SSL Handshake Messages with Client Authentication

Q

How to get SSL Handshake Messages that use client Authentication?

✍: FYIcenter

A

You can get SSL Handshake Messages that use client Authentication as shown below:

1. Open command window and run SslServerCmd.java with client certificate authentication turned on:

\fyicenter>\local\jdk-1.8.0\bin\java
   -Djavax.net.ssl.trustStore=client_crt.jks SslServerCmd 8080 Yes

USAGE: java SslServerCmd [port [clientAuth]]
Listening: port=8080, clientAuth=Yes

2. Open another command window and run SslServerCmd.java with system property javax.net.debug turned on:

\fyicenter>\local\jdk-1.8.0\bin\java 
   -Djavax.net.ssl.trustStore=server_crt.jks
   -Djavax.net.debug=ssl:handshake:data
   SslClientCertificateCmd localhost 8080 /index.html

HTTP/1.0 200 OK
Content-Type: text/html
Content-Length: 40

3. Open the SSL debug log file:

\fyicenter>edit ssl.log

*** ClientHello, TLSv1.2

[write] MD5 and SHA1 hashes:  len = 207
0000: 01 00 00 CB 03 03 59 50   57 CA 27 7E 86 01 82 F3  ......YPW.'.....
... (Client Hello message)

main, WRITE: TLSv1.2 Handshake, length = 207
main, READ: TLSv1.2 Handshake, length = 1494

*** ServerHello, TLSv1.2

[read] MD5 and SHA1 hashes:  len = 81
... (Server Hello message)

*** Certificate chain
chain [0] = [
[
  Version: V3
  Subject: CN=fyicenter.com, OU=FYIcenter, O=FYIcenter, L=FYI, ST=FYI, C=FR
...

[read] MD5 and SHA1 hashes:  len = 444
... (Server certificate)

*** CertificateRequest
Cert Types: RSA, DSS, ECDSA
Supported Signature Algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA, MD5withRSA
Cert Authorities:
<CN=Frank Y. Ivy, OU=IT, O=FYIcenter, L=NA, ST=NA, C=FR>

[read] MD5 and SHA1 hashes:  len = 135
... (Certificate Request for client authentication)

*** ServerHelloDone

[read] MD5 and SHA1 hashes:  len = 4
0000: 0E 00 00 00               
... (Server Hello Done message, 4 bytes only)

*** Certificate chain
chain [0] = [
[
  Version: V3
  Subject: CN=Frank Y. Ivy, OU=IT, O=FYIcenter, L=NA, ST=NA, C=FR
...

*** ClientKeyExchange, DH
DH Public key:  { 108, 150, 133, 85, 151, 77, 108, 62, 255, 70, 227, 231, 247, 165, 165, 14, 33, 126, 37, 167, 248, 27, 92, 167, 84, 94, 73, 240, 57, 105, 4, 78, 100, 152, 219, 201, 86, 190, 145, 2, 204, 195, 90, 108, 255, 1, 176, 105, 38, 119, 17, 116, 30, 99, 197, 135, 179, 187, 1, 50, 34, 92, 220, 98, 119, 174, 118, 59, 79, 71, 196, 37, 39, 72, 145, 13, 99, 220, 172, 200, 125, 149, 212, 103, 33, 174, 193, 43, 124, 118, 157, 157, 85, 250, 6, 248, 73, 120, 23, 161, 248, 203, 230, 177, 141, 208, 31, 23, 55, 48, 139, 248, 128, 224, 189, 2, 102, 197, 154, 150, 52, 23, 246, 180, 139, 61, 179, 111 }
[write] MD5 and SHA1 hashes:  len = 942
... (Client Key Exchange)
	
main, WRITE: TLSv1.2 Handshake, length = 942
	
*** CertificateVerify
Signature Algorithm SHA1withDSA
[write] MD5 and SHA1 hashes:  len = 54
... (Certificate Verify message)

main, WRITE: TLSv1.2 Handshake, length = 54
main, WRITE: TLSv1.2 Change Cipher Spec, length = 1

*** Finished
[write] MD5 and SHA1 hashes:  len = 16

*** Finished
[read] MD5 and SHA1 hashes:  len = 16

main, WRITE: TLSv1.2 Application Data, length = 80
main, READ: TLSv1.2 Application Data, length = 160

 

Examples for jsse.jar - Java Secure Socket Extension

⇒⇒FAQ for jsse.jar - Java Secure Socket Extension

2018-06-12, 1349👍, 0💬