JDK Tutorials - Herong's Tutorial Notes - SSL

JDK Tutorials - Herong's Tutorial Notes

Dr. Herong Yang, Version 4.32, 2006

SSL - Socket Communication

Part: 1 2 3 4

JDK Tutorials - Herong's Tutorial Notes © Dr. Herong Yang

Internationalization

Character Set and Encoding

Socket Communication

Document Object Model (DOM)

XSD Validation in Java

XSL - Transformer in Java

JCA - Private and Public Key Pairs

JCE - Secret Key

SSL (Secure Socket Layer)

SSL - Client Authentication

... Table of Contents

(Continued from previous part...)

Found trusted certificate:
[
[
  Version: V1
  Subject: CN=Herong Yang, OU=My unit, O=My home, L=My ci
  Signature Algorithm: SHA1withDSA, OID = 1.2.840.10040.4
......
]
......
]
*** Diffie-Hellman ServerKeyExchange
DH Modulus:  { 244, 136, 253, 88, 78, 73, 219, 205, 32, 1
DH Base:  { 2 }
Server DH Public Key:  { 100, 97, 85, 119, 180, 34, 56, 2
Anonymous
*** ServerHelloDone
*** ClientDiffieHellmanPublic
DH Public key:  { 40, 239, 235, 116, 118, 207, 63, 85, 24
main, WRITE: TLSv1 Handshake, length = 134
SESSION KEYGEN:
PreMaster Secret:
0000: 69 65 81 69 31 1E 9E 4D   34 9C 49 54 6E 0A A5 FB  
0010: B9 C0 21 F7 4F 84 D5 75   69 86 F2 10 B5 F6 8D 20  
......
CONNECTION KEYGEN:
Client Nonce:
0000: 42 44 BA 8E 40 FF 37 0F   7B 46 96 D1 E5 6A 99 FA  
0010: A5 7E 85 2F 57 A9 E4 17   8A 2C 74 54 60 6A B4 10  
Server Nonce:
0000: 42 44 BA 8E 78 C2 8F E0   60 82 32 C9 C4 EE 68 F3  
0010: 6C B7 6A AB B0 F9 E8 DD   66 3F A1 3C 5E 96 97 32  
Master Secret:
0000: 49 B5 9D BC 38 95 E6 34   EE 10 89 7E 3E 53 77 F9  
0010: BD 93 83 F7 FC D1 F1 6F   B1 95 83 B5 97 63 1F 2B  
0020: 0D A6 05 50 DA B7 21 28   EB B9 D5 6B A4 2D F0 02  
Client MAC write Secret:
0000: 34 57 AE 02 2B CA 00 04   0D D5 49 27 37 DB E0 76  
0010: 92 38 DD 1E                                        
Server MAC write Secret:
0000: 2D 58 DD 43 59 4C CB AC   F5 C7 B2 ED 5F B1 16 03  
0010: E7 A0 57 D2                                        
Client write key:
0000: 65 25 6A 56 FB AE B2 37   B0 BD FE 82 BE 45 F4 5F  
Server write key:
0000: 44 23 24 A7 BE CD FB 3C   CF D6 50 EC 43 C1 C2 E1  
Client write IV:
0000: 73 F3 98 2D F3 9A 6D 72   2F 59 4E 58 80 3D 17 F1  
Server write IV:
0000: 68 10 0A C0 FE 36 88 CD   92 E3 14 DC 87 9C 51 93  
main, WRITE: TLSv1 Change Cipher Spec, length = 1
*** Finished
verify_data:  { 148, 191, 195, 227, 118, 168, 181, 3, 60,
***
main, WRITE: TLSv1 Handshake, length = 48
main, READ: TLSv1 Change Cipher Spec, length = 1
main, READ: TLSv1 Handshake, length = 48
*** Finished
verify_data:  { 33, 227, 154, 8, 58, 178, 246, 217, 219, 
***
%% Cached client session: [Session-1, TLS_DHE_DSS_WITH_AE
   Cipher suite = TLS_DHE_DSS_WITH_AES_128_CBC_SHA
   Protocol = TLSv1
%% Client cached [Session-1, TLS_DHE_DSS_WITH_AES_128_CBC
%% Try resuming [Session-1, TLS_DHE_DSS_WITH_AES_128_CBC_
*** ClientHello, TLSv1
RandomCookie:  GMT: 1111734671 bytes = { 180, 13, 13, 192
Session ID:  {66, 68, 186, 142, 195, 126, 97, 92, 127, 59
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC
Compression Methods:  { 0 }
***
main, WRITE: TLSv1 Handshake, length = 128
main, READ: TLSv1 Application Data, length = 96
Welcome to SSL Reverse Echo Server. Please type in some w
Hello World!
main, WRITE: TLSv1 Application Data, length = 48
main, READ: TLSv1 Handshake, length = 96
*** ServerHello, TLSv1
RandomCookie:  GMT: 1111734671 bytes = { 172, 192, 94, 22
Session ID:  {66, 68, 186, 142, 195, 126, 97, 92, 127, 59
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA
Compression Method: 0
***
CONNECTION KEYGEN:
Client Nonce:
0000: 42 44 BA 8F B4 0D 0D C0   2A 41 EC F5 A7 FA 79 34  
0010: CD 5E 62 E2 04 13 68 84   D0 62 98 1E C0 1F 15 AA  
Server Nonce:
0000: 42 44 BA 8F AC C0 5E E0   74 61 C1 34 E5 14 88 2F  
0010: 6D 16 0F E2 EE 27 A5 D1   FA 52 BB 8B A5 21 A7 4A  
Master Secret:
0000: 49 B5 9D BC 38 95 E6 34   EE 10 89 7E 3E 53 77 F9  
0010: BD 93 83 F7 FC D1 F1 6F   B1 95 83 B5 97 63 1F 2B  
0020: 0D A6 05 50 DA B7 21 28   EB B9 D5 6B A4 2D F0 02  
Client MAC write Secret:
0000: 7F F0 DC C8 FE E4 9D 57   6E 5D E1 C4 D3 D5 9A 3E  
0010: 9A 30 48 90                                        
Server MAC write Secret:
0000: E6 F6 DC A1 87 D0 F2 93   0B E8 7C AE 9D BC 98 42  
0010: 6A 22 0D 12                                        
Client write key:
0000: AA 64 2F E3 54 E8 2D 86   61 39 F9 B8 C3 C9 73 79  
Server write key:
0000: D8 54 5C 02 56 DE B8 1E   ED 28 AC FD 5A 01 8A BD  
Client write IV:
0000: C9 EE F0 EB 24 41 1B 06   D7 D3 1A 7B DC CD 7C 59  
Server write IV:
0000: 16 35 61 8A 34 F2 D4 76   6A 9A 13 FE 17 3E 74 41  
%% Server resumed [Session-1, TLS_DHE_DSS_WITH_AES_128_CB
main, READ: TLSv1 Change Cipher Spec, length = 32
main, READ: TLSv1 Handshake, length = 48
*** Finished
verify_data:  { 56, 41, 153, 87, 50, 152, 70, 168, 237, 1
***
main, WRITE: TLSv1 Change Cipher Spec, length = 32
*** Finished
verify_data:  { 254, 26, 149, 188, 239, 40, 18, 232, 72, 
***
main, WRITE: TLSv1 Handshake, length = 48
main, READ: TLSv1 Application Data, length = 48
!dlroW olleH
main, WRITE: TLSv1 Application Data, length = 32
main, READ: TLSv1 Alert, length = 32
main, RECV TLSv1 ALERT:  warning, close_notify
main, called closeInternal(false)
main, SEND TLSv1 ALERT:  warning, description = close_not
main, WRITE: TLSv1 Alert, length = 32
main, called close()
main, called closeInternal(true)
main, called close()
main, called closeInternal(true)
main, called close()
main, called closeInternal(true)

Exercise : Revise both SslReverseEchoer.java and SslSocketClient.java so that client authentication is required.

Part: 1 2 3 4

Dr. Herong Yang, updated in 2006

JDK Tutorials - Herong's Tutorial Notes - SSL - Socket Communication