0 - b2 02 6d 6d 65 40 cc b7-ed 9c d4 2e 17 3a d6 31 ..mme@.......:.1
00e0 - 22 2d aa 8e ba 91 8b fc-a3 60 30 5e 30 1d 06 03 "-.......`0^0...
00f0 - 55 1d 0e 04 16 04 14 9f-31 70 7b 41 8d 33 4a 4d U.......1p{A.3JM
0100 - 3d 1b 84 87 85 0a 6b 97-a3 ea fd 30 1f 06 03 55 =.....k....0...U
0110 - 1d 23 04 18 30 16 80 14-82 f9 96 07 d3 d7 62 71 .#..0.........bq
0120 - a4 17 2d d7 bb cf c7 8b-46 e4 c5 4b 30 0c 06 03 ..-.....F..K0...
0130 - 55 1d 13 01 01 ff 04 02-30 00 30 0e 06 03 55 1d U.......0.0...U.
0140 - 0f 01 01 ff 04 04 03 02-07 80 30 0a 06 08 2a 81 ..........0...*.
0150 - 1c cf 55 01 83 75 03 47-00 30 44 02 20 4f 73 7b ..U..u.G.0D. Os{
0160 - 63 a2 0d ac dd e1 dc 81-69 f5 1f 0a ed 65 37 fc c.......i....e7.
0170 - 3e a4 29 65 cc f8 d1 d7-58 28 c3 2f e1 02 20 3b >.)e....X(./.. ;
0180 - 2c 9c f6 45 e6 99 91 ec-fb b7 05 c0 3d 0a 90 94 ,..E........=...
0190 - 1f 31 8c 1f 7e 3f 21 dc-81 a6 7d 93 a0 0a d8 00 .1..~?!...}.....
01a0 - 01 94 30 82 01 90 30 82-01 37 a0 03 02 01 02 02 ..0...0..7......
01b0 - 14 18 89 0b 03 3e c3 e2-db 6a 72 7f 8e fc da ba .....>...jr.....
01c0 - 7b bc 54 97 c9 30 0a 06-08 2a 81 1c cf 55 01 83 {.T..0...*...U..
01d0 - 75 30 15 31 13 30 11 06-03 55 04 03 0c 0a 74 6c u0.1.0...U....tl
01e0 - 63 70 2d 69 6e 74 63 61-30 1e 17 0d 32 33 31 31 cp-intca0...2311
01f0 - 32 31 30 39 30 36 31 33-5a 17 0d 33 33 31 31 31 21090613Z..33111
0200 - 38 30 39 30 36 31 33 5a-30 1a 31 18 30 16 06 03 8090613Z0.1.0...
0210 - 55 04 03 0c 0f 74 6c 63-70 2d 63 6c 69 65 6e 74 U....tlcp-client
0220 - 2d 65 6e 63 30 59 30 13-06 07 2a 86 48 ce 3d 02 -enc0Y0...*.H.=.
0230 - 01 06 08 2a 81 1c cf 55-01 82 2d 03 42 00 04 ab ...*...U..-.B...
0240 - 86 72 71 a1 1e 74 7f c6-10 4b c8 c7 ca 42 72 0b .rq..t...K...Br.
0250 - b0 54 ad d1 41 2c ac 6a-e1 7c 44 a8 b0 e3 39 25 .T..A,.j.|D...9%
0260 - 31 f3 f4 7d 92 25 29 83-dd 85 ef 0e 38 6d 3c bc 1..}.%).....8m<.
0270 - 56 b2 6b 9e fe ed 06 66-2d f8 94 1a 28 44 cc a3 V.k....f-...(D..
0280 - 60 30 5e 30 1d 06 03 55-1d 0e 04 16 04 14 3d 36 `0^0...U......=6
0290 - 7d f8 02 30 a4 35 94 ea-4b c3 a9 ec 20 a2 74 a8 }..0.5..K... .t.
02a0 - 62 51 30 1f 06 03 55 1d-23 04 18 30 16 80 14 82 bQ0...U.#..0....
02b0 - f9 96 07 d3 d7 62 71 a4-17 2d d7 bb cf c7 8b 46 .....bq..-.....F
02c0 - e4 c5 4b 30 0c 06 03 55-1d 13 01 01 ff 04 02 30 ..K0...U.......0
02d0 - 00 30 0e 06 03 55 1d 0f-01 01 ff 04 04 03 02 03 .0...U..........
02e0 - 38 30 0a 06 08 2a 81 1c-cf 55 01 83 75 03 47 00 80...*...U..u.G.
02f0 - 30 44 02 20 24 7b 27 56-db cd 6e 2c 79 e2 45 dd 0D. ${'V..n,y.E.
0300 - 9e 37 f1 e0 f0 b3 f8 ca-43 b3 bb dd 2c de 05 31 .7......C...,..1
0310 - f6 da b6 03 02 20 26 6a-76 93 18 cf fc 4d a0 55 ..... &jv....M.U
0320 - 01 fb b6 d1 fd dc a4 7f-7b 99 0c 53 8e 32 42 21 ........{..S.2B!
0330 - bc 6e 2d 29 39 91 00 01-90 30 82 01 8c 30 82 01 .n-)9....0...0..
0340 - 32 a0 03 02 01 02 02 14-4e 21 67 7d 35 b4 1f 8d 2.......N!g}5...
0350 - 51 0f 83 aa e5 0d c3 92-32 4e 03 6d 30 0a 06 08 Q.......2N.m0...
0360 - 2a 81 1c cf 55 01 83 75-30 12 31 10 30 0e 06 03 *...U..u0.1.0...
0370 - 55 04 03 0c 07 74 6c 63-70 2d 63 61 30 1e 17 0d U....tlcp-ca0...
0380 - 32 33 31 31 32 31 30 39-30 31 30 31 5a 17 0d 33 231121090101Z..3
0390 - 33 31 31 31 38 30 39 30-31 30 31 5a 30 15 31 13 31118090101Z0.1.
03a0 - 30 11 06 03 55 04 03 0c-0a 74 6c 63 70 2d 69 6e 0...U....tlcp-in
03b0 - 74 63 61 30 59 30 13 06-07 2a 86 48 ce 3d 02 01 tca0Y0...*.H.=..
03c0 - 06 08 2a 81 1c cf 55 01-82 2d 03 42 00 04 bb 79 ..*...U..-.B...y
03d0 - 12 8a a3 14 ec 18 e4 c5-32 e7 93 4a 38 14 da 47 ........2..J8..G
03e0 - e4 9a c3 a7 d4 fe e5 64-61 9f 3e 62 71 ef 95 ba .......da.>bq...
03f0 - 38 24 89 c5 01 2c 4b f9-55 05 b6 28 8d 92 6e a9 8$...,K.U..(..n.
0400 - f1 56 af ba 96 a2 f9 2b-a5 4b d9 7c 1f 01 a3 63 .V.....+.K.|...c
0410 - 30 61 30 1d 06 03 55 1d-0e 04 16 04 14 82 f9 96 0a0...U.........
0420 - 07 d3 d7 62 71 a4 17 2d-d7 bb cf c7 8b 46 e4 c5 ...bq..-.....F..
0430 - 4b 30 1f 06 03 55 1d 23-04 18 30 16 80 14 f1 e9 K0...U.#..0.....
0440 - 02 d6 17 ea 59 01 17 96-17 85 1a 3e 6c 27 26 8e ....Y......>l'&.
0450 - dc b7 30 0f 06 03 55 1d-13 01 01 ff 04 05 30 03 ..0...U.......0.
0460 - 01 01 ff 30 0e 06 03 55-1d 0f 01 01 ff 04 04 03 ...0...U........
0470 - 02 01 86 30 0a 06 08 2a-81 1c cf 55 01 83 75 03 ...0...*...U..u.
0480 - 48 00 30 45 02 21 00 ab-d4 f4 db dd 37 98 bf f4 H.0E.!......7...
0490 - b2 e5 17 2a 8d a5 bc c3-37 09 71 75 1c 1b 4c f7 ...*....7.qu..L.
04a0 - bc 4f aa f7 86 b9 cc 02-20 22 b0 06 05 a4 a0 90 .O...... "......
04b0 - ff 2f 40 eb 7d b0 2d c9-ed 3a 18 2f f5 cb 73 ca ./@.}.-..:./..s.
04c0 - 62 58 3d 64 c4 ce 2f 72-7e 00 01 8c 30 82 01 88 bX=d../r~...0...
04d0 - 30 82 01 2f a0 03 02 01-02 02 14 2b bd 00 12 a9 0../.......+....
04e0 - 61 60 30 ed 75 b0 71 aa-aa 81 93 66 fb 03 11 30 a`0.u.q....f...0
04f0 - 0a 06 08 2a 81 1c cf 55-01 83 75 30 12 31 10 30 ...*...U..u0.1.0
0500 - 0e 06 03 55 04 03 0c 07-74 6c 63 70 2d 63 61 30 ...U....tlcp-ca0
0510 - 1e 17 0d 32 33 31 31 32-31 30 38 35 39 35 39 5a ...231121085959Z
0520 - 17 0d 33 33 31 31 31 38-30 38 35 39 35 39 5a 30 ..331118085959Z0
0530 - 12 31 10 30 0e 06 03 55-04 03 0c 07 74 6c 63 70 .1.0...U....tlcp
0540 - 2d 63 61 30 59 30 13 06-07 2a 86 48 ce 3d 02 01 -ca0Y0...*.H.=..
0550 - 06 08 2a 81 1c cf 55 01-82 2d 03 42 00 04 b9 be ..*...U..-.B....
0560 - 4e de 41 87 b5 58 b4 ca-01 54 52 b0 2e d1 00 55 N.A..X...TR....U
0570 - d9 98 d1 2e f7 17 94 53-01 36 d0 4f 64 8f fc e3 .......S.6.Od...
0580 - 63 be 7d 56 ed cb e8 a1-da 35 27 f5 61 06 2f 5a c.}V.....5'.a./Z
0590 - 49 43 5d 68 4b 27 d8 68-d1 88 ba ca 82 f7 a3 63 IC]hK'.h.......c
05a0 - 30 61 30 1d 06 03 55 1d-0e 04 16 04 14 f1 e9 02 0a0...U.........
05b0 - d6 17 ea 59 01 17 96 17-85 1a 3e 6c 27 26 8e dc ...Y......>l'&..
05c0 - b7 30 1f 06 03 55 1d 23-04 18 30 16 80 14 f1 e9 .0...U.#..0.....
05d0 - 02 d6 17 ea 59 01 17 96-17 85 1a 3e 6c 27 26 8e ....Y......>l'&.
05e0 - dc b7 30 0f 06 03 55 1d-13 01 01 ff 04 05 30 03 ..0...U.......0.
05f0 - 01 01 ff 30 0e 06 03 55-1d 0f 01 01 ff 04 04 03 ...0...U........
0600 - 02 01 86 30 0a 06 08 2a-81 1c cf 55 01 83 75 03 ...0...*...U..u.
0610 - 47 00 30 44 02 20 7e 90-66 ce 47 b0 f5 fb ce 17 G.0D. ~.f.G.....
0620 - 48 69 2f ae 69 04 89 80-3d 13 d9 46 1b a5 20 70 Hi/.i...=..F.. p
0630 - ce e2 b0 39 14 bc 02 20-02 c0 89 4f b2 4c 96 14 ...9... ...O.L..
0640 - 71 d5 3c f7 b1 ec 4b 3a-77 ea 92 68 95 ff 22 b8 q.<...K:w..h..".
0650 - 18 50 4d e8 b3 af 7e .PM...~
0658 - <SPACES/NULS>
depth=2 CN = tlcp-ca
verify return:1
depth=1 CN = tlcp-intca
verify return:1
depth=0 CN = tlcp-client-sign
verify return:1
read from 0xae9da0 [0xaf8d33] (5 bytes => 5 (0x5))
0000 - 16 01 01 00 a1 .....
read from 0xae9da0 [0xaf8d38] (161 bytes => 161 (0xA1))
0000 - 10 00 00 9d 00 9b 30 81-98 02 20 25 2f c1 d1 87 ......0... %/...
0010 - dd 27 57 b1 22 00 4f 05-3a 25 f6 79 af 14 f1 42 .'W.".O.:%.y...B
0020 - eb 6c b7 17 3c ca b5 09-70 fe 0b 02 20 04 55 82 .l..<...p... .U.
0030 - 7e 39 25 22 3d 2b 61 ca-46 49 8b 1c d0 63 91 d6 ~9%"=+a.FI...c..
0040 - a6 88 26 76 a9 fd db 87-8c ba 5b ca d7 04 20 83 ..&v......[... .
0050 - 6d 9b 65 79 d2 86 a3 3f-ce 58 a6 b8 a1 3a 22 2c m.ey...?.X...:",
0060 - aa 77 63 59 a6 39 5f 44-82 40 72 85 10 03 57 04 .wcY.9_D.@r...W.
0070 - 30 fa 3e 7a cf 8e a0 63-f3 cd cb 1c a1 5a c6 d5 0.>z...c.....Z..
0080 - 5b 29 87 fc ed 05 b3 9b-87 26 ad eb 9b 07 df 83 [).......&......
0090 - 60 d8 c9 4a 2e fe 6a 6b-b0 68 b0 66 c1 1e 50 33 `..J..jk.h.f..P3
00a0 - da .
ssl_get_algorithm2=4a2598a008x
read from 0xae9da0 [0xaf8d33] (5 bytes => 5 (0x5))
0000 - 16 01 01 00 4c ....L
read from 0xae9da0 [0xaf8d38] (76 bytes => 76 (0x4C))
0000 - 0f 00 00 48 00 46 30 44-02 20 71 d0 7a 6c 5a e8 ...H.F0D. q.zlZ.
0010 - 48 1c b5 30 89 7f cc dd-f1 8f 73 c8 0d 51 a3 39 H..0......s..Q.9
0020 - 09 95 29 df 86 fb 24 09-6b 11 02 20 28 be 96 54 ..)...$.k.. (..T
0030 - a9 17 30 3c 65 b1 68 1a-a5 5e ec ad ad d9 f8 ec ..0<e.h..^......
0040 - ca 8c 2f 2a f5 ec c3 47-4e bc 60 a3 ../*...GN.`.
crypto/sm2/sm2_sign.c 510: sm2_do_verify
write to 0xae9da0 [0xb01f50] (7 bytes => 7 (0x7))
0000 - 15 01 01 00 02 02 33 ......3
ERROR
140347894867776:error:1417B07B:SSL routines:tls_process_cert_verify:bad signature:ssl/statem/statem_srvr.c:2941:
shutting down SSL
CONNECTION CLOSED
ACCEPTgmssl项目很长时间没人回复了。我们这边C++程序也出现问题了,gmssl集成asio,作为客户端,访问gmssl的服务端,开启ClientAuth就不通,单向认证就没问题
既然gmssl没有得到良好的维护,那又何必一直纠结在它身上呢 ;-)
johnshajiang
commented
11 months ago 140347894867776:error:1417B07B:SSL routines:tls_process_cert_verify:bad signature:ssl/statem/statem_srvr.c:2941:
gmssl也是报签名有问题嘛。
zhangshdn
commented
11 months ago 嗯嗯,现在客户端也在同步进行Tongsuo的C++集成 我现在的理解是:双向认证时,拉取到了客户端的证书,不知道客户端的两个证书是不是都已经拉取到,麻烦问下,双向认证时,验证这两个证书的类在哪里,大体哪个方法
johnshajiang
commented
11 months ago 对于ClientAuth,按我的理解应该只是验证对方的认证(身份)证书。这与传统的证书链验证是一样的。
TLCPCertificate类中的如下构造器会接收到对方的证书,
TLCPCertificateMessage(HandshakeContext handshakeContext,
ByteBuffer m) throws IOException {对于ClientAuth,按我的理解应该只是验证对方的认证(身份)证书。这与传统的证书链验证是一样的。
TLCPCertificate类中的如下构造器会接收到对方的证书,TLCPCertificateMessage(HandshakeContext handshakeContext, ByteBuffer m) throws IOException {
老师,我执行
gmssl s_client -gmtls -connect 192.168.56.1:15003 -key tlcp-client-sign.key -dkey tlcp-client-enc.key -cert tlcp-client-sign.crt -dcert tlcp-client-enc.crt -CAfile cas.pem 然后通过服务端打端点,拿到了客户端的四个证书,这四个证书的格式和静态代码直接读取证书的格式是一样,是不是在验证证书的时候,出了问题,这个验证的逻辑您能给讲下吗
TLCPCertificateMessage(HandshakeContext handshakeContext,
ByteBuffer m) throws IOException {
super(handshakeContext);
int listLen = Record.getInt24(m);
if (listLen > m.remaining()) {
throw handshakeContext.conContext.fatal(
Alert.ILLEGAL_PARAMETER,
"Error parsing certificate message: no sufficient data");
}
if (listLen > 0) {
List<byte[]> encodedCerts = new LinkedList<>();
while (listLen > 0) {
byte[] encodedCert = Record.getBytes24(m);
listLen -= (3 + encodedCert.length);
encodedCerts.add(encodedCert);
if (encodedCerts.size() > SSLConfiguration.maxCertificateChainLength) {
throw new SSLProtocolException(
"The certificate chain length ("
+ encodedCerts.size()
+ ") exceeds the maximum allowed length ("
+ SSLConfiguration.maxCertificateChainLength
+ ")");
}
}
// 这个地方拿到了客户端的四个证书 签名 + 加密 + ca + 中间ca
this.encodedCertChain = encodedCerts;
} else {
this.encodedCertChain = Collections.emptyList();
}
}TLS本来就允许传递多个证书,以形成一个证书链。TLCP就是利用了这个特性,把加密证书也放到这里去了。 各家实现就要小心地处理这里面的证书。
我们默认认为格式是SIGN|ENC|CA,但还支持另一种格式ENC|SIGN|CA。此处的CA也不是一个证书,而是由各个中间CA组成的(子)证书链。
https://github.com/Tencent/TencentKonaSMSuite/blob/master/kona-ssl/src/main/java/com/tencent/kona/sun/security/ssl/TLCPCertificate.java#L66
如果我前面所述,按我的理解,这里应该是验证客户端的认证证书。 但可能问题并不在这里。而是说,客户端是用的哪张证书对应的私钥去对握手消息进行签名的。 服务端在验证签名时使用的公钥会不会与客户端使用的私钥不匹配?按我的想法,Java程序应该是用的认证证书的公钥。 https://github.com/Tencent/TencentKonaSMSuite/blob/master/kona-ssl/src/main/java/com/tencent/kona/sun/security/ssl/TLCPCertificateVerify.java#L157
这个原因也只是我的猜测。
zhangshdn
commented
11 months ago 我们已经完全没有思路了,您有计划集成gmssl联调吗 @johnshajiang
zhangshdn
commented
11 months ago 老师,您看下这个问题,和咱们有关系吗 https://github.com/tjfoc/gmsm/issues/27
johnshajiang
commented
11 months ago 我们已经完全没有思路了,您有计划集成gmssl联调吗
没有这个计划。
让它用对方的加密证书的公钥去验证签名
(ECPublicKey) tlcpCredentials.popEncPublicKey));
首先感谢提供国密ssl的支持! 我利用项目中netty的例子TLCPWithNettyDemo启动了一个tcp服务器,监听端口18888,然后为了测试服务,我使用gmssl中提供的客户端工具gmssl s_client -connect localhost:18888,连接至服务端,但是gmssl客户端报错:Secure Renegotiation IS NOT supported
服务端报错: Received fatal alert: internal_error
第二个问题,我使用gmssl签双证书证书,获得了服务端加密,签名证书,CA根证书,通过 gmssl s_server -port 18888 -key server.key -cert server.crt -dkey server_en.key -dcert server_en.crt -CAfile root.crt 启动一个服务端,这样可以启动成功,通过gmssl s_client -connect localhost:18888也能连接成功,但是将证书内容写入TLCPWithNettyDemo例子后,启动客户端runClient,不能连接gmssl s_server
困扰很长时间了,方便的时候给看看吧,感谢