javax.net.debug - Debugging SSL Socket Communication

JDK Tutorials - Herong's Tutorial Examples

∟SSL Socket Communication Testing Programs

∟javax.net.debug - Debugging SSL Socket Communication

This section provides a tutorial example on how to use JVM property, javax.net.debug, to turn on the SSL socket communication debug option. The debug output message can help you to know what exactly happens at the SSL layer.

If you want to know what is really going on at the SSL layer, you could use the JSSE Debug options, "-Djavax.net.debug=options". Here is how I use it on the client side:

>java -cp . -Djavax.net.ssl.trustStore=public.jks
   -Djavax.net.debug=help SslSocketClient
   
all            turn on all debugging
ssl            turn on ssl debugging

The following can be used with ssl:
        record       enable per-record tracing
        handshake    print each handshake message
......

(Run SslReverseEchoer.java in another window)

>java -cp . -Djavax.net.ssl.trustStore=public.jks
   -Djavax.net.debug=ssl:record SslSocketClient

setting up default SSLSocketFactory
......
init truststore
adding as trusted cert:
  Subject: CN=Herong Yang, OU=My unit, O=My home, L=My ci
  Issuer:  CN=Herong Yang, OU=My unit, O=My home, L=My ci
  Algorithm: DSA; Serial number: 0x42266fba
......
init context
trigger seeding of SecureRandom
......
%% No cached client session
*** ClientHello, TLSv1
RandomCookie:  GMT: 1111734670 bytes = { 64, 255, 55, 15,
Session ID:  {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC
Compression Methods:  { 0 }
***
main, WRITE: TLSv1 Handshake, length = 73
main, WRITE: SSLv2 client hello message, length = 98
main, READ: TLSv1 Handshake, length = 1187
*** ServerHello, TLSv1
RandomCookie:  GMT: 1111734670 bytes = { 120, 194, 143, 2
Session ID:  {66, 68, 186, 142, 195, 126, 97, 92, 127, 59
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA
Compression Method: 0
***
%% Created:  [Session-1, TLS_DHE_DSS_WITH_AES_128_CBC_SHA
** TLS_DHE_DSS_WITH_AES_128_CBC_SHA
*** Certificate chain
chain [0] = [
[
  Version: V1
  Subject: CN=Herong Yang, OU=My unit, O=My home, L=My ci
  Signature Algorithm: SHA1withDSA, OID = 1.2.840.10040.4
......
]
......
]
***
Found trusted certificate:
[
[
  Version: V1
  Subject: CN=Herong Yang, OU=My unit, O=My home, L=My ci
  Signature Algorithm: SHA1withDSA, OID = 1.2.840.10040.4
......
]
......
]
*** Diffie-Hellman ServerKeyExchange
DH Modulus:  { 244, 136, 253, 88, 78, 73, 219, 205, 32, 1
DH Base:  { 2 }
Server DH Public Key:  { 100, 97, 85, 119, 180, 34, 56, 2
Anonymous
*** ServerHelloDone
*** ClientDiffieHellmanPublic
DH Public key:  { 40, 239, 235, 116, 118, 207, 63, 85, 24
main, WRITE: TLSv1 Handshake, length = 134
SESSION KEYGEN:
PreMaster Secret:
0000: 69 65 81 69 31 1E 9E 4D   34 9C 49 54 6E 0A A5 FB  
0010: B9 C0 21 F7 4F 84 D5 75   69 86 F2 10 B5 F6 8D 20  
......
CONNECTION KEYGEN:
Client Nonce:
0000: 42 44 BA 8E 40 FF 37 0F   7B 46 96 D1 E5 6A 99 FA  
0010: A5 7E 85 2F 57 A9 E4 17   8A 2C 74 54 60 6A B4 10  
Server Nonce:
0000: 42 44 BA 8E 78 C2 8F E0   60 82 32 C9 C4 EE 68 F3  
0010: 6C B7 6A AB B0 F9 E8 DD   66 3F A1 3C 5E 96 97 32  
Master Secret:
0000: 49 B5 9D BC 38 95 E6 34   EE 10 89 7E 3E 53 77 F9  
0010: BD 93 83 F7 FC D1 F1 6F   B1 95 83 B5 97 63 1F 2B  
0020: 0D A6 05 50 DA B7 21 28   EB B9 D5 6B A4 2D F0 02  
Client MAC write Secret:
0000: 34 57 AE 02 2B CA 00 04   0D D5 49 27 37 DB E0 76  
0010: 92 38 DD 1E                                        
Server MAC write Secret:
0000: 2D 58 DD 43 59 4C CB AC   F5 C7 B2 ED 5F B1 16 03  
0010: E7 A0 57 D2                                        
Client write key:
0000: 65 25 6A 56 FB AE B2 37   B0 BD FE 82 BE 45 F4 5F  
Server write key:
0000: 44 23 24 A7 BE CD FB 3C   CF D6 50 EC 43 C1 C2 E1  
Client write IV:
0000: 73 F3 98 2D F3 9A 6D 72   2F 59 4E 58 80 3D 17 F1  
Server write IV:
0000: 68 10 0A C0 FE 36 88 CD   92 E3 14 DC 87 9C 51 93  
main, WRITE: TLSv1 Change Cipher Spec, length = 1
*** Finished
verify_data:  { 148, 191, 195, 227, 118, 168, 181, 3, 60,
***
main, WRITE: TLSv1 Handshake, length = 48
main, READ: TLSv1 Change Cipher Spec, length = 1
main, READ: TLSv1 Handshake, length = 48
*** Finished
verify_data:  { 33, 227, 154, 8, 58, 178, 246, 217, 219, 
***
%% Cached client session: [Session-1, TLS_DHE_DSS_WITH_AE
   Cipher suite = TLS_DHE_DSS_WITH_AES_128_CBC_SHA
   Protocol = TLSv1
%% Client cached [Session-1, TLS_DHE_DSS_WITH_AES_128_CBC
%% Try resuming [Session-1, TLS_DHE_DSS_WITH_AES_128_CBC_
*** ClientHello, TLSv1
RandomCookie:  GMT: 1111734671 bytes = { 180, 13, 13, 192
Session ID:  {66, 68, 186, 142, 195, 126, 97, 92, 127, 59
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC
Compression Methods:  { 0 }
***
main, WRITE: TLSv1 Handshake, length = 128
main, READ: TLSv1 Application Data, length = 96
Welcome to SSL Reverse Echo Server. Please type in some w
Hello World!
main, WRITE: TLSv1 Application Data, length = 48
main, READ: TLSv1 Handshake, length = 96
*** ServerHello, TLSv1
RandomCookie:  GMT: 1111734671 bytes = { 172, 192, 94, 22
Session ID:  {66, 68, 186, 142, 195, 126, 97, 92, 127, 59
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA
Compression Method: 0
***
CONNECTION KEYGEN:
Client Nonce:
0000: 42 44 BA 8F B4 0D 0D C0   2A 41 EC F5 A7 FA 79 34  
0010: CD 5E 62 E2 04 13 68 84   D0 62 98 1E C0 1F 15 AA  
Server Nonce:
0000: 42 44 BA 8F AC C0 5E E0   74 61 C1 34 E5 14 88 2F  
0010: 6D 16 0F E2 EE 27 A5 D1   FA 52 BB 8B A5 21 A7 4A  
Master Secret:
0000: 49 B5 9D BC 38 95 E6 34   EE 10 89 7E 3E 53 77 F9  
0010: BD 93 83 F7 FC D1 F1 6F   B1 95 83 B5 97 63 1F 2B  
0020: 0D A6 05 50 DA B7 21 28   EB B9 D5 6B A4 2D F0 02  
Client MAC write Secret:
0000: 7F F0 DC C8 FE E4 9D 57   6E 5D E1 C4 D3 D5 9A 3E  
0010: 9A 30 48 90                                        
Server MAC write Secret:
0000: E6 F6 DC A1 87 D0 F2 93   0B E8 7C AE 9D BC 98 42  
0010: 6A 22 0D 12                                        
Client write key:
0000: AA 64 2F E3 54 E8 2D 86   61 39 F9 B8 C3 C9 73 79  
Server write key:
0000: D8 54 5C 02 56 DE B8 1E   ED 28 AC FD 5A 01 8A BD  
Client write IV:
0000: C9 EE F0 EB 24 41 1B 06   D7 D3 1A 7B DC CD 7C 59  
Server write IV:
0000: 16 35 61 8A 34 F2 D4 76   6A 9A 13 FE 17 3E 74 41  
%% Server resumed [Session-1, TLS_DHE_DSS_WITH_AES_128_CB
main, READ: TLSv1 Change Cipher Spec, length = 32
main, READ: TLSv1 Handshake, length = 48
*** Finished
verify_data:  { 56, 41, 153, 87, 50, 152, 70, 168, 237, 1
***
main, WRITE: TLSv1 Change Cipher Spec, length = 32
*** Finished
verify_data:  { 254, 26, 149, 188, 239, 40, 18, 232, 72, 
***
main, WRITE: TLSv1 Handshake, length = 48
main, READ: TLSv1 Application Data, length = 48
!dlroW olleH
main, WRITE: TLSv1 Application Data, length = 32
main, READ: TLSv1 Alert, length = 32
main, RECV TLSv1 ALERT:  warning, close_notify
main, called closeInternal(false)
main, SEND TLSv1 ALERT:  warning, description = close_not
main, WRITE: TLSv1 Alert, length = 32
main, called close()
main, called closeInternal(true)
main, called close()
main, called closeInternal(true)
main, called close()
main, called closeInternal(true)

Exercise : Revise both SslReverseEchoer.java and SslSocketClient.java so that client authentication is required.

Last update: 2014.

Table of Contents

About This JDK Tutorial Book

Downloading and Installing JDK 1.8.0 on Windows

Downloading and Installing JDK 1.7.0 on Windows

Downloading and Installing JDK 1.6.2 on Windows

Java Date-Time API

Date, Time and Calendar Classes

Date and Time Object and String Conversion

Number Object and Numeric String Conversion

Locales, Localization Methods and Resource Bundles