Home.... | log in.... | Pub my question! | Sign-up....
Java-index >> Core >> Core APIs

RMI + SSL fatal alert: handshake_failure

Hi all,

I have been looking for a solution to this problem, and possibly a little guidance for

about a week now in regards to using an applet to communicate with a server using RMI through SSL.

I am down to what (touch wood) is my last error before my test program works.

This error doesn't occur when the applet loads up (I fixed that prob by manually

assigning the truststore and keystore to a TrustManager and KeyManager),

rather it happens when my actionlistener tries to invoke a remote method.

Here is the error on the client side, and the debug info.

There hasn't been an error thrown on the server side from this point.

AWT-EventQueue-2, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

DBApplet exception :error during JRMP connection establishment; nested exception is:

javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

java.rmi.ConnectIOException: error during JRMP connection establishment; nested exception is:

javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

at sun.rmi.transport.tcp.TCPChannel.createConnection(Unknown Source)

at sun.rmi.transport.tcp.TCPChannel.newConnection(Unknown Source)

at sun.rmi.server.UnicastRef.invoke(Unknown Source)

at HelloImpl_Stub.sayHello(Unknown Source)

at HelloClient.actionPerformed(HelloClient.java:298)

at javax.swing.AbstractButton.fireActionPerformed(Unknown Source)

at javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source)

at javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source)

at javax.swing.DefaultButtonModel.setPressed(Unknown Source)

at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(Unknown Source)

at java.awt.Component.processMouseEvent(Unknown Source)

at javax.swing.JComponent.processMouseEvent(Unknown Source)

at java.awt.Component.processEvent(Unknown Source)

at java.awt.Container.processEvent(Unknown Source)

at java.awt.Component.dispatchEventImpl(Unknown Source)

at java.awt.Container.dispatchEventImpl(Unknown Source)

at java.awt.Component.dispatchEvent(Unknown Source)

at java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source)

at java.awt.LightweightDispatcher.processMouseEvent(Unknown Source)

at java.awt.LightweightDispatcher.dispatchEvent(Unknown Source)

at java.awt.Container.dispatchEventImpl(Unknown Source)

at java.awt.Window.dispatchEventImpl(Unknown Source)

at java.awt.Component.dispatchEvent(Unknown Source)

at java.awt.EventQueue.dispatchEvent(Unknown Source)

at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)

at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)

at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)

at java.awt.EventDispatchThread.pumpEvents(Unknown Source)

at java.awt.EventDispatchThread.pumpEvents(Unknown Source)

at java.awt.EventDispatchThread.run(Unknown Source)

Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)

at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(Unknown Source)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(Unknown Source)

at com.sun.net.ssl.internal.ssl.AppOutputStream.write(Unknown Source)

at java.io.BufferedOutputStream.flushBuffer(Unknown Source)

at java.io.BufferedOutputStream.flush(Unknown Source)

at java.io.DataOutputStream.flush(Unknown Source)

... 30 more

##

i used debug = ssl:handshake,handshake,trustmanager and gotthis output:

trigger seeding of SecureRandom

done seeding SecureRandom

%% No cached client session

*** ClientHello, TLSv1

RandomCookie: GMT: 1168296326 bytes ={ 171, 217, 194, 136, 95, 85, 213, 39, 236, 208, 168, 92, 100, 173, 201, 227, 226, 117, 25, 219, 22, 133, 247, 202, 220, 91, 226, 103}

Session ID:{}

Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5]

Compression Methods:{ 0}

***

thread applet-applet.class, WRITE: TLSv1 Handshake, length = 45

thread applet-applet.class, READ: TLSv1 Alert, length = 2

thread applet-applet.class, RECV TLSv1 ALERT: fatal, handshake_failure

thread applet-applet.class, called closeSocket()

thread applet-applet.class, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

%% No cached client session

*** ClientHello, TLSv1

RandomCookie: GMT: 1168296326 bytes ={ 13, 107, 91, 83, 15, 11, 87, 183, 9, 34, 241, 2, 134, 102, 204, 95, 195, 21, 18, 236, 241, 188, 68, 171, 81, 152, 61, 69}

Session ID:{}

Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5]

Compression Methods:{ 0}

***

RMI RenewClean-[127.0.0.1:51541,javax.rmi.ssl.SslRMIClientSocketFactory@b02efa], WRITE: TLSv1 Handshake, length = 45

RMI RenewClean-[127.0.0.1:51541,javax.rmi.ssl.SslRMIClientSocketFactory@b02efa], READ: TLSv1 Alert, length = 2

RMI RenewClean-[127.0.0.1:51541,javax.rmi.ssl.SslRMIClientSocketFactory@b02efa], RECV TLSv1 ALERT: fatal, handshake_failure

RMI RenewClean-[127.0.0.1:51541,javax.rmi.ssl.SslRMIClientSocketFactory@b02efa], called closeSocket()

RMI RenewClean-[127.0.0.1:51541,javax.rmi.ssl.SslRMIClientSocketFactory@b02efa], handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

Finalizer, called close()

Finalizer, called closeInternal(true)

%% No cached client session

*** ClientHello, TLSv1

RandomCookie: GMT: 1168296327 bytes ={ 108, 164, 16, 51, 74, 207, 168, 21, 18, 193, 11, 186, 127, 254, 234, 244, 28, 97, 202, 240, 151, 188, 55, 52, 88, 37, 30, 208}

Session ID:{}

Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5]

Compression Methods:{ 0}

***

RMI RenewClean-[127.0.0.1:51541,javax.rmi.ssl.SslRMIClientSocketFactory@b02efa], WRITE: TLSv1 Handshake, length = 45

RMI RenewClean-[127.0.0.1:51541,javax.rmi.ssl.SslRMIClientSocketFactory@b02efa], READ: TLSv1 Alert, length = 2

RMI RenewClean-[127.0.0.1:51541,javax.rmi.ssl.SslRMIClientSocketFactory@b02efa], RECV TLSv1 ALERT: fatal, handshake_failure

RMI RenewClean-[127.0.0.1:51541,javax.rmi.ssl.SslRMIClientSocketFactory@b02efa], called closeSocket()

RMI RenewClean-[127.0.0.1:51541,javax.rmi.ssl.SslRMIClientSocketFactory@b02efa], handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

Finalizer, called close()

Finalizer, called closeInternal(true)

Finalizer, called close()

Finalizer, called closeInternal(true)

%% No cached client session

*** ClientHello, TLSv1

RandomCookie: GMT: 1168296329 bytes ={ 227, 215, 193, 27, 29, 178, 135, 108, 151, 81, 199, 217, 177, 5, 80, 42, 57, 107, 82, 164, 7, 94, 24, 122, 144, 23, 78, 226}

Session ID:{}

Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5]

Compression Methods:{ 0}

***

RMI RenewClean-[127.0.0.1:51541,javax.rmi.ssl.SslRMIClientSocketFactory@b02efa], WRITE: TLSv1 Handshake, length = 45

RMI RenewClean-[127.0.0.1:51541,javax.rmi.ssl.SslRMIClientSocketFactory@b02efa], READ: TLSv1 Alert, length = 2

RMI RenewClean-[127.0.0.1:51541,javax.rmi.ssl.SslRMIClientSocketFactory@b02efa], RECV TLSv1 ALERT: fatal, handshake_failure

RMI RenewClean-[127.0.0.1:51541,javax.rmi.ssl.SslRMIClientSocketFactory@b02efa], called closeSocket()

RMI RenewClean-[127.0.0.1:51541,javax.rmi.ssl.SslRMIClientSocketFactory@b02efa], handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

Finalizer, called close()

Finalizer, called closeInternal(true)

%% No cached client session

*** ClientHello, TLSv1

RandomCookie: GMT: 1168296333 bytes ={ 202, 140, 90, 154, 54, 71, 99, 99, 4, 64, 4, 8, 102, 96, 248, 185, 194, 236, 149, 120, 2, 156, 128, 94, 245, 2, 76, 241}

Session ID:{}

Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5]

Compression Methods:{ 0}

***

RMI RenewClean-[127.0.0.1:51541,javax.rmi.ssl.SslRMIClientSocketFactory@b02efa], WRITE: TLSv1 Handshake, length = 45

RMI RenewClean-[127.0.0.1:51541,javax.rmi.ssl.SslRMIClientSocketFactory@b02efa], READ: TLSv1 Alert, length = 2

RMI RenewClean-[127.0.0.1:51541,javax.rmi.ssl.SslRMIClientSocketFactory@b02efa], RECV TLSv1 ALERT: fatal, handshake_failure

RMI RenewClean-[127.0.0.1:51541,javax.rmi.ssl.SslRMIClientSocketFactory@b02efa], called closeSocket()

RMI RenewClean-[127.0.0.1:51541,javax.rmi.ssl.SslRMIClientSocketFactory@b02efa], handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

Finalizer, called close()

Finalizer, called closeInternal(true)

%% No cached client session

*** ClientHello, TLSv1

RandomCookie: GMT: 1168296341 bytes ={ 172, 30, 228, 134, 127, 3, 99, 112, 4, 54, 6, 162, 72, 5, 176, 234, 234, 208, 123, 166, 224, 30, 224, 17, 204, 93, 90, 11}

Session ID:{}

Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5]

Compression Methods:{ 0}

***

RMI RenewClean-[127.0.0.1:51541,javax.rmi.ssl.SslRMIClientSocketFactory@b02efa], WRITE: TLSv1 Handshake, length = 45

RMI RenewClean-[127.0.0.1:51541,javax.rmi.ssl.SslRMIClientSocketFactory@b02efa], READ: TLSv1 Alert, length = 2

RMI RenewClean-[127.0.0.1:51541,javax.rmi.ssl.SslRMIClientSocketFactory@b02efa], RECV TLSv1 ALERT: fatal, handshake_failure

RMI RenewClean-[127.0.0.1:51541,javax.rmi.ssl.SslRMIClientSocketFactory@b02efa], called closeSocket()

RMI RenewClean-[127.0.0.1:51541,javax.rmi.ssl.SslRMIClientSocketFactory@b02efa], handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

%% No cached client session

*** ClientHello, TLSv1

RandomCookie: GMT: 1168296357 bytes ={ 49, 202, 249, 112, 234, 233, 92, 184, 142, 206, 79, 16, 85, 220, 198, 197, 84, 152, 118, 33, 233, 205, 231, 240, 239, 167, 236, 236}

Session ID:{}

Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5]

Compression Methods:{ 0}

***

RMI RenewClean-[127.0.0.1:51541,javax.rmi.ssl.SslRMIClientSocketFactory@b02efa], WRITE: TLSv1 Handshake, length = 45

RMI RenewClean-[127.0.0.1:51541,javax.rmi.ssl.SslRMIClientSocketFactory@b02efa], READ: TLSv1 Alert, length = 2

RMI RenewClean-[127.0.0.1:51541,javax.rmi.ssl.SslRMIClientSocketFactory@b02efa], RECV TLSv1 ALERT: fatal, handshake_failure

RMI RenewClean-[127.0.0.1:51541,javax.rmi.ssl.SslRMIClientSocketFactory@b02efa], called closeSocket()

RMI RenewClean-[127.0.0.1:51541,javax.rmi.ssl.SslRMIClientSocketFactory@b02efa], handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

A bit of background that may help - I am using a CA signed cert.

I have a keystore called keystore.ks and a truststore called

truststore.ks that has had the export of the keystore imported into it.

I am a little unsure of how I create a client keystore and truststore

or whether I only need a client keystore, or even whether what I have is

enough. I am fairly sure this is part of the problem, though I don't know if

it is the root cause.

I am attempting to use the features mentioned in the paragraph starting

"Now let's export the HelloImpl remote object with the SSL/TLS-based "

in the example here:

http://blogs.sun.com/lmalventosa/entry/using_the_ssl_tls_based

Unfortunately it doesn't involve applets or CA signed keys, so I have had to turn to the forums and

occasionally google, to get me through.

It is at the stage where it authenticates the client with the server initially from what I can tell.

- I was getting an SSL handshake error upon start of the client that has since been resolved and had

a different error message to this one - though I realise the cause could be the same.

I have searched for RECV TLSv1 ALERT: fatal, handshake_failure, and the first line of the error on

here and on google but have come up empty so far.

Thanks in advance,

brendo.

[14038 byte] By [oldmatebrendoa] at [2007-11-27 11:21:12]
«« javax.servlet.ServletException
»» Where do all the cookies go?
# 1

This looks like you may be using RMISocketFactory instead of RMIClientSocketFactory and RMIServerSocketFactory. Is this the case?

ejpa at 2007-7-29 14:47:14 > top of Java-index,Core,Core APIs...
# 2

Thanks for the quick reply,

In the client I am using

javax.rmi.ssl.SslRMIClientSocketFactory

and in the server i have both

javax.rmi.ssl.SslRMIClientSocketFactory AND

javax.rmi.ssl.SslRMIServerSocketFactory

imported.

oldmatebrendoa at 2007-7-29 14:47:14 > top of Java-index,Core,Core APIs...
# 3

Is this actionListener a callback into the client? (i.e. into an exported remote object inside the applet?)

ejpa at 2007-7-29 14:47:14 > top of Java-index,Core,Core APIs...
# 4

I'm not quite sure what you mean by a callback into the client.

The actionListener calls

System.out.println(obj.sayHello());

Where obj is initialized to

obj = (Hello) registry.lookup("HelloServer");

The classes I have are -

RmiRegistry - the registry

HelloClient - the client

HelloImpl - the server side

Hello - the interface

I just realised that the interface doesn't have javax.rmi.ssl. (anything) imported, could this be causing the problem?

oldmatebrendoa at 2007-7-29 14:47:14 > top of Java-index,Core,Core APIs...
# 5

OK well can you show your uses of RMIClientSocketFactory in the client, and of RMIClientSocketFactory and RMIServerSocketFactory in the server? and also your SSL initialization code if any?

ejpa at 2007-7-29 14:47:14 > top of Java-index,Core,Core APIs...
# 6

In the server which extends UnicastRemoteObject

super(0, new SslRMIClientSocketFactory(),

new SslRMIServerSocketFactory(new String[] {"SSL_RSA_WITH_RC4_128_MD5"},

new String[] {"TLSv1"},

true));

The registry is initialized as this in the server:

Registry registry = LocateRegistry.getRegistry(null, 3000);

This is in the client:

registry = LocateRegistry.getRegistry(null, 3000);

obj = (Hello) registry.lookup("HelloServer");

The example I have been learning off has an optional other initialization of registry of:

registry = LocateRegistry.getRegistry(null, 3000, new SslRMIClientSocketFactory());

but for the level of security I am trying to implement, it says to use the one I have.

The SSL initialization is:

TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();

SSLContext sc = SSLContext.getInstance("SSL");

sc.init(null, trustManagers, null);

SSLContext.setDefault(sc);

oldmatebrendoa at 2007-7-29 14:47:14 > top of Java-index,Core,Core APIs...
# 7

On the server side you must initialize the SSLContext with a keymanager which has a keystore which has been loaded (unless you just use the system properties to tell Java about the keystore, and no SSLContext init at all).

NB for later, if you want to use LocateRegistry.getRegistry(csf, port) you will have to use LocateRegistry.createRegistry(port, csf, ssf) at the server side, you can't just use the 'rmiregistry' command.

ejpa at 2007-7-29 14:47:14 > top of Java-index,Core,Core APIs...
# 8

I load the keystore using

KeyStore ks = KeyStore.getInstance("jks");

InputStream is = getClass().getResourceAsStream("keystore.ks");

ks.load(is , new char[] {'f','o','o','b','a','r'});

So can I just clarify that on the server side, I should initialize the SSLContext with the keymanager rather than the TrustManager?

But on the client side, it is correct to use TrustManager?

I checked the api and understadn what you mean by using CreateRegistry, I think, but what do you mean by

>can't just use the 'rmiregistry' command.

I have created an RmiRegistry class that has the keystore, truststore information etc.

When that initializes the SSLContext, should it use KeyManager or TrustManager?

At the moment, I have it using TrustManager

oldmatebrendoa at 2007-7-29 14:47:14 > top of Java-index,Core,Core APIs...
# 9

At the server you need the KeyManager.

You need a TrustManager at the server as well if you have needClientAuth=true. Not otherwise.

At the client you need the TrustManager.

> what do you mean by

>>can't just use the 'rmiregistry' command.

As I said, you can't use the 'rmiregistry' command if you want it to use socket factories. You've solved that problem.

ejpa at 2007-7-29 14:47:14 > top of Java-index,Core,Core APIs...
# 10

I tried using those three our four things you suggested and still seem to be getting the same error and the same debug output.

This is the code I used for keystore and truststore

TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());

KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());

KeyStore truststore = KeyStore.getInstance(KeyStore.getDefaultType());

KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());

InputStream keystoreStream = ClassLoader.getSystemResourceAsStream("keystore.ks ");

InputStream truststoreStream = ClassLoader.getSystemResourceAsStream("truststore.ks ");

truststore.load(truststoreStream, "trustword".toCharArray());

keystore.load(keystoreStream, "password".toCharArray());

trustManagerFactory.init(truststore);

keyManagerFactory.init(keystore, "password".toCharArray());

TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();

KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();

SSLContext sc = SSLContext.getInstance("SSL");

sc.init(null, trustManagers, null);

SSLContext.setDefault(sc);

Am I doing something wrong there?

oldmatebrendoa at 2007-7-29 14:47:14 > top of Java-index,Core,Core APIs...
# 11

> sc.init(null, trustManagers, null);

All that work setting up the KeyManagers and you aren't passing them to SSLContext.init()!

ejpa at 2007-7-29 14:47:14 > top of Java-index,Core,Core APIs...
# 12

Sorry, that was the client side, the server side did have keymanagers passed to sslcontext.

I did add the keymanagers to the client side as well, but the error persists...

oldmatebrendoa at 2007-7-29 14:47:14 > top of Java-index,Core,Core APIs...
# 13

Can you do that SSL tracing on the server side? and post it here?

ejpa at 2007-7-29 14:47:14 > top of Java-index,Core,Core APIs...
# 14

This is the output of the debug from HelloImpl

keyStore is :

keyStore type is : jks

keyStore provider is :

init keystore

init keymanager of type SunX509

trustStore is: C:\Program Files\Java\jre1.6.0_02\lib\security\cacerts

trustStore type is : jks

trustStore provider is :

init truststore

adding as trusted cert:

Subject: CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE

Issuer: CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE

Algorithm: RSA; Serial number: 0x1

Valid from Tue May 30 20:48:38 EST 2000 until Sat May 30 20:48:38 EST 2020

adding as trusted cert:

Subject: OU=Equifax Secure Certificate Authority, O=Equifax, C=US

Issuer: OU=Equifax Secure Certificate Authority, O=Equifax, C=US

Algorithm: RSA; Serial number: 0x35def4cf

Valid from Sun Aug 23 02:41:51 EST 1998 until Thu Aug 23 02:41:51 EST 2018

adding as trusted cert:

Subject: CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US

Issuer: CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US

Algorithm: RSA; Serial number: 0x4

Valid from Mon Jun 21 14:00:00 EST 1999 until Sun Jun 21 14:00:00 EST 2020

adding as trusted cert:

Subject: CN=VeriSign Class 2 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Issuer: CN=VeriSign Class 2 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Algorithm: RSA; Serial number: 0x6170cb498c5f984529e7b0a6d9505b7a

Valid from Fri Oct 01 10:00:00 EST 1999 until Thu Jul 17 09:59:59 EST 2036

adding as trusted cert:

Subject: OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US

Issuer: OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US

Algorithm: RSA; Serial number: 0x0

Valid from Wed Jun 30 03:39:16 EST 2004 until Fri Jun 30 03:39:16 EST 2034

adding as trusted cert:

Subject: CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB

Issuer: CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB

Algorithm: RSA; Serial number: 0x1

Valid from Thu Jan 01 11:00:00 EST 2004 until Mon Jan 01 10:59:59 EST 2029

adding as trusted cert:

Subject: EMAILADDRESS=personal-freemail@thawte.com, CN=Thawte Personal Freemail CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA

Issuer: EMAILADDRESS=personal-freemail@thawte.com, CN=Thawte Personal Freemail CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA

Algorithm: RSA; Serial number: 0x0

Valid from Mon Jan 01 11:00:00 EST 1996 until Fri Jan 01 10:59:59 EST 2021

adding as trusted cert:

Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 1 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US

Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 1 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US

Algorithm: RSA; Serial number: 0x4cc7eaaa983e71d39310f83d3a899192

Valid from Mon May 18 10:00:00 EST 1998 until Wed Aug 02 09:59:59 EST 2028

adding as trusted cert:

Subject: EMAILADDRESS=server-certs@thawte.com, CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA

Issuer: EMAILADDRESS=server-certs@thawte.com, CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA

Algorithm: RSA; Serial number: 0x1

Valid from Thu Aug 01 10:00:00 EST 1996 until Fri Jan 01 10:59:59 EST 2021

adding as trusted cert:

Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US

Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US

Algorithm: RSA; Serial number: 0x7dd9fe07cfa81eb7107967fba78934c6

Valid from Mon May 18 10:00:00 EST 1998 until Wed Aug 02 09:59:59 EST 2028

adding as trusted cert:

Subject: CN=AddTrust Qualified CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE

Issuer: CN=AddTrust Qualified CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE

Algorithm: RSA; Serial number: 0x1

Valid from Tue May 30 20:44:50 EST 2000 until Sat May 30 20:44:50 EST 2020

adding as trusted cert:

Subject: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US

Issuer: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US

Algorithm: RSA; Serial number: 0x1

Valid from Mon Jun 21 14:00:00 EST 1999 until Sun Jun 21 14:00:00 EST 2020

adding as trusted cert:

Subject: OU=Equifax Secure eBusiness CA-2, O=Equifax Secure, C=US

Issuer: OU=Equifax Secure eBusiness CA-2, O=Equifax Secure, C=US

Algorithm: RSA; Serial number: 0x3770cfb5

Valid from Wed Jun 23 22:14:45 EST 1999 until Sun Jun 23 22:14:45 EST 2019

adding as trusted cert:

Subject: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US

Issuer: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US

Algorithm: RSA; Serial number: 0x1a5

Valid from Thu Aug 13 10:29:00 EST 1998 until Tue Aug 14 09:59:00 EST 2018

adding as trusted cert:

Subject: OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US

Issuer: OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US

Algorithm: RSA; Serial number: 0x2ad667e4e45fe5e576f3c98195eddc0

Valid from Wed Nov 09 11:00:00 EST 1994 until Fri Jan 08 10:59:59 EST 2010

adding as trusted cert:

Subject: CN=Entrust.net Secure Server Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/SSL_CPS incorp. by ref. (limits liab.), O=Entrust.net

Issuer: CN=Entrust.net Secure Server Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/SSL_CPS incorp. by ref. (limits liab.), O=Entrust.net

Algorithm: RSA; Serial number: 0x389b113c

Valid from Sat Feb 05 04:20:00 EST 2000 until Wed Feb 05 04:50:00 EST 2020

adding as trusted cert:

Subject: EMAILADDRESS=personal-premium@thawte.com, CN=Thawte Personal Premium CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA

Issuer: EMAILADDRESS=personal-premium@thawte.com, CN=Thawte Personal Premium CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA

Algorithm: RSA; Serial number: 0x0

Valid from Mon Jan 01 11:00:00 EST 1996 until Fri Jan 01 10:59:59 EST 2021

adding as trusted cert:

Subject: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE

Issuer: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE

Algorithm: RSA; Serial number: 0x20000b9

Valid from Sat May 13 04:46:00 EST 2000 until Tue May 13 09:59:00 EST 2025

adding as trusted cert:

Subject: EMAILADDRESS=personal-basic@thawte.com, CN=Thawte Personal Basic CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA

Issuer: EMAILADDRESS=personal-basic@thawte.com, CN=Thawte Personal Basic CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA

Algorithm: RSA; Serial number: 0x0

Valid from Mon Jan 01 11:00:00 EST 1996 until Fri Jan 01 10:59:59 EST 2021

adding as trusted cert:

Subject: CN=Entrust.net Client Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/GCCA_CPS incorp. by ref. (limits liab.), O=Entrust.net

Issuer: CN=Entrust.net Client Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/GCCA_CPS incorp. by ref. (limits liab.), O=Entrust.net

Algorithm: RSA; Serial number: 0x389ef6e4

Valid from Tue Feb 08 03:16:40 EST 2000 until Sat Feb 08 03:46:40 EST 2020

adding as trusted cert:

Subject: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US

Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US

Algorithm: RSA; Serial number: 0x70bae41d10d92934b638ca7b03ccbabf

Valid from Mon Jan 29 11:00:00 EST 1996 until Wed Aug 02 09:59:59 EST 2028

adding as trusted cert:

Subject: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US

Issuer: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US

Algorithm: RSA; Serial number: 0x23456

Valid from Tue May 21 14:00:00 EST 2002 until Sat May 21 14:00:00 EST 2022

adding as trusted cert:

Subject: CN=Sonera Class1 CA, O=Sonera, C=FI

Issuer: CN=Sonera Class1 CA, O=Sonera, C=FI

Algorithm: RSA; Serial number: 0x24

Valid from Fri Apr 06 20:49:13 EST 2001 until Tue Apr 06 20:49:13 EST 2021

adding as trusted cert:

Subject: OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US

Issuer: OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US

Algorithm: RSA; Serial number: 0xcdba7f56f0dfe4bc54fe22acb372aa55

Valid from Mon Jan 29 11:00:00 EST 1996 until Wed Aug 02 09:59:59 EST 2028

adding as trusted cert:

Subject: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US

Issuer: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US

Algorithm: RSA; Serial number: 0x0

Valid from Wed Jun 30 03:06:20 EST 2004 until Fri Jun 30 03:06:20 EST 2034

adding as trusted cert:

Subject: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust, O=Baltimore, C=IE

Issuer: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust, O=Baltimore, C=IE

Algorithm: RSA; Serial number: 0x20000bf

Valid from Thu May 18 00:01:00 EST 2000 until Sun May 18 09:59:00 EST 2025

adding as trusted cert:

Subject: CN=UTN-USERFirst-Hardware, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US

Issuer: CN=UTN-USERFirst-Hardware, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US

Algorithm: RSA; Serial number: 0x44be0c8b500024b411d3362afe650afd

Valid from Sat Jul 10 04:10:42 EST 1999 until Wed Jul 10 04:19:22 EST 2019

adding as trusted cert:

Subject: CN=UTN-USERFirst-Client Authentication and Email, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US

Issuer: CN=UTN-USERFirst-Client Authentication and Email, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US

Algorithm: RSA; Serial number: 0x44be0c8b500024b411d336252567c989

Valid from Sat Jul 10 03:28:50 EST 1999 until Wed Jul 10 03:36:58 EST 2019

adding as trusted cert:

Subject: CN=VeriSign Class 1 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Issuer: CN=VeriSign Class 1 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Algorithm: RSA; Serial number: 0x8b5b75568454850b00cfaf3848ceb1a4

Valid from Fri Oct 01 10:00:00 EST 1999 until Thu Jul 17 09:59:59 EST 2036

adding as trusted cert:

Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US

Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US

Algorithm: RSA; Serial number: 0xb92f60cc889fa17a4609b85b706c8aaf

Valid from Mon May 18 10:00:00 EST 1998 until Wed Aug 02 09:59:59 EST 2028

adding as trusted cert:

Subject: CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net

Issuer: CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net

Algorithm: RSA; Serial number: 0x3863b966

Valid from Sat Dec 25 04:50:51 EST 1999 until Wed Dec 25 05:20:51 EST 2019

adding as trusted cert:

Subject: CN=GTE CyberTrust Root 5, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US

Issuer: CN=GTE CyberTrust Root 5, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US

Algorithm: RSA; Serial number: 0x1b6

Valid from Sat Aug 15 00:50:00 EST 1998 until Thu Aug 15 09:59:00 EST 2013

adding as trusted cert:

Subject: OU=Class 2 Public Primary Certification Authority, O="VeriSign, Inc.", C=US

Issuer: OU=Class 2 Public Primary Certification Authority, O="VeriSign, Inc.", C=US

Algorithm: RSA; Serial number: 0x2d1bfc4a178da391ebe7fff58b45be0b

Valid from Mon Jan 29 11:00:00 EST 1996 until Wed Aug 02 09:59:59 EST 2028

adding as trusted cert:

Subject: CN=Entrust.net Secure Server Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), O=Entrust.net, C=US

Issuer: CN=Entrust.net Secure Server Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), O=Entrust.net, C=US

Algorithm: RSA; Serial number: 0x374ad243

Valid from Wed May 26 02:09:40 EST 1999 until Sun May 26 02:39:40 EST 2019

adding as trusted cert:

Subject: CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US

Issuer: CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US

Algorithm: RSA; Serial number: 0x44be0c8b500024b411d3362de0b35f1b

Valid from Sat Jul 10 04:31:20 EST 1999 until Wed Jul 10 04:40:36 EST 2019

adding as trusted cert:

Subject: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA

Issuer: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA

Algorithm: RSA; Serial number: 0x1

Valid from Thu Aug 01 10:00:00 EST 1996 until Fri Jan 01 10:59:59 EST 2021

adding as trusted cert:

Subject: CN=Entrust.net Client Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/Client_CA_Info/CPS incorp. by ref. limits liab., O=Entrust.net, C=US

Issuer: CN=Entrust.net Client Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/Client_CA_Info/CPS incorp. by ref. limits liab., O=Entrust.net, C=US

Algorithm: RSA; Serial number: 0x380391ee

Valid from Wed Oct 13 05:24:30 EST 1999 until Sun Oct 13 05:54:30 EST 2019

adding as trusted cert:

Subject: CN=UTN - DATACorp SGC, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US

Issuer: CN=UTN - DATACorp SGC, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US

Algorithm: RSA; Serial number: 0x44be0c8b500021b411d32a6806a9ad69

Valid from Fri Jun 25 04:57:21 EST 1999 until Tue Jun 25 05:06:30 EST 2019

adding as trusted cert:

Subject: CN=Sonera Class2 CA, O=Sonera, C=FI

Issuer: CN=Sonera Class2 CA, O=Sonera, C=FI

Algorithm: RSA; Serial number: 0x1d

Valid from Fri Apr 06 17:29:40 EST 2001 until Tue Apr 06 17:29:40 EST 2021

adding as trusted cert:

Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Algorithm: RSA; Serial number: 0x9b7e0649a33e62b9d5ee90487129ef57

Valid from Fri Oct 01 10:00:00 EST 1999 until Thu Jul 17 09:59:59 EST 2036

adding as trusted cert:

Subject: EMAILADDRESS=info@valicert.com, CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network

Issuer: EMAILADDRESS=info@valicert.com, CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network

Algorithm: RSA; Serial number: 0x1

Valid from Sat Jun 26 10:19:54 EST 1999 until Wed Jun 26 10:19:54 EST 2019

adding as trusted cert:

Subject: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE

Issuer: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE

Algorithm: RSA; Serial number: 0x1

Valid from Tue May 30 20:38:31 EST 2000 until Sat May 30 20:38:31 EST 2020

trigger seeding of SecureRandom

done seeding SecureRandom

Finalizer, called close()

Finalizer, called closeInternal(true)

trigger seeding of SecureRandom

done seeding SecureRandom

RMI TCP Connection(1)-208.112.91.92, setSoTimeout(7200000) called

RMI TCP Connection(1)-208.112.91.92, READ: TLSv1 Handshake, length = 45

*** ClientHello, TLSv1

RandomCookie: GMT: 1168415567 bytes = { 168, 158, 66, 60, 166, 181, 250, 31, 184, 34, 248, 74, 159, 240, 167, 79, 54, 149, 26, 194, 85, 185, 71, 216, 206, 11, 3, 47 }

Session ID: {}

Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5]

Compression Methods: { 0 }

***

RMI TCP Connection(1)-208.112.91.92, SEND TLSv1 ALERT: fatal, description = handshake_failure

RMI TCP Connection(1)-208.112.91.92, WRITE: TLSv1 Alert, length = 2

RMI TCP Connection(1)-208.112.91.92, called closeSocket()

RMI TCP Connection(1)-208.112.91.92, handling exception: javax.net.ssl.SSLHandshakeException: no cipher suites in common

RMI TCP Connection(1)-208.112.91.92, called close()

RMI TCP Connection(1)-208.112.91.92, called closeInternal(true)

HelloServer bound in registry

RMI TCP Connection(2)-208.112.91.92, setSoTimeout(7200000) called

RMI TCP Connection(2)-208.112.91.92, READ: TLSv1 Handshake, length = 45

*** ClientHello, TLSv1

RandomCookie: GMT: 1168415567 bytes = { 96, 239, 59, 170, 173, 134, 25, 118, 18, 234, 135, 44, 40, 120, 74, 29, 189, 88, 195, 186, 105, 120, 151, 212, 161, 14, 217, 194 }

Session ID: {}

Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5]

Compression Methods: { 0 }

***

RMI TCP Connection(2)-208.112.91.92, SEND TLSv1 ALERT: fatal, description = handshake_failure

RMI TCP Connection(2)-208.112.91.92, WRITE: TLSv1 Alert, length = 2

RMI TCP Connection(2)-208.112.91.92, called closeSocket()

RMI TCP Connection(2)-208.112.91.92, handling exception: javax.net.ssl.SSLHandshakeException: no cipher suites in common

RMI TCP Connection(2)-208.112.91.92, called close()

RMI TCP Connection(2)-208.112.91.92, called closeInternal(true)

RMI TCP Connection(3)-208.112.91.92, setSoTimeout(7200000) called

RMI TCP Connection(3)-208.112.91.92, READ: TLSv1 Handshake, length = 45

*** ClientHello, TLSv1

RandomCookie: GMT: 1168415568 bytes = { 121, 39, 109, 113, 150, 46, 228, 200, 125, 0, 89, 58, 37, 196, 230, 236, 116, 183, 157, 69, 217, 26, 88, 174, 39, 4, 64, 106 }

Session ID: {}

Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5]

Compression Methods: { 0 }

***

RMI TCP Connection(3)-208.112.91.92, SEND TLSv1 ALERT: fatal, description = handshake_failure

RMI TCP Connection(3)-208.112.91.92, WRITE: TLSv1 Alert, length = 2

RMI TCP Connection(3)-208.112.91.92, called closeSocket()

RMI TCP Connection(3)-208.112.91.92, handling exception: javax.net.ssl.SSLHandshakeException: no cipher suites in common

RMI TCP Connection(3)-208.112.91.92, called close()

RMI TCP Connection(3)-208.112.91.92, called closeInternal(true)

Finalizer, called close()

Finalizer, called closeInternal(true)

RMI TCP Connection(4)-208.112.91.92, setSoTimeout(7200000) called

RMI TCP Connection(4)-208.112.91.92, READ: TLSv1 Handshake, length = 45

*** ClientHello, TLSv1

RandomCookie: GMT: 1168415570 bytes = { 15, 8, 68, 222, 217, 193, 215, 41, 238, 122, 164, 194, 165, 203, 162, 244, 142, 206, 143, 221, 189, 73, 45, 205, 34, 100, 16, 58 }

Session ID: {}

Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5]

Compression Methods: { 0 }

***

RMI TCP Connection(4)-208.112.91.92, SEND TLSv1 ALERT: fatal, description = handshake_failure

RMI TCP Connection(4)-208.112.91.92, WRITE: TLSv1 Alert, length = 2

RMI TCP Connection(4)-208.112.91.92, called closeSocket()

RMI TCP Connection(4)-208.112.91.92, handling exception: javax.net.ssl.SSLHandshakeException: no cipher suites in common

RMI TCP Connection(4)-208.112.91.92, called close()

RMI TCP Connection(4)-208.112.91.92, called closeInternal(true)

RMI TCP Connection(5)-208.112.91.92, setSoTimeout(7200000) called

RMI TCP Connection(5)-208.112.91.92, READ: TLSv1 Handshake, length = 45

*** ClientHello, TLSv1

RandomCookie: GMT: 1168415574 bytes = { 3, 231, 148, 249, 150, 90, 215, 244, 198, 249, 189, 91, 237, 242, 90, 133, 91, 1, 48, 246, 176, 126, 103, 44, 34, 216, 234, 44 }

Session ID: {}

Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5]

Compression Methods: { 0 }

***

RMI TCP Connection(5)-208.112.91.92, SEND TLSv1 ALERT: fatal, description = handshake_failure

RMI TCP Connection(5)-208.112.91.92, WRITE: TLSv1 Alert, length = 2

RMI TCP Connection(5)-208.112.91.92, called closeSocket()

RMI TCP Connection(5)-208.112.91.92, handling exception: javax.net.ssl.SSLHandshakeException: no cipher suites in common

RMI TCP Connection(5)-208.112.91.92, called close()

RMI TCP Connection(5)-208.112.91.92, called closeInternal(true)

RMI TCP Connection(6)-208.112.91.92, setSoTimeout(7200000) called

RMI TCP Connection(6)-208.112.91.92, READ: TLSv1 Handshake, length = 45

*** ClientHello, TLSv1

RandomCookie: GMT: 1168415582 bytes = { 131, 16, 7, 143, 190, 136, 79, 172, 123, 117, 118, 70, 68, 196, 83, 77, 160, 172, 173, 61, 25, 245, 246, 17, 1, 84, 13, 241 }

Session ID: {}

Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5]

Compression Methods: { 0 }

***

RMI TCP Connection(6)-208.112.91.92, SEND TLSv1 ALERT: fatal, description = handshake_failure

RMI TCP Connection(6)-208.112.91.92, WRITE: TLSv1 Alert, length = 2

RMI TCP Connection(6)-208.112.91.92, called closeSocket()

RMI TCP Connection(6)-208.112.91.92, handling exception: javax.net.ssl.SSLHandshakeException: no cipher suites in common

RMI TCP Connection(6)-208.112.91.92, called close()

RMI TCP Connection(6)-208.112.91.92, called closeInternal(true)

oldmatebrendoa at 2007-7-29 14:47:14 > top of Java-index,Core,Core APIs...
# 15

Aha.

javax.net.ssl.SSLHandshakeException: no cipher suites in common

Did you see that? Are you modifying the cipher suites at the client or the server? If so, don't. There's no need: SSL will choose the most secure of the common cipher suites.

If not, there are some CAs that are issuing certificates that can't be used with Java SSL because of incompatible signature algorithms, you may need to check this with your CA.

ejpa at 2007-7-29 14:47:18 > top of Java-index,Core,Core APIs...
# 16

Ok, I removed the modification of the cypher suites.

The example said I was supposed to specify those, but once they were gone I was able to get the client to connect remotely.

The CA certificate was also a problem and am in the process of rectifying this.

Using the sample keys, everything works until I put it into an applet.

When I start the applet i get this exception

Exception occured:error during JRMP connection establishment; nested exception is:

javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty

java.rmi.ConnectIOException: error during JRMP connection establishment; nested exception is:

javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty

at sun.rmi.transport.tcp.TCPChannel.createConnection(Unknown Source)

at sun.rmi.transport.tcp.TCPChannel.newConnection(Unknown Source)

at sun.rmi.server.UnicastRef.invoke(Unknown Source)

at HelloImpl_Stub.sayHello(Unknown Source)

at HelloClient.<init>(HelloClient.java:116)

at applet.start(applet.java:57)

at sun.applet.AppletPanel.run(Unknown Source)

at java.lang.Thread.run(Unknown Source)

Caused by: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty

at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(Unknown Source)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(Unknown Source)

at com.sun.net.ssl.internal.ssl.AppOutputStream.write(Unknown Source)

at java.io.BufferedOutputStream.flushBuffer(Unknown Source)

at java.io.BufferedOutputStream.flush(Unknown Source)

at java.io.DataOutputStream.flush(Unknown Source)

... 8 more

Caused by: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty

at sun.security.validator.PKIXValidator.<init>(Unknown Source)

at sun.security.validator.Validator.getInstance(Unknown Source)

at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.getValidator(Unknown Source)

at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)

at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)

at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)

at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)

at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)

at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(Unknown Source)

... 12 more

Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty

at java.security.cert.PKIXParameters.setTrustAnchors(Unknown Source)

at java.security.cert.PKIXParameters.<init>(Unknown Source)

at java.security.cert.PKIXBuilderParameters.<init>(Unknown Source)

... 24 more

The truststore is included in the jar, and from what I have read, it appears this error is thrown when the truststore cannot be found. I put the keystore and truststore code into the applet class as well as being in the client class it calls already, but it sill gives me this error.

oldmatebrendoa at 2007-7-29 14:47:18 > top of Java-index,Core,Core APIs...
# 17

> The example said I was supposed to specify those, but once they were gone I was able to get the client to connect remotely.

What example is that? Bad idea. Leave it to SSL.

Search this forum and the JSSE forum for 'trustAnchors'. Can't remember the details myself but it's a well-known problem.

ejpa at 2007-7-29 14:47:18 > top of Java-index,Core,Core APIs...
# 18

> What example is that? Bad idea. Leave it to SSL.

http://blogs.sun.com/lmalventosa/entry/using_the_ssl_tls_based

Thank you for your all your help.

It is people like you who keep forums like this going :)

oldmatebrendoa at 2007-7-29 14:47:18 > top of Java-index,Core,Core APIs...
# 19

Like all errors I seem to have, lots of people have it, very few have a solution :)

oldmatebrendoa at 2007-7-29 14:47:18 > top of Java-index,Core,Core APIs...
# 20

> > > The example said I was supposed to specify those {cipher suites]

>

> > What example is that? Bad idea. Leave it to SSL.

>

> http://blogs.sun.com/lmalventosa/entry/using_the_ssl_tls_based

It doesn't actually say you're 'supposed' to specify the cipher suite, does it? It just shows you how to do it if you want to. Normally you don't.

ejpa at 2007-7-29 14:47:18 > top of Java-index,Core,Core APIs...
Core
Core APIs

Core Hot Topic

Core

All Classified