Handshake Failure

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

Handshake Failure

Peter Firmstone
Any advice on how to get the Bouncy Castle JSSE provider working as a
drop in replacement for SunJsse?

I'm getting handshake error 40 with the BC JSSE Provider, any ideas?

Thanks,

Peter.

See below for logging output for both BC and Sun providers.


BouncyCastleJsseProvider

      [java] Mar 31, 2018 3:09:17 PM net.jini.jeri.ssl.SslEndpointImpl
connect
      [java] FINE: choose connection for CallContext[
      [java]   SslEndpoint[fe80:0:0:0:51ce:d94d:bec3:8246%11:26144]
      [java]   clientSubject=Subject@1cfa1
      [java]   clientAuthRequired=false
      [java]   clientPrincipals=[CN=Tester]
      [java]   serverPrincipals=[CN=Reggie]
      [java]   cipherSuites=[TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256,
TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]
      [java]   integrity=required
      [java] ]
      [java] with active []
      [java] and idle []
      [java] returns null
      [java] Mar 31, 2018 3:09:17 PM net.jini.jeri.ssl.Utilities
getClientSSLContextInfo
      [java] FINEST: get client SSL context for CallContext[
      [java]   SslEndpoint[fe80:0:0:0:51ce:d94d:bec3:8246%11:26144]
      [java]   clientSubject=Subject@1cfa1
      [java]   clientAuthRequired=false
      [java]   clientPrincipals=[CN=Tester]
      [java]   serverPrincipals=[CN=Reggie]
      [java]   cipherSuites=[TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256,
TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]
      [java]   integrity=required
      [java] ]
      [java] returns new javax.net.ssl.SSLContext@1b45c0e
      [java] NonActGrp-out: Mar 31, 2018 3:09:17 PM
org.bouncycastle.jsse.provider.ProvTrustManagerFactorySpi engineInit
      [java] NonActGrp-out: INFO: Initialized with trust store at path:
harness\trust\truststore
      [java] NonActGrp-out: Mar 31, 2018 3:09:17 PM
net.jini.jeri.ssl.Utilities getServerSSLContextInfo
      [java] NonActGrp-out: FINEST: get server SSL context for
Subject@165a262{
      [java] NonActGrp-out:   Principal: CN=Reggie
      [java] NonActGrp-out:     Public key: DSAPublicKeyImpl@519baa
      [java] NonActGrp-out:     Private key: DSAPrivateKey@1f1dc39}
      [java] NonActGrp-out: and principals [CN=Reggie]
      [java] NonActGrp-out: returns new javax.net.ssl.SSLContext@11b84e6
      [java] NonActGrp-out: Mar 31, 2018 3:09:17 PM
net.jini.jeri.ssl.Utilities getServerSSLContextInfo
      [java] NonActGrp-out: FINEST: get server SSL context for null subject
      [java] NonActGrp-out: and principals null
      [java] NonActGrp-out: returns new javax.net.ssl.SSLContext@1e8366
      [java] NonActGrp-out: Mar 31, 2018 3:09:22 PM
net.jini.jeri.ssl.ServerAuthManager chooseServerAlias
      [java] NonActGrp-out: FINE: choose server alias for key type DHE_DSS
      [java] NonActGrp-out: issuers null
      [java] NonActGrp-out: returns null
      [java] NonActGrp-out: Mar 31, 2018 3:09:22 PM
net.jini.jeri.ssl.ServerAuthManager chooseServerAlias
      [java] NonActGrp-out: FINE: choose server alias for key type DHE_RSA
      [java] NonActGrp-out: issuers null
      [java] NonActGrp-out: returns null
      [java] NonActGrp-out: Mar 31, 2018 3:09:22 PM
net.jini.jeri.ssl.ServerAuthManager chooseServerAlias
      [java] NonActGrp-out: FINE: choose server alias for key type RSA
      [java] NonActGrp-out: issuers null
      [java] NonActGrp-out: returns null
      [java] NonActGrp-out: Mar 31, 2018 3:09:22 PM
net.jini.jeri.ssl.ServerAuthManager chooseServerAlias
      [java] NonActGrp-out: FINE: choose server alias for key type
ECDHE_ECDSA
      [java] NonActGrp-out: issuers null
      [java] NonActGrp-out: returns null
      [java] NonActGrp-out: Mar 31, 2018 3:09:22 PM
net.jini.jeri.ssl.ServerAuthManager chooseServerAlias
      [java] NonActGrp-out: FINE: choose server alias for key type ECDHE_RSA
      [java] NonActGrp-out: issuers null
      [java] NonActGrp-out: returns null
      [java] NonActGrp-out: Mar 31, 2018 3:09:22 PM
org.bouncycastle.jsse.provider.ProvTlsServer notifyAlertRaised
      [java] NonActGrp-out: INFO: Server raised fatal(2)
handshake_failure(40) alert: Failed to read record
      [java] NonActGrp-out: org.bouncycastle.tls.TlsFatalAlert:
handshake_failure(40)
      [java] NonActGrp-out:     at
org.bouncycastle.tls.AbstractTlsServer.getSelectedCipherSuite(Unknown
Source)
      [java] NonActGrp-out:     at
org.bouncycastle.jsse.provider.ProvTlsServer.getSelectedCipherSuite(Unknown
Source)
      [java] NonActGrp-out:     at
org.bouncycastle.tls.TlsServerProtocol.sendServerHelloMessage(Unknown
Source)
      [java] NonActGrp-out:     at
org.bouncycastle.tls.TlsServerProtocol.handleHandshakeMessage(Unknown
Source)
      [java] NonActGrp-out:     at
org.bouncycastle.tls.TlsProtocol.processHandshakeQueue(Unknown Source)
      [java] NonActGrp-out:     at
org.bouncycastle.tls.TlsProtocol.processRecord(Unknown Source)
      [java] NonActGrp-out:     at
org.bouncycastle.tls.RecordStream.readRecord(Unknown Source)
      [java] NonActGrp-out:     at
org.bouncycastle.tls.TlsProtocol.safeReadRecord(Unknown Source)
      [java] NonActGrp-out:     at
org.bouncycastle.tls.TlsProtocol.blockForHandshake(Unknown Source)
      [java] NonActGrp-out:     at
org.bouncycastle.tls.TlsServerProtocol.accept(Unknown Source)
      [java] NonActGrp-out:     at
org.bouncycastle.jsse.provider.ProvSSLSocketWrap.startHandshake(Unknown
Source)
      [java] NonActGrp-out:     at
org.bouncycastle.jsse.provider.ProvSSLSocketWrap.handshakeIfNecessary(Unknown
Source)
      [java] NonActGrp-out:     at
org.bouncycastle.jsse.provider.ProvSSLSocketWrap.getConnection(Unknown
Source)
      [java] NonActGrp-out:     at
org.bouncycastle.jsse.provider.ProvSSLSocketWrap.getSession(Unknown Source)
      [java] NonActGrp-out:     at
net.jini.jeri.ssl.SslServerEndpointImpl$SslServerConnection.<init>(SslServerEndpointImpl.java:1189)
      [java] NonActGrp-out:     at
net.jini.jeri.ssl.SslServerEndpointImpl$SslListenHandle.serverConnection(SslServerEndpointImpl.java:1050)
      [java] NonActGrp-out:     at
net.jini.jeri.ssl.SslServerEndpointImpl$SslListenHandle.acceptLoop(SslServerEndpointImpl.java:920)
      [java] NonActGrp-out:     at
net.jini.jeri.ssl.SslServerEndpointImpl$SslListenHandle$1.run(SslServerEndpointImpl.java:890)
      [java] NonActGrp-out:     at
org.apache.river.thread.ThreadPool$Task.run(ThreadPool.java:172)
      [java] NonActGrp-out:     at
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
      [java] NonActGrp-out:     at
java.util.concurrent.FutureTask.run(FutureTask.java:266)
      [java] NonActGrp-out:     at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
      [java] NonActGrp-out:     at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
      [java] NonActGrp-out:     at java.lang.Thread.run(Thread.java:748)
      [java] NonActGrp-out:
      [java] NonActGrp-out: Mar 31, 2018 3:09:22 PM
net.jini.jeri.ssl.SslServerEndpointImpl$SslListenHandle acceptLoop
      [java] NonActGrp-out: INFO: accepting connection on
SslListenHandle[null:26144] throws
      [java] NonActGrp-out: java.lang.NullPointerException
      [java] NonActGrp-out:     at
net.jini.jeri.ssl.Utilities.getKeyExchangeAlgorithm(Utilities.java:920)
      [java] NonActGrp-out:     at
net.jini.jeri.ssl.SslServerEndpointImpl$SslServerConnection.<init>(SslServerEndpointImpl.java:1192)
      [java] NonActGrp-out:     at
net.jini.jeri.ssl.SslServerEndpointImpl$SslListenHandle.serverConnection(SslServerEndpointImpl.java:1050)
      [java] NonActGrp-out:     at
net.jini.jeri.ssl.SslServerEndpointImpl$SslListenHandle.acceptLoop(SslServerEndpointImpl.java:920)
      [java] NonActGrp-out:     at
net.jini.jeri.ssl.SslServerEndpointImpl$SslListenHandle$1.run(SslServerEndpointImpl.java:890)
      [java] NonActGrp-out:     at
org.apache.river.thread.ThreadPool$Task.run(ThreadPool.java:172)
      [java] NonActGrp-out:     at
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
      [java] NonActGrp-out:     at
java.util.concurrent.FutureTask.run(FutureTask.java:266)
      [java] NonActGrp-out:     at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
      [java] NonActGrp-out:     at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
      [java] NonActGrp-out:     at java.lang.Thread.run(Thread.java:748)
      [java] NonActGrp-out:
      [java] Mar 31, 2018 3:09:22 PM
org.bouncycastle.jsse.provider.ProvTlsClient notifyAlertReceived
      [java] INFO: Client received fatal(2) handshake_failure(40) alert
      [java] Mar 31, 2018 3:09:22 PM net.jini.jeri.ssl.SslConnection
establishCallContext
      [java] FAILED: new connection for CallContext[
      [java]   SslEndpoint[fe80:0:0:0:51ce:d94d:bec3:8246%11:26144]
      [java]   clientSubject=Subject@1cfa1
      [java]   clientAuthRequired=false
      [java]   clientPrincipals=[CN=Tester]
      [java]   serverPrincipals=[CN=Reggie]
      [java]   cipherSuites=[TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256,
TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]
      [java]   integrity=required
      [java] ]
      [java] throws
      [java] org.bouncycastle.tls.TlsFatalAlertReceived:
handshake_failure(40)
      [java]     at
org.bouncycastle.tls.TlsProtocol.handleAlertMessage(Unknown Source)
      [java]     at
org.bouncycastle.tls.TlsProtocol.processAlertQueue(Unknown Source)
      [java]     at
org.bouncycastle.tls.TlsProtocol.processRecord(Unknown Source)
      [java]     at org.bouncycastle.tls.RecordStream.readRecord(Unknown
Source)
      [java]     at
org.bouncycastle.tls.TlsProtocol.safeReadRecord(Unknown Source)
      [java]     at
org.bouncycastle.tls.TlsProtocol.blockForHandshake(Unknown Source)
      [java]     at
org.bouncycastle.tls.TlsClientProtocol.connect(Unknown Source)
      [java]     at
org.bouncycastle.jsse.provider.ProvSSLSocketWrap.startHandshake(Unknown
Source)
      [java]     at
net.jini.jeri.ssl.SslConnection.establishSuites(SslConnection.java:251)
      [java]     at
net.jini.jeri.ssl.SslConnection.establishNewSocket(SslConnection.java:240)
      [java]     at
net.jini.jeri.ssl.SslConnection.establishCallContext(SslConnection.java:155)
      [java]     at
net.jini.jeri.ssl.SslEndpointImpl.connect(SslEndpointImpl.java:867)
      [java]     at
net.jini.jeri.connection.ConnectionManager.connect(ConnectionManager.java:236)
      [java]     at
net.jini.jeri.connection.ConnectionManager$ReqIterator.next(ConnectionManager.java:720)
      [java]     at
net.jini.jeri.BasicObjectEndpoint$1.next(BasicObjectEndpoint.java:429)
      [java]     at
net.jini.jeri.BasicInvocationHandler.invokeRemoteMethodOnce(BasicInvocationHandler.java:749)
      [java]     at
net.jini.jeri.BasicInvocationHandler.invokeRemoteMethod(BasicInvocationHandler.java:702)
      [java]     at
net.jini.jeri.BasicInvocationHandler.invoke(BasicInvocationHandler.java:571)
      [java]     at com.sun.proxy.$Proxy3.getAdmin(Unknown Source)
      [java]     at
org.apache.river.reggie.proxy.RegistrarProxy.getAdmin(RegistrarProxy.java:133)
      [java]     at
org.apache.river.test.spec.lookupservice.QATestRegistrar.construct(QATestRegistrar.java:461)
      [java]     at
org.apache.river.test.spec.lookupservice.test_set01.NotifyOnComboAttrAddNonNull.construct(NotifyOnComboAttrAddNonNull.java:171)
      [java]     at
org.apache.river.qa.harness.MasterTest.doTest(MasterTest.java:228)
      [java]     at
org.apache.river.qa.harness.MasterTest.access$000(MasterTest.java:48)
      [java]     at
org.apache.river.qa.harness.MasterTest$1.run(MasterTest.java:174)
      [java]     at java.security.AccessController.doPrivileged(Native
Method)
      [java]     at
javax.security.auth.Subject.doAsPrivileged(Subject.java:483)
      [java]     at
org.apache.river.qa.harness.MasterTest.doTestWithLogin(MasterTest.java:171)
      [java]     at
org.apache.river.qa.harness.MasterTest.main(MasterTest.java:150)
      [java]
      [java] java.rmi.ConnectIOException: I/O exception connecting to
BasicObjectEndpoint[b1a1c1c8-5a64-4f9e-8087-9e171bc53575,SslEndpoint[fe80:0:0:0:51ce:d94d:bec3:8246%11:26144]];
nested exception is:
      [java]     org.bouncycastle.tls.TlsFatalAlertReceived:
handshake_failure(40)
      [java]     at
net.jini.jeri.BasicInvocationHandler.wrapSafeIOException(BasicInvocationHandler.java:949)
      [java]     at
net.jini.jeri.BasicInvocationHandler.invokeRemoteMethodOnce(BasicInvocationHandler.java:752)
      [java]     at
net.jini.jeri.BasicInvocationHandler.invokeRemoteMethod(BasicInvocationHandler.java:702)
      [java]     at
net.jini.jeri.BasicInvocationHandler.invoke(BasicInvocationHandler.java:571)
      [java]     at com.sun.proxy.$Proxy3.getAdmin(Unknown Source)
      [java]     at
org.apache.river.reggie.proxy.RegistrarProxy.getAdmin(RegistrarProxy.java:133)
      [java]     at
org.apache.river.test.spec.lookupservice.QATestRegistrar.construct(QATestRegistrar.java:461)
      [java]     at
org.apache.river.test.spec.lookupservice.test_set01.NotifyOnComboAttrAddNonNull.construct(NotifyOnComboAttrAddNonNull.java:171)
      [java]     at
org.apache.river.qa.harness.MasterTest.doTest(MasterTest.java:228)
      [java]     at
org.apache.river.qa.harness.MasterTest.access$000(MasterTest.java:48)
      [java]     at
org.apache.river.qa.harness.MasterTest$1.run(MasterTest.java:174)
      [java]     at java.security.AccessController.doPrivileged(Native
Method)
      [java]     at
javax.security.auth.Subject.doAsPrivileged(Subject.java:483)
      [java]     at
org.apache.river.qa.harness.MasterTest.doTestWithLogin(MasterTest.java:171)
      [java]     at
org.apache.river.qa.harness.MasterTest.main(MasterTest.java:150)
      [java] Caused by: org.bouncycastle.tls.TlsFatalAlertReceived:
handshake_failure(40)
      [java]     at
org.bouncycastle.tls.TlsProtocol.handleAlertMessage(Unknown Source)
      [java]     at
org.bouncycastle.tls.TlsProtocol.processAlertQueue(Unknown Source)
      [java]     at
org.bouncycastle.tls.TlsProtocol.processRecord(Unknown Source)
      [java]     at org.bouncycastle.tls.RecordStream.readRecord(Unknown
Source)
      [java]     at
org.bouncycastle.tls.TlsProtocol.safeReadRecord(Unknown Source)
      [java]     at
org.bouncycastle.tls.TlsProtocol.blockForHandshake(Unknown Source)
      [java]     at
org.bouncycastle.tls.TlsClientProtocol.connect(Unknown Source)
      [java]     at
org.bouncycastle.jsse.provider.ProvSSLSocketWrap.startHandshake(Unknown
Source)
      [java]     at
net.jini.jeri.ssl.SslConnection.establishSuites(SslConnection.java:251)
      [java]     at
net.jini.jeri.ssl.SslConnection.establishNewSocket(SslConnection.java:240)
      [java]     at
net.jini.jeri.ssl.SslConnection.establishCallContext(SslConnection.java:155)
      [java]     at
net.jini.jeri.ssl.SslEndpointImpl.connect(SslEndpointImpl.java:867)
      [java]     at
net.jini.jeri.connection.ConnectionManager.connect(ConnectionManager.java:236)
      [java]     at
net.jini.jeri.connection.ConnectionManager$ReqIterator.next(ConnectionManager.java:720)
      [java]     at
net.jini.jeri.BasicObjectEndpoint$1.next(BasicObjectEndpoint.java:429)
      [java]     at
net.jini.jeri.BasicInvocationHandler.invokeRemoteMethodOnce(BasicInvocationHandler.java:749)
      [java]     ... 13 more




SunJSSE Provider:

      [java] Mar 31, 2018 3:15:24 PM net.jini.jeri.ssl.SslEndpointImpl
getCallContext
      [java] FINE: new request for
SslEndpoint[fe80:0:0:0:51ce:d94d:bec3:8246%11:26164]
      [java] with InvocationConstraints[reqs: {Integrity.YES,
ServerAuthentication.YES, ServerMinPrincipal{CN=Reggie}}, prefs: {}]
      [java] and Subject@ba373c{
      [java]   Principal: CN=Tester
      [java]     Public key: DSAPublicKeyImpl@7a014e
      [java]     Private key: DSAPrivateKey@f46fa6}
      [java] returns CallContext[
      [java]   SslEndpoint[fe80:0:0:0:51ce:d94d:bec3:8246%11:26164]
      [java]   clientSubject=Subject@ba373c
      [java]   clientAuthRequired=false
      [java]   clientPrincipals=[CN=Tester]
      [java]   serverPrincipals=[CN=Reggie]
      [java]   cipherSuites=[TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384,
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256,
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA]
      [java]   integrity=required
      [java] ]
      [java] Mar 31, 2018 3:15:24 PM net.jini.jeri.ssl.SslEndpointImpl
connect
      [java] FINE: choose connection for CallContext[
      [java]   SslEndpoint[fe80:0:0:0:51ce:d94d:bec3:8246%11:26164]
      [java]   clientSubject=Subject@ba373c
      [java]   clientAuthRequired=false
      [java]   clientPrincipals=[CN=Tester]
      [java]   serverPrincipals=[CN=Reggie]
      [java]   cipherSuites=[TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384,
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256,
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA]
      [java]   integrity=required
      [java] ]
      [java] with active []
      [java] and idle []
      [java] returns null
      [java] Mar 31, 2018 3:15:24 PM net.jini.jeri.ssl.Utilities
getClientSSLContextInfo
      [java] FINEST: get client SSL context for CallContext[
      [java]   SslEndpoint[fe80:0:0:0:51ce:d94d:bec3:8246%11:26164]
      [java]   clientSubject=Subject@ba373c
      [java]   clientAuthRequired=false
      [java]   clientPrincipals=[CN=Tester]
      [java]   serverPrincipals=[CN=Reggie]
      [java]   cipherSuites=[TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384,
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256,
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA]
      [java]   integrity=required
      [java] ]
      [java] returns new javax.net.ssl.SSLContext@bbacfc
      [java] NonActGrp-out: Mar 31, 2018 3:15:27 PM
org.bouncycastle.jsse.provider.ProvTrustManagerFactorySpi engineInit
      [java] NonActGrp-out: INFO: Initialized with trust store at path:
harness\trust\truststore
      [java] NonActGrp-out: Mar 31, 2018 3:15:27 PM
net.jini.jeri.ssl.Utilities getServerSSLContextInfo
      [java] NonActGrp-out: FINEST: get server SSL context for
Subject@12f73cf{
      [java] NonActGrp-out:   Principal: CN=Reggie
      [java] NonActGrp-out:     Public key: DSAPublicKeyImpl@ed24c1
      [java] NonActGrp-out:     Private key: DSAPrivateKey@68bdd3}
      [java] NonActGrp-out: and principals [CN=Reggie]
      [java] NonActGrp-out: returns new javax.net.ssl.SSLContext@1d65133
      [java] NonActGrp-out: Mar 31, 2018 3:15:28 PM
net.jini.jeri.ssl.Utilities getServerSSLContextInfo
      [java] NonActGrp-out: FINEST: get server SSL context for null subject
      [java] NonActGrp-out: and principals null
      [java] NonActGrp-out: returns new javax.net.ssl.SSLContext@1e16d7d
      [java] NonActGrp-out: Mar 31, 2018 3:15:29 PM
net.jini.jeri.ssl.ServerAuthManager chooseServerAlias
      [java] NonActGrp-out: FINE: choose server alias for key type EC
      [java] NonActGrp-out: issuers null
      [java] NonActGrp-out: returns null
      [java] NonActGrp-out: Mar 31, 2018 3:15:29 PM
net.jini.jeri.ssl.ServerAuthManager chooseServerAlias
      [java] NonActGrp-out: FINE: choose server alias for key type RSA
      [java] NonActGrp-out: issuers null
      [java] NonActGrp-out: returns null
      [java] NonActGrp-out: Mar 31, 2018 3:15:29 PM
net.jini.jeri.ssl.ServerAuthManager chooseServerAlias
      [java] NonActGrp-out: FINE: choose server alias for key type RSA
      [java] NonActGrp-out: issuers null
      [java] NonActGrp-out: returns null
      [java] NonActGrp-out: Mar 31, 2018 3:15:29 PM
net.jini.jeri.ssl.ServerAuthManager chooseServerAlias
      [java] NonActGrp-out: FINE: choose server alias for key type RSA
      [java] NonActGrp-out: issuers null
      [java] NonActGrp-out: returns null
      [java] NonActGrp-out: Mar 31, 2018 3:15:29 PM
net.jini.jeri.ssl.ServerAuthManager chooseServerAlias
      [java] NonActGrp-out: FINE: choose server alias for key type DSA
      [java] NonActGrp-out: issuers null
      [java] NonActGrp-out: returns 679ebd39@cn=reggie
      [java] Mar 31, 2018 3:15:29 PM
net.jini.jeri.ssl.FilterX509TrustManager checkServerTrusted
      [java] FINE: check server trusted succeeds for auth type DHE_DSS
      [java] chain [  [0]         Version: 3
      [java]          SerialNumber: 1738456377
      [java]              IssuerDN: CN=Reggie
      [java]            Start Date: Sat Mar 24 20:04:58 AEST 2018
      [java]            Final Date: Sun Feb 26 20:04:58 AEST 2023
      [java]             SubjectDN: CN=Reggie
      [java]            Public Key: DSA Public Key
[bd:0f:ea:1f:b2:3c:88:ff:97:a3:45:45:72:2d:cb:9e:24:e8:d5:b9]
      [java]             y:
1e9d61a7656dbffe8ccbc55c4de07549d73a4fd7c4b7ac90e834257542d86acb66c19d899ff52b59e27e3eedd72da843984d896ef9edbbc21d9c4a7f0e6ccbb72aa5d347062993b03215aee280f1b0b63e2157612062b63d7bed60dc5d1bb147830404b5e0429f3bf999a8e07be37df1657dfc1b315948ca04b391e7af3872a4
      [java]
      [java]   Signature Algorithm: DSA
      [java]             Signature: 302c021441493e087b685704f94631638f3b8995
      [java]                        a853282b02140c8aab91629570dc59dd2195277f
      [java]                        eeccc7ad4edd
      [java]        Extensions:
      [java]                        critical(false) 2.5.29.14 value =
DER Octet String[20]
      [java]
      [java] ]
      [java] Mar 31, 2018 3:15:29 PM net.jini.jeri.ssl.ClientAuthManager
chooseClientAlias
      [java] FINE: choose client alias for key types [RSA, DSA, EC]
      [java] and issuers [CN=JCE Code Signing CA, OU=Java Software Code
Signing, O=Oracle Corporation, CN=Tester, CN=Mahalo, CN=Phoenix, CN=JCE
Code Signing CA, OU=Java Software Code Signing, O=Sun Microsystems Inc,
L=Palo Alto, ST=CA, C=US, CN=Legion of the Bouncy Castle Inc., OU=Java
Software Code Signing, O=Sun Microsystems Inc, CN=Group, CN=Outrigger,
CN=Mercury, CN=Oracle Corporation, OU=Java Software Code Signing, O=Sun
Microsystems Inc, CN=Legion of the Bouncy Castle Inc., OU=Java Software
Code Signing, O=Oracle Corporation, CN=Reggie, CN=Fiddler, CN=Norm]
      [java] returns 4fc4fa7b@cn=tester
      [java] NonActGrp-out: Mar 31, 2018 3:15:30 PM
net.jini.jeri.ssl.FilterX509TrustManager checkClientTrusted
      [java] NonActGrp-out: FINE: check client trusted succeeds for auth
type DSA
      [java] NonActGrp-out: chain [  [0]         Version: 3
      [java] NonActGrp-out:          SerialNumber: 1338309243
      [java] NonActGrp-out:              IssuerDN: CN=Tester
      [java] NonActGrp-out:            Start Date: Sat Mar 24 20:04:57
AEST 2018
      [java] NonActGrp-out:            Final Date: Sun Feb 26 20:04:57
AEST 2023
      [java] NonActGrp-out:             SubjectDN: CN=Tester
      [java] NonActGrp-out:            Public Key: DSA Public Key
[e3:8e:8d:4f:c8:36:f9:aa:25:40:51:88:e4:fb:56:f1:28:d5:39:5c]
      [java] NonActGrp-out:             y:
8fa93b32a61d78e5486dfec839fefbdcff933ee463f5fc66bdbe4b69168fa06736f480d828c53bcf0ae9af731f9d91eb5d0073ffc7989c0fff18ea8e9672738a93eb6953a1de01280bab80b20660513415f86c6650d2b67c367451426d3e3e642a8c55f2b4f473d0ba06a0842feaecbfda562002aab8b4367f08c980fa3575ef
      [java] NonActGrp-out:
      [java] NonActGrp-out:   Signature Algorithm: DSA
      [java] NonActGrp-out:             Signature:
302c02146f95e93d1b25e6f09614bab54dc20584
      [java] NonActGrp-out:                        
80ba4d4202146d79fadb8911ddab24089ff65735
      [java] NonActGrp-out:                        b3aea7620c7a
      [java] NonActGrp-out:        Extensions:
      [java] NonActGrp-out:                        critical(false)
2.5.29.14 value = DER Octet String[20]
      [java] NonActGrp-out:
      [java] NonActGrp-out: ]


Reply | Threaded
Open this post in threaded view
|

RE: Handshake Failure

Eckenfels. Bernd
Sounds like your TLS server can’t map the (I’ll formed?) IPv6 endpoint to a server alias/key.

--
http://www.seeburger.com
________________________________________
From: Peter Firmstone [[hidden email]]
Sent: Saturday, March 31, 2018 12:31
To: [hidden email]
Subject: [dev-crypto] Handshake Failure

Any advice on how to get the Bouncy Castle JSSE provider working as a
drop in replacement for SunJsse?

I'm getting handshake error 40 with the BC JSSE Provider, any ideas?

Thanks,

Peter.

See below for logging output for both BC and Sun providers.


BouncyCastleJsseProvider

      [java] Mar 31, 2018 3:09:17 PM net.jini.jeri.ssl.SslEndpointImpl
connect
      [java] FINE: choose connection for CallContext[
      [java]   SslEndpoint[fe80:0:0:0:51ce:d94d:bec3:8246%11:26144]
      [java]   clientSubject=Subject@1cfa1
      [java]   clientAuthRequired=false
      [java]   clientPrincipals=[CN=Tester]
      [java]   serverPrincipals=[CN=Reggie]
      [java]   cipherSuites=[TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256,
TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]
      [java]   integrity=required
      [java] ]
      [java] with active []
      [java] and idle []
      [java] returns null
      [java] Mar 31, 2018 3:09:17 PM net.jini.jeri.ssl.Utilities
getClientSSLContextInfo
      [java] FINEST: get client SSL context for CallContext[
      [java]   SslEndpoint[fe80:0:0:0:51ce:d94d:bec3:8246%11:26144]
      [java]   clientSubject=Subject@1cfa1
      [java]   clientAuthRequired=false
      [java]   clientPrincipals=[CN=Tester]
      [java]   serverPrincipals=[CN=Reggie]
      [java]   cipherSuites=[TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256,
TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]
      [java]   integrity=required
      [java] ]
      [java] returns new javax.net.ssl.SSLContext@1b45c0e
      [java] NonActGrp-out: Mar 31, 2018 3:09:17 PM
org.bouncycastle.jsse.provider.ProvTrustManagerFactorySpi engineInit
      [java] NonActGrp-out: INFO: Initialized with trust store at path:
harness\trust\truststore
      [java] NonActGrp-out: Mar 31, 2018 3:09:17 PM
net.jini.jeri.ssl.Utilities getServerSSLContextInfo
      [java] NonActGrp-out: FINEST: get server SSL context for
Subject@165a262{
      [java] NonActGrp-out:   Principal: CN=Reggie
      [java] NonActGrp-out:     Public key: DSAPublicKeyImpl@519baa
      [java] NonActGrp-out:     Private key: DSAPrivateKey@1f1dc39}
      [java] NonActGrp-out: and principals [CN=Reggie]
      [java] NonActGrp-out: returns new javax.net.ssl.SSLContext@11b84e6
      [java] NonActGrp-out: Mar 31, 2018 3:09:17 PM
net.jini.jeri.ssl.Utilities getServerSSLContextInfo
      [java] NonActGrp-out: FINEST: get server SSL context for null subject
      [java] NonActGrp-out: and principals null
      [java] NonActGrp-out: returns new javax.net.ssl.SSLContext@1e8366
      [java] NonActGrp-out: Mar 31, 2018 3:09:22 PM
net.jini.jeri.ssl.ServerAuthManager chooseServerAlias
      [java] NonActGrp-out: FINE: choose server alias for key type DHE_DSS
      [java] NonActGrp-out: issuers null
      [java] NonActGrp-out: returns null
      [java] NonActGrp-out: Mar 31, 2018 3:09:22 PM
net.jini.jeri.ssl.ServerAuthManager chooseServerAlias
      [java] NonActGrp-out: FINE: choose server alias for key type DHE_RSA
      [java] NonActGrp-out: issuers null
      [java] NonActGrp-out: returns null
      [java] NonActGrp-out: Mar 31, 2018 3:09:22 PM
net.jini.jeri.ssl.ServerAuthManager chooseServerAlias
      [java] NonActGrp-out: FINE: choose server alias for key type RSA
      [java] NonActGrp-out: issuers null
      [java] NonActGrp-out: returns null
      [java] NonActGrp-out: Mar 31, 2018 3:09:22 PM
net.jini.jeri.ssl.ServerAuthManager chooseServerAlias
      [java] NonActGrp-out: FINE: choose server alias for key type
ECDHE_ECDSA
      [java] NonActGrp-out: issuers null
      [java] NonActGrp-out: returns null
      [java] NonActGrp-out: Mar 31, 2018 3:09:22 PM
net.jini.jeri.ssl.ServerAuthManager chooseServerAlias
      [java] NonActGrp-out: FINE: choose server alias for key type ECDHE_RSA
      [java] NonActGrp-out: issuers null
      [java] NonActGrp-out: returns null
      [java] NonActGrp-out: Mar 31, 2018 3:09:22 PM
org.bouncycastle.jsse.provider.ProvTlsServer notifyAlertRaised
      [java] NonActGrp-out: INFO: Server raised fatal(2)
handshake_failure(40) alert: Failed to read record
      [java] NonActGrp-out: org.bouncycastle.tls.TlsFatalAlert:
handshake_failure(40)
      [java] NonActGrp-out:     at
org.bouncycastle.tls.AbstractTlsServer.getSelectedCipherSuite(Unknown
Source)
      [java] NonActGrp-out:     at
org.bouncycastle.jsse.provider.ProvTlsServer.getSelectedCipherSuite(Unknown
Source)
      [java] NonActGrp-out:     at
org.bouncycastle.tls.TlsServerProtocol.sendServerHelloMessage(Unknown
Source)
      [java] NonActGrp-out:     at
org.bouncycastle.tls.TlsServerProtocol.handleHandshakeMessage(Unknown
Source)
      [java] NonActGrp-out:     at
org.bouncycastle.tls.TlsProtocol.processHandshakeQueue(Unknown Source)
      [java] NonActGrp-out:     at
org.bouncycastle.tls.TlsProtocol.processRecord(Unknown Source)
      [java] NonActGrp-out:     at
org.bouncycastle.tls.RecordStream.readRecord(Unknown Source)
      [java] NonActGrp-out:     at
org.bouncycastle.tls.TlsProtocol.safeReadRecord(Unknown Source)
      [java] NonActGrp-out:     at
org.bouncycastle.tls.TlsProtocol.blockForHandshake(Unknown Source)
      [java] NonActGrp-out:     at
org.bouncycastle.tls.TlsServerProtocol.accept(Unknown Source)
      [java] NonActGrp-out:     at
org.bouncycastle.jsse.provider.ProvSSLSocketWrap.startHandshake(Unknown
Source)
      [java] NonActGrp-out:     at
org.bouncycastle.jsse.provider.ProvSSLSocketWrap.handshakeIfNecessary(Unknown
Source)
      [java] NonActGrp-out:     at
org.bouncycastle.jsse.provider.ProvSSLSocketWrap.getConnection(Unknown
Source)
      [java] NonActGrp-out:     at
org.bouncycastle.jsse.provider.ProvSSLSocketWrap.getSession(Unknown Source)
      [java] NonActGrp-out:     at
net.jini.jeri.ssl.SslServerEndpointImpl$SslServerConnection.<init>(SslServerEndpointImpl.java:1189)
      [java] NonActGrp-out:     at
net.jini.jeri.ssl.SslServerEndpointImpl$SslListenHandle.serverConnection(SslServerEndpointImpl.java:1050)
      [java] NonActGrp-out:     at
net.jini.jeri.ssl.SslServerEndpointImpl$SslListenHandle.acceptLoop(SslServerEndpointImpl.java:920)
      [java] NonActGrp-out:     at
net.jini.jeri.ssl.SslServerEndpointImpl$SslListenHandle$1.run(SslServerEndpointImpl.java:890)
      [java] NonActGrp-out:     at
org.apache.river.thread.ThreadPool$Task.run(ThreadPool.java:172)
      [java] NonActGrp-out:     at
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
      [java] NonActGrp-out:     at
java.util.concurrent.FutureTask.run(FutureTask.java:266)
      [java] NonActGrp-out:     at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
      [java] NonActGrp-out:     at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
      [java] NonActGrp-out:     at java.lang.Thread.run(Thread.java:748)
      [java] NonActGrp-out:
      [java] NonActGrp-out: Mar 31, 2018 3:09:22 PM
net.jini.jeri.ssl.SslServerEndpointImpl$SslListenHandle acceptLoop
      [java] NonActGrp-out: INFO: accepting connection on
SslListenHandle[null:26144] throws
      [java] NonActGrp-out: java.lang.NullPointerException
      [java] NonActGrp-out:     at
net.jini.jeri.ssl.Utilities.getKeyExchangeAlgorithm(Utilities.java:920)
      [java] NonActGrp-out:     at
net.jini.jeri.ssl.SslServerEndpointImpl$SslServerConnection.<init>(SslServerEndpointImpl.java:1192)
      [java] NonActGrp-out:     at
net.jini.jeri.ssl.SslServerEndpointImpl$SslListenHandle.serverConnection(SslServerEndpointImpl.java:1050)
      [java] NonActGrp-out:     at
net.jini.jeri.ssl.SslServerEndpointImpl$SslListenHandle.acceptLoop(SslServerEndpointImpl.java:920)
      [java] NonActGrp-out:     at
net.jini.jeri.ssl.SslServerEndpointImpl$SslListenHandle$1.run(SslServerEndpointImpl.java:890)
      [java] NonActGrp-out:     at
org.apache.river.thread.ThreadPool$Task.run(ThreadPool.java:172)
      [java] NonActGrp-out:     at
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
      [java] NonActGrp-out:     at
java.util.concurrent.FutureTask.run(FutureTask.java:266)
      [java] NonActGrp-out:     at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
      [java] NonActGrp-out:     at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
      [java] NonActGrp-out:     at java.lang.Thread.run(Thread.java:748)
      [java] NonActGrp-out:
      [java] Mar 31, 2018 3:09:22 PM
org.bouncycastle.jsse.provider.ProvTlsClient notifyAlertReceived
      [java] INFO: Client received fatal(2) handshake_failure(40) alert
      [java] Mar 31, 2018 3:09:22 PM net.jini.jeri.ssl.SslConnection
establishCallContext
      [java] FAILED: new connection for CallContext[
      [java]   SslEndpoint[fe80:0:0:0:51ce:d94d:bec3:8246%11:26144]
      [java]   clientSubject=Subject@1cfa1
      [java]   clientAuthRequired=false
      [java]   clientPrincipals=[CN=Tester]
      [java]   serverPrincipals=[CN=Reggie]
      [java]   cipherSuites=[TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256,
TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]
      [java]   integrity=required
      [java] ]
      [java] throws
      [java] org.bouncycastle.tls.TlsFatalAlertReceived:
handshake_failure(40)
      [java]     at
org.bouncycastle.tls.TlsProtocol.handleAlertMessage(Unknown Source)
      [java]     at
org.bouncycastle.tls.TlsProtocol.processAlertQueue(Unknown Source)
      [java]     at
org.bouncycastle.tls.TlsProtocol.processRecord(Unknown Source)
      [java]     at org.bouncycastle.tls.RecordStream.readRecord(Unknown
Source)
      [java]     at
org.bouncycastle.tls.TlsProtocol.safeReadRecord(Unknown Source)
      [java]     at
org.bouncycastle.tls.TlsProtocol.blockForHandshake(Unknown Source)
      [java]     at
org.bouncycastle.tls.TlsClientProtocol.connect(Unknown Source)
      [java]     at
org.bouncycastle.jsse.provider.ProvSSLSocketWrap.startHandshake(Unknown
Source)
      [java]     at
net.jini.jeri.ssl.SslConnection.establishSuites(SslConnection.java:251)
      [java]     at
net.jini.jeri.ssl.SslConnection.establishNewSocket(SslConnection.java:240)
      [java]     at
net.jini.jeri.ssl.SslConnection.establishCallContext(SslConnection.java:155)
      [java]     at
net.jini.jeri.ssl.SslEndpointImpl.connect(SslEndpointImpl.java:867)
      [java]     at
net.jini.jeri.connection.ConnectionManager.connect(ConnectionManager.java:236)
      [java]     at
net.jini.jeri.connection.ConnectionManager$ReqIterator.next(ConnectionManager.java:720)
      [java]     at
net.jini.jeri.BasicObjectEndpoint$1.next(BasicObjectEndpoint.java:429)
      [java]     at
net.jini.jeri.BasicInvocationHandler.invokeRemoteMethodOnce(BasicInvocationHandler.java:749)
      [java]     at
net.jini.jeri.BasicInvocationHandler.invokeRemoteMethod(BasicInvocationHandler.java:702)
      [java]     at
net.jini.jeri.BasicInvocationHandler.invoke(BasicInvocationHandler.java:571)
      [java]     at com.sun.proxy.$Proxy3.getAdmin(Unknown Source)
      [java]     at
org.apache.river.reggie.proxy.RegistrarProxy.getAdmin(RegistrarProxy.java:133)
      [java]     at
org.apache.river.test.spec.lookupservice.QATestRegistrar.construct(QATestRegistrar.java:461)
      [java]     at
org.apache.river.test.spec.lookupservice.test_set01.NotifyOnComboAttrAddNonNull.construct(NotifyOnComboAttrAddNonNull.java:171)
      [java]     at
org.apache.river.qa.harness.MasterTest.doTest(MasterTest.java:228)
      [java]     at
org.apache.river.qa.harness.MasterTest.access$000(MasterTest.java:48)
      [java]     at
org.apache.river.qa.harness.MasterTest$1.run(MasterTest.java:174)
      [java]     at java.security.AccessController.doPrivileged(Native
Method)
      [java]     at
javax.security.auth.Subject.doAsPrivileged(Subject.java:483)
      [java]     at
org.apache.river.qa.harness.MasterTest.doTestWithLogin(MasterTest.java:171)
      [java]     at
org.apache.river.qa.harness.MasterTest.main(MasterTest.java:150)
      [java]
      [java] java.rmi.ConnectIOException: I/O exception connecting to
BasicObjectEndpoint[b1a1c1c8-5a64-4f9e-8087-9e171bc53575,SslEndpoint[fe80:0:0:0:51ce:d94d:bec3:8246%11:26144]];
nested exception is:
      [java]     org.bouncycastle.tls.TlsFatalAlertReceived:
handshake_failure(40)
      [java]     at
net.jini.jeri.BasicInvocationHandler.wrapSafeIOException(BasicInvocationHandler.java:949)
      [java]     at
net.jini.jeri.BasicInvocationHandler.invokeRemoteMethodOnce(BasicInvocationHandler.java:752)
      [java]     at
net.jini.jeri.BasicInvocationHandler.invokeRemoteMethod(BasicInvocationHandler.java:702)
      [java]     at
net.jini.jeri.BasicInvocationHandler.invoke(BasicInvocationHandler.java:571)
      [java]     at com.sun.proxy.$Proxy3.getAdmin(Unknown Source)
      [java]     at
org.apache.river.reggie.proxy.RegistrarProxy.getAdmin(RegistrarProxy.java:133)
      [java]     at
org.apache.river.test.spec.lookupservice.QATestRegistrar.construct(QATestRegistrar.java:461)
      [java]     at
org.apache.river.test.spec.lookupservice.test_set01.NotifyOnComboAttrAddNonNull.construct(NotifyOnComboAttrAddNonNull.java:171)
      [java]     at
org.apache.river.qa.harness.MasterTest.doTest(MasterTest.java:228)
      [java]     at
org.apache.river.qa.harness.MasterTest.access$000(MasterTest.java:48)
      [java]     at
org.apache.river.qa.harness.MasterTest$1.run(MasterTest.java:174)
      [java]     at java.security.AccessController.doPrivileged(Native
Method)
      [java]     at
javax.security.auth.Subject.doAsPrivileged(Subject.java:483)
      [java]     at
org.apache.river.qa.harness.MasterTest.doTestWithLogin(MasterTest.java:171)
      [java]     at
org.apache.river.qa.harness.MasterTest.main(MasterTest.java:150)
      [java] Caused by: org.bouncycastle.tls.TlsFatalAlertReceived:
handshake_failure(40)
      [java]     at
org.bouncycastle.tls.TlsProtocol.handleAlertMessage(Unknown Source)
      [java]     at
org.bouncycastle.tls.TlsProtocol.processAlertQueue(Unknown Source)
      [java]     at
org.bouncycastle.tls.TlsProtocol.processRecord(Unknown Source)
      [java]     at org.bouncycastle.tls.RecordStream.readRecord(Unknown
Source)
      [java]     at
org.bouncycastle.tls.TlsProtocol.safeReadRecord(Unknown Source)
      [java]     at
org.bouncycastle.tls.TlsProtocol.blockForHandshake(Unknown Source)
      [java]     at
org.bouncycastle.tls.TlsClientProtocol.connect(Unknown Source)
      [java]     at
org.bouncycastle.jsse.provider.ProvSSLSocketWrap.startHandshake(Unknown
Source)
      [java]     at
net.jini.jeri.ssl.SslConnection.establishSuites(SslConnection.java:251)
      [java]     at
net.jini.jeri.ssl.SslConnection.establishNewSocket(SslConnection.java:240)
      [java]     at
net.jini.jeri.ssl.SslConnection.establishCallContext(SslConnection.java:155)
      [java]     at
net.jini.jeri.ssl.SslEndpointImpl.connect(SslEndpointImpl.java:867)
      [java]     at
net.jini.jeri.connection.ConnectionManager.connect(ConnectionManager.java:236)
      [java]     at
net.jini.jeri.connection.ConnectionManager$ReqIterator.next(ConnectionManager.java:720)
      [java]     at
net.jini.jeri.BasicObjectEndpoint$1.next(BasicObjectEndpoint.java:429)
      [java]     at
net.jini.jeri.BasicInvocationHandler.invokeRemoteMethodOnce(BasicInvocationHandler.java:749)
      [java]     ... 13 more




SunJSSE Provider:

      [java] Mar 31, 2018 3:15:24 PM net.jini.jeri.ssl.SslEndpointImpl
getCallContext
      [java] FINE: new request for
SslEndpoint[fe80:0:0:0:51ce:d94d:bec3:8246%11:26164]
      [java] with InvocationConstraints[reqs: {Integrity.YES,
ServerAuthentication.YES, ServerMinPrincipal{CN=Reggie}}, prefs: {}]
      [java] and Subject@ba373c{
      [java]   Principal: CN=Tester
      [java]     Public key: DSAPublicKeyImpl@7a014e
      [java]     Private key: DSAPrivateKey@f46fa6}
      [java] returns CallContext[
      [java]   SslEndpoint[fe80:0:0:0:51ce:d94d:bec3:8246%11:26164]
      [java]   clientSubject=Subject@ba373c
      [java]   clientAuthRequired=false
      [java]   clientPrincipals=[CN=Tester]
      [java]   serverPrincipals=[CN=Reggie]
      [java]   cipherSuites=[TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384,
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256,
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA]
      [java]   integrity=required
      [java] ]
      [java] Mar 31, 2018 3:15:24 PM net.jini.jeri.ssl.SslEndpointImpl
connect
      [java] FINE: choose connection for CallContext[
      [java]   SslEndpoint[fe80:0:0:0:51ce:d94d:bec3:8246%11:26164]
      [java]   clientSubject=Subject@ba373c
      [java]   clientAuthRequired=false
      [java]   clientPrincipals=[CN=Tester]
      [java]   serverPrincipals=[CN=Reggie]
      [java]   cipherSuites=[TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384,
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256,
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA]
      [java]   integrity=required
      [java] ]
      [java] with active []
      [java] and idle []
      [java] returns null
      [java] Mar 31, 2018 3:15:24 PM net.jini.jeri.ssl.Utilities
getClientSSLContextInfo
      [java] FINEST: get client SSL context for CallContext[
      [java]   SslEndpoint[fe80:0:0:0:51ce:d94d:bec3:8246%11:26164]
      [java]   clientSubject=Subject@ba373c
      [java]   clientAuthRequired=false
      [java]   clientPrincipals=[CN=Tester]
      [java]   serverPrincipals=[CN=Reggie]
      [java]   cipherSuites=[TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384,
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256,
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA]
      [java]   integrity=required
      [java] ]
      [java] returns new javax.net.ssl.SSLContext@bbacfc
      [java] NonActGrp-out: Mar 31, 2018 3:15:27 PM
org.bouncycastle.jsse.provider.ProvTrustManagerFactorySpi engineInit
      [java] NonActGrp-out: INFO: Initialized with trust store at path:
harness\trust\truststore
      [java] NonActGrp-out: Mar 31, 2018 3:15:27 PM
net.jini.jeri.ssl.Utilities getServerSSLContextInfo
      [java] NonActGrp-out: FINEST: get server SSL context for
Subject@12f73cf{
      [java] NonActGrp-out:   Principal: CN=Reggie
      [java] NonActGrp-out:     Public key: DSAPublicKeyImpl@ed24c1
      [java] NonActGrp-out:     Private key: DSAPrivateKey@68bdd3}
      [java] NonActGrp-out: and principals [CN=Reggie]
      [java] NonActGrp-out: returns new javax.net.ssl.SSLContext@1d65133
      [java] NonActGrp-out: Mar 31, 2018 3:15:28 PM
net.jini.jeri.ssl.Utilities getServerSSLContextInfo
      [java] NonActGrp-out: FINEST: get server SSL context for null subject
      [java] NonActGrp-out: and principals null
      [java] NonActGrp-out: returns new javax.net.ssl.SSLContext@1e16d7d
      [java] NonActGrp-out: Mar 31, 2018 3:15:29 PM
net.jini.jeri.ssl.ServerAuthManager chooseServerAlias
      [java] NonActGrp-out: FINE: choose server alias for key type EC
      [java] NonActGrp-out: issuers null
      [java] NonActGrp-out: returns null
      [java] NonActGrp-out: Mar 31, 2018 3:15:29 PM
net.jini.jeri.ssl.ServerAuthManager chooseServerAlias
      [java] NonActGrp-out: FINE: choose server alias for key type RSA
      [java] NonActGrp-out: issuers null
      [java] NonActGrp-out: returns null
      [java] NonActGrp-out: Mar 31, 2018 3:15:29 PM
net.jini.jeri.ssl.ServerAuthManager chooseServerAlias
      [java] NonActGrp-out: FINE: choose server alias for key type RSA
      [java] NonActGrp-out: issuers null
      [java] NonActGrp-out: returns null
      [java] NonActGrp-out: Mar 31, 2018 3:15:29 PM
net.jini.jeri.ssl.ServerAuthManager chooseServerAlias
      [java] NonActGrp-out: FINE: choose server alias for key type RSA
      [java] NonActGrp-out: issuers null
      [java] NonActGrp-out: returns null
      [java] NonActGrp-out: Mar 31, 2018 3:15:29 PM
net.jini.jeri.ssl.ServerAuthManager chooseServerAlias
      [java] NonActGrp-out: FINE: choose server alias for key type DSA
      [java] NonActGrp-out: issuers null
      [java] NonActGrp-out: returns 679ebd39@cn=reggie
      [java] Mar 31, 2018 3:15:29 PM
net.jini.jeri.ssl.FilterX509TrustManager checkServerTrusted
      [java] FINE: check server trusted succeeds for auth type DHE_DSS
      [java] chain [  [0]         Version: 3
      [java]          SerialNumber: 1738456377
      [java]              IssuerDN: CN=Reggie
      [java]            Start Date: Sat Mar 24 20:04:58 AEST 2018
      [java]            Final Date: Sun Feb 26 20:04:58 AEST 2023
      [java]             SubjectDN: CN=Reggie
      [java]            Public Key: DSA Public Key
[bd:0f:ea:1f:b2:3c:88:ff:97:a3:45:45:72:2d:cb:9e:24:e8:d5:b9]
      [java]             y:
1e9d61a7656dbffe8ccbc55c4de07549d73a4fd7c4b7ac90e834257542d86acb66c19d899ff52b59e27e3eedd72da843984d896ef9edbbc21d9c4a7f0e6ccbb72aa5d347062993b03215aee280f1b0b63e2157612062b63d7bed60dc5d1bb147830404b5e0429f3bf999a8e07be37df1657dfc1b315948ca04b391e7af3872a4
      [java]
      [java]   Signature Algorithm: DSA
      [java]             Signature: 302c021441493e087b685704f94631638f3b8995
      [java]                        a853282b02140c8aab91629570dc59dd2195277f
      [java]                        eeccc7ad4edd
      [java]        Extensions:
      [java]                        critical(false) 2.5.29.14 value =
DER Octet String[20]
      [java]
      [java] ]
      [java] Mar 31, 2018 3:15:29 PM net.jini.jeri.ssl.ClientAuthManager
chooseClientAlias
      [java] FINE: choose client alias for key types [RSA, DSA, EC]
      [java] and issuers [CN=JCE Code Signing CA, OU=Java Software Code
Signing, O=Oracle Corporation, CN=Tester, CN=Mahalo, CN=Phoenix, CN=JCE
Code Signing CA, OU=Java Software Code Signing, O=Sun Microsystems Inc,
L=Palo Alto, ST=CA, C=US, CN=Legion of the Bouncy Castle Inc., OU=Java
Software Code Signing, O=Sun Microsystems Inc, CN=Group, CN=Outrigger,
CN=Mercury, CN=Oracle Corporation, OU=Java Software Code Signing, O=Sun
Microsystems Inc, CN=Legion of the Bouncy Castle Inc., OU=Java Software
Code Signing, O=Oracle Corporation, CN=Reggie, CN=Fiddler, CN=Norm]
      [java] returns 4fc4fa7b@cn=tester
      [java] NonActGrp-out: Mar 31, 2018 3:15:30 PM
net.jini.jeri.ssl.FilterX509TrustManager checkClientTrusted
      [java] NonActGrp-out: FINE: check client trusted succeeds for auth
type DSA
      [java] NonActGrp-out: chain [  [0]         Version: 3
      [java] NonActGrp-out:          SerialNumber: 1338309243
      [java] NonActGrp-out:              IssuerDN: CN=Tester
      [java] NonActGrp-out:            Start Date: Sat Mar 24 20:04:57
AEST 2018
      [java] NonActGrp-out:            Final Date: Sun Feb 26 20:04:57
AEST 2023
      [java] NonActGrp-out:             SubjectDN: CN=Tester
      [java] NonActGrp-out:            Public Key: DSA Public Key
[e3:8e:8d:4f:c8:36:f9:aa:25:40:51:88:e4:fb:56:f1:28:d5:39:5c]
      [java] NonActGrp-out:             y:
8fa93b32a61d78e5486dfec839fefbdcff933ee463f5fc66bdbe4b69168fa06736f480d828c53bcf0ae9af731f9d91eb5d0073ffc7989c0fff18ea8e9672738a93eb6953a1de01280bab80b20660513415f86c6650d2b67c367451426d3e3e642a8c55f2b4f473d0ba06a0842feaecbfda562002aab8b4367f08c980fa3575ef
      [java] NonActGrp-out:
      [java] NonActGrp-out:   Signature Algorithm: DSA
      [java] NonActGrp-out:             Signature:
302c02146f95e93d1b25e6f09614bab54dc20584
      [java] NonActGrp-out:
80ba4d4202146d79fadb8911ddab24089ff65735
      [java] NonActGrp-out:                        b3aea7620c7a
      [java] NonActGrp-out:        Extensions:
      [java] NonActGrp-out:                        critical(false)
2.5.29.14 value = DER Octet String[20]
      [java] NonActGrp-out:
      [java] NonActGrp-out: ]










SEEBURGER AG            Vorstand/SEEBURGER Executive Board:
Sitz der Gesellschaft/Registered Office:                Axel Haas, Michael Kleeberg, Friedemann Heinz, Dr. Martin Kuntz, Matthias Feßenbecker
Edisonstr. 1
D-75015 Bretten         Vorsitzende des Aufsichtsrats/Chairperson of the SEEBURGER Supervisory Board:
Tel.: 07252 / 96 - 0            Prof. Dr. Simone Zeuchner
Fax: 07252 / 96 - 2222
Internet: http://www.seeburger.de               Registergericht/Commercial Register:
e-mail: [hidden email]               HRB 240708 Mannheim


Dieses E-Mail ist nur für den Empfänger bestimmt, an den es gerichtet ist und kann vertrauliches bzw. unter das Berufsgeheimnis fallendes Material enthalten. Jegliche darin enthaltene Ansicht oder Meinungsäußerung ist die des Autors und stellt nicht notwendigerweise die Ansicht oder Meinung der SEEBURGER AG dar. Sind Sie nicht der Empfänger, so haben Sie diese E-Mail irrtümlich erhalten und jegliche Verwendung, Veröffentlichung, Weiterleitung, Abschrift oder jeglicher Druck dieser E-Mail ist strengstens untersagt. Weder die SEEBURGER AG noch der Absender (Eckenfels. Bernd) übernehmen die Haftung für Viren; es obliegt Ihrer Verantwortung, die E-Mail und deren Anhänge auf Viren zu prüfen.


This email is intended only for the recipient(s) to whom it is addressed. This email may contain confidential material that may be protected by professional secrecy. Any fact or opinion contained, or expression of the material herein, does not necessarily reflect that of SEEBURGER AG. If you are not the addressee or if you have received this email in error, any use, publication or distribution including forwarding, copying or printing is strictly prohibited. Neither SEEBURGER AG, nor the sender (Eckenfels. Bernd) accept liability for viruses; it is your responsibility to check this email and its attachments for viruses.

Reply | Threaded
Open this post in threaded view
|

Re: Handshake Failure

Peter Firmstone
Hmm,

Doesn't work for IPv4 either is get the same handshake failure 40?

I checked the IPv6 address string, I'm not sure why the IPv6 address is
appended with "%11:26164" in the log, that's investigation for another day.

I tried using the BC provider on the client and the Sun provider on the
server, in which case I get insufficient security 71.

So not sure what's going on here, it's working fine with the Sun
provider, I suspect it's got something to do with the requested
ciphers.  Will keep trying / testing and report back if I have success.

Thanks, Peter.

This is the IPv4 output:

      [java] Apr 01, 2018 10:11:43 AM net.jini.jeri.ssl.SslEndpointImpl
connect
      [java] FINE: choose connection for CallContext[
      [java]   SslEndpoint[10.1.1.97:26946]
      [java]   clientSubject=Subject@94b84d
      [java]   clientAuthRequired=false
      [java]   clientPrincipals=[CN=Tester]
      [java]   serverPrincipals=[CN=Reggie]
      [java]   cipherSuites=[TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_256_
CBC_SHA, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
  TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WI
TH_3DES_EDE_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256,
TLS_RSA_WITH_AES_128_GCM_SHA256,
TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_
AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
TLS_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA2
56, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_EC
DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES
_256_GCM_SHA384]
      [java]   integrity=required
      [java] ]
      [java] with active []
      [java] and idle []
      [java] returns null
      [java] Apr 01, 2018 10:11:43 AM net.jini.jeri.ssl.Utilities
getClientSSLContextInfo
      [java] FINEST: get client SSL context for CallContext[
      [java]   SslEndpoint[10.1.1.97:26946]
      [java]   clientSubject=Subject@94b84d
      [java]   clientAuthRequired=false
      [java]   clientPrincipals=[CN=Tester]
      [java]   serverPrincipals=[CN=Reggie]
      [java]   cipherSuites=[TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_256_
CBC_SHA, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
  TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WI
TH_3DES_EDE_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256,
TLS_RSA_WITH_AES_128_GCM_SHA256,
TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_
AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
TLS_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA2
56, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_EC
DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES
_256_GCM_SHA384]
      [java]   integrity=required
      [java] ]
      [java] returns new javax.net.ssl.SSLContext@1f34b70
      [java] NonActGrp-out: Apr 01, 2018 10:11:43 AM
org.bouncycastle.jsse.provider.ProvTrustManagerFactorySpi engineInit
      [java] NonActGrp-out: INFO: Initialized with trust store at path:
harness\trust\truststore
      [java] NonActGrp-out: Apr 01, 2018 10:11:43 AM
net.jini.jeri.ssl.Utilities getServerSSLContextInfo
      [java] NonActGrp-out: FINEST: get server SSL context for
Subject@186acf0{
      [java] NonActGrp-out:   Principal: CN=Reggie
      [java] NonActGrp-out:     Public key: DSAPublicKeyImpl@ce855b
      [java] NonActGrp-out:     Private key: DSAPrivateKey@11af1bd}
      [java] NonActGrp-out: and principals [CN=Reggie]
      [java] NonActGrp-out: returns new javax.net.ssl.SSLContext@1004a18
      [java] NonActGrp-out: Apr 01, 2018 10:11:44 AM
net.jini.jeri.ssl.Utilities getServerSSLContextInfo
      [java] NonActGrp-out: FINEST: get server SSL context for null subject
      [java] NonActGrp-out: and principals null
      [java] NonActGrp-out: returns new javax.net.ssl.SSLContext@18462ef
      [java] NonActGrp-out: Apr 01, 2018 10:11:47 AM
net.jini.jeri.ssl.ServerAuthManager chooseServerAlias
      [java] NonActGrp-out: FINE: choose server alias for key type DHE_DSS
      [java] NonActGrp-out: issuers null
      [java] NonActGrp-out: returns null
      [java] NonActGrp-out: Apr 01, 2018 10:11:47 AM
net.jini.jeri.ssl.ServerAuthManager chooseServerAlias
      [java] NonActGrp-out: FINE: choose server alias for key type DHE_RSA
      [java] NonActGrp-out: issuers null
      [java] NonActGrp-out: returns null
      [java] NonActGrp-out: Apr 01, 2018 10:11:47 AM
net.jini.jeri.ssl.ServerAuthManager chooseServerAlias
      [java] NonActGrp-out: FINE: choose server alias for key type RSA
      [java] NonActGrp-out: issuers null
      [java] NonActGrp-out: returns null
      [java] NonActGrp-out: Apr 01, 2018 10:11:47 AM
net.jini.jeri.ssl.ServerAuthManager chooseServerAlias
      [java] NonActGrp-out: FINE: choose server alias for key type
ECDHE_ECDSA
      [java] NonActGrp-out: issuers null
      [java] NonActGrp-out: returns null
      [java] NonActGrp-out: Apr 01, 2018 10:11:47 AM
net.jini.jeri.ssl.ServerAuthManager chooseServerAlias
      [java] NonActGrp-out: FINE: choose server alias for key type ECDHE_RSA
      [java] NonActGrp-out: issuers null
      [java] NonActGrp-out: returns null
      [java] NonActGrp-out: Apr 01, 2018 10:11:47 AM
org.bouncycastle.jsse.provider.ProvTlsServer notifyAlertRaised
      [java] NonActGrp-out: INFO: Server raised fatal(2)
handshake_failure(40) alert: Failed to read record
      [java] NonActGrp-out: org.bouncycastle.tls.TlsFatalAlert:
handshake_failure(40)
      [java] NonActGrp-out:      at
org.bouncycastle.tls.AbstractTlsServer.getSelectedCipherSuite(Unknown
Source)
      [java] NonActGrp-out:      at
org.bouncycastle.jsse.provider.ProvTlsServer.getSelectedCipherSuite(Unknown
Source)
      [java] NonActGrp-out:      at
org.bouncycastle.tls.TlsServerProtocol.sendServerHelloMessage(Unknown
Source)
      [java] NonActGrp-out:      at
org.bouncycastle.tls.TlsServerProtocol.handleHandshakeMessage(Unknown
Source)
      [java] NonActGrp-out:      at
org.bouncycastle.tls.TlsProtocol.processHandshakeQueue(Unknown Source)
      [java] NonActGrp-out:      at
org.bouncycastle.tls.TlsProtocol.processRecord(Unknown Source)
      [java] NonActGrp-out:      at
org.bouncycastle.tls.RecordStream.readRecord(Unknown Source)
      [java] NonActGrp-out:      at
org.bouncycastle.tls.TlsProtocol.safeReadRecord(Unknown Source)
      [java] NonActGrp-out:      at
org.bouncycastle.tls.TlsProtocol.blockForHandshake(Unknown Source)
      [java] NonActGrp-out:      at
org.bouncycastle.tls.TlsServerProtocol.accept(Unknown Source)
      [java] NonActGrp-out:      at
org.bouncycastle.jsse.provider.ProvSSLSocketWrap.startHandshake(Unknown
Source)
      [java] NonActGrp-out:      at
org.bouncycastle.jsse.provider.ProvSSLSocketWrap.handshakeIfNecessary(Unknown
Source)
      [java] NonActGrp-out:      at
org.bouncycastle.jsse.provider.ProvSSLSocketWrap.getConnection(Unknown
Source)
      [java] NonActGrp-out:      at
org.bouncycastle.jsse.provider.ProvSSLSocketWrap.getSession(Unknown Source)
      [java] NonActGrp-out:      at
net.jini.jeri.ssl.SslServerEndpointImpl$SslServerConnection.<init>(SslServerEndpointImpl.java:1189)
      [java] NonActGrp-out:      at
net.jini.jeri.ssl.SslServerEndpointImpl$SslListenHandle.serverConnection(SslServerEndpointImpl.java:1050)
      [java] NonActGrp-out:      at
net.jini.jeri.ssl.SslServerEndpointImpl$SslListenHandle.acceptLoop(SslServerEndpointImpl.java:920)
      [java] NonActGrp-out:      at
net.jini.jeri.ssl.SslServerEndpointImpl$SslListenHandle$1.run(SslServerEndpointImpl.java:890)
      [java] NonActGrp-out:      at
org.apache.river.thread.ThreadPool$Task.run(ThreadPool.java:172)
      [java] NonActGrp-out:      at
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
      [java] NonActGrp-out:      at
java.util.concurrent.FutureTask.run(FutureTask.java:266)
      [java] NonActGrp-out:      at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
      [java] NonActGrp-out:      at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
      [java] NonActGrp-out:      at java.lang.Thread.run(Thread.java:748)

On 31/03/2018 9:07 PM, Eckenfels. Bernd wrote:

> Sounds like your TLS server can’t map the (I’ll formed?) IPv6 endpoint to a server alias/key.
>
> --
> http://www.seeburger.com
> ________________________________________
> From: Peter Firmstone [[hidden email]]
> Sent: Saturday, March 31, 2018 12:31
> To: [hidden email]
> Subject: [dev-crypto] Handshake Failure
>
> Any advice on how to get the Bouncy Castle JSSE provider working as a
> drop in replacement for SunJsse?
>
> I'm getting handshake error 40 with the BC JSSE Provider, any ideas?
>
> Thanks,
>
> Peter.
>
> See below for logging output for both BC and Sun providers.
>
>
> BouncyCastleJsseProvider
>
>        [java] Mar 31, 2018 3:09:17 PM net.jini.jeri.ssl.SslEndpointImpl
> connect
>        [java] FINE: choose connection for CallContext[
>        [java]   SslEndpoint[fe80:0:0:0:51ce:d94d:bec3:8246%11:26144]
>        [java]   clientSubject=Subject@1cfa1
>        [java]   clientAuthRequired=false
>        [java]   clientPrincipals=[CN=Tester]
>        [java]   serverPrincipals=[CN=Reggie]
>        [java]   cipherSuites=[TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,
> TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA,
> TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,
> TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
> TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
> TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
> TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
> TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
> TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
> TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256,
> TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA,
> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_3DES_EDE_CBC_SHA,
> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
> TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
> TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,
> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
> TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
> TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
> TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]
>        [java]   integrity=required
>        [java] ]
>        [java] with active []
>        [java] and idle []
>        [java] returns null
>        [java] Mar 31, 2018 3:09:17 PM net.jini.jeri.ssl.Utilities
> getClientSSLContextInfo
>        [java] FINEST: get client SSL context for CallContext[
>        [java]   SslEndpoint[fe80:0:0:0:51ce:d94d:bec3:8246%11:26144]
>        [java]   clientSubject=Subject@1cfa1
>        [java]   clientAuthRequired=false
>        [java]   clientPrincipals=[CN=Tester]
>        [java]   serverPrincipals=[CN=Reggie]
>        [java]   cipherSuites=[TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,
> TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA,
> TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,
> TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
> TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
> TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
> TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
> TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
> TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
> TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256,
> TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA,
> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_3DES_EDE_CBC_SHA,
> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
> TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
> TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,
> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
> TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
> TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
> TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]
>        [java]   integrity=required
>        [java] ]
>        [java] returns new javax.net.ssl.SSLContext@1b45c0e
>        [java] NonActGrp-out: Mar 31, 2018 3:09:17 PM
> org.bouncycastle.jsse.provider.ProvTrustManagerFactorySpi engineInit
>        [java] NonActGrp-out: INFO: Initialized with trust store at path:
> harness\trust\truststore
>        [java] NonActGrp-out: Mar 31, 2018 3:09:17 PM
> net.jini.jeri.ssl.Utilities getServerSSLContextInfo
>        [java] NonActGrp-out: FINEST: get server SSL context for
> Subject@165a262{
>        [java] NonActGrp-out:   Principal: CN=Reggie
>        [java] NonActGrp-out:     Public key: DSAPublicKeyImpl@519baa
>        [java] NonActGrp-out:     Private key: DSAPrivateKey@1f1dc39}
>        [java] NonActGrp-out: and principals [CN=Reggie]
>        [java] NonActGrp-out: returns new javax.net.ssl.SSLContext@11b84e6
>        [java] NonActGrp-out: Mar 31, 2018 3:09:17 PM
> net.jini.jeri.ssl.Utilities getServerSSLContextInfo
>        [java] NonActGrp-out: FINEST: get server SSL context for null subject
>        [java] NonActGrp-out: and principals null
>        [java] NonActGrp-out: returns new javax.net.ssl.SSLContext@1e8366
>        [java] NonActGrp-out: Mar 31, 2018 3:09:22 PM
> net.jini.jeri.ssl.ServerAuthManager chooseServerAlias
>        [java] NonActGrp-out: FINE: choose server alias for key type DHE_DSS
>        [java] NonActGrp-out: issuers null
>        [java] NonActGrp-out: returns null
>        [java] NonActGrp-out: Mar 31, 2018 3:09:22 PM
> net.jini.jeri.ssl.ServerAuthManager chooseServerAlias
>        [java] NonActGrp-out: FINE: choose server alias for key type DHE_RSA
>        [java] NonActGrp-out: issuers null
>        [java] NonActGrp-out: returns null
>        [java] NonActGrp-out: Mar 31, 2018 3:09:22 PM
> net.jini.jeri.ssl.ServerAuthManager chooseServerAlias
>        [java] NonActGrp-out: FINE: choose server alias for key type RSA
>        [java] NonActGrp-out: issuers null
>        [java] NonActGrp-out: returns null
>        [java] NonActGrp-out: Mar 31, 2018 3:09:22 PM
> net.jini.jeri.ssl.ServerAuthManager chooseServerAlias
>        [java] NonActGrp-out: FINE: choose server alias for key type
> ECDHE_ECDSA
>        [java] NonActGrp-out: issuers null
>        [java] NonActGrp-out: returns null
>        [java] NonActGrp-out: Mar 31, 2018 3:09:22 PM
> net.jini.jeri.ssl.ServerAuthManager chooseServerAlias
>        [java] NonActGrp-out: FINE: choose server alias for key type ECDHE_RSA
>        [java] NonActGrp-out: issuers null
>        [java] NonActGrp-out: returns null
>        [java] NonActGrp-out: Mar 31, 2018 3:09:22 PM
> org.bouncycastle.jsse.provider.ProvTlsServer notifyAlertRaised
>        [java] NonActGrp-out: INFO: Server raised fatal(2)
> handshake_failure(40) alert: Failed to read record
>        [java] NonActGrp-out: org.bouncycastle.tls.TlsFatalAlert:
> handshake_failure(40)
>        [java] NonActGrp-out:     at
> org.bouncycastle.tls.AbstractTlsServer.getSelectedCipherSuite(Unknown
> Source)
>        [java] NonActGrp-out:     at
> org.bouncycastle.jsse.provider.ProvTlsServer.getSelectedCipherSuite(Unknown
> Source)
>        [java] NonActGrp-out:     at
> org.bouncycastle.tls.TlsServerProtocol.sendServerHelloMessage(Unknown
> Source)
>        [java] NonActGrp-out:     at
> org.bouncycastle.tls.TlsServerProtocol.handleHandshakeMessage(Unknown
> Source)
>        [java] NonActGrp-out:     at
> org.bouncycastle.tls.TlsProtocol.processHandshakeQueue(Unknown Source)
>        [java] NonActGrp-out:     at
> org.bouncycastle.tls.TlsProtocol.processRecord(Unknown Source)
>        [java] NonActGrp-out:     at
> org.bouncycastle.tls.RecordStream.readRecord(Unknown Source)
>        [java] NonActGrp-out:     at
> org.bouncycastle.tls.TlsProtocol.safeReadRecord(Unknown Source)
>        [java] NonActGrp-out:     at
> org.bouncycastle.tls.TlsProtocol.blockForHandshake(Unknown Source)
>        [java] NonActGrp-out:     at
> org.bouncycastle.tls.TlsServerProtocol.accept(Unknown Source)
>        [java] NonActGrp-out:     at
> org.bouncycastle.jsse.provider.ProvSSLSocketWrap.startHandshake(Unknown
> Source)
>        [java] NonActGrp-out:     at
> org.bouncycastle.jsse.provider.ProvSSLSocketWrap.handshakeIfNecessary(Unknown
> Source)
>        [java] NonActGrp-out:     at
> org.bouncycastle.jsse.provider.ProvSSLSocketWrap.getConnection(Unknown
> Source)
>        [java] NonActGrp-out:     at
> org.bouncycastle.jsse.provider.ProvSSLSocketWrap.getSession(Unknown Source)
>        [java] NonActGrp-out:     at
> net.jini.jeri.ssl.SslServerEndpointImpl$SslServerConnection.<init>(SslServerEndpointImpl.java:1189)
>        [java] NonActGrp-out:     at
> net.jini.jeri.ssl.SslServerEndpointImpl$SslListenHandle.serverConnection(SslServerEndpointImpl.java:1050)
>        [java] NonActGrp-out:     at
> net.jini.jeri.ssl.SslServerEndpointImpl$SslListenHandle.acceptLoop(SslServerEndpointImpl.java:920)
>        [java] NonActGrp-out:     at
> net.jini.jeri.ssl.SslServerEndpointImpl$SslListenHandle$1.run(SslServerEndpointImpl.java:890)
>        [java] NonActGrp-out:     at
> org.apache.river.thread.ThreadPool$Task.run(ThreadPool.java:172)
>        [java] NonActGrp-out:     at
> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
>        [java] NonActGrp-out:     at
> java.util.concurrent.FutureTask.run(FutureTask.java:266)
>        [java] NonActGrp-out:     at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
>        [java] NonActGrp-out:     at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
>        [java] NonActGrp-out:     at java.lang.Thread.run(Thread.java:748)
>        [java] NonActGrp-out:
>        [java] NonActGrp-out: Mar 31, 2018 3:09:22 PM
> net.jini.jeri.ssl.SslServerEndpointImpl$SslListenHandle acceptLoop
>        [java] NonActGrp-out: INFO: accepting connection on
> SslListenHandle[null:26144] throws
>        [java] NonActGrp-out: java.lang.NullPointerException
>        [java] NonActGrp-out:     at
> net.jini.jeri.ssl.Utilities.getKeyExchangeAlgorithm(Utilities.java:920)
>        [java] NonActGrp-out:     at
> net.jini.jeri.ssl.SslServerEndpointImpl$SslServerConnection.<init>(SslServerEndpointImpl.java:1192)
>        [java] NonActGrp-out:     at
> net.jini.jeri.ssl.SslServerEndpointImpl$SslListenHandle.serverConnection(SslServerEndpointImpl.java:1050)
>        [java] NonActGrp-out:     at
> net.jini.jeri.ssl.SslServerEndpointImpl$SslListenHandle.acceptLoop(SslServerEndpointImpl.java:920)
>        [java] NonActGrp-out:     at
> net.jini.jeri.ssl.SslServerEndpointImpl$SslListenHandle$1.run(SslServerEndpointImpl.java:890)
>        [java] NonActGrp-out:     at
> org.apache.river.thread.ThreadPool$Task.run(ThreadPool.java:172)
>        [java] NonActGrp-out:     at
> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
>        [java] NonActGrp-out:     at
> java.util.concurrent.FutureTask.run(FutureTask.java:266)
>        [java] NonActGrp-out:     at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
>        [java] NonActGrp-out:     at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
>        [java] NonActGrp-out:     at java.lang.Thread.run(Thread.java:748)
>        [java] NonActGrp-out:
>        [java] Mar 31, 2018 3:09:22 PM
> org.bouncycastle.jsse.provider.ProvTlsClient notifyAlertReceived
>        [java] INFO: Client received fatal(2) handshake_failure(40) alert
>        [java] Mar 31, 2018 3:09:22 PM net.jini.jeri.ssl.SslConnection
> establishCallContext
>        [java] FAILED: new connection for CallContext[
>        [java]   SslEndpoint[fe80:0:0:0:51ce:d94d:bec3:8246%11:26144]
>        [java]   clientSubject=Subject@1cfa1
>        [java]   clientAuthRequired=false
>        [java]   clientPrincipals=[CN=Tester]
>        [java]   serverPrincipals=[CN=Reggie]
>        [java]   cipherSuites=[TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,
> TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA,
> TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,
> TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
> TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
> TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
> TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
> TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
> TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
> TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256,
> TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA,
> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_3DES_EDE_CBC_SHA,
> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
> TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
> TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,
> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
> TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
> TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
> TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]
>        [java]   integrity=required
>        [java] ]
>        [java] throws
>        [java] org.bouncycastle.tls.TlsFatalAlertReceived:
> handshake_failure(40)
>        [java]     at
> org.bouncycastle.tls.TlsProtocol.handleAlertMessage(Unknown Source)
>        [java]     at
> org.bouncycastle.tls.TlsProtocol.processAlertQueue(Unknown Source)
>        [java]     at
> org.bouncycastle.tls.TlsProtocol.processRecord(Unknown Source)
>        [java]     at org.bouncycastle.tls.RecordStream.readRecord(Unknown
> Source)
>        [java]     at
> org.bouncycastle.tls.TlsProtocol.safeReadRecord(Unknown Source)
>        [java]     at
> org.bouncycastle.tls.TlsProtocol.blockForHandshake(Unknown Source)
>        [java]     at
> org.bouncycastle.tls.TlsClientProtocol.connect(Unknown Source)
>        [java]     at
> org.bouncycastle.jsse.provider.ProvSSLSocketWrap.startHandshake(Unknown
> Source)
>        [java]     at
> net.jini.jeri.ssl.SslConnection.establishSuites(SslConnection.java:251)
>        [java]     at
> net.jini.jeri.ssl.SslConnection.establishNewSocket(SslConnection.java:240)
>        [java]     at
> net.jini.jeri.ssl.SslConnection.establishCallContext(SslConnection.java:155)
>        [java]     at
> net.jini.jeri.ssl.SslEndpointImpl.connect(SslEndpointImpl.java:867)
>        [java]     at
> net.jini.jeri.connection.ConnectionManager.connect(ConnectionManager.java:236)
>        [java]     at
> net.jini.jeri.connection.ConnectionManager$ReqIterator.next(ConnectionManager.java:720)
>        [java]     at
> net.jini.jeri.BasicObjectEndpoint$1.next(BasicObjectEndpoint.java:429)
>        [java]     at
> net.jini.jeri.BasicInvocationHandler.invokeRemoteMethodOnce(BasicInvocationHandler.java:749)
>        [java]     at
> net.jini.jeri.BasicInvocationHandler.invokeRemoteMethod(BasicInvocationHandler.java:702)
>        [java]     at
> net.jini.jeri.BasicInvocationHandler.invoke(BasicInvocationHandler.java:571)
>        [java]     at com.sun.proxy.$Proxy3.getAdmin(Unknown Source)
>        [java]     at
> org.apache.river.reggie.proxy.RegistrarProxy.getAdmin(RegistrarProxy.java:133)
>        [java]     at
> org.apache.river.test.spec.lookupservice.QATestRegistrar.construct(QATestRegistrar.java:461)
>        [java]     at
> org.apache.river.test.spec.lookupservice.test_set01.NotifyOnComboAttrAddNonNull.construct(NotifyOnComboAttrAddNonNull.java:171)
>        [java]     at
> org.apache.river.qa.harness.MasterTest.doTest(MasterTest.java:228)
>        [java]     at
> org.apache.river.qa.harness.MasterTest.access$000(MasterTest.java:48)
>        [java]     at
> org.apache.river.qa.harness.MasterTest$1.run(MasterTest.java:174)
>        [java]     at java.security.AccessController.doPrivileged(Native
> Method)
>        [java]     at
> javax.security.auth.Subject.doAsPrivileged(Subject.java:483)
>        [java]     at
> org.apache.river.qa.harness.MasterTest.doTestWithLogin(MasterTest.java:171)
>        [java]     at
> org.apache.river.qa.harness.MasterTest.main(MasterTest.java:150)
>        [java]
>        [java] java.rmi.ConnectIOException: I/O exception connecting to
> BasicObjectEndpoint[b1a1c1c8-5a64-4f9e-8087-9e171bc53575,SslEndpoint[fe80:0:0:0:51ce:d94d:bec3:8246%11:26144]];
> nested exception is:
>        [java]     org.bouncycastle.tls.TlsFatalAlertReceived:
> handshake_failure(40)
>        [java]     at
> net.jini.jeri.BasicInvocationHandler.wrapSafeIOException(BasicInvocationHandler.java:949)
>        [java]     at
> net.jini.jeri.BasicInvocationHandler.invokeRemoteMethodOnce(BasicInvocationHandler.java:752)
>        [java]     at
> net.jini.jeri.BasicInvocationHandler.invokeRemoteMethod(BasicInvocationHandler.java:702)
>        [java]     at
> net.jini.jeri.BasicInvocationHandler.invoke(BasicInvocationHandler.java:571)
>        [java]     at com.sun.proxy.$Proxy3.getAdmin(Unknown Source)
>        [java]     at
> org.apache.river.reggie.proxy.RegistrarProxy.getAdmin(RegistrarProxy.java:133)
>        [java]     at
> org.apache.river.test.spec.lookupservice.QATestRegistrar.construct(QATestRegistrar.java:461)
>        [java]     at
> org.apache.river.test.spec.lookupservice.test_set01.NotifyOnComboAttrAddNonNull.construct(NotifyOnComboAttrAddNonNull.java:171)
>        [java]     at
> org.apache.river.qa.harness.MasterTest.doTest(MasterTest.java:228)
>        [java]     at
> org.apache.river.qa.harness.MasterTest.access$000(MasterTest.java:48)
>        [java]     at
> org.apache.river.qa.harness.MasterTest$1.run(MasterTest.java:174)
>        [java]     at java.security.AccessController.doPrivileged(Native
> Method)
>        [java]     at
> javax.security.auth.Subject.doAsPrivileged(Subject.java:483)
>        [java]     at
> org.apache.river.qa.harness.MasterTest.doTestWithLogin(MasterTest.java:171)
>        [java]     at
> org.apache.river.qa.harness.MasterTest.main(MasterTest.java:150)
>        [java] Caused by: org.bouncycastle.tls.TlsFatalAlertReceived:
> handshake_failure(40)
>        [java]     at
> org.bouncycastle.tls.TlsProtocol.handleAlertMessage(Unknown Source)
>        [java]     at
> org.bouncycastle.tls.TlsProtocol.processAlertQueue(Unknown Source)
>        [java]     at
> org.bouncycastle.tls.TlsProtocol.processRecord(Unknown Source)
>        [java]     at org.bouncycastle.tls.RecordStream.readRecord(Unknown
> Source)
>        [java]     at
> org.bouncycastle.tls.TlsProtocol.safeReadRecord(Unknown Source)
>        [java]     at
> org.bouncycastle.tls.TlsProtocol.blockForHandshake(Unknown Source)
>        [java]     at
> org.bouncycastle.tls.TlsClientProtocol.connect(Unknown Source)
>        [java]     at
> org.bouncycastle.jsse.provider.ProvSSLSocketWrap.startHandshake(Unknown
> Source)
>        [java]     at
> net.jini.jeri.ssl.SslConnection.establishSuites(SslConnection.java:251)
>        [java]     at
> net.jini.jeri.ssl.SslConnection.establishNewSocket(SslConnection.java:240)
>        [java]     at
> net.jini.jeri.ssl.SslConnection.establishCallContext(SslConnection.java:155)
>        [java]     at
> net.jini.jeri.ssl.SslEndpointImpl.connect(SslEndpointImpl.java:867)
>        [java]     at
> net.jini.jeri.connection.ConnectionManager.connect(ConnectionManager.java:236)
>        [java]     at
> net.jini.jeri.connection.ConnectionManager$ReqIterator.next(ConnectionManager.java:720)
>        [java]     at
> net.jini.jeri.BasicObjectEndpoint$1.next(BasicObjectEndpoint.java:429)
>        [java]     at
> net.jini.jeri.BasicInvocationHandler.invokeRemoteMethodOnce(BasicInvocationHandler.java:749)
>        [java]     ... 13 more
>
>
>
>
> SunJSSE Provider:
>
>        [java] Mar 31, 2018 3:15:24 PM net.jini.jeri.ssl.SslEndpointImpl
> getCallContext
>        [java] FINE: new request for
> SslEndpoint[fe80:0:0:0:51ce:d94d:bec3:8246%11:26164]
>        [java] with InvocationConstraints[reqs: {Integrity.YES,
> ServerAuthentication.YES, ServerMinPrincipal{CN=Reggie}}, prefs: {}]
>        [java] and Subject@ba373c{
>        [java]   Principal: CN=Tester
>        [java]     Public key: DSAPublicKeyImpl@7a014e
>        [java]     Private key: DSAPrivateKey@f46fa6}
>        [java] returns CallContext[
>        [java]   SslEndpoint[fe80:0:0:0:51ce:d94d:bec3:8246%11:26164]
>        [java]   clientSubject=Subject@ba373c
>        [java]   clientAuthRequired=false
>        [java]   clientPrincipals=[CN=Tester]
>        [java]   serverPrincipals=[CN=Reggie]
>        [java]   cipherSuites=[TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256,
> TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
> TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,
> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA,
> TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256,
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
> TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA,
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
> TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
> TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
> TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384,
> TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
> TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,
> TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256,
> TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
> TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,
> TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
> TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA,
> SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA]
>        [java]   integrity=required
>        [java] ]
>        [java] Mar 31, 2018 3:15:24 PM net.jini.jeri.ssl.SslEndpointImpl
> connect
>        [java] FINE: choose connection for CallContext[
>        [java]   SslEndpoint[fe80:0:0:0:51ce:d94d:bec3:8246%11:26164]
>        [java]   clientSubject=Subject@ba373c
>        [java]   clientAuthRequired=false
>        [java]   clientPrincipals=[CN=Tester]
>        [java]   serverPrincipals=[CN=Reggie]
>        [java]   cipherSuites=[TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256,
> TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
> TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,
> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA,
> TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256,
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
> TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA,
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
> TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
> TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
> TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384,
> TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
> TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,
> TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256,
> TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
> TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,
> TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
> TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA,
> SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA]
>        [java]   integrity=required
>        [java] ]
>        [java] with active []
>        [java] and idle []
>        [java] returns null
>        [java] Mar 31, 2018 3:15:24 PM net.jini.jeri.ssl.Utilities
> getClientSSLContextInfo
>        [java] FINEST: get client SSL context for CallContext[
>        [java]   SslEndpoint[fe80:0:0:0:51ce:d94d:bec3:8246%11:26164]
>        [java]   clientSubject=Subject@ba373c
>        [java]   clientAuthRequired=false
>        [java]   clientPrincipals=[CN=Tester]
>        [java]   serverPrincipals=[CN=Reggie]
>        [java]   cipherSuites=[TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256,
> TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
> TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,
> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA,
> TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256,
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
> TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA,
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
> TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
> TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
> TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384,
> TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
> TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,
> TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256,
> TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
> TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,
> TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
> TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA,
> SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA]
>        [java]   integrity=required
>        [java] ]
>        [java] returns new javax.net.ssl.SSLContext@bbacfc
>        [java] NonActGrp-out: Mar 31, 2018 3:15:27 PM
> org.bouncycastle.jsse.provider.ProvTrustManagerFactorySpi engineInit
>        [java] NonActGrp-out: INFO: Initialized with trust store at path:
> harness\trust\truststore
>        [java] NonActGrp-out: Mar 31, 2018 3:15:27 PM
> net.jini.jeri.ssl.Utilities getServerSSLContextInfo
>        [java] NonActGrp-out: FINEST: get server SSL context for
> Subject@12f73cf{
>        [java] NonActGrp-out:   Principal: CN=Reggie
>        [java] NonActGrp-out:     Public key: DSAPublicKeyImpl@ed24c1
>        [java] NonActGrp-out:     Private key: DSAPrivateKey@68bdd3}
>        [java] NonActGrp-out: and principals [CN=Reggie]
>        [java] NonActGrp-out: returns new javax.net.ssl.SSLContext@1d65133
>        [java] NonActGrp-out: Mar 31, 2018 3:15:28 PM
> net.jini.jeri.ssl.Utilities getServerSSLContextInfo
>        [java] NonActGrp-out: FINEST: get server SSL context for null subject
>        [java] NonActGrp-out: and principals null
>        [java] NonActGrp-out: returns new javax.net.ssl.SSLContext@1e16d7d
>        [java] NonActGrp-out: Mar 31, 2018 3:15:29 PM
> net.jini.jeri.ssl.ServerAuthManager chooseServerAlias
>        [java] NonActGrp-out: FINE: choose server alias for key type EC
>        [java] NonActGrp-out: issuers null
>        [java] NonActGrp-out: returns null
>        [java] NonActGrp-out: Mar 31, 2018 3:15:29 PM
> net.jini.jeri.ssl.ServerAuthManager chooseServerAlias
>        [java] NonActGrp-out: FINE: choose server alias for key type RSA
>        [java] NonActGrp-out: issuers null
>        [java] NonActGrp-out: returns null
>        [java] NonActGrp-out: Mar 31, 2018 3:15:29 PM
> net.jini.jeri.ssl.ServerAuthManager chooseServerAlias
>        [java] NonActGrp-out: FINE: choose server alias for key type RSA
>        [java] NonActGrp-out: issuers null
>        [java] NonActGrp-out: returns null
>        [java] NonActGrp-out: Mar 31, 2018 3:15:29 PM
> net.jini.jeri.ssl.ServerAuthManager chooseServerAlias
>        [java] NonActGrp-out: FINE: choose server alias for key type RSA
>        [java] NonActGrp-out: issuers null
>        [java] NonActGrp-out: returns null
>        [java] NonActGrp-out: Mar 31, 2018 3:15:29 PM
> net.jini.jeri.ssl.ServerAuthManager chooseServerAlias
>        [java] NonActGrp-out: FINE: choose server alias for key type DSA
>        [java] NonActGrp-out: issuers null
>        [java] NonActGrp-out: returns 679ebd39@cn=reggie
>        [java] Mar 31, 2018 3:15:29 PM
> net.jini.jeri.ssl.FilterX509TrustManager checkServerTrusted
>        [java] FINE: check server trusted succeeds for auth type DHE_DSS
>        [java] chain [  [0]         Version: 3
>        [java]          SerialNumber: 1738456377
>        [java]              IssuerDN: CN=Reggie
>        [java]            Start Date: Sat Mar 24 20:04:58 AEST 2018
>        [java]            Final Date: Sun Feb 26 20:04:58 AEST 2023
>        [java]             SubjectDN: CN=Reggie
>        [java]            Public Key: DSA Public Key
> [bd:0f:ea:1f:b2:3c:88:ff:97:a3:45:45:72:2d:cb:9e:24:e8:d5:b9]
>        [java]             y:
> 1e9d61a7656dbffe8ccbc55c4de07549d73a4fd7c4b7ac90e834257542d86acb66c19d899ff52b59e27e3eedd72da843984d896ef9edbbc21d9c4a7f0e6ccbb72aa5d347062993b03215aee280f1b0b63e2157612062b63d7bed60dc5d1bb147830404b5e0429f3bf999a8e07be37df1657dfc1b315948ca04b391e7af3872a4
>        [java]
>        [java]   Signature Algorithm: DSA
>        [java]             Signature: 302c021441493e087b685704f94631638f3b8995
>        [java]                        a853282b02140c8aab91629570dc59dd2195277f
>        [java]                        eeccc7ad4edd
>        [java]        Extensions:
>        [java]                        critical(false) 2.5.29.14 value =
> DER Octet String[20]
>        [java]
>        [java] ]
>        [java] Mar 31, 2018 3:15:29 PM net.jini.jeri.ssl.ClientAuthManager
> chooseClientAlias
>        [java] FINE: choose client alias for key types [RSA, DSA, EC]
>        [java] and issuers [CN=JCE Code Signing CA, OU=Java Software Code
> Signing, O=Oracle Corporation, CN=Tester, CN=Mahalo, CN=Phoenix, CN=JCE
> Code Signing CA, OU=Java Software Code Signing, O=Sun Microsystems Inc,
> L=Palo Alto, ST=CA, C=US, CN=Legion of the Bouncy Castle Inc., OU=Java
> Software Code Signing, O=Sun Microsystems Inc, CN=Group, CN=Outrigger,
> CN=Mercury, CN=Oracle Corporation, OU=Java Software Code Signing, O=Sun
> Microsystems Inc, CN=Legion of the Bouncy Castle Inc., OU=Java Software
> Code Signing, O=Oracle Corporation, CN=Reggie, CN=Fiddler, CN=Norm]
>        [java] returns 4fc4fa7b@cn=tester
>        [java] NonActGrp-out: Mar 31, 2018 3:15:30 PM
> net.jini.jeri.ssl.FilterX509TrustManager checkClientTrusted
>        [java] NonActGrp-out: FINE: check client trusted succeeds for auth
> type DSA
>        [java] NonActGrp-out: chain [  [0]         Version: 3
>        [java] NonActGrp-out:          SerialNumber: 1338309243
>        [java] NonActGrp-out:              IssuerDN: CN=Tester
>        [java] NonActGrp-out:            Start Date: Sat Mar 24 20:04:57
> AEST 2018
>        [java] NonActGrp-out:            Final Date: Sun Feb 26 20:04:57
> AEST 2023
>        [java] NonActGrp-out:             SubjectDN: CN=Tester
>        [java] NonActGrp-out:            Public Key: DSA Public Key
> [e3:8e:8d:4f:c8:36:f9:aa:25:40:51:88:e4:fb:56:f1:28:d5:39:5c]
>        [java] NonActGrp-out:             y:
> 8fa93b32a61d78e5486dfec839fefbdcff933ee463f5fc66bdbe4b69168fa06736f480d828c53bcf0ae9af731f9d91eb5d0073ffc7989c0fff18ea8e9672738a93eb6953a1de01280bab80b20660513415f86c6650d2b67c367451426d3e3e642a8c55f2b4f473d0ba06a0842feaecbfda562002aab8b4367f08c980fa3575ef
>        [java] NonActGrp-out:
>        [java] NonActGrp-out:   Signature Algorithm: DSA
>        [java] NonActGrp-out:             Signature:
> 302c02146f95e93d1b25e6f09614bab54dc20584
>        [java] NonActGrp-out:
> 80ba4d4202146d79fadb8911ddab24089ff65735
>        [java] NonActGrp-out:                        b3aea7620c7a
>        [java] NonActGrp-out:        Extensions:
>        [java] NonActGrp-out:                        critical(false)
> 2.5.29.14 value = DER Octet String[20]
>        [java] NonActGrp-out:
>        [java] NonActGrp-out: ]
>
>
>
>
>
>
>
>
>
>
> SEEBURGER AG            Vorstand/SEEBURGER Executive Board:
> Sitz der Gesellschaft/Registered Office:                Axel Haas, Michael Kleeberg, Friedemann Heinz, Dr. Martin Kuntz, Matthias Feßenbecker
> Edisonstr. 1
> D-75015 Bretten         Vorsitzende des Aufsichtsrats/Chairperson of the SEEBURGER Supervisory Board:
> Tel.: 07252 / 96 - 0            Prof. Dr. Simone Zeuchner
> Fax: 07252 / 96 - 2222
> Internet: http://www.seeburger.de               Registergericht/Commercial Register:
> e-mail: [hidden email]               HRB 240708 Mannheim
>
>
> Dieses E-Mail ist nur für den Empfänger bestimmt, an den es gerichtet ist und kann vertrauliches bzw. unter das Berufsgeheimnis fallendes Material enthalten. Jegliche darin enthaltene Ansicht oder Meinungsäußerung ist die des Autors und stellt nicht notwendigerweise die Ansicht oder Meinung der SEEBURGER AG dar. Sind Sie nicht der Empfänger, so haben Sie diese E-Mail irrtümlich erhalten und jegliche Verwendung, Veröffentlichung, Weiterleitung, Abschrift oder jeglicher Druck dieser E-Mail ist strengstens untersagt. Weder die SEEBURGER AG noch der Absender (Eckenfels. Bernd) übernehmen die Haftung für Viren; es obliegt Ihrer Verantwortung, die E-Mail und deren Anhänge auf Viren zu prüfen.
>
>
> This email is intended only for the recipient(s) to whom it is addressed. This email may contain confidential material that may be protected by professional secrecy. Any fact or opinion contained, or expression of the material herein, does not necessarily reflect that of SEEBURGER AG. If you are not the addressee or if you have received this email in error, any use, publication or distribution including forwarding, copying or printing is strictly prohibited. Neither SEEBURGER AG, nor the sender (Eckenfels. Bernd) accept liability for viruses; it is your responsibility to check this email and its attachments for viruses.
>


Reply | Threaded
Open this post in threaded view
|

Re: Handshake Failure

Peter Firmstone
Hello BC devs,

I've been digging further into the problem, packet sniffing with wireshark:

Note the data sent in the 4th packet differs between the BC JSSE
provider and the SUN JSSE provider (in this case the sun provider
successfully negotiates a connection while the BC provider doesn't):

Sun JSSE 4th Packet Data:
16:03:03:00:b6:01:00:00:b2:03:03:5a:c2:02:fe:2e:
53:5a:95:0d:26:ce:ac:ea:c2:b4:31:3b:52:bf:07:71:
5b:b9:7b:bf:3c:59:3f:c3:76:2d:e4:00:00:46:c0:24:
c0:28:00:3d:00:6b:00:6a:c0:0a:c0:14:00:35:00:39:
00:38:c0:23:c0:27:00:3c:00:67:00:40:c0:09:c0:13:
00:2f:00:33:00:32:c0:2c:c0:2b:c0:30:00:9d:00:9f:
00:a3:c0:2f:00:9c:00:9e:00:a2:c0:08:c0:12:00:0a:
00:16:00:13:01:00:00:43:00:0a:00:16:00:14:00:17:
00:18:00:19:00:09:00:0a:00:0b:00:0c:00:0d:00:0e:
00:16:00:0b:00:02:01:00:00:0d:00:16:00:14:06:03:
06:01:05:03:05:01:04:03:04:01:04:02:02:03:02:01:
02:02:00:17:00:00:ff:01:00:01:00

BC JSSE 4th Packet Data:
16:03:03:00:af:01:00:00:ab:03:03:11:63:2f:61:7b:
db:93:9e:87:f1:c3:99:0b:b9:c8:70:3b:7a:0e:c9:33:
0a:1c:df:46:c5:2c:62:09:4a:ec:05:00:00:48:00:a3:
00:40:00:67:00:35:00:a2:00:9f:00:9e:c0:2c:00:3d:
c0:12:c0:2b:00:38:00:13:00:33:c0:08:00:3c:00:9c:
00:9d:c0:13:c0:28:c0:27:00:2f:c0:09:00:0a:c0:24:
00:6b:c0:0a:00:6a:c0:23:00:39:c0:2f:00:16:c0:14:
00:32:c0:30:00:ff:01:00:00:3a:00:17:00:00:00:16:
00:00:00:0a:00:0e:00:0c:00:17:00:18:00:19:01:00:
01:01:01:02:00:0d:00:14:00:12:02:01:04:01:05:01:
06:01:02:03:04:03:05:03:06:03:02:02:00:0b:00:04:
03:00:01:02


<BC 1st Packet TCP[SYN]>
Frame 1241: 148 bytes on wire (1184 bits), 76 bytes captured (608 bits)
on interface 0
     Interface id: 0 (\Device\NPF_{FB066B3D-B08A-4134-A62F-2B36C47CEE0D})
         Interface name: \Device\NPF_{FB066B3D-B08A-4134-A62F-2B36C47CEE0D}
     Encapsulation type: NULL/Loopback (15)
     Arrival Time: Apr  3, 2018 11:24:24.194390000 E. Australia Standard
Time
     [Time shift for this packet: 0.000000000 seconds]
     Epoch Time: 1522718664.194390000 seconds
     [Time delta from previous captured frame: 1.677561000 seconds]
     [Time delta from previous displayed frame: 1.677561000 seconds]
     [Time since reference or first frame: 18.865510000 seconds]
     Frame Number: 1241
     Frame Length: 148 bytes (1184 bits)
     Capture Length: 76 bytes (608 bits)
     [Frame is marked: False]
     [Frame is ignored: False]
     [Protocols in frame: null:ipv6:tcp]
     [Coloring Rule Name: TCP SYN/FIN]
     [Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1]
Null/Loopback
     Family: IPv6 (24)
Internet Protocol Version 6, Src: fe80::51ce:d94d:bec3:8246
(fe80::51ce:d94d:bec3:8246), Dst: fe80::51ce:d94d:bec3:8246
(fe80::51ce:d94d:bec3:8246)
     0110 .... = Version: 6
     .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00
(DSCP: CS0, ECN: Not-ECT)
         .... 0000 00.. .... .... .... .... .... = Differentiated
Services Codepoint: Default (0)
         .... .... ..00 .... .... .... .... .... = Explicit Congestion
Notification: Not ECN-Capable Transport (0)
     .... .... .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000
     Payload Length: 32
     Next Header: TCP (6)
     Hop Limit: 64
     Source: fe80::51ce:d94d:bec3:8246 (fe80::51ce:d94d:bec3:8246)
     Destination: fe80::51ce:d94d:bec3:8246 (fe80::51ce:d94d:bec3:8246)
     [Source GeoIP: Unknown]
     [Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: csdm (1468), Dst Port: pipes
(1465), Seq: 0, Len: 0
     Source Port: csdm (1468)
     Destination Port: pipes (1465)
     [Stream index: 5]
     [TCP Segment Len: 0]
     Sequence number: 0    (relative sequence number)
     Acknowledgment number: 0
     1000 .... = Header Length: 32 bytes (8)
     Flags: 0x002 (SYN)
         000. .... .... = Reserved: Not set
         ...0 .... .... = Nonce: Not set
         .... 0... .... = Congestion Window Reduced (CWR): Not set
         .... .0.. .... = ECN-Echo: Not set
         .... ..0. .... = Urgent: Not set
         .... ...0 .... = Acknowledgment: Not set
         .... .... 0... = Push: Not set
         .... .... .0.. = Reset: Not set
         .... .... ..1. = Syn: Set
             [Expert Info (Chat/Sequence): Connection establish request
(SYN): server port 1465]
                 [Connection establish request (SYN): server port 1465]
                 [Severity level: Chat]
                 [Group: Sequence]
         .... .... ...0 = Fin: Not set
         [TCP Flags: ··········S·]
     Window size value: 8192
     [Calculated window size: 8192]
     Checksum: 0x287a [unverified]
     [Checksum Status: Unverified]
     Urgent pointer: 0
     Options: (12 bytes), Maximum segment size, No-Operation (NOP),
Window scale, No-Operation (NOP), No-Operation (NOP), SACK permitted
         TCP Option - Maximum segment size: 1432 bytes
             Kind: Maximum Segment Size (2)
             Length: 4
             MSS Value: 1432
         TCP Option - No-Operation (NOP)
             Kind: No-Operation (1)
         TCP Option - Window scale: 2 (multiply by 4)
             Kind: Window Scale (3)
             Length: 3
             Shift count: 2
             [Multiplier: 4]
         TCP Option - No-Operation (NOP)
             Kind: No-Operation (1)
         TCP Option - No-Operation (NOP)
             Kind: No-Operation (1)
         TCP Option - SACK permitted
             Kind: SACK Permitted (4)
             Length: 2
</BC 1st Packet TCP[SYN]>

<BC 2nd Packet TCP[SYN, ACK]>
Frame 1242: 148 bytes on wire (1184 bits), 76 bytes captured (608 bits)
on interface 0
     Interface id: 0 (\Device\NPF_{FB066B3D-B08A-4134-A62F-2B36C47CEE0D})
         Interface name: \Device\NPF_{FB066B3D-B08A-4134-A62F-2B36C47CEE0D}
     Encapsulation type: NULL/Loopback (15)
     Arrival Time: Apr  3, 2018 11:24:24.194521000 E. Australia Standard
Time
     [Time shift for this packet: 0.000000000 seconds]
     Epoch Time: 1522718664.194521000 seconds
     [Time delta from previous captured frame: 0.000131000 seconds]
     [Time delta from previous displayed frame: 0.000131000 seconds]
     [Time since reference or first frame: 18.865641000 seconds]
     Frame Number: 1242
     Frame Length: 148 bytes (1184 bits)
     Capture Length: 76 bytes (608 bits)
     [Frame is marked: False]
     [Frame is ignored: False]
     [Protocols in frame: null:ipv6:tcp]
     [Coloring Rule Name: TCP SYN/FIN]
     [Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1]
Null/Loopback
     Family: IPv6 (24)
Internet Protocol Version 6, Src: fe80::51ce:d94d:bec3:8246
(fe80::51ce:d94d:bec3:8246), Dst: fe80::51ce:d94d:bec3:8246
(fe80::51ce:d94d:bec3:8246)
     0110 .... = Version: 6
     .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00
(DSCP: CS0, ECN: Not-ECT)
         .... 0000 00.. .... .... .... .... .... = Differentiated
Services Codepoint: Default (0)
         .... .... ..00 .... .... .... .... .... = Explicit Congestion
Notification: Not ECN-Capable Transport (0)
     .... .... .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000
     Payload Length: 32
     Next Header: TCP (6)
     Hop Limit: 64
     Source: fe80::51ce:d94d:bec3:8246 (fe80::51ce:d94d:bec3:8246)
     Destination: fe80::51ce:d94d:bec3:8246 (fe80::51ce:d94d:bec3:8246)
     [Source GeoIP: Unknown]
     [Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: pipes (1465), Dst Port: csdm
(1468), Seq: 0, Ack: 1, Len: 0
     Source Port: pipes (1465)
     Destination Port: csdm (1468)
     [Stream index: 5]
     [TCP Segment Len: 0]
     Sequence number: 0    (relative sequence number)
     Acknowledgment number: 1    (relative ack number)
     1000 .... = Header Length: 32 bytes (8)
     Flags: 0x012 (SYN, ACK)
         000. .... .... = Reserved: Not set
         ...0 .... .... = Nonce: Not set
         .... 0... .... = Congestion Window Reduced (CWR): Not set
         .... .0.. .... = ECN-Echo: Not set
         .... ..0. .... = Urgent: Not set
         .... ...1 .... = Acknowledgment: Set
         .... .... 0... = Push: Not set
         .... .... .0.. = Reset: Not set
         .... .... ..1. = Syn: Set
             [Expert Info (Chat/Sequence): Connection establish
acknowledge (SYN+ACK): server port 1465]
                 [Connection establish acknowledge (SYN+ACK): server
port 1465]
                 [Severity level: Chat]
                 [Group: Sequence]
         .... .... ...0 = Fin: Not set
         [TCP Flags: ·······A··S·]
     Window size value: 8192
     [Calculated window size: 8192]
     Checksum: 0x1c40 [unverified]
     [Checksum Status: Unverified]
     Urgent pointer: 0
     Options: (12 bytes), Maximum segment size, No-Operation (NOP),
Window scale, No-Operation (NOP), No-Operation (NOP), SACK permitted
         TCP Option - Maximum segment size: 1432 bytes
             Kind: Maximum Segment Size (2)
             Length: 4
             MSS Value: 1432
         TCP Option - No-Operation (NOP)
             Kind: No-Operation (1)
         TCP Option - Window scale: 8 (multiply by 256)
             Kind: Window Scale (3)
             Length: 3
             Shift count: 8
             [Multiplier: 256]
         TCP Option - No-Operation (NOP)
             Kind: No-Operation (1)
         TCP Option - No-Operation (NOP)
             Kind: No-Operation (1)
         TCP Option - SACK permitted
             Kind: SACK Permitted (4)
             Length: 2
     [SEQ/ACK analysis]
         [This is an ACK to the segment in frame: 1241]
         [The RTT to ACK the segment was: 0.000131000 seconds]
         [iRTT: 0.000213000 seconds]
</BC 2nd Packet TCP[SYN, ACK]>

<BC 3rd Packet TCP[ACK]>
Frame 1243: 124 bytes on wire (992 bits), 64 bytes captured (512 bits)
on interface 0
     Interface id: 0 (\Device\NPF_{FB066B3D-B08A-4134-A62F-2B36C47CEE0D})
         Interface name: \Device\NPF_{FB066B3D-B08A-4134-A62F-2B36C47CEE0D}
     Encapsulation type: NULL/Loopback (15)
     Arrival Time: Apr  3, 2018 11:24:24.194603000 E. Australia Standard
Time
     [Time shift for this packet: 0.000000000 seconds]
     Epoch Time: 1522718664.194603000 seconds
     [Time delta from previous captured frame: 0.000082000 seconds]
     [Time delta from previous displayed frame: 0.000082000 seconds]
     [Time since reference or first frame: 18.865723000 seconds]
     Frame Number: 1243
     Frame Length: 124 bytes (992 bits)
     Capture Length: 64 bytes (512 bits)
     [Frame is marked: False]
     [Frame is ignored: False]
     [Protocols in frame: null:ipv6:tcp]
     [Coloring Rule Name: TCP]
     [Coloring Rule String: tcp]
Null/Loopback
     Family: IPv6 (24)
Internet Protocol Version 6, Src: fe80::51ce:d94d:bec3:8246
(fe80::51ce:d94d:bec3:8246), Dst: fe80::51ce:d94d:bec3:8246
(fe80::51ce:d94d:bec3:8246)
     0110 .... = Version: 6
     .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00
(DSCP: CS0, ECN: Not-ECT)
         .... 0000 00.. .... .... .... .... .... = Differentiated
Services Codepoint: Default (0)
         .... .... ..00 .... .... .... .... .... = Explicit Congestion
Notification: Not ECN-Capable Transport (0)
     .... .... .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000
     Payload Length: 20
     Next Header: TCP (6)
     Hop Limit: 64
     Source: fe80::51ce:d94d:bec3:8246 (fe80::51ce:d94d:bec3:8246)
     Destination: fe80::51ce:d94d:bec3:8246 (fe80::51ce:d94d:bec3:8246)
     [Source GeoIP: Unknown]
     [Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: csdm (1468), Dst Port: pipes
(1465), Seq: 1, Ack: 1, Len: 0
     Source Port: csdm (1468)
     Destination Port: pipes (1465)
     [Stream index: 5]
     [TCP Segment Len: 0]
     Sequence number: 1    (relative sequence number)
     Acknowledgment number: 1    (relative ack number)
     0101 .... = Header Length: 20 bytes (5)
     Flags: 0x010 (ACK)
         000. .... .... = Reserved: Not set
         ...0 .... .... = Nonce: Not set
         .... 0... .... = Congestion Window Reduced (CWR): Not set
         .... .0.. .... = ECN-Echo: Not set
         .... ..0. .... = Urgent: Not set
         .... ...1 .... = Acknowledgment: Set
         .... .... 0... = Push: Not set
         .... .... .0.. = Reset: Not set
         .... .... ..0. = Syn: Not set
         .... .... ...0 = Fin: Not set
         [TCP Flags: ·······A····]
     Window size value: 2048
     [Calculated window size: 8192]
     [Window size scaling factor: 4]
     Checksum: 0x74f7 [unverified]
     [Checksum Status: Unverified]
     Urgent pointer: 0
     [SEQ/ACK analysis]
         [This is an ACK to the segment in frame: 1242]
         [The RTT to ACK the segment was: 0.000082000 seconds]
         [iRTT: 0.000213000 seconds]
</BC 3rd Packet TCP[ACK]>
<BC 4th Packet TCP[PSH, ACK]>
Frame 1245: 484 bytes on wire (3872 bits), 244 bytes captured (1952
bits) on interface 0
     Interface id: 0 (\Device\NPF_{FB066B3D-B08A-4134-A62F-2B36C47CEE0D})
         Interface name: \Device\NPF_{FB066B3D-B08A-4134-A62F-2B36C47CEE0D}
     Encapsulation type: NULL/Loopback (15)
     Arrival Time: Apr  3, 2018 11:24:28.024418000 E. Australia Standard
Time
     [Time shift for this packet: 0.000000000 seconds]
     Epoch Time: 1522718668.024418000 seconds
     [Time delta from previous captured frame: 1.195590000 seconds]
     [Time delta from previous displayed frame: 1.195590000 seconds]
     [Time since reference or first frame: 22.695538000 seconds]
     Frame Number: 1245
     Frame Length: 484 bytes (3872 bits)
     Capture Length: 244 bytes (1952 bits)
     [Frame is marked: False]
     [Frame is ignored: False]
     [Protocols in frame: null:ipv6:tcp:data]
     [Coloring Rule Name: TCP]
     [Coloring Rule String: tcp]
Null/Loopback
     Family: IPv6 (24)
Internet Protocol Version 6, Src: fe80::51ce:d94d:bec3:8246
(fe80::51ce:d94d:bec3:8246), Dst: fe80::51ce:d94d:bec3:8246
(fe80::51ce:d94d:bec3:8246)
     0110 .... = Version: 6
     .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00
(DSCP: CS0, ECN: Not-ECT)
         .... 0000 00.. .... .... .... .... .... = Differentiated
Services Codepoint: Default (0)
         .... .... ..00 .... .... .... .... .... = Explicit Congestion
Notification: Not ECN-Capable Transport (0)
     .... .... .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000
     Payload Length: 200
     Next Header: TCP (6)
     Hop Limit: 64
     Source: fe80::51ce:d94d:bec3:8246 (fe80::51ce:d94d:bec3:8246)
     Destination: fe80::51ce:d94d:bec3:8246 (fe80::51ce:d94d:bec3:8246)
     [Source GeoIP: Unknown]
     [Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: csdm (1468), Dst Port: pipes
(1465), Seq: 1, Ack: 1, Len: 180
     Source Port: csdm (1468)
     Destination Port: pipes (1465)
     [Stream index: 5]
     [TCP Segment Len: 180]
     Sequence number: 1    (relative sequence number)
     [Next sequence number: 181    (relative sequence number)]
     Acknowledgment number: 1    (relative ack number)
     0101 .... = Header Length: 20 bytes (5)
     Flags: 0x018 (PSH, ACK)
         000. .... .... = Reserved: Not set
         ...0 .... .... = Nonce: Not set
         .... 0... .... = Congestion Window Reduced (CWR): Not set
         .... .0.. .... = ECN-Echo: Not set
         .... ..0. .... = Urgent: Not set
         .... ...1 .... = Acknowledgment: Set
         .... .... 1... = Push: Set
         .... .... .0.. = Reset: Not set
         .... .... ..0. = Syn: Not set
         .... .... ...0 = Fin: Not set
         [TCP Flags: ·······AP···]
     Window size value: 2048
     [Calculated window size: 8192]
     [Window size scaling factor: 4]
     Checksum: 0xaf85 [unverified]
     [Checksum Status: Unverified]
     Urgent pointer: 0
     [SEQ/ACK analysis]
         [iRTT: 0.000213000 seconds]
         [Bytes in flight: 180]
         [Bytes sent since last PSH flag: 180]
     TCP payload (180 bytes)
Data (180 bytes)
     Data:
16:03:03:00:af:01:00:00:ab:03:03:11:63:2f:61:7b:
db:93:9e:87:f1:c3:99:0b:b9:c8:70:3b:7a:0e:c9:33:
0a:1c:df:46:c5:2c:62:09:4a:ec:05:00:00:48:00:a3:
00:40:00:67:00:35:00:a2:00:9f:00:9e:c0:2c:00:3d:
c0:12:c0:2b:00:38:00:13:00:33:c0:08:00:3c:00:9c:
00:9d:c0:13:c0:28:c0:27:00:2f:c0:09:00:0a:c0:24:
00:6b:c0:0a:00:6a:c0:23:00:39:c0:2f:00:16:c0:14:
00:32:c0:30:00:ff:01:00:00:3a:00:17:00:00:00:16:
00:00:00:0a:00:0e:00:0c:00:17:00:18:00:19:01:00:
01:01:01:02:00:0d:00:14:00:12:02:01:04:01:05:01:
06:01:02:03:04:03:05:03:06:03:02:02:00:0b:00:04:
03:00:01:02
     [Length: 180]
</BC 4th Packet TCP[PSH, ACK]>

<BC 5th Packet TCP[ACK]>
Frame 1246: 124 bytes on wire (992 bits), 64 bytes captured (512 bits)
on interface 0
     Interface id: 0 (\Device\NPF_{FB066B3D-B08A-4134-A62F-2B36C47CEE0D})
         Interface name: \Device\NPF_{FB066B3D-B08A-4134-A62F-2B36C47CEE0D}
     Encapsulation type: NULL/Loopback (15)
     Arrival Time: Apr  3, 2018 11:24:28.024478000 E. Australia Standard
Time
     [Time shift for this packet: 0.000000000 seconds]
     Epoch Time: 1522718668.024478000 seconds
     [Time delta from previous captured frame: 0.000060000 seconds]
     [Time delta from previous displayed frame: 0.000060000 seconds]
     [Time since reference or first frame: 22.695598000 seconds]
     Frame Number: 1246
     Frame Length: 124 bytes (992 bits)
     Capture Length: 64 bytes (512 bits)
     [Frame is marked: False]
     [Frame is ignored: False]
     [Protocols in frame: null:ipv6:tcp]
     [Coloring Rule Name: TCP]
     [Coloring Rule String: tcp]
Null/Loopback
     Family: IPv6 (24)
Internet Protocol Version 6, Src: fe80::51ce:d94d:bec3:8246
(fe80::51ce:d94d:bec3:8246), Dst: fe80::51ce:d94d:bec3:8246
(fe80::51ce:d94d:bec3:8246)
     0110 .... = Version: 6
     .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00
(DSCP: CS0, ECN: Not-ECT)
         .... 0000 00.. .... .... .... .... .... = Differentiated
Services Codepoint: Default (0)
         .... .... ..00 .... .... .... .... .... = Explicit Congestion
Notification: Not ECN-Capable Transport (0)
     .... .... .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000
     Payload Length: 20
     Next Header: TCP (6)
     Hop Limit: 64
     Source: fe80::51ce:d94d:bec3:8246 (fe80::51ce:d94d:bec3:8246)
     Destination: fe80::51ce:d94d:bec3:8246 (fe80::51ce:d94d:bec3:8246)
     [Source GeoIP: Unknown]
     [Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: pipes (1465), Dst Port: csdm
(1468), Seq: 1, Ack: 181, Len: 0
     Source Port: pipes (1465)
     Destination Port: csdm (1468)
     [Stream index: 5]
     [TCP Segment Len: 0]
     Sequence number: 1    (relative sequence number)
     Acknowledgment number: 181    (relative ack number)
     0101 .... = Header Length: 20 bytes (5)
     Flags: 0x010 (ACK)
         000. .... .... = Reserved: Not set
         ...0 .... .... = Nonce: Not set
         .... 0... .... = Congestion Window Reduced (CWR): Not set
         .... .0.. .... = ECN-Echo: Not set
         .... ..0. .... = Urgent: Not set
         .... ...1 .... = Acknowledgment: Set
         .... .... 0... = Push: Not set
         .... .... .0.. = Reset: Not set
         .... .... ..0. = Syn: Not set
         .... .... ...0 = Fin: Not set
         [TCP Flags: ·······A····]
     Window size value: 31
     [Calculated window size: 7936]
     [Window size scaling factor: 256]
     Checksum: 0x7c24 [unverified]
     [Checksum Status: Unverified]
     Urgent pointer: 0
     [SEQ/ACK analysis]
         [This is an ACK to the segment in frame: 1245]
         [The RTT to ACK the segment was: 0.000060000 seconds]
         [iRTT: 0.000213000 seconds]
</BC 5th Packet TCP[ACK]>

<BC 6th Packet TCP[PSH, ACK]
Frame 1247: 138 bytes on wire (1104 bits), 71 bytes captured (568 bits)
on interface 0
     Interface id: 0 (\Device\NPF_{FB066B3D-B08A-4134-A62F-2B36C47CEE0D})
         Interface name: \Device\NPF_{FB066B3D-B08A-4134-A62F-2B36C47CEE0D}
     Encapsulation type: NULL/Loopback (15)
     Arrival Time: Apr  3, 2018 11:24:28.050263000 E. Australia Standard
Time
     [Time shift for this packet: 0.000000000 seconds]
     Epoch Time: 1522718668.050263000 seconds
     [Time delta from previous captured frame: 0.025785000 seconds]
     [Time delta from previous displayed frame: 0.025785000 seconds]
     [Time since reference or first frame: 22.721383000 seconds]
     Frame Number: 1247
     Frame Length: 138 bytes (1104 bits)
     Capture Length: 71 bytes (568 bits)
     [Frame is marked: False]
     [Frame is ignored: False]
     [Protocols in frame: null:ipv6:tcp:data]
     [Coloring Rule Name: TCP]
     [Coloring Rule String: tcp]
Null/Loopback
     Family: IPv6 (24)
Internet Protocol Version 6, Src: fe80::51ce:d94d:bec3:8246
(fe80::51ce:d94d:bec3:8246), Dst: fe80::51ce:d94d:bec3:8246
(fe80::51ce:d94d:bec3:8246)
     0110 .... = Version: 6
     .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00
(DSCP: CS0, ECN: Not-ECT)
         .... 0000 00.. .... .... .... .... .... = Differentiated
Services Codepoint: Default (0)
         .... .... ..00 .... .... .... .... .... = Explicit Congestion
Notification: Not ECN-Capable Transport (0)
     .... .... .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000
     Payload Length: 27
     Next Header: TCP (6)
     Hop Limit: 64
     Source: fe80::51ce:d94d:bec3:8246 (fe80::51ce:d94d:bec3:8246)
     Destination: fe80::51ce:d94d:bec3:8246 (fe80::51ce:d94d:bec3:8246)
     [Source GeoIP: Unknown]
     [Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: pipes (1465), Dst Port: csdm
(1468), Seq: 1, Ack: 181, Len: 7
     Source Port: pipes (1465)
     Destination Port: csdm (1468)
     [Stream index: 5]
     [TCP Segment Len: 7]
     Sequence number: 1    (relative sequence number)
     [Next sequence number: 8    (relative sequence number)]
     Acknowledgment number: 181    (relative ack number)
     0101 .... = Header Length: 20 bytes (5)
     Flags: 0x018 (PSH, ACK)
         000. .... .... = Reserved: Not set
         ...0 .... .... = Nonce: Not set
         .... 0... .... = Congestion Window Reduced (CWR): Not set
         .... .0.. .... = ECN-Echo: Not set
         .... ..0. .... = Urgent: Not set
         .... ...1 .... = Acknowledgment: Set
         .... .... 1... = Push: Set
         .... .... .0.. = Reset: Not set
         .... .... ..0. = Syn: Not set
         .... .... ...0 = Fin: Not set
         [TCP Flags: ·······AP···]
     Window size value: 31
     [Calculated window size: 7936]
     [Window size scaling factor: 256]
     Checksum: 0x3a10 [unverified]
     [Checksum Status: Unverified]
     Urgent pointer: 0
     [SEQ/ACK analysis]
         [iRTT: 0.000213000 seconds]
         [Bytes in flight: 7]
         [Bytes sent since last PSH flag: 7]
     TCP payload (7 bytes)
Data (7 bytes)
     Data:
15:03:03:00:02:02:28
     [Length: 7]
</BC 6th Packet TCP [PSH, ACK]>

<BC 7th Packet TCP [ACK]>
Frame 1248: 124 bytes on wire (992 bits), 64 bytes captured (512 bits)
on interface 0
     Interface id: 0 (\Device\NPF_{FB066B3D-B08A-4134-A62F-2B36C47CEE0D})
         Interface name: \Device\NPF_{FB066B3D-B08A-4134-A62F-2B36C47CEE0D}
     Encapsulation type: NULL/Loopback (15)
     Arrival Time: Apr  3, 2018 11:24:28.050305000 E. Australia Standard
Time
     [Time shift for this packet: 0.000000000 seconds]
     Epoch Time: 1522718668.050305000 seconds
     [Time delta from previous captured frame: 0.000042000 seconds]
     [Time delta from previous displayed frame: 0.000042000 seconds]
     [Time since reference or first frame: 22.721425000 seconds]
     Frame Number: 1248
     Frame Length: 124 bytes (992 bits)
     Capture Length: 64 bytes (512 bits)
     [Frame is marked: False]
     [Frame is ignored: False]
     [Protocols in frame: null:ipv6:tcp]
     [Coloring Rule Name: TCP]
     [Coloring Rule String: tcp]
Null/Loopback
     Family: IPv6 (24)
Internet Protocol Version 6, Src: fe80::51ce:d94d:bec3:8246
(fe80::51ce:d94d:bec3:8246), Dst: fe80::51ce:d94d:bec3:8246
(fe80::51ce:d94d:bec3:8246)
     0110 .... = Version: 6
     .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00
(DSCP: CS0, ECN: Not-ECT)
         .... 0000 00.. .... .... .... .... .... = Differentiated
Services Codepoint: Default (0)
         .... .... ..00 .... .... .... .... .... = Explicit Congestion
Notification: Not ECN-Capable Transport (0)
     .... .... .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000
     Payload Length: 20
     Next Header: TCP (6)
     Hop Limit: 64
     Source: fe80::51ce:d94d:bec3:8246 (fe80::51ce:d94d:bec3:8246)
     Destination: fe80::51ce:d94d:bec3:8246 (fe80::51ce:d94d:bec3:8246)
     [Source GeoIP: Unknown]
     [Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: csdm (1468), Dst Port: pipes
(1465), Seq: 181, Ack: 8, Len: 0
     Source Port: csdm (1468)
     Destination Port: pipes (1465)
     [Stream index: 5]
     [TCP Segment Len: 0]
     Sequence number: 181    (relative sequence number)
     Acknowledgment number: 8    (relative ack number)
     0101 .... = Header Length: 20 bytes (5)
     Flags: 0x010 (ACK)
         000. .... .... = Reserved: Not set
         ...0 .... .... = Nonce: Not set
         .... 0... .... = Congestion Window Reduced (CWR): Not set
         .... .0.. .... = ECN-Echo: Not set
         .... ..0. .... = Urgent: Not set
         .... ...1 .... = Acknowledgment: Set
         .... .... 0... = Push: Not set
         .... .... .0.. = Reset: Not set
         .... .... ..0. = Syn: Not set
         .... .... ...0 = Fin: Not set
         [TCP Flags: ·······A····]
     Window size value: 2046
     [Calculated window size: 8184]
     [Window size scaling factor: 4]
     Checksum: 0x743e [unverified]
     [Checksum Status: Unverified]
     Urgent pointer: 0
     [SEQ/ACK analysis]
         [This is an ACK to the segment in frame: 1247]
         [The RTT to ACK the segment was: 0.000042000 seconds]
         [iRTT: 0.000213000 seconds]
</BC 7th Packet TCP[ACK]>

<BC 8th Packet TCP[FIN, ACK]>
Frame 1249: 124 bytes on wire (992 bits), 64 bytes captured (512 bits)
on interface 0
     Interface id: 0 (\Device\NPF_{FB066B3D-B08A-4134-A62F-2B36C47CEE0D})
         Interface name: \Device\NPF_{FB066B3D-B08A-4134-A62F-2B36C47CEE0D}
     Encapsulation type: NULL/Loopback (15)
     Arrival Time: Apr  3, 2018 11:24:28.050411000 E. Australia Standard
Time
     [Time shift for this packet: 0.000000000 seconds]
     Epoch Time: 1522718668.050411000 seconds
     [Time delta from previous captured frame: 0.000106000 seconds]
     [Time delta from previous displayed frame: 0.000106000 seconds]
     [Time since reference or first frame: 22.721531000 seconds]
     Frame Number: 1249
     Frame Length: 124 bytes (992 bits)
     Capture Length: 64 bytes (512 bits)
     [Frame is marked: False]
     [Frame is ignored: False]
     [Protocols in frame: null:ipv6:tcp]
     [Coloring Rule Name: TCP SYN/FIN]
     [Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1]
Null/Loopback
     Family: IPv6 (24)
Internet Protocol Version 6, Src: fe80::51ce:d94d:bec3:8246
(fe80::51ce:d94d:bec3:8246), Dst: fe80::51ce:d94d:bec3:8246
(fe80::51ce:d94d:bec3:8246)
     0110 .... = Version: 6
     .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00
(DSCP: CS0, ECN: Not-ECT)
         .... 0000 00.. .... .... .... .... .... = Differentiated
Services Codepoint: Default (0)
         .... .... ..00 .... .... .... .... .... = Explicit Congestion
Notification: Not ECN-Capable Transport (0)
     .... .... .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000
     Payload Length: 20
     Next Header: TCP (6)
     Hop Limit: 64
     Source: fe80::51ce:d94d:bec3:8246 (fe80::51ce:d94d:bec3:8246)
     Destination: fe80::51ce:d94d:bec3:8246 (fe80::51ce:d94d:bec3:8246)
     [Source GeoIP: Unknown]
     [Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: pipes (1465), Dst Port: csdm
(1468), Seq: 8, Ack: 181, Len: 0
     Source Port: pipes (1465)
     Destination Port: csdm (1468)
     [Stream index: 5]
     [TCP Segment Len: 0]
     Sequence number: 8    (relative sequence number)
     Acknowledgment number: 181    (relative ack number)
     0101 .... = Header Length: 20 bytes (5)
     Flags: 0x011 (FIN, ACK)
         000. .... .... = Reserved: Not set
         ...0 .... .... = Nonce: Not set
         .... 0... .... = Congestion Window Reduced (CWR): Not set
         .... .0.. .... = ECN-Echo: Not set
         .... ..0. .... = Urgent: Not set
         .... ...1 .... = Acknowledgment: Set
         .... .... 0... = Push: Not set
         .... .... .0.. = Reset: Not set
         .... .... ..0. = Syn: Not set
         .... .... ...1 = Fin: Set
             [Expert Info (Chat/Sequence): Connection finish (FIN)]
                 [Connection finish (FIN)]
                 [Severity level: Chat]
                 [Group: Sequence]
         [TCP Flags: ·······A···F]
     Window size value: 31
     [Calculated window size: 7936]
     [Window size scaling factor: 256]
     Checksum: 0x7c1c [unverified]
     [Checksum Status: Unverified]
     Urgent pointer: 0
</BC 8th Packet TCP[FIN, ACK]>

<BC 9th Packet TCP[ACK]>
Frame 1250: 124 bytes on wire (992 bits), 64 bytes captured (512 bits)
on interface 0
     Interface id: 0 (\Device\NPF_{FB066B3D-B08A-4134-A62F-2B36C47CEE0D})
         Interface name: \Device\NPF_{FB066B3D-B08A-4134-A62F-2B36C47CEE0D}
     Encapsulation type: NULL/Loopback (15)
     Arrival Time: Apr  3, 2018 11:24:28.050435000 E. Australia Standard
Time
     [Time shift for this packet: 0.000000000 seconds]
     Epoch Time: 1522718668.050435000 seconds
     [Time delta from previous captured frame: 0.000024000 seconds]
     [Time delta from previous displayed frame: 0.000024000 seconds]
     [Time since reference or first frame: 22.721555000 seconds]
     Frame Number: 1250
     Frame Length: 124 bytes (992 bits)
     Capture Length: 64 bytes (512 bits)
     [Frame is marked: False]
     [Frame is ignored: False]
     [Protocols in frame: null:ipv6:tcp]
     [Coloring Rule Name: TCP]
     [Coloring Rule String: tcp]
Null/Loopback
     Family: IPv6 (24)
Internet Protocol Version 6, Src: fe80::51ce:d94d:bec3:8246
(fe80::51ce:d94d:bec3:8246), Dst: fe80::51ce:d94d:bec3:8246
(fe80::51ce:d94d:bec3:8246)
     0110 .... = Version: 6
     .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00
(DSCP: CS0, ECN: Not-ECT)
         .... 0000 00.. .... .... .... .... .... = Differentiated
Services Codepoint: Default (0)
         .... .... ..00 .... .... .... .... .... = Explicit Congestion
Notification: Not ECN-Capable Transport (0)
     .... .... .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000
     Payload Length: 20
     Next Header: TCP (6)
     Hop Limit: 64
     Source: fe80::51ce:d94d:bec3:8246 (fe80::51ce:d94d:bec3:8246)
     Destination: fe80::51ce:d94d:bec3:8246 (fe80::51ce:d94d:bec3:8246)
     [Source GeoIP: Unknown]
     [Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: csdm (1468), Dst Port: pipes
(1465), Seq: 181, Ack: 9, Len: 0
     Source Port: csdm (1468)
     Destination Port: pipes (1465)
     [Stream index: 5]
     [TCP Segment Len: 0]
     Sequence number: 181    (relative sequence number)
     Acknowledgment number: 9    (relative ack number)
     0101 .... = Header Length: 20 bytes (5)
     Flags: 0x010 (ACK)
         000. .... .... = Reserved: Not set
         ...0 .... .... = Nonce: Not set
         .... 0... .... = Congestion Window Reduced (CWR): Not set
         .... .0.. .... = ECN-Echo: Not set
         .... ..0. .... = Urgent: Not set
         .... ...1 .... = Acknowledgment: Set
         .... .... 0... = Push: Not set
         .... .... .0.. = Reset: Not set
         .... .... ..0. = Syn: Not set
         .... .... ...0 = Fin: Not set
         [TCP Flags: ·······A····]
     Window size value: 2046
     [Calculated window size: 8184]
     [Window size scaling factor: 4]
     Checksum: 0x743d [unverified]
     [Checksum Status: Unverified]
     Urgent pointer: 0
     [SEQ/ACK analysis]
         [This is an ACK to the segment in frame: 1249]
         [The RTT to ACK the segment was: 0.000024000 seconds]
         [iRTT: 0.000213000 seconds]
</BC 9th Packet TCP[ACK]>

<BC 10th Packet TCP[FIN, ACK]>
Frame 1251: 124 bytes on wire (992 bits), 64 bytes captured (512 bits)
on interface 0
     Interface id: 0 (\Device\NPF_{FB066B3D-B08A-4134-A62F-2B36C47CEE0D})
         Interface name: \Device\NPF_{FB066B3D-B08A-4134-A62F-2B36C47CEE0D}
     Encapsulation type: NULL/Loopback (15)
     Arrival Time: Apr  3, 2018 11:24:28.062836000 E. Australia Standard
Time
     [Time shift for this packet: 0.000000000 seconds]
     Epoch Time: 1522718668.062836000 seconds
     [Time delta from previous captured frame: 0.012401000 seconds]
     [Time delta from previous displayed frame: 0.012401000 seconds]
     [Time since reference or first frame: 22.733956000 seconds]
     Frame Number: 1251
     Frame Length: 124 bytes (992 bits)
     Capture Length: 64 bytes (512 bits)
     [Frame is marked: False]
     [Frame is ignored: False]
     [Protocols in frame: null:ipv6:tcp]
     [Coloring Rule Name: TCP SYN/FIN]
     [Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1]
Null/Loopback
     Family: IPv6 (24)
Internet Protocol Version 6, Src: fe80::51ce:d94d:bec3:8246
(fe80::51ce:d94d:bec3:8246), Dst: fe80::51ce:d94d:bec3:8246
(fe80::51ce:d94d:bec3:8246)
     0110 .... = Version: 6
     .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00
(DSCP: CS0, ECN: Not-ECT)
         .... 0000 00.. .... .... .... .... .... = Differentiated
Services Codepoint: Default (0)
         .... .... ..00 .... .... .... .... .... = Explicit Congestion
Notification: Not ECN-Capable Transport (0)
     .... .... .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000
     Payload Length: 20
     Next Header: TCP (6)
     Hop Limit: 64
     Source: fe80::51ce:d94d:bec3:8246 (fe80::51ce:d94d:bec3:8246)
     Destination: fe80::51ce:d94d:bec3:8246 (fe80::51ce:d94d:bec3:8246)
     [Source GeoIP: Unknown]
     [Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: csdm (1468), Dst Port: pipes
(1465), Seq: 181, Ack: 9, Len: 0
     Source Port: csdm (1468)
     Destination Port: pipes (1465)
     [Stream index: 5]
     [TCP Segment Len: 0]
     Sequence number: 181    (relative sequence number)
     Acknowledgment number: 9    (relative ack number)
     0101 .... = Header Length: 20 bytes (5)
     Flags: 0x011 (FIN, ACK)
         000. .... .... = Reserved: Not set
         ...0 .... .... = Nonce: Not set
         .... 0... .... = Congestion Window Reduced (CWR): Not set
         .... .0.. .... = ECN-Echo: Not set
         .... ..0. .... = Urgent: Not set
         .... ...1 .... = Acknowledgment: Set
         .... .... 0... = Push: Not set
         .... .... .0.. = Reset: Not set
         .... .... ..0. = Syn: Not set
         .... .... ...1 = Fin: Set
             [Expert Info (Chat/Sequence): Connection finish (FIN)]
                 [Connection finish (FIN)]
                 [Severity level: Chat]
                 [Group: Sequence]
         [TCP Flags: ·······A···F]
     Window size value: 2046
     [Calculated window size: 8184]
     [Window size scaling factor: 4]
     Checksum: 0x743c [unverified]
     [Checksum Status: Unverified]
     Urgent pointer: 0
</BC 10th Packet TCP[FIN, ACK]>
<BC 11th Packet TCP[ACK]>
Frame 1252: 124 bytes on wire (992 bits), 64 bytes captured (512 bits)
on interface 0
     Interface id: 0 (\Device\NPF_{FB066B3D-B08A-4134-A62F-2B36C47CEE0D})
         Interface name: \Device\NPF_{FB066B3D-B08A-4134-A62F-2B36C47CEE0D}
     Encapsulation type: NULL/Loopback (15)
     Arrival Time: Apr  3, 2018 11:24:28.062911000 E. Australia Standard
Time
     [Time shift for this packet: 0.000000000 seconds]
     Epoch Time: 1522718668.062911000 seconds
     [Time delta from previous captured frame: 0.000075000 seconds]
     [Time delta from previous displayed frame: 0.000075000 seconds]
     [Time since reference or first frame: 22.734031000 seconds]
     Frame Number: 1252
     Frame Length: 124 bytes (992 bits)
     Capture Length: 64 bytes (512 bits)
     [Frame is marked: False]
     [Frame is ignored: False]
     [Protocols in frame: null:ipv6:tcp]
     [Coloring Rule Name: TCP]
     [Coloring Rule String: tcp]
Null/Loopback
     Family: IPv6 (24)
Internet Protocol Version 6, Src: fe80::51ce:d94d:bec3:8246
(fe80::51ce:d94d:bec3:8246), Dst: fe80::51ce:d94d:bec3:8246
(fe80::51ce:d94d:bec3:8246)
     0110 .... = Version: 6
     .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00
(DSCP: CS0, ECN: Not-ECT)
         .... 0000 00.. .... .... .... .... .... = Differentiated
Services Codepoint: Default (0)
         .... .... ..00 .... .... .... .... .... = Explicit Congestion
Notification: Not ECN-Capable Transport (0)
     .... .... .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000
     Payload Length: 20
     Next Header: TCP (6)
     Hop Limit: 64
     Source: fe80::51ce:d94d:bec3:8246 (fe80::51ce:d94d:bec3:8246)
     Destination: fe80::51ce:d94d:bec3:8246 (fe80::51ce:d94d:bec3:8246)
     [Source GeoIP: Unknown]
     [Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: pipes (1465), Dst Port: csdm
(1468), Seq: 9, Ack: 182, Len: 0
     Source Port: pipes (1465)
     Destination Port: csdm (1468)
     [Stream index: 5]
     [TCP Segment Len: 0]
     Sequence number: 9    (relative sequence number)
     Acknowledgment number: 182    (relative ack number)
     0101 .... = Header Length: 20 bytes (5)
     Flags: 0x010 (ACK)
         000. .... .... = Reserved: Not set
         ...0 .... .... = Nonce: Not set
         .... 0... .... = Congestion Window Reduced (CWR): Not set
         .... .0.. .... = ECN-Echo: Not set
         .... ..0. .... = Urgent: Not set
         .... ...1 .... = Acknowledgment: Set
         .... .... 0... = Push: Not set
         .... .... .0.. = Reset: Not set
         .... .... ..0. = Syn: Not set
         .... .... ...0 = Fin: Not set
         [TCP Flags: ·······A····]
     Window size value: 31
     [Calculated window size: 7936]
     [Window size scaling factor: 256]
     Checksum: 0x7c1b [unverified]
     [Checksum Status: Unverified]
     Urgent pointer: 0
     [SEQ/ACK analysis]
         [This is an ACK to the segment in frame: 1251]
         [The RTT to ACK the segment was: 0.000075000 seconds]
         [iRTT: 0.000213000 seconds]
</BC 11th Packet TCP[ACK]>


Reply | Threaded
Open this post in threaded view
|

Re: Handshake Failure

Peter Firmstone
Packets sent with Sun Provider:

<Sun 1st Packet TCP[SYN]>
Frame 1224: 148 bytes on wire (1184 bits), 76 bytes captured (608 bits)
on interface 0
     Interface id: 0 (\Device\NPF_{FB066B3D-B08A-4134-A62F-2B36C47CEE0D})
         Interface name: \Device\NPF_{FB066B3D-B08A-4134-A62F-2B36C47CEE0D}
     Encapsulation type: NULL/Loopback (15)
     Arrival Time: Apr  2, 2018 20:16:30.775152000 E. Australia Standard
Time
     [Time shift for this packet: 0.000000000 seconds]
     Epoch Time: 1522664190.775152000 seconds
     [Time delta from previous captured frame: 1.090596000 seconds]
     [Time delta from previous displayed frame: 1.090596000 seconds]
     [Time since reference or first frame: 13.185505000 seconds]
     Frame Number: 1224
     Frame Length: 148 bytes (1184 bits)
     Capture Length: 76 bytes (608 bits)
     [Frame is marked: False]
     [Frame is ignored: False]
     [Protocols in frame: null:ipv6:tcp]
     [Coloring Rule Name: TCP SYN/FIN]
     [Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1]
Null/Loopback
     Family: IPv6 (24)
Internet Protocol Version 6, Src: fe80::51ce:d94d:bec3:8246
(fe80::51ce:d94d:bec3:8246), Dst: fe80::51ce:d94d:bec3:8246
(fe80::51ce:d94d:bec3:8246)
     0110 .... = Version: 6
     .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00
(DSCP: CS0, ECN: Not-ECT)
         .... 0000 00.. .... .... .... .... .... = Differentiated
Services Codepoint: Default (0)
         .... .... ..00 .... .... .... .... .... = Explicit Congestion
Notification: Not ECN-Capable Transport (0)
     .... .... .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000
     Payload Length: 32
     Next Header: TCP (6)
     Hop Limit: 64
     Source: fe80::51ce:d94d:bec3:8246 (fe80::51ce:d94d:bec3:8246)
     Destination: fe80::51ce:d94d:bec3:8246 (fe80::51ce:d94d:bec3:8246)
     [Source GeoIP: Unknown]
     [Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: pictrography (1280), Dst Port:
miva-mqs (1277), Seq: 0, Len: 0
     Source Port: pictrography (1280)
     Destination Port: miva-mqs (1277)
     [Stream index: 5]
     [TCP Segment Len: 0]
     Sequence number: 0    (relative sequence number)
     Acknowledgment number: 0
     1000 .... = Header Length: 32 bytes (8)
     Flags: 0x002 (SYN)
         000. .... .... = Reserved: Not set
         ...0 .... .... = Nonce: Not set
         .... 0... .... = Congestion Window Reduced (CWR): Not set
         .... .0.. .... = ECN-Echo: Not set
         .... ..0. .... = Urgent: Not set
         .... ...0 .... = Acknowledgment: Not set
         .... .... 0... = Push: Not set
         .... .... .0.. = Reset: Not set
         .... .... ..1. = Syn: Set
             [Expert Info (Chat/Sequence): Connection establish request
(SYN): server port 1277]
                 [Connection establish request (SYN): server port 1277]
                 [Severity level: Chat]
                 [Group: Sequence]
         .... .... ...0 = Fin: Not set
         [TCP Flags: ··········S·]
     Window size value: 8192
     [Calculated window size: 8192]
     Checksum: 0xd40a [unverified]
     [Checksum Status: Unverified]
     Urgent pointer: 0
     Options: (12 bytes), Maximum segment size, No-Operation (NOP),
Window scale, No-Operation (NOP), No-Operation (NOP), SACK permitted
         TCP Option - Maximum segment size: 1432 bytes
             Kind: Maximum Segment Size (2)
             Length: 4
             MSS Value: 1432
         TCP Option - No-Operation (NOP)
             Kind: No-Operation (1)
         TCP Option - Window scale: 2 (multiply by 4)
             Kind: Window Scale (3)
             Length: 3
             Shift count: 2
             [Multiplier: 4]
         TCP Option - No-Operation (NOP)
             Kind: No-Operation (1)
         TCP Option - No-Operation (NOP)
             Kind: No-Operation (1)
         TCP Option - SACK permitted
             Kind: SACK Permitted (4)
             Length: 2
</Sun 1st Packet TCP[SYN]>

<Sun 2nd Packet TCP[SYN, ACK]>
Frame 1225: 148 bytes on wire (1184 bits), 76 bytes captured (608 bits)
on interface 0
     Interface id: 0 (\Device\NPF_{FB066B3D-B08A-4134-A62F-2B36C47CEE0D})
         Interface name: \Device\NPF_{FB066B3D-B08A-4134-A62F-2B36C47CEE0D}
     Encapsulation type: NULL/Loopback (15)
     Arrival Time: Apr  2, 2018 20:16:30.775322000 E. Australia Standard
Time
     [Time shift for this packet: 0.000000000 seconds]
     Epoch Time: 1522664190.775322000 seconds
     [Time delta from previous captured frame: 0.000170000 seconds]
     [Time delta from previous displayed frame: 0.000170000 seconds]
     [Time since reference or first frame: 13.185675000 seconds]
     Frame Number: 1225
     Frame Length: 148 bytes (1184 bits)
     Capture Length: 76 bytes (608 bits)
     [Frame is marked: False]
     [Frame is ignored: False]
     [Protocols in frame: null:ipv6:tcp]
     [Coloring Rule Name: TCP SYN/FIN]
     [Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1]
Null/Loopback
     Family: IPv6 (24)
Internet Protocol Version 6, Src: fe80::51ce:d94d:bec3:8246
(fe80::51ce:d94d:bec3:8246), Dst: fe80::51ce:d94d:bec3:8246
(fe80::51ce:d94d:bec3:8246)
     0110 .... = Version: 6
     .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00
(DSCP: CS0, ECN: Not-ECT)
         .... 0000 00.. .... .... .... .... .... = Differentiated
Services Codepoint: Default (0)
         .... .... ..00 .... .... .... .... .... = Explicit Congestion
Notification: Not ECN-Capable Transport (0)
     .... .... .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000
     Payload Length: 32
     Next Header: TCP (6)
     Hop Limit: 64
     Source: fe80::51ce:d94d:bec3:8246 (fe80::51ce:d94d:bec3:8246)
     Destination: fe80::51ce:d94d:bec3:8246 (fe80::51ce:d94d:bec3:8246)
     [Source GeoIP: Unknown]
     [Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: miva-mqs (1277), Dst Port:
pictrography (1280), Seq: 0, Ack: 1, Len: 0
     Source Port: miva-mqs (1277)
     Destination Port: pictrography (1280)
     [Stream index: 5]
     [TCP Segment Len: 0]
     Sequence number: 0    (relative sequence number)
     Acknowledgment number: 1    (relative ack number)
     1000 .... = Header Length: 32 bytes (8)
     Flags: 0x012 (SYN, ACK)
         000. .... .... = Reserved: Not set
         ...0 .... .... = Nonce: Not set
         .... 0... .... = Congestion Window Reduced (CWR): Not set
         .... .0.. .... = ECN-Echo: Not set
         .... ..0. .... = Urgent: Not set
         .... ...1 .... = Acknowledgment: Set
         .... .... 0... = Push: Not set
         .... .... .0.. = Reset: Not set
         .... .... ..1. = Syn: Set
             [Expert Info (Chat/Sequence): Connection establish
acknowledge (SYN+ACK): server port 1277]
                 [Connection establish acknowledge (SYN+ACK): server
port 1277]
                 [Severity level: Chat]
                 [Group: Sequence]
         .... .... ...0 = Fin: Not set
         [TCP Flags: ·······A··S·]
     Window size value: 8192
     [Calculated window size: 8192]
     Checksum: 0x8a30 [unverified]
     [Checksum Status: Unverified]
     Urgent pointer: 0
     Options: (12 bytes), Maximum segment size, No-Operation (NOP),
Window scale, No-Operation (NOP), No-Operation (NOP), SACK permitted
         TCP Option - Maximum segment size: 1432 bytes
             Kind: Maximum Segment Size (2)
             Length: 4
             MSS Value: 1432
         TCP Option - No-Operation (NOP)
             Kind: No-Operation (1)
         TCP Option - Window scale: 8 (multiply by 256)
             Kind: Window Scale (3)
             Length: 3
             Shift count: 8
             [Multiplier: 256]
         TCP Option - No-Operation (NOP)
             Kind: No-Operation (1)
         TCP Option - No-Operation (NOP)
             Kind: No-Operation (1)
         TCP Option - SACK permitted
             Kind: SACK Permitted (4)
             Length: 2
     [SEQ/ACK analysis]
         [This is an ACK to the segment in frame: 1224]
         [The RTT to ACK the segment was: 0.000170000 seconds]
         [iRTT: 0.000246000 seconds]
</Sun 2nd Packet TCP[SYN, ACK]>

<Sun 3rd Packet TCP[ACK]>
Frame 1226: 124 bytes on wire (992 bits), 64 bytes captured (512 bits)
on interface 0
     Interface id: 0 (\Device\NPF_{FB066B3D-B08A-4134-A62F-2B36C47CEE0D})
         Interface name: \Device\NPF_{FB066B3D-B08A-4134-A62F-2B36C47CEE0D}
     Encapsulation type: NULL/Loopback (15)
     Arrival Time: Apr  2, 2018 20:16:30.775398000 E. Australia Standard
Time
     [Time shift for this packet: 0.000000000 seconds]
     Epoch Time: 1522664190.775398000 seconds
     [Time delta from previous captured frame: 0.000076000 seconds]
     [Time delta from previous displayed frame: 0.000076000 seconds]
     [Time since reference or first frame: 13.185751000 seconds]
     Frame Number: 1226
     Frame Length: 124 bytes (992 bits)
     Capture Length: 64 bytes (512 bits)
     [Frame is marked: False]
     [Frame is ignored: False]
     [Protocols in frame: null:ipv6:tcp]
     [Coloring Rule Name: TCP]
     [Coloring Rule String: tcp]
Null/Loopback
     Family: IPv6 (24)
Internet Protocol Version 6, Src: fe80::51ce:d94d:bec3:8246
(fe80::51ce:d94d:bec3:8246), Dst: fe80::51ce:d94d:bec3:8246
(fe80::51ce:d94d:bec3:8246)
     0110 .... = Version: 6
     .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00
(DSCP: CS0, ECN: Not-ECT)
         .... 0000 00.. .... .... .... .... .... = Differentiated
Services Codepoint: Default (0)
         .... .... ..00 .... .... .... .... .... = Explicit Congestion
Notification: Not ECN-Capable Transport (0)
     .... .... .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000
     Payload Length: 20
     Next Header: TCP (6)
     Hop Limit: 64
     Source: fe80::51ce:d94d:bec3:8246 (fe80::51ce:d94d:bec3:8246)
     Destination: fe80::51ce:d94d:bec3:8246 (fe80::51ce:d94d:bec3:8246)
     [Source GeoIP: Unknown]
     [Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: pictrography (1280), Dst Port:
miva-mqs (1277), Seq: 1, Ack: 1, Len: 0
     Source Port: pictrography (1280)
     Destination Port: miva-mqs (1277)
     [Stream index: 5]
     [TCP Segment Len: 0]
     Sequence number: 1    (relative sequence number)
     Acknowledgment number: 1    (relative ack number)
     0101 .... = Header Length: 20 bytes (5)
     Flags: 0x010 (ACK)
         000. .... .... = Reserved: Not set
         ...0 .... .... = Nonce: Not set
         .... 0... .... = Congestion Window Reduced (CWR): Not set
         .... .0.. .... = ECN-Echo: Not set
         .... ..0. .... = Urgent: Not set
         .... ...1 .... = Acknowledgment: Set
         .... .... 0... = Push: Not set
         .... .... .0.. = Reset: Not set
         .... .... ..0. = Syn: Not set
         .... .... ...0 = Fin: Not set
         [TCP Flags: ·······A····]
     Window size value: 2048
     [Calculated window size: 8192]
     [Window size scaling factor: 4]
     Checksum: 0xe2e7 [unverified]
     [Checksum Status: Unverified]
     Urgent pointer: 0
     [SEQ/ACK analysis]
         [This is an ACK to the segment in frame: 1225]
         [The RTT to ACK the segment was: 0.000076000 seconds]
         [iRTT: 0.000246000 seconds]
</Sun 3rd Packet TCP[ACK]>

<Sun 4th Packet TCP[PSH, ACK]>
Frame 1227: 498 bytes on wire (3984 bits), 251 bytes captured (2008
bits) on interface 0
     Interface id: 0 (\Device\NPF_{FB066B3D-B08A-4134-A62F-2B36C47CEE0D})
         Interface name: \Device\NPF_{FB066B3D-B08A-4134-A62F-2B36C47CEE0D}
     Encapsulation type: NULL/Loopback (15)
     Arrival Time: Apr  2, 2018 20:16:30.989286000 E. Australia Standard
Time
     [Time shift for this packet: 0.000000000 seconds]
     Epoch Time: 1522664190.989286000 seconds
     [Time delta from previous captured frame: 0.213888000 seconds]
     [Time delta from previous displayed frame: 0.213888000 seconds]
     [Time since reference or first frame: 13.399639000 seconds]
     Frame Number: 1227
     Frame Length: 498 bytes (3984 bits)
     Capture Length: 251 bytes (2008 bits)
     [Frame is marked: False]
     [Frame is ignored: False]
     [Protocols in frame: null:ipv6:tcp:data]
     [Coloring Rule Name: TCP]
     [Coloring Rule String: tcp]
Null/Loopback
     Family: IPv6 (24)
Internet Protocol Version 6, Src: fe80::51ce:d94d:bec3:8246
(fe80::51ce:d94d:bec3:8246), Dst: fe80::51ce:d94d:bec3:8246
(fe80::51ce:d94d:bec3:8246)
     0110 .... = Version: 6
     .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00
(DSCP: CS0, ECN: Not-ECT)
         .... 0000 00.. .... .... .... .... .... = Differentiated
Services Codepoint: Default (0)
         .... .... ..00 .... .... .... .... .... = Explicit Congestion
Notification: Not ECN-Capable Transport (0)
     .... .... .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000
     Payload Length: 207
     Next Header: TCP (6)
     Hop Limit: 64
     Source: fe80::51ce:d94d:bec3:8246 (fe80::51ce:d94d:bec3:8246)
     Destination: fe80::51ce:d94d:bec3:8246 (fe80::51ce:d94d:bec3:8246)
     [Source GeoIP: Unknown]
     [Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: pictrography (1280), Dst Port:
miva-mqs (1277), Seq: 1, Ack: 1, Len: 187
     Source Port: pictrography (1280)
     Destination Port: miva-mqs (1277)
     [Stream index: 5]
     [TCP Segment Len: 187]
     Sequence number: 1    (relative sequence number)
     [Next sequence number: 188    (relative sequence number)]
     Acknowledgment number: 1    (relative ack number)
     0101 .... = Header Length: 20 bytes (5)
     Flags: 0x018 (PSH, ACK)
         000. .... .... = Reserved: Not set
         ...0 .... .... = Nonce: Not set
         .... 0... .... = Congestion Window Reduced (CWR): Not set
         .... .0.. .... = ECN-Echo: Not set
         .... ..0. .... = Urgent: Not set
         .... ...1 .... = Acknowledgment: Set
         .... .... 1... = Push: Set
         .... .... .0.. = Reset: Not set
         .... .... ..0. = Syn: Not set
         .... .... ...0 = Fin: Not set
         [TCP Flags: ·······AP···]
     Window size value: 2048
     [Calculated window size: 8192]
     [Window size scaling factor: 4]
     Checksum: 0x31f2 [unverified]
     [Checksum Status: Unverified]
     Urgent pointer: 0
     [SEQ/ACK analysis]
         [iRTT: 0.000246000 seconds]
         [Bytes in flight: 187]
         [Bytes sent since last PSH flag: 187]
     TCP payload (187 bytes)
Data (187 bytes)
     Data:
16:03:03:00:b6:01:00:00:b2:03:03:5a:c2:02:fe:2e:
53:5a:95:0d:26:ce:ac:ea:c2:b4:31:3b:52:bf:07:71:
5b:b9:7b:bf:3c:59:3f:c3:76:2d:e4:00:00:46:c0:24:
c0:28:00:3d:00:6b:00:6a:c0:0a:c0:14:00:35:00:39:
00:38:c0:23:c0:27:00:3c:00:67:00:40:c0:09:c0:13:
00:2f:00:33:00:32:c0:2c:c0:2b:c0:30:00:9d:00:9f:
00:a3:c0:2f:00:9c:00:9e:00:a2:c0:08:c0:12:00:0a:
00:16:00:13:01:00:00:43:00:0a:00:16:00:14:00:17:
00:18:00:19:00:09:00:0a:00:0b:00:0c:00:0d:00:0e:
00:16:00:0b:00:02:01:00:00:0d:00:16:00:14:06:03:
06:01:05:03:05:01:04:03:04:01:04:02:02:03:02:01:
02:02:00:17:00:00:ff:01:00:01:00
     [Length: 187]
</Sun 4th Packet TCP[PSH, ACK]>

<Sun 5th Packet TCP[ACK]>
Frame 1228: 124 bytes on wire (992 bits), 64 bytes captured (512 bits)
on interface 0
     Interface id: 0 (\Device\NPF_{FB066B3D-B08A-4134-A62F-2B36C47CEE0D})
         Interface name: \Device\NPF_{FB066B3D-B08A-4134-A62F-2B36C47CEE0D}
     Encapsulation type: NULL/Loopback (15)
     Arrival Time: Apr  2, 2018 20:16:30.989330000 E. Australia Standard
Time
     [Time shift for this packet: 0.000000000 seconds]
     Epoch Time: 1522664190.989330000 seconds
     [Time delta from previous captured frame: 0.000044000 seconds]
     [Time delta from previous displayed frame: 0.000044000 seconds]
     [Time since reference or first frame: 13.399683000 seconds]
     Frame Number: 1228
     Frame Length: 124 bytes (992 bits)
     Capture Length: 64 bytes (512 bits)
     [Frame is marked: False]
     [Frame is ignored: False]
     [Protocols in frame: null:ipv6:tcp]
     [Coloring Rule Name: TCP]
     [Coloring Rule String: tcp]
Null/Loopback
     Family: IPv6 (24)
Internet Protocol Version 6, Src: fe80::51ce:d94d:bec3:8246
(fe80::51ce:d94d:bec3:8246), Dst: fe80::51ce:d94d:bec3:8246
(fe80::51ce:d94d:bec3:8246)
     0110 .... = Version: 6
     .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00
(DSCP: CS0, ECN: Not-ECT)
         .... 0000 00.. .... .... .... .... .... = Differentiated
Services Codepoint: Default (0)
         .... .... ..00 .... .... .... .... .... = Explicit Congestion
Notification: Not ECN-Capable Transport (0)
     .... .... .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000
     Payload Length: 20
     Next Header: TCP (6)
     Hop Limit: 64
     Source: fe80::51ce:d94d:bec3:8246 (fe80::51ce:d94d:bec3:8246)
     Destination: fe80::51ce:d94d:bec3:8246 (fe80::51ce:d94d:bec3:8246)
     [Source GeoIP: Unknown]
     [Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: miva-mqs (1277), Dst Port:
pictrography (1280), Seq: 1, Ack: 188, Len: 0
     Source Port: miva-mqs (1277)
     Destination Port: pictrography (1280)
     [Stream index: 5]
     [TCP Segment Len: 0]
     Sequence number: 1    (relative sequence number)
     Acknowledgment number: 188    (relative ack number)
     0101 .... = Header Length: 20 bytes (5)
     Flags: 0x010 (ACK)
         000. .... .... = Reserved: Not set
         ...0 .... .... = Nonce: Not set
         .... 0... .... = Congestion Window Reduced (CWR): Not set
         .... .0.. .... = ECN-Echo: Not set
         .... ..0. .... = Urgent: Not set
         .... ...1 .... = Acknowledgment: Set
         .... .... 0... = Push: Not set
         .... .... .0.. = Reset: Not set
         .... .... ..0. = Syn: Not set
         .... .... ...0 = Fin: Not set
         [TCP Flags: ·······A····]
     Window size value: 31
     [Calculated window size: 7936]
     [Window size scaling factor: 256]
     Checksum: 0xea0d [unverified]
     [Checksum Status: Unverified]
     Urgent pointer: 0
     [SEQ/ACK analysis]
         [This is an ACK to the segment in frame: 1227]
         [The RTT to ACK the segment was: 0.000044000 seconds]
         [iRTT: 0.000246000 seconds]
</Sun 5th Packet TCP[ACK]>

<Sun 6th Packet TCP[ACK]>
Frame 1229: 2988 bytes on wire (23904 bits), 1496 bytes captured (11968
bits) on interface 0
     Interface id: 0 (\Device\NPF_{FB066B3D-B08A-4134-A62F-2B36C47CEE0D})
         Interface name: \Device\NPF_{FB066B3D-B08A-4134-A62F-2B36C47CEE0D}
     Encapsulation type: NULL/Loopback (15)
     Arrival Time: Apr  2, 2018 20:16:32.056633000 E. Australia Standard
Time
     [Time shift for this packet: 0.000000000 seconds]
     Epoch Time: 1522664192.056633000 seconds
     [Time delta from previous captured frame: 1.067303000 seconds]
     [Time delta from previous displayed frame: 1.067303000 seconds]
     [Time since reference or first frame: 14.466986000 seconds]
     Frame Number: 1229
     Frame Length: 2988 bytes (23904 bits)
     Capture Length: 1496 bytes (11968 bits)
     [Frame is marked: False]
     [Frame is ignored: False]
     [Protocols in frame: null:ipv6:tcp:data]
     [Coloring Rule Name: TCP]
     [Coloring Rule String: tcp]
Null/Loopback
     Family: IPv6 (24)
Internet Protocol Version 6, Src: fe80::51ce:d94d:bec3:8246
(fe80::51ce:d94d:bec3:8246), Dst: fe80::51ce:d94d:bec3:8246
(fe80::51ce:d94d:bec3:8246)
     0110 .... = Version: 6
     .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00
(DSCP: CS0, ECN: Not-ECT)
         .... 0000 00.. .... .... .... .... .... = Differentiated
Services Codepoint: Default (0)
         .... .... ..00 .... .... .... .... .... = Explicit Congestion
Notification: Not ECN-Capable Transport (0)
     .... .... .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000
     Payload Length: 1452
     Next Header: TCP (6)
     Hop Limit: 64
     Source: fe80::51ce:d94d:bec3:8246 (fe80::51ce:d94d:bec3:8246)
     Destination: fe80::51ce:d94d:bec3:8246 (fe80::51ce:d94d:bec3:8246)
     [Source GeoIP: Unknown]
     [Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: miva-mqs (1277), Dst Port:
pictrography (1280), Seq: 1, Ack: 188, Len: 1432
     Source Port: miva-mqs (1277)
     Destination Port: pictrography (1280)
     [Stream index: 5]
     [TCP Segment Len: 1432]
     Sequence number: 1    (relative sequence number)
     [Next sequence number: 1433    (relative sequence number)]
     Acknowledgment number: 188    (relative ack number)
     0101 .... = Header Length: 20 bytes (5)
     Flags: 0x010 (ACK)
         000. .... .... = Reserved: Not set
         ...0 .... .... = Nonce: Not set
         .... 0... .... = Congestion Window Reduced (CWR): Not set
         .... .0.. .... = ECN-Echo: Not set
         .... ..0. .... = Urgent: Not set
         .... ...1 .... = Acknowledgment: Set
         .... .... 0... = Push: Not set
         .... .... .0.. = Reset: Not set
         .... .... ..0. = Syn: Not set
         .... .... ...0 = Fin: Not set
         [TCP Flags: ·······A····]
     Window size value: 31
     [Calculated window size: 7936]
     [Window size scaling factor: 256]
     Checksum: 0x0b10 [unverified]
     [Checksum Status: Unverified]
     Urgent pointer: 0
     [SEQ/ACK analysis]
         [iRTT: 0.000246000 seconds]
         [Bytes in flight: 1432]
         [Bytes sent since last PSH flag: 1432]
     TCP payload (1432 bytes)
Data (1432 bytes)
     Data:
16:03:03:07:44:02:00:00:51:03:03:5a:c2:03:00:e2:
e7:85:1d:a9:6f:41:ee:6c:59:cc:39:52:5c:03:04:a6:
24:68:76:63:b4:fc:c4:7b:69:40:ee:20:5a:c2:03:00:
88:b8:ae:77:49:75:d6:8b:8c:59:90:9b:96:db:73:8f:
bd:e5:fa:55:65:00:e5:2a:50:cd:de:e7:00:6a:00:00:
09:ff:01:00:01:00:00:17:00:00:0b:00:02:88:00:02:
85:00:02:82:30:82:02:7e:30:82:02:3c:a0:03:02:01:
02:02:04:67:9e:bd:39:30:0b:06:07:2a:86:48:ce:38:
04:03:05:00:30:11:31:0f:30:0d:06:03:55:04:03:13:
06:52:65:67:67:69:65:30:1e:17:0d:31:38:30:33:32:
34:31:30:30:34:35:38:5a:17:0d:32:33:30:32:32:36:
31:30:30:34:35:38:5a:30:11:31:0f:30:0d:06:03:55:
04:03:13:06:52:65:67:67:69:65:30:82:01:b7:30:82:
01:2c:06:07:2a:86:48:ce:38:04:01:30:82:01:1f:02:
81:81:00:fd:7f:53:81:1d:75:12:29:52:df:4a:9c:2e:
ec:e4:e7:f6:11:b7:52:3c:ef:44:00:c3:1e:3f:80:b6:
51:26:69:45:5d:40:22:51:fb:59:3d:8d:58:fa:bf:c5:
f5:ba:30:f6:cb:9b:55:6c:d7:81:3b:80:1d:34:6f:f2:
66:60:b7:6b:99:50:a5:a4:9f:9f:e8:04:7b:10:22:c2:
4f:bb:a9:d7:fe:b7:c6:1b:f8:3b:57:e7:c6:a8:a6:15:
0f:04:fb:83:f6:d3:c5:1e:c3:02:35:54:13:5a:16:91:
32:f6:75:f3:ae:2b:61:d7:2a:ef:f2:22:03:19:9d:d1:
48:01:c7:02:15:00:97:60:50:8f:15:23:0b:cc:b2:92:
b9:82:a2:eb:84:0b:f0:58:1c:f5:02:81:81:00:f7:e1:
a0:85:d6:9b:3d:de:cb:bc:ab:5c:36:b8:57:b9:79:94:
af:bb:fa:3a:ea:82:f9:57:4c:0b:3d:07:82:67:51:59:
57:8e:ba:d4:59:4f:e6:71:07:10:81:80:b4:49:16:71:
23:e8:4c:28:16:13:b7:cf:09:32:8c:c8:a6:e1:3c:16:
7a:8b:54:7c:8d:28:e0:a3:ae:1e:2b:b3:a6:75:91:6e:
a3:7f:0b:fa:21:35:62:f1:fb:62:7a:01:24:3b:cc:a4:
f1:be:a8:51:90:89:a8:83:df:e1:5a:e5:9f:06:92:8b:
66:5e:80:7b:55:25:64:01:4c:3b:fe:cf:49:2a:03:81:
84:00:02:81:80:1e:9d:61:a7:65:6d:bf:fe:8c:cb:c5:
5c:4d:e0:75:49:d7:3a:4f:d7:c4:b7:ac:90:e8:34:25:
75:42:d8:6a:cb:66:c1:9d:89:9f:f5:2b:59:e2:7e:3e:
ed:d7:2d:a8:43:98:4d:89:6e:f9:ed:bb:c2:1d:9c:4a:
7f:0e:6c:cb:b7:2a:a5:d3:47:06:29:93:b0:32:15:ae:
e2:80:f1:b0:b6:3e:21:57:61:20:62:b6:3d:7b:ed:60:
dc:5d:1b:b1:47:83:04:04:b5:e0:42:9f:3b:f9:99:a8:
e0:7b:e3:7d:f1:65:7d:fc:1b:31:59:48:ca:04:b3:91:
e7:af:38:72:a4:a3:21:30:1f:30:1d:06:03:55:1d:0e:
04:16:04:14:56:44:f3:23:96:bb:c2:6b:f3:73:fc:65:
df:88:da:3d:86:e7:01:eb:30:0b:06:07:2a:86:48:ce:
38:04:03:05:00:03:2f:00:30:2c:02:14:41:49:3e:08:
7b:68:57:04:f9:46:31:63:8f:3b:89:95:a8:53:28:2b:
02:14:0c:8a:ab:91:62:95:70:dc:59:dd:21:95:27:7f:
ee:cc:c7:ad:4e:dd:0c:00:01:39:00:80:ff:ff:ff:ff:
ff:ff:ff:ff:c9:0f:da:a2:21:68:c2:34:c4:c6:62:8b:
80:dc:1c:d1:29:02:4e:08:8a:67:cc:74:02:0b:be:a6:
3b:13:9b:22:51:4a:08:79:8e:34:04:dd:ef:95:19:b3:
cd:3a:43:1b:30:2b:0a:6d:f2:5f:14:37:4f:e1:35:6d:
6d:51:c2:45:e4:85:b5:76:62:5e:7e:c6:f4:4c:42:e9:
a6:37:ed:6b:0b:ff:5c:b6:f4:06:b7:ed:ee:38:6b:fb:
5a:89:9f:a5:ae:9f:24:11:7c:4b:1f:e6:49:28:66:51:
ec:e6:53:81:ff:ff:ff:ff:ff:ff:ff:ff:00:01:02:00:
80:36:33:e0:d7:a9:72:bb:ee:92:a4:c4:07:15:9d:33:
d2:e4:bf:7d:38:12:51:ef:0a:ab:89:4f:3a:a0:8e:5a:
d2:30:66:a4:fc:3a:c7:a7:1d:93:57:3a:41:99:f7:91:
3c:55:20:94:a5:ac:63:6d:f3:c2:7b:63:c0:9f:fc:0e:
71:b1:00:6a:ed:dc:db:2f:c0:7e:d8:3b:7d:e2:80:33:
0d:51:0f:59:a5:22:a7:e9:d1:32:20:00:01:23:07:03:
71:db:40:75:55:5f:86:93:2e:ec:27:ef:96:c3:9b:bc:
db:ed:ba:35:a1:ad:b2:84:a8:1a:5d:fe:d7:a7:5b:df:
80:04:02:00:2e:30:2c:02:14:18:8e:fd:b9:08:4b:7c:
f7:0c:96:62:09:c8:87:a7:a5:fa:56:cb:a0:02:14:72:
f4:21:d6:6b:d1:2b:f7:85:d1:b1:50:a3:6f:a8:ab:a7:
d8:bd:04:0d:00:03:1e:03:01:02:40:00:14:06:03:06:
01:05:03:05:01:04:03:04:01:04:02:02:03:02:01:02:
02:03:02:00:62:30:60:31:1b:30:19:06:03:55:04:0a:
0c:12:4f:72:61:63:6c:65:20:43:6f:72:70:6f:72:61:
74:69:6f:6e:31:23:30:21:06:03:55:04:0b:0c:1a:4a:
61:76:61:20:53:6f:66:74:77:61:72:65:20:43:6f:64:
65:20:53:69:67:6e:69:6e:67:31:1c:30:1a:06:03:55:
04:03:0c:13:4a:43:45:20:43:6f:64:65:20:53:69:67:
6e:69:6e:67:20:43:41:00:13:30:11:31:0f:30:0d:06:
03:55:04:03:13:06:4d:61:68:61:6c:6f:00:13:30:11:
31:0f:30:0d:06:03:55:04:03:13:06:54:65:73:74:65:
72:00:14:30:12:31:10:30:0e:06:03:55:04:03:13:07:
50:68:6f:65:6e:69:78:00:71:30:6f:31:1d:30:1b:06:
03:55:04:0a:13:14:53:75:6e:20:4d:69:63:72:6f:73:
79:73:74:65:6d:73:20:49:6e:63:31:23:30:21:06:03:
55:04:0b:13:1a:4a:61:76:61:20:53:6f:66:74:77:61:
72:65:20:43:6f:64:65:20:53:69:67:6e:69:6e:67:31:
29:30:27:06:03:55:04:03:13:20:4c:65:67:69:6f:6e:
20:6f:66:20:74:68:65:20:42:6f:75:6e:63:79:20:43:
61:73:74:6c:65:20:49:6e:63:2e:00:93:30:81:90:31:
0b:30:09:06:03:55:04:06:13:02:55:53:31:0b:30:09:
06:03:55:04:08:13:02:43:41:31:12:30:10:06:03:55:
04:07:13:09:50:61:6c:6f:20:41:6c:74:6f:31:1d:30:
1b:06:03:55:04:0a:13:14
     [Length: 1432]
</Sun 6th Packet TCP[ACK]>

<Sun 7th Packet TCP[PSH, ACK]>
Frame 1230: 990 bytes on wire (7920 bits), 497 bytes captured (3976
bits) on interface 0
     Interface id: 0 (\Device\NPF_{FB066B3D-B08A-4134-A62F-2B36C47CEE0D})
         Interface name: \Device\NPF_{FB066B3D-B08A-4134-A62F-2B36C47CEE0D}
     Encapsulation type: NULL/Loopback (15)
     Arrival Time: Apr  2, 2018 20:16:32.056646000 E. Australia Standard
Time
     [Time shift for this packet: 0.000000000 seconds]
     Epoch Time: 1522664192.056646000 seconds
     [Time delta from previous captured frame: 0.000013000 seconds]
     [Time delta from previous displayed frame: 0.000013000 seconds]
     [Time since reference or first frame: 14.466999000 seconds]
     Frame Number: 1230
     Frame Length: 990 bytes (7920 bits)
     Capture Length: 497 bytes (3976 bits)
     [Frame is marked: False]
     [Frame is ignored: False]
     [Protocols in frame: null:ipv6:tcp:data]
     [Coloring Rule Name: TCP]
     [Coloring Rule String: tcp]
Null/Loopback
     Family: IPv6 (24)
Internet Protocol Version 6, Src: fe80::51ce:d94d:bec3:8246
(fe80::51ce:d94d:bec3:8246), Dst: fe80::51ce:d94d:bec3:8246
(fe80::51ce:d94d:bec3:8246)
     0110 .... = Version: 6
     .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00
(DSCP: CS0, ECN: Not-ECT)
         .... 0000 00.. .... .... .... .... .... = Differentiated
Services Codepoint: Default (0)
         .... .... ..00 .... .... .... .... .... = Explicit Congestion
Notification: Not ECN-Capable Transport (0)
     .... .... .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000
     Payload Length: 453
     Next Header: TCP (6)
     Hop Limit: 64
     Source: fe80::51ce:d94d:bec3:8246 (fe80::51ce:d94d:bec3:8246)
     Destination: fe80::51ce:d94d:bec3:8246 (fe80::51ce:d94d:bec3:8246)
     [Source GeoIP: Unknown]
     [Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: miva-mqs (1277), Dst Port:
pictrography (1280), Seq: 1433, Ack: 188, Len: 433
     Source Port: miva-mqs (1277)
     Destination Port: pictrography (1280)
     [Stream index: 5]
     [TCP Segment Len: 433]
     Sequence number: 1433    (relative sequence number)
     [Next sequence number: 1866    (relative sequence number)]
     Acknowledgment number: 188    (relative ack number)
     0101 .... = Header Length: 20 bytes (5)
     Flags: 0x018 (PSH, ACK)
         000. .... .... = Reserved: Not set
         ...0 .... .... = Nonce: Not set
         .... 0... .... = Congestion Window Reduced (CWR): Not set
         .... .0.. .... = ECN-Echo: Not set
         .... ..0. .... = Urgent: Not set
         .... ...1 .... = Acknowledgment: Set
         .... .... 1... = Push: Set
         .... .... .0.. = Reset: Not set
         .... .... ..0. = Syn: Not set
         .... .... ...0 = Fin: Not set
         [TCP Flags: ·······AP···]
     Window size value: 31
     [Calculated window size: 7936]
     [Window size scaling factor: 256]
     Checksum: 0x2069 [unverified]
     [Checksum Status: Unverified]
     Urgent pointer: 0
     [SEQ/ACK analysis]
         [iRTT: 0.000246000 seconds]
         [Bytes in flight: 1865]
         [Bytes sent since last PSH flag: 1865]
     TCP payload (433 bytes)
Data (433 bytes)
     Data: 53756e204d6963726f73797374656d7320496e6331233021...
53:75:6e:20:4d:69:63:72:6f:73:79:73:74:65:6d:73:
20:49:6e:63:31:23:30:21:06:03:55:04:0b:13:1a:4a:
61:76:61:20:53:6f:66:74:77:61:72:65:20:43:6f:64:
65:20:53:69:67:6e:69:6e:67:31:1c:30:1a:06:03:55:
04:03:13:13:4a:43:45:20:43:6f:64:65:20:53:69:67:
6e:69:6e:67:20:43:41:00:16:30:14:31:12:30:10:06:
03:55:04:03:13:09:4f:75:74:72:69:67:67:65:72:00:
12:30:10:31:0e:30:0c:06:03:55:04:03:13:05:47:72:
6f:75:70:00:14:30:12:31:10:30:0e:06:03:55:04:03:
13:07:4d:65:72:63:75:72:79:00:63:30:61:31:1d:30:
1b:06:03:55:04:0a:13:14:53:75:6e:20:4d:69:63:72:
6f:73:79:73:74:65:6d:73:20:49:6e:63:31:23:30:21:
06:03:55:04:0b:13:1a:4a:61:76:61:20:53:6f:66:74:
77:61:72:65:20:43:6f:64:65:20:53:69:67:6e:69:6e:
67:31:1b:30:19:06:03:55:04:03:13:12:4f:72:61:63:
6c:65:20:43:6f:72:70:6f:72:61:74:69:6f:6e:00:6f:
30:6d:31:1b:30:19:06:03:55:04:0a:0c:12:4f:72:61:
63:6c:65:20:43:6f:72:70:6f:72:61:74:69:6f:6e:31:
23:30:21:06:03:55:04:0b:0c:1a:4a:61:76:61:20:53:
6f:66:74:77:61:72:65:20:43:6f:64:65:20:53:69:67:
6e:69:6e:67:31:29:30:27:06:03:55:04:03:0c:20:4c:
65:67:69:6f:6e:20:6f:66:20:74:68:65:20:42:6f:75:
6e:63:79:20:43:61:73:74:6c:65:20:49:6e:63:2e:00:
13:30:11:31:0f:30:0d:06:03:55:04:03:13:06:52:65:
67:67:69:65:00:14:30:12:31:10:30:0e:06:03:55:04:
03:13:07:46:69:64:64:6c:65:72:00:11:30:0f:31:0d:
30:0b:06:03:55:04:03:13:04:4e:6f:72:6d:0e:00:00:
00
    [Length: 433]
</Sun 7th Packet TCP[PSH, ACK]>

<Sun 8th Packet TCP[ACK]
Frame 1231: 124 bytes on wire (992 bits), 64 bytes captured (512 bits)
on interface 0
     Interface id: 0 (\Device\NPF_{FB066B3D-B08A-4134-A62F-2B36C47CEE0D})
         Interface name: \Device\NPF_{FB066B3D-B08A-4134-A62F-2B36C47CEE0D}
     Encapsulation type: NULL/Loopback (15)
     Arrival Time: Apr  2, 2018 20:16:32.056700000 E. Australia Standard
Time
     [Time shift for this packet: 0.000000000 seconds]
     Epoch Time: 1522664192.056700000 seconds
     [Time delta from previous captured frame: 0.000054000 seconds]
     [Time delta from previous displayed frame: 0.000054000 seconds]
     [Time since reference or first frame: 14.467053000 seconds]
     Frame Number: 1231
     Frame Length: 124 bytes (992 bits)
     Capture Length: 64 bytes (512 bits)
     [Frame is marked: False]
     [Frame is ignored: False]
     [Protocols in frame: null:ipv6:tcp]
     [Coloring Rule Name: TCP]
     [Coloring Rule String: tcp]
Null/Loopback
     Family: IPv6 (24)
Internet Protocol Version 6, Src: fe80::51ce:d94d:bec3:8246
(fe80::51ce:d94d:bec3:8246), Dst: fe80::51ce:d94d:bec3:8246
(fe80::51ce:d94d:bec3:8246)
     0110 .... = Version: 6
     .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00
(DSCP: CS0, ECN: Not-ECT)
         .... 0000 00.. .... .... .... .... .... = Differentiated
Services Codepoint: Default (0)
         .... .... ..00 .... .... .... .... .... = Explicit Congestion
Notification: Not ECN-Capable Transport (0)
     .... .... .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000
     Payload Length: 20
     Next Header: TCP (6)
     Hop Limit: 64
     Source: fe80::51ce:d94d:bec3:8246 (fe80::51ce:d94d:bec3:8246)
     Destination: fe80::51ce:d94d:bec3:8246 (fe80::51ce:d94d:bec3:8246)
     [Source GeoIP: Unknown]
     [Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: pictrography (1280), Dst Port:
miva-mqs (1277), Seq: 188, Ack: 1866, Len: 0
     Source Port: pictrography (1280)
     Destination Port: miva-mqs (1277)
     [Stream index: 5]
     [TCP Segment Len: 0]
     Sequence number: 188    (relative sequence number)
     Acknowledgment number: 1866    (relative ack number)
     0101 .... = Header Length: 20 bytes (5)
     Flags: 0x010 (ACK)
         000. .... .... = Reserved: Not set
         ...0 .... .... = Nonce: Not set
         .... 0... .... = Congestion Window Reduced (CWR): Not set
         .... .0.. .... = ECN-Echo: Not set
         .... ..0. .... = Urgent: Not set
         .... ...1 .... = Acknowledgment: Set
         .... .... 0... = Push: Not set
         .... .... .0.. = Reset: Not set
         .... .... ..0. = Syn: Not set
         .... .... ...0 = Fin: Not set
         [TCP Flags: ·······A····]
     Window size value: 2048
     [Calculated window size: 8192]
     [Window size scaling factor: 4]
     Checksum: 0xdae3 [unverified]
     [Checksum Status: Unverified]
     Urgent pointer: 0
     [SEQ/ACK analysis]
         [This is an ACK to the segment in frame: 1230]
         [The RTT to ACK the segment was: 0.000054000 seconds]
         [iRTT: 0.000246000 seconds]
</Sun 8th Packet TCP[ACK]>

<Sun 9th Packet TCP[PSH, ACK]>
Frame 1232: 1708 bytes on wire (13664 bits), 856 bytes captured (6848
bits) on interface 0
     Interface id: 0 (\Device\NPF_{FB066B3D-B08A-4134-A62F-2B36C47CEE0D})
         Interface name: \Device\NPF_{FB066B3D-B08A-4134-A62F-2B36C47CEE0D}
     Encapsulation type: NULL/Loopback (15)
     Arrival Time: Apr  2, 2018 20:16:32.133462000 E. Australia Standard
Time
     [Time shift for this packet: 0.000000000 seconds]
     Epoch Time: 1522664192.133462000 seconds
     [Time delta from previous captured frame: 0.076762000 seconds]
     [Time delta from previous displayed frame: 0.076762000 seconds]
     [Time since reference or first frame: 14.543815000 seconds]
     Frame Number: 1232
     Frame Length: 1708 bytes (13664 bits)
     Capture Length: 856 bytes (6848 bits)
     [Frame is marked: False]
     [Frame is ignored: False]
     [Protocols in frame: null:ipv6:tcp:data]
     [Coloring Rule Name: TCP]
     [Coloring Rule String: tcp]
Null/Loopback
     Family: IPv6 (24)
Internet Protocol Version 6, Src: fe80::51ce:d94d:bec3:8246
(fe80::51ce:d94d:bec3:8246), Dst: fe80::51ce:d94d:bec3:8246
(fe80::51ce:d94d:bec3:8246)
     0110 .... = Version: 6
     .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00
(DSCP: CS0, ECN: Not-ECT)
         .... 0000 00.. .... .... .... .... .... = Differentiated
Services Codepoint: Default (0)
         .... .... ..00 .... .... .... .... .... = Explicit Congestion
Notification: Not ECN-Capable Transport (0)
     .... .... .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000
     Payload Length: 812
     Next Header: TCP (6)
     Hop Limit: 64
     Source: fe80::51ce:d94d:bec3:8246 (fe80::51ce:d94d:bec3:8246)
     Destination: fe80::51ce:d94d:bec3:8246 (fe80::51ce:d94d:bec3:8246)
     [Source GeoIP: Unknown]
     [Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: pictrography (1280), Dst Port:
miva-mqs (1277), Seq: 188, Ack: 1866, Len: 792
     Source Port: pictrography (1280)
     Destination Port: miva-mqs (1277)
     [Stream index: 5]
     [TCP Segment Len: 792]
     Sequence number: 188    (relative sequence number)
     [Next sequence number: 980    (relative sequence number)]
     Acknowledgment number: 1866    (relative ack number)
     0101 .... = Header Length: 20 bytes (5)
     Flags: 0x018 (PSH, ACK)
         000. .... .... = Reserved: Not set
         ...0 .... .... = Nonce: Not set
         .... 0... .... = Congestion Window Reduced (CWR): Not set
         .... .0.. .... = ECN-Echo: Not set
         .... ..0. .... = Urgent: Not set
         .... ...1 .... = Acknowledgment: Set
         .... .... 1... = Push: Set
         .... .... .0.. = Reset: Not set
         .... .... ..0. = Syn: Not set
         .... .... ...0 = Fin: Not set
         [TCP Flags: ·······AP···]
     Window size value: 2048
     [Calculated window size: 8192]
     [Window size scaling factor: 4]
     Checksum: 0x5b69 [unverified]
     [Checksum Status: Unverified]
     Urgent pointer: 0
     [SEQ/ACK analysis]
         [iRTT: 0.000246000 seconds]
         [Bytes in flight: 792]
         [Bytes sent since last PSH flag: 792]
     TCP payload (792 bytes)
Data (792 bytes)
     Data:
16:03:03:03:13:0b:00:02:89:00:02:86:00:02:83:30:
82:02:7f:30:82:02:3d:a0:03:02:01:02:02:04:4f:c4:
fa:7b:30:0b:06:07:2a:86:48:ce:38:04:03:05:00:30:
11:31:0f:30:0d:06:03:55:04:03:13:06:54:65:73:74:
65:72:30:1e:17:0d:31:38:30:33:32:34:31:30:30:34:
35:37:5a:17:0d:32:33:30:32:32:36:31:30:30:34:35:
37:5a:30:11:31:0f:30:0d:06:03:55:04:03:13:06:54:
65:73:74:65:72:30:82:01:b8:30:82:01:2c:06:07:2a:
86:48:ce:38:04:01:30:82:01:1f:02:81:81:00:fd:7f:
53:81:1d:75:12:29:52:df:4a:9c:2e:ec:e4:e7:f6:11:
b7:52:3c:ef:44:00:c3:1e:3f:80:b6:51:26:69:45:5d:
40:22:51:fb:59:3d:8d:58:fa:bf:c5:f5:ba:30:f6:cb:
9b:55:6c:d7:81:3b:80:1d:34:6f:f2:66:60:b7:6b:99:
50:a5:a4:9f:9f:e8:04:7b:10:22:c2:4f:bb:a9:d7:fe:
b7:c6:1b:f8:3b:57:e7:c6:a8:a6:15:0f:04:fb:83:f6:
d3:c5:1e:c3:02:35:54:13:5a:16:91:32:f6:75:f3:ae:
2b:61:d7:2a:ef:f2:22:03:19:9d:d1:48:01:c7:02:15:
00:97:60:50:8f:15:23:0b:cc:b2:92:b9:82:a2:eb:84:
0b:f0:58:1c:f5:02:81:81:00:f7:e1:a0:85:d6:9b:3d:
de:cb:bc:ab:5c:36:b8:57:b9:79:94:af:bb:fa:3a:ea:
82:f9:57:4c:0b:3d:07:82:67:51:59:57:8e:ba:d4:59:
4f:e6:71:07:10:81:80:b4:49:16:71:23:e8:4c:28:16:
13:b7:cf:09:32:8c:c8:a6:e1:3c:16:7a:8b:54:7c:8d:
28:e0:a3:ae:1e:2b:b3:a6:75:91:6e:a3:7f:0b:fa:21:
35:62:f1:fb:62:7a:01:24:3b:cc:a4:f1:be:a8:51:90:
89:a8:83:df:e1:5a:e5:9f:06:92:8b:66:5e:80:7b:55:
25:64:01:4c:3b:fe:cf:49:2a:03:81:85:00:02:81:81:
00:8f:a9:3b:32:a6:1d:78:e5:48:6d:fe:c8:39:fe:fb:
dc:ff:93:3e:e4:63:f5:fc:66:bd:be:4b:69:16:8f:a0:
67:36:f4:80:d8:28:c5:3b:cf:0a:e9:af:73:1f:9d:91:
eb:5d:00:73:ff:c7:98:9c:0f:ff:18:ea:8e:96:72:73:
8a:93:eb:69:53:a1:de:01:28:0b:ab:80:b2:06:60:51:
34:15:f8:6c:66:50:d2:b6:7c:36:74:51:42:6d:3e:3e:
64:2a:8c:55:f2:b4:f4:73:d0:ba:06:a0:84:2f:ea:ec:
bf:da:56:20:02:aa:b8:b4:36:7f:08:c9:80:fa:35:75:
ef:a3:21:30:1f:30:1d:06:03:55:1d:0e:04:16:04:14:
30:1d:73:d0:25:b0:1f:b6:03:ec:be:5f:0a:4d:d2:23:
33:bb:1f:27:30:0b:06:07:2a:86:48:ce:38:04:03:05:
00:03:2f:00:30:2c:02:14:6f:95:e9:3d:1b:25:e6:f0:
96:14:ba:b5:4d:c2:05:84:80:ba:4d:42:02:14:6d:79:
fa:db:89:11:dd:ab:24:08:9f:f6:57:35:b3:ae:a7:62:
0c:7a:10:00:00:82:00:80:25:d4:fb:24:1f:d5:82:51:
80:f7:67:c5:7e:ea:ad:2b:9b:b8:38:ed:ed:48:d7:ae:
01:d7:47:97:14:55:d2:e5:cd:92:e3:80:f2:e4:9e:e8:
30:79:e4:e0:50:c5:4b:7a:0c:11:3e:49:10:c9:05:a0:
14:3a:69:5f:02:1c:98:f5:ac:a3:9e:dc:ef:92:07:63:
23:41:ee:29:71:02:64:b2:73:c2:4a:60:76:d5:88:ce:
b4:51:e9:7b:d5:51:2f:28:55:a2:72:80:90:15:58:7c:
09:5c:ed:de:c2:88:f6:2e:ab:c9:3c:ce:a8:75:57:ed:
7e:73:84:d4:d7:70:2a:05
     [Length: 792]
</Sun 9th Packet TCP[PSH, ACK]>

<SNIP>Please refer to previous posts </SNIP>



Reply | Threaded
Open this post in threaded view
|

Re: Handshake Failure

Peter Dettman-3
In reply to this post by Peter Firmstone
Hi Peter,
A current limitation of BCJSSE on the server is that it has to be used
with its own KeyManagerFactory. So you need to be using KMF algorithm
"PKIX", with the BCJSSE provider at higher priority than others.

One option is to modify the $JRE/jre/lib/security/java.policy file:
    ssl.KeyManagerFactory.algorithm=PKIX

Alternatively you can explicitly specify "PKIX" as the KMF algorithm
when creating it.

The exception stack trace you gave for your server is consistent with
this being the problem in your setup.

Regards
Pete Dettman


On 31/3/18 5:31 pm, Peter Firmstone wrote:

> Any advice on how to get the Bouncy Castle JSSE provider working as a
> drop in replacement for SunJsse?
>
> I'm getting handshake error 40 with the BC JSSE Provider, any ideas?
>
> Thanks,
>
> Peter.
>
> See below for logging output for both BC and Sun providers.

Reply | Threaded
Open this post in threaded view
|

Re: Handshake Failure

Peter Dettman-3
In reply to this post by Peter Firmstone
Hi Peter,
In this case I would guess that the SunJSSE server is choosing a DHE
ciphersuite. See my reply to John Jiang from March 27 for a brief
description of how DHE group selection can be a problem.

The simplest thing would be to just disable DHE ciphersuites.
Alternatively the BCJSSE client supports some system properties to
control what DH groups are acceptable:

org.bouncycastle.jsse.client.dh.minimumPrimeBits (default 2048)
org.bouncycastle.jsse.client.dh.unrestrictedGroups (default false)

At least for testing purposes, try setting the first to 1024 and the
second to "true".

Otherwise you might need to give some more details of the failure.

Regards,
Pete Dettman


On 1/4/18 8:43 am, Peter Firmstone wrote:

> Hmm,
>
> Doesn't work for IPv4 either is get the same handshake failure 40?
>
> I checked the IPv6 address string, I'm not sure why the IPv6 address is
> appended with "%11:26164" in the log, that's investigation for another day.
>
> I tried using the BC provider on the client and the Sun provider on the
> server, in which case I get insufficient security 71.
>
> So not sure what's going on here, it's working fine with the Sun
> provider, I suspect it's got something to do with the requested
> ciphers.  Will keep trying / testing and report back if I have success.

Reply | Threaded
Open this post in threaded view
|

Re: Handshake Failure

Peter Firmstone
In reply to this post by Peter Dettman-3
Thanks Peter,

We (Apache River) have our own KeyManager and TrustManager
implementation :( which utilise
   Sun's KeyStoreLoginModule, which can be configured to use any
KeyManagerFactory provider.

What would our KeyManager need to do / implement to support BC?

I did make some further experiments, without success.

I set the security property:
java.security.Security.setProperty("ssl.KeyManagerFactory.algorithm",
"PKIX");

I changed the keystores from JKS to PKCS12, tried BKS also, but that
caused an exception.

I also tried using the BC KeyStore provider for the KeyStoreLoginModule:

/* JAAS login configurations for JSSE */

org.apache.river.Reggie {
     com.sun.security.auth.module.KeyStoreLoginModule required
         keyStoreType = "PKCS12"
         keyStoreProvider = "BC"
     keyStoreAlias="reggie"
     
keyStoreURL="jar:file:${org.apache.river.qa.harness.harnessJar}!/harness/trust/reggie.keystore"
     
keyStorePasswordURL="jar:file:${org.apache.river.qa.harness.harnessJar}!/harness/trust/reggie.password";
};

Regards,

Peter.

On 3/04/2018 7:20 PM, Peter Dettman wrote:

> Hi Peter,
> A current limitation of BCJSSE on the server is that it has to be used
> with its own KeyManagerFactory. So you need to be using KMF algorithm
> "PKIX", with the BCJSSE provider at higher priority than others.
>
> One option is to modify the $JRE/jre/lib/security/java.policy file:
>      ssl.KeyManagerFactory.algorithm=PKIX
>
> Alternatively you can explicitly specify "PKIX" as the KMF algorithm
> when creating it.
>
> The exception stack trace you gave for your server is consistent with
> this being the problem in your setup.
>
> Regards
> Pete Dettman
>
>
> On 31/3/18 5:31 pm, Peter Firmstone wrote:
>> Any advice on how to get the Bouncy Castle JSSE provider working as a
>> drop in replacement for SunJsse?
>>
>> I'm getting handshake error 40 with the BC JSSE Provider, any ideas?
>>
>> Thanks,
>>
>> Peter.
>>
>> See below for logging output for both BC and Sun providers.