[QFJ-970] SSL hand shake failed Created: 12/Feb/19  Updated: 26/Feb/19  Resolved: 26/Feb/19

Status: Closed
Project: QuickFIX/J
Component/s: Networking
Affects Version/s: 2.0.0
Fix Version/s: None

Type: Bug Priority: Major
Reporter: dai, lianjie Assignee: Unassigned
Resolution: Not a bug Votes: 0
Labels: ssl
Environment:

JDK8


 Description   

Our side it's client side, we only receive the messages from the server side, not sending any mesages from our side. So server side give us one certificate to use the SSL encryption(we generate the trust store by our selfservles), in our dev env and UAT env is good. But for the production it's bad.

Then we try to resolve the issue, we find when prod env validate the keyusage, client and server side decide to use RSA, RSA need to validate the 3 key usages, but our certification only have 1 key usage. The SSL hand shake failed.

Error Class: X509TrustManagerWrapper, method: checkServerTrusted()

Could you please help to check this issue? Thank you for your help.

ERROR MESSAGE:
adding as trusted cert:
Subject: CN=Root Certification Authority, OU=Sysadmin Team, O=360 Treasury Systems AG, C=DE
Issuer: CN=Root Certification Authority, OU=Sysadmin Team, O=360 Treasury Systems AG, C=DE
Algorithm: RSA; Serial number: 0x2ec09da74e9247da
Valid from Fri Dec 23 22:04:34 CST 2016 until Mon Dec 23 22:04:34 CST 2030

adding as trusted cert:
Subject: CN=Issuing Certification Authority, OU=Sysadmin Team, O=360 Treasury Systems AG, C=DE
Issuer: CN=Root Certification Authority, OU=Sysadmin Team, O=360 Treasury Systems AG, C=DE
Algorithm: RSA; Serial number: 0x4158dfbd6b0a96bb
Valid from Fri Dec 23 22:05:53 CST 2016 until Sat Dec 23 22:05:53 CST 2023

trigger seeding of SecureRandom
done seeding SecureRandom
Using SSLEngineImpl.
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
%% No cached client session

      • ClientHello, TLSv1.2
        RandomCookie: GMT: 1526460512 bytes = { 58, 213, 205, 241, 212, 73, 219, 161, 144, 98, 52, 91, 241, 165, 108, 180, 251, 112, 36, 206, 93, 44, 219, 44, 154, 111, 191, 171 }

        Session ID: {}
        Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
        Compression Methods:

        { 0 }

        Extension elliptic_curves, curve names:

        {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}

        Extension ec_point_formats, formats: [uncompressed]
        Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA224withECDSA, SHA224withRSA, SHA224withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA
        ***
        [write] MD5 and SHA1 hashes: len = 239
        0000: 01 00 00 EB 03 03 5B FC F0 60 3A D5 CD F1 D4 49 ......[..`:....I
        0010: DB A1 90 62 34 5B F1 A5 6C B4 FB 70 24 CE 5D 2C ...b4[..l..p$.],
        0020: DB 2C 9A 6F BF AB 00 00 64 C0 24 C0 28 00 3D C0 .,.o....d.$.(.=.
        0030: 26 C0 2A 00 6B 00 6A C0 0A C0 14 00 35 C0 05 C0 &.*.k.j.....5...
        0040: 0F 00 39 00 38 C0 23 C0 27 00 3C C0 25 C0 29 00 ..9.8.#.'.<.%.).
        0050: 67 00 40 C0 09 C0 13 00 2F C0 04 C0 0E 00 33 00 g.@...../.....3.
        0060: 32 C0 2C C0 2B C0 30 00 9D C0 2E C0 32 00 9F 00 2.,.+.0.....2...
        0070: A3 C0 2F 00 9C C0 2D C0 31 00 9E 00 A2 C0 08 C0 ../...-.1.......
        0080: 12 00 0A C0 03 C0 0D 00 16 00 13 00 FF 01 00 00 ................
        0090: 5E 00 0A 00 34 00 32 00 17 00 01 00 03 00 13 00 ^...4.2.........
        00A0: 15 00 06 00 07 00 09 00 0A 00 18 00 0B 00 0C 00 ................
        00B0: 19 00 0D 00 0E 00 0F 00 10 00 11 00 02 00 12 00 ................
        00C0: 04 00 05 00 14 00 08 00 16 00 0B 00 02 01 00 00 ................
        00D0: 0D 00 1C 00 1A 06 03 06 01 05 03 05 01 04 03 04 ................
        00E0: 01 04 02 03 03 03 01 03 02 02 03 02 01 02 02 ...............
        NioProcessor-2, WRITE: TLSv1.2 Handshake, length = 239
        [Raw write]: length = 244
        0000: 16 03 03 00 EF 01 00 00 EB 03 03 5B FC F0 60 3A ...........[..`:
        0010: D5 CD F1 D4 49 DB A1 90 62 34 5B F1 A5 6C B4 FB ....I...b4[..l..
        0020: 70 24 CE 5D 2C DB 2C 9A 6F BF AB 00 00 64 C0 24 p$.],.,.o....d.$
        0030: C0 28 00 3D C0 26 C0 2A 00 6B 00 6A C0 0A C0 14 .(.=.&.*.k.j....
        0040: 00 35 C0 05 C0 0F 00 39 00 38 C0 23 C0 27 00 3C .5.....9.8.#.'.<
        0050: C0 25 C0 29 00 67 00 40 C0 09 C0 13 00 2F C0 04 .%.).g.@...../..
        0060: C0 0E 00 33 00 32 C0 2C C0 2B C0 30 00 9D C0 2E ...3.2.,.+.0....
        0070: C0 32 00 9F 00 A3 C0 2F 00 9C C0 2D C0 31 00 9E .2...../...-.1..
        0080: 00 A2 C0 08 C0 12 00 0A C0 03 C0 0D 00 16 00 13 ................
        0090: 00 FF 01 00 00 5E 00 0A 00 34 00 32 00 17 00 01 .....^...4.2....
        00A0: 00 03 00 13 00 15 00 06 00 07 00 09 00 0A 00 18 ................
        00B0: 00 0B 00 0C 00 19 00 0D 00 0E 00 0F 00 10 00 11 ................
        00C0: 00 02 00 12 00 04 00 05 00 14 00 08 00 16 00 0B ................
        00D0: 00 02 01 00 00 0D 00 1C 00 1A 06 03 06 01 05 03 ................
        00E0: 05 01 04 03 04 01 04 02 03 03 03 01 03 02 02 03 ................
        00F0: 02 01 02 02 ....
        [Raw read]: length = 5
        0000: 16 03 03 00 51 ....Q
        [Raw read]: length = 81
        0000: 02 00 00 4D 03 03 5B FC F0 60 AE 8D 17 B5 8E 84 ...M..[..`......
        0010: CF D5 5C 73 E2 E2 9F 4C 6E DE 5A F6 70 84 DC 26 ..\s...Ln.Z.p..&
        0020: BD 46 7C D7 F9 1B 20 B7 8F 74 A3 FE 3A 4A CA 76 .F.... ..t..:J.v
        0030: 42 16 15 1C 42 05 DF 71 05 EC D2 19 06 51 B2 37 B...B..q.....Q.7
        0040: D3 45 74 78 DA EE 45 00 3D 00 00 05 FF 01 00 01 .Etx..E.=.......
        0050: 00 .
        NioProcessor-2, READ: TLSv1.2 Handshake, length = 81

      • ServerHello, TLSv1.2
        RandomCookie: GMT: 1526460512 bytes = { 174, 141, 23, 181, 142, 132, 207, 213, 92, 115, 226, 226, 159, 76, 110, 222, 90, 246, 112, 132, 220, 38, 189, 70, 124, 215, 249, 27 }

        Session ID:

        {183, 143, 116, 163, 254, 58, 74, 202, 118, 66, 22, 21, 28, 66, 5, 223, 113, 5, 236, 210, 25, 6, 81, 178, 55, 211, 69, 116, 120, 218, 238, 69}

        Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA256
        Compression Method: 0
        Extension renegotiation_info, renegotiated_connection: <empty>
        ***
        %% Initialized: [Session-1, TLS_RSA_WITH_AES_256_CBC_SHA256]

    • TLS_RSA_WITH_AES_256_CBC_SHA256
      [read] MD5 and SHA1 hashes: len = 81
      0000: 02 00 00 4D 03 03 5B FC F0 60 AE 8D 17 B5 8E 84 ...M..[..`......
      0010: CF D5 5C 73 E2 E2 9F 4C 6E DE 5A F6 70 84 DC 26 ..\s...Ln.Z.p..&
      0020: BD 46 7C D7 F9 1B 20 B7 8F 74 A3 FE 3A 4A CA 76 .F.... ..t..:J.v
      0030: 42 16 15 1C 42 05 DF 71 05 EC D2 19 06 51 B2 37 B...B..q.....Q.7
      0040: D3 45 74 78 DA EE 45 00 3D 00 00 05 FF 01 00 01 .Etx..E.=.......
      0050: 00 .
      [Raw read]: length = 5
      0000: 16 03 03 06 17 .....
      [Raw read]: length = 1559
      0000: 0B 00 06 13 00 06 10 00 06 0D 30 82 06 09 30 82 ..........0...0.
      0010: 03 F1 A0 03 02 01 02 02 08 08 86 A7 7C 19 C2 57 ...............W
      0020: F7 30 0D 06 09 2A 86 48 86 F7 0D 01 01 0B 05 00 .0...*.H........
      0030: 30 71 31 0B 30 09 06 03 55 04 06 13 02 44 45 31 0q1.0...U....DE1
      0040: 20 30 1E 06 03 55 04 0A 0C 17 33 36 30 20 54 72 0...U....360 Tr
      0050: 65 61 73 75 72 79 20 53 79 73 74 65 6D 73 20 41 easury Systems A
      0060: 47 31 16 30 14 06 03 55 04 0B 0C 0D 53 79 73 61 G1.0...U....Sysa
      0070: 64 6D 69 6E 20 54 65 61 6D 31 28 30 26 06 03 55 dmin Team1(0&..U
      0080: 04 03 0C 1F 49 73 73 75 69 6E 67 20 43 65 72 74 ....Issuing Cert
      0090: 69 66 69 63 61 74 69 6F 6E 20 41 75 74 68 6F 72 ification Author
      00A0: 69 74 79 30 1E 17 0D 31 37 30 37 32 35 30 37 31 ity0...170725071
      00B0: 32 31 35 5A 17 0D 31 39 30 37 32 35 30 37 31 32 215Z..1907250712
      00C0: 31 35 5A 30 81 95 31 0B 30 09 06 03 55 04 06 13 15Z0..1.0...U...
      00D0: 02 44 45 31 0F 30 0D 06 03 55 04 08 0C 06 48 65 .DE1.0...U....He
      00E0: 73 73 65 6E 31 1A 30 18 06 03 55 04 07 0C 11 46 ssen1.0...U....F
      00F0: 72 61 6E 6B 66 75 72 74 20 61 6D 20 4D 61 69 6E rankfurt am Main
      0100: 31 20 30 1E 06 03 55 04 0A 0C 17 33 36 30 20 54 1 0...U....360 T
      0110: 72 65 61 73 75 72 79 20 53 79 73 74 65 6D 73 20 reasury Systems
      0120: 41 47 31 16 30 14 06 03 55 04 0B 0C 0D 53 79 73 AG1.0...U....Sys
      0130: 61 64 6D 69 6E 20 54 65 61 6D 31 1F 30 1D 06 03 admin Team1.0...
      0140: 55 04 03 0C 16 33 36 30 54 20 50 72 6F 64 20 53 U....360T Prod S
      0150: 53 4C 20 45 6E 64 70 6F 69 6E 74 30 82 01 22 30 SL Endpoint0.."0
      0160: 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 82 ...*.H..........
      0170: 01 0F 00 30 82 01 0A 02 82 01 01 00 BB D7 1C EE ...0............
      0180: 6B 4D F3 B8 25 8D 65 6E 92 FE 28 14 BE AA 07 BD kM..%.en..(.....
      0190: C1 96 96 74 14 29 75 EA 9E 8D 64 FF 76 A5 BB 51 ...t.)u...d.v..Q
      01A0: BC 47 F0 36 40 88 F9 8F 90 6C 98 F9 3B EA 6E 81 [email protected]..;.n.
      01B0: F2 08 EA AF 06 E1 01 5E 71 23 E7 86 E0 27 FB D5 .......^q#...'..
      01C0: E8 2F AF 08 6A F5 DF 99 2B CF E7 FC 03 34 31 6D ./..j...+....41m
      01D0: 2F BA CA 60 40 74 29 37 5A 0D A6 AC 9F 6B 54 86 /..`@t)7Z....kT.
      01E0: 59 21 05 8C 34 5D DC B0 F0 86 BB BA 93 8B 16 34 Y!..4].........4
      01F0: F6 65 51 12 E8 DE F1 7D F2 54 79 65 5F EC 41 CB .eQ......Tye_.A.
      0200: E8 9F BF 3E 34 CA A6 92 AC FE 5C 92 A7 7A 1D 52 ...>4.....\..z.R
      0210: B2 E9 82 DA CA D7 BA C4 73 85 1A 18 B9 A4 57 30 ........s.....W0
      0220: FD 77 9C AB 7C DE 5D 0B 03 78 6A 5D D2 C8 68 39 .w....]..xj]..h9
      0230: 19 F0 4E 4B C0 B1 84 D1 EE DE 9A A1 F0 4F E7 85 ..NK.........O..
      0240: 1A B5 C0 A6 C6 76 5C 31 F2 8B D6 EC DF 07 E7 05 .....v\1........
      0250: 2F 77 DC 9C 29 31 1C 01 ED 61 EE BF 1B DF BB 8C /w..)1...a......
      0260: 52 19 D6 A0 AB 77 04 FB 34 BF 76 D9 8F 55 BC C8 R....w..4.v..U..
      0270: 8E F5 46 1D 6E 2D 13 D1 B9 5E 90 91 02 03 01 00 ..F.n-...^......
      0280: 01 A3 82 01 7E 30 82 01 7A 30 0C 06 03 55 1D 13 .....0..z0...U..
      0290: 01 01 FF 04 02 30 00 30 1F 06 03 55 1D 23 04 18 .....0.0...U.#..
      02A0: 30 16 80 14 E4 4B DF C0 AA 47 AD B3 B9 4A A6 29 0....K...G...J.)
      02B0: E5 42 9C F3 3F E7 13 43 30 4C 06 08 2B 06 01 05 .B..?..C0L..+...
      02C0: 05 07 01 01 04 40 30 3E 30 3C 06 08 2B 06 01 05 .....@0>0<..+...
      02D0: 05 07 30 02 86 30 68 74 74 70 3A 2F 2F 70 6B 69 ..0..0http://pki
      02E0: 2E 33 36 30 74 2E 63 6F 6D 2F 63 65 72 74 73 2F .360t.com/certs/
      02F0: 33 36 30 74 2D 73 75 62 72 6F 6F 74 2D 63 61 2D 360t-subroot-ca-
      0300: 30 31 2E 63 65 72 30 3F 06 03 55 1D 20 04 38 30 01.cer0?..U. .80
      0310: 36 30 34 06 08 2A 82 14 82 68 01 02 04 30 28 30 604..*...h...0(0
      0320: 26 06 08 2B 06 01 05 05 07 02 01 16 1A 68 74 74 &..+.........htt
      0330: 70 3A 2F 2F 70 6B 69 2E 33 36 30 74 2E 63 6F 6D p://pki.360t.com
      0340: 2F 70 6F 6C 69 63 79 30 1D 06 03 55 1D 25 04 16 /policy0...U.%..
      0350: 30 14 06 08 2B 06 01 05 05 07 03 02 06 08 2B 06 0.............
      0360: 01 05 05 07 03 01 30 3F 06 03 55 1D 1F 04 38 30 ......0?..U...80
      0370: 36 30 34 A0 32 A0 30 86 2E 68 74 74 70 3A 2F 2F 604.2.0..http://
      0380: 70 6B 69 2E 33 36 30 74 2E 63 6F 6D 2F 63 72 6C pki.360t.com/crl
      0390: 2F 33 36 30 74 2D 73 75 62 72 6F 6F 74 2D 63 61 /360t-subroot-ca
      03A0: 2D 30 31 2E 63 72 6C 30 1D 06 03 55 1D 0E 04 16 -01.crl0...U....
      03B0: 04 14 50 6B 3A 75 C0 DE 02 2D 53 3D BF CD 09 84 ..Pk:u...-S=....
      03C0: 98 86 82 AE 30 10 30 2B 06 03 55 1D 10 04 24 30 ....0.0+..U...$0
      03D0: 22 80 0F 32 30 31 37 30 37 32 35 30 37 31 32 31 "..2017072507121
      03E0: 35 5A 81 0F 32 30 31 38 30 37 32 35 30 37 31 32 5Z..201807250712
      03F0: 31 35 5A 30 0E 06 03 55 1D 0F 01 01 FF 04 04 03 15Z0...U........
      0400: 02 07 80 30 0D 06 09 2A 86 48 86 F7 0D 01 01 0B ...0...*.H......
      0410: 05 00 03 82 02 01 00 13 50 BA 85 34 92 93 1D 22 ........P..4..."
      0420: 75 A9 FD 28 24 A7 47 17 90 0C 8B 59 05 2A F9 F0 u..($.G....Y.*..
      0430: F8 7D 99 4F 8F 75 BF D1 C4 3F E7 A7 98 CE D3 58 ...O.u...?.....X
      0440: 88 13 83 E5 EB 3E 60 4E 83 AA 80 FC 2E 7B 01 60 .....>`N.......`
      0450: 07 83 A6 C1 31 DB E1 0A C5 43 EE 27 17 08 8F 4F ....1....C.'...O
      0460: 8B AB 65 7A D7 C8 D3 AD A8 75 B7 62 E7 53 01 DC ..ez.....u.b.S..
      0470: 33 BB B7 2C 96 D5 3F 20 FC 69 FE 3D C1 5E CB 44 3..,..? .i.=.^.D
      0480: AB F8 BE 7B 99 01 79 BB 57 A4 94 D1 C5 11 04 65 ......y.W......e
      0490: 75 8D F8 F0 9F A6 2C E4 8A 51 B0 01 9D 2F DF 31 u.....,..Q.../.1
      04A0: 9A B8 8E D7 3C B4 62 76 3C DD 2A 0C 35 F2 C7 0B ....<.bv<.*.5...
      04B0: 20 D5 58 73 06 20 3C D1 6B 63 96 37 6E EA 1B 65 .Xs. <.kc.7n..e
      04C0: BF 6B 5E AB 4C CA D6 91 7E CD BC ED 84 CC B9 D9 .k^.L...........
      04D0: AB 25 80 93 28 FD 85 FE 21 8E 0F 2D 3D 22 91 05 .%..(...!..-="..
      04E0: A7 59 72 03 20 E8 D6 10 7E CF B0 34 7F 79 3B 47 .Yr. ......4.y;G
      04F0: C5 10 C1 09 EC FC 4A 3E BC 21 F0 FB 7F CF 4C C0 ......J>.!....L.
      0500: 4B 98 1B 7E 3B 06 92 51 73 F4 35 60 D8 7B 72 42 K...;..Qs.5`..rB
      0510: 87 3F BF 9D 4A 55 EB 40 24 57 F6 16 7B 4E 39 BB .?..JU.@$W...N9.
      0520: E5 61 40 C2 D9 2B A7 5B 81 09 C2 69 35 F8 A1 A2 .a@..+.[...i5...
      0530: A7 BA 67 42 7C A3 C5 E6 9E AC 3A C3 8C 6F EB 53 ..gB......:..o.S
      0540: 0A 65 39 67 64 C6 EC 7B 57 7B 9E 54 AE E4 2E A3 .e9gd...W..T....
      0550: 05 E9 0B 10 97 BF BC 47 CA F6 C7 1B 24 A6 CD D9 .......G....$...
      0560: B7 B7 6F A1 D0 31 21 F4 F7 1D E6 42 1C 53 E5 22 ..o..1!....B.S."
      0570: F6 D4 67 36 B0 0B 5C 69 7A B3 F3 31 F3 DA 48 DB ..g6..\iz..1..H.
      0580: EF 7A 1B 99 A4 AE 65 4E 5A 3D 5B 87 9D 1C A6 1A .z....eNZ=[.....
      0590: 1C 07 0D 8A 79 15 AD D1 8D 87 22 6A D2 2B D3 DC ....y....."j.+..
      05A0: 9C 55 05 FB 88 7B 91 15 ED EE 30 30 DE A6 79 B8 .U........00..y.
      05B0: E9 49 B7 AA DA CB 3C 4C 4E FE FB 44 93 F6 15 9A .I....<LN..D....
      05C0: 04 A9 18 E1 51 82 05 CE 43 4E 99 C7 14 FA 1B 8C ....Q...CN......
      05D0: F6 D8 2C 88 E7 33 98 02 4A 0E 41 C0 F5 88 6E 57 ..,..3..J.A...nW
      05E0: CF 59 F8 14 7F E0 51 DA 28 4E 39 C6 D1 0C B6 05 .Y....Q.(N9.....
      05F0: A1 72 9C 7D 68 6F E0 D5 F9 F3 0B 87 7E AF 79 EC .r..ho........y.
      0600: C1 46 68 BC CE 91 98 47 1C F8 9D 02 CF 82 27 D2 .Fh....G......'.
      0610: 64 1D FC C8 DC F2 C8 d......
      NioProcessor-2, READ: TLSv1.2 Handshake, length = 1559
      • Certificate chain
        chain [0] = [
        [
        Version: V3
        Subject: CN=360T Prod SSL Endpoint, OU=Sysadmin Team, O=360 Treasury Systems AG, L=Frankfurt am Main, ST=Hessen, C=DE
        Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11

Key: Sun RSA public key, 2048 bits
modulus: 23712639208870547784934191030619387186574960001448184563206627792919596794770863916315542403970126901173207460879435287069014771623470331049929375045431124035167295456775590846384585558930676280801332442931483209242576237017576066124335085690849009132657890501481937293890660164877270727104316253459785959195876890654110642093619312253053142562293031483654484631881868891371699187919798922793667210760211106397007627967008550144244902921525222408109884089361945984512779871487391974953810469509555802158583127744803376858365706377038448938877003235243384520886173915777511443225158149320165300692093957485459943624849
public exponent: 65537
Validity: [From: Tue Jul 25 15:12:15 CST 2017,
To: Thu Jul 25 15:12:15 CST 2019]
Issuer: CN=Issuing Certification Authority, OU=Sysadmin Team, O=360 Treasury Systems AG, C=DE
SerialNumber: [ 0886a77c 19c257f7]

Certificate Extensions: 7
[1]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: E4 4B DF C0 AA 47 AD B3 B9 4A A6 29 E5 42 9C F3 .K...G...J.).B..
0010: 3F E7 13 43 ?..C
]
]

[2]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:false
PathLen: undefined
]

[3]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [1.2.276.360.1.2.4]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 1A 68 74 74 70 3A 2F 2F 70 6B 69 2E 33 36 30 ..http://pki.360
0010: 74 2E 63 6F 6D 2F 70 6F 6C 69 63 79 t.com/policy

]] ]
]

[4]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
clientAuth
serverAuth
]

[5]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
]

[6]: ObjectId: 2.5.29.16 Criticality=false
PrivateKeyUsage: [
From: Tue Jul 25 15:12:15 CST 2017, To: Wed Jul 25 15:12:15 CST 2018]

[7]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 50 6B 3A 75 C0 DE 02 2D 53 3D BF CD 09 84 98 86 Pk:u...-S=......
0010: 82 AE 30 10 ..0.
]
]

Unparseable certificate extensions: 2
[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
Unparseable AuthorityInfoAccess extension due to
java.io.IOException: invalid URI name (host portion is not a valid DNS name, IPv4 address, or IPv6 address):http://pki.360t.com/certs/360t-subroot-ca-01.cer

0000: 30 3E 30 3C 06 08 2B 06 01 05 05 07 30 02 86 30 0>0<..+.....0..0
0010: 68 74 74 70 3A 2F 2F 70 6B 69 2E 33 36 30 74 2E http://pki.360t.
0020: 63 6F 6D 2F 63 65 72 74 73 2F 33 36 30 74 2D 73 com/certs/360t-s
0030: 75 62 72 6F 6F 74 2D 63 61 2D 30 31 2E 63 65 72 ubroot-ca-01.cer

[2]: ObjectId: 2.5.29.31 Criticality=false
Unparseable CRLDistributionPoints extension due to
java.io.IOException: invalid URI name (host portion is not a valid DNS name, IPv4 address, or IPv6 address):http://pki.360t.com/crl/360t-subroot-ca-01.crl

0000: 30 36 30 34 A0 32 A0 30 86 2E 68 74 74 70 3A 2F 0604.2.0..http:/
0010: 2F 70 6B 69 2E 33 36 30 74 2E 63 6F 6D 2F 63 72 /pki.360t.com/cr
0020: 6C 2F 33 36 30 74 2D 73 75 62 72 6F 6F 74 2D 63 l/360t-subroot-c
0030: 61 2D 30 31 2E 63 72 6C a-01.crl

]
Algorithm: [SHA256withRSA]
Signature:
0000: 13 50 BA 85 34 92 93 1D 22 75 A9 FD 28 24 A7 47 .P..4..."u..($.G
0010: 17 90 0C 8B 59 05 2A F9 F0 F8 7D 99 4F 8F 75 BF ....Y.*.....O.u.
0020: D1 C4 3F E7 A7 98 CE D3 58 88 13 83 E5 EB 3E 60 ..?.....X.....>`
0030: 4E 83 AA 80 FC 2E 7B 01 60 07 83 A6 C1 31 DB E1 N.......`....1..
0040: 0A C5 43 EE 27 17 08 8F 4F 8B AB 65 7A D7 C8 D3 ..C.'...O..ez...
0050: AD A8 75 B7 62 E7 53 01 DC 33 BB B7 2C 96 D5 3F ..u.b.S..3..,..?
0060: 20 FC 69 FE 3D C1 5E CB 44 AB F8 BE 7B 99 01 79 .i.=.^.D......y
0070: BB 57 A4 94 D1 C5 11 04 65 75 8D F8 F0 9F A6 2C .W......eu.....,
0080: E4 8A 51 B0 01 9D 2F DF 31 9A B8 8E D7 3C B4 62 ..Q.../.1....<.b
0090: 76 3C DD 2A 0C 35 F2 C7 0B 20 D5 58 73 06 20 3C v<.*.5... .Xs. <
00A0: D1 6B 63 96 37 6E EA 1B 65 BF 6B 5E AB 4C CA D6 .kc.7n..e.k^.L..
00B0: 91 7E CD BC ED 84 CC B9 D9 AB 25 80 93 28 FD 85 ..........%..(..
00C0: FE 21 8E 0F 2D 3D 22 91 05 A7 59 72 03 20 E8 D6 .!..-="...Yr. ..
00D0: 10 7E CF B0 34 7F 79 3B 47 C5 10 C1 09 EC FC 4A ....4.y;G......J
00E0: 3E BC 21 F0 FB 7F CF 4C C0 4B 98 1B 7E 3B 06 92 >.!....L.K...;..
00F0: 51 73 F4 35 60 D8 7B 72 42 87 3F BF 9D 4A 55 EB Qs.5`..rB.?..JU.
0100: 40 24 57 F6 16 7B 4E 39 BB E5 61 40 C2 D9 2B A7 @$W...N9..a@..+.
0110: 5B 81 09 C2 69 35 F8 A1 A2 A7 BA 67 42 7C A3 C5 [...i5.....gB...
0120: E6 9E AC 3A C3 8C 6F EB 53 0A 65 39 67 64 C6 EC ...:..o.S.e9gd..
0130: 7B 57 7B 9E 54 AE E4 2E A3 05 E9 0B 10 97 BF BC .W..T...........
0140: 47 CA F6 C7 1B 24 A6 CD D9 B7 B7 6F A1 D0 31 21 G....$.....o..1!
0150: F4 F7 1D E6 42 1C 53 E5 22 F6 D4 67 36 B0 0B 5C ....B.S."..g6..\
0160: 69 7A B3 F3 31 F3 DA 48 DB EF 7A 1B 99 A4 AE 65 iz..1..H..z....e
0170: 4E 5A 3D 5B 87 9D 1C A6 1A 1C 07 0D 8A 79 15 AD NZ=[.........y..
0180: D1 8D 87 22 6A D2 2B D3 DC 9C 55 05 FB 88 7B 91 ..."j.+...U.....
0190: 15 ED EE 30 30 DE A6 79 B8 E9 49 B7 AA DA CB 3C ...00..y..I....<
01A0: 4C 4E FE FB 44 93 F6 15 9A 04 A9 18 E1 51 82 05 LN..D........Q..
01B0: CE 43 4E 99 C7 14 FA 1B 8C F6 D8 2C 88 E7 33 98 .CN........,..3.
01C0: 02 4A 0E 41 C0 F5 88 6E 57 CF 59 F8 14 7F E0 51 .J.A...nW.Y....Q
01D0: DA 28 4E 39 C6 D1 0C B6 05 A1 72 9C 7D 68 6F E0 .(N9......r..ho.
01E0: D5 F9 F3 0B 87 7E AF 79 EC C1 46 68 BC CE 91 98 .......y..Fh....
01F0: 47 1C F8 9D 02 CF 82 27 D2 64 1D FC C8 DC F2 C8 G......'.d......

]
***
NioProcessor-2, fatal error: 46: General SSLEngine problem
sun.security.validator.ValidatorException: KeyUsage does not allow key encipherment
%% Invalidated: [Session-1, TLS_RSA_WITH_AES_256_CBC_SHA256]
NioProcessor-2, SEND TLSv1.2 ALERT: fatal, description = certificate_unknown
NioProcessor-2, WRITE: TLSv1.2 Alert, length = 2
NioProcessor-2, fatal: engine already closed. Rethrowing javax.net.ssl.SSLHandshakeException: General SSLEngine problem
NioProcessor-2, called closeOutbound()
NioProcessor-2, closeOutboundInternal()
[Raw write]: length = 7
0000: 15 03 03 00 02 02 2E .......
NioProcessor-2, called closeInbound()
NioProcessor-2, fatal: engine already closed. Rethrowing javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?
NioProcessor-2, called closeOutbound()
NioProcessor-2, closeOutboundInternal()

 Comments   
Comment by Christoph John [ 26/Feb/19 ]

I think this is more a Java SSL problem than a QFJ problem. However, all that I found about this problem on Google suggests that the certificate needs to be generated with enabled "Key Encipherment". Your counterparty should be able to provide you with this.
If you have anything to add to this then please use the mailing list. https://sourceforge.net/projects/quickfixj/lists/quickfixj-users

Thanks,
Chris.

Generated at Tue May 14 01:02:57 UTC 2024 using JIRA 7.5.2#75007-sha1:9f5725bb824792b3230a5d8716f0c13e296a3cae.