JDK Tutorials - Herong's Tutorial Examples - Version 6.02, by Dr. Herong Yang
javax.net.debug - Debugging SSL Socket Communication
This section provides a tutorial example on how to use JVM property, javax.net.debug, to turn on the SSL socket communication debug option. The debug output message can help you to know what exactly happens at the SSL layer.
If you want to know what is really going on at the SSL layer, you could use the JSSE Debug options, "-Djavax.net.debug=options". Here is how I use it on the client side:
>java -cp . -Djavax.net.ssl.trustStore=public.jks -Djavax.net.debug=help SslSocketClient all turn on all debugging ssl turn on ssl debugging The following can be used with ssl: record enable per-record tracing handshake print each handshake message ...... (Run SslReverseEchoer.java in another window) >java -cp . -Djavax.net.ssl.trustStore=public.jks -Djavax.net.debug=ssl:record SslSocketClient setting up default SSLSocketFactory ...... init truststore adding as trusted cert: Subject: CN=Herong Yang, OU=My unit, O=My home, L=My ci Issuer: CN=Herong Yang, OU=My unit, O=My home, L=My ci Algorithm: DSA; Serial number: 0x42266fba ...... init context trigger seeding of SecureRandom ...... %% No cached client session *** ClientHello, TLSv1 RandomCookie: GMT: 1111734670 bytes = { 64, 255, 55, 15, Session ID: {} Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC Compression Methods: { 0 } *** main, WRITE: TLSv1 Handshake, length = 73 main, WRITE: SSLv2 client hello message, length = 98 main, READ: TLSv1 Handshake, length = 1187 *** ServerHello, TLSv1 RandomCookie: GMT: 1111734670 bytes = { 120, 194, 143, 2 Session ID: {66, 68, 186, 142, 195, 126, 97, 92, 127, 59 Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA Compression Method: 0 *** %% Created: [Session-1, TLS_DHE_DSS_WITH_AES_128_CBC_SHA ** TLS_DHE_DSS_WITH_AES_128_CBC_SHA *** Certificate chain chain [0] = [ [ Version: V1 Subject: CN=Herong Yang, OU=My unit, O=My home, L=My ci Signature Algorithm: SHA1withDSA, OID = 1.2.840.10040.4 ...... ] ...... ] *** Found trusted certificate: [ [ Version: V1 Subject: CN=Herong Yang, OU=My unit, O=My home, L=My ci Signature Algorithm: SHA1withDSA, OID = 1.2.840.10040.4 ...... ] ...... ] *** Diffie-Hellman ServerKeyExchange DH Modulus: { 244, 136, 253, 88, 78, 73, 219, 205, 32, 1 DH Base: { 2 } Server DH Public Key: { 100, 97, 85, 119, 180, 34, 56, 2 Anonymous *** ServerHelloDone *** ClientDiffieHellmanPublic DH Public key: { 40, 239, 235, 116, 118, 207, 63, 85, 24 main, WRITE: TLSv1 Handshake, length = 134 SESSION KEYGEN: PreMaster Secret: 0000: 69 65 81 69 31 1E 9E 4D 34 9C 49 54 6E 0A A5 FB 0010: B9 C0 21 F7 4F 84 D5 75 69 86 F2 10 B5 F6 8D 20 ...... CONNECTION KEYGEN: Client Nonce: 0000: 42 44 BA 8E 40 FF 37 0F 7B 46 96 D1 E5 6A 99 FA 0010: A5 7E 85 2F 57 A9 E4 17 8A 2C 74 54 60 6A B4 10 Server Nonce: 0000: 42 44 BA 8E 78 C2 8F E0 60 82 32 C9 C4 EE 68 F3 0010: 6C B7 6A AB B0 F9 E8 DD 66 3F A1 3C 5E 96 97 32 Master Secret: 0000: 49 B5 9D BC 38 95 E6 34 EE 10 89 7E 3E 53 77 F9 0010: BD 93 83 F7 FC D1 F1 6F B1 95 83 B5 97 63 1F 2B 0020: 0D A6 05 50 DA B7 21 28 EB B9 D5 6B A4 2D F0 02 Client MAC write Secret: 0000: 34 57 AE 02 2B CA 00 04 0D D5 49 27 37 DB E0 76 0010: 92 38 DD 1E Server MAC write Secret: 0000: 2D 58 DD 43 59 4C CB AC F5 C7 B2 ED 5F B1 16 03 0010: E7 A0 57 D2 Client write key: 0000: 65 25 6A 56 FB AE B2 37 B0 BD FE 82 BE 45 F4 5F Server write key: 0000: 44 23 24 A7 BE CD FB 3C CF D6 50 EC 43 C1 C2 E1 Client write IV: 0000: 73 F3 98 2D F3 9A 6D 72 2F 59 4E 58 80 3D 17 F1 Server write IV: 0000: 68 10 0A C0 FE 36 88 CD 92 E3 14 DC 87 9C 51 93 main, WRITE: TLSv1 Change Cipher Spec, length = 1 *** Finished verify_data: { 148, 191, 195, 227, 118, 168, 181, 3, 60, *** main, WRITE: TLSv1 Handshake, length = 48 main, READ: TLSv1 Change Cipher Spec, length = 1 main, READ: TLSv1 Handshake, length = 48 *** Finished verify_data: { 33, 227, 154, 8, 58, 178, 246, 217, 219, *** %% Cached client session: [Session-1, TLS_DHE_DSS_WITH_AE Cipher suite = TLS_DHE_DSS_WITH_AES_128_CBC_SHA Protocol = TLSv1 %% Client cached [Session-1, TLS_DHE_DSS_WITH_AES_128_CBC %% Try resuming [Session-1, TLS_DHE_DSS_WITH_AES_128_CBC_ *** ClientHello, TLSv1 RandomCookie: GMT: 1111734671 bytes = { 180, 13, 13, 192 Session ID: {66, 68, 186, 142, 195, 126, 97, 92, 127, 59 Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC Compression Methods: { 0 } *** main, WRITE: TLSv1 Handshake, length = 128 main, READ: TLSv1 Application Data, length = 96 Welcome to SSL Reverse Echo Server. Please type in some w Hello World! main, WRITE: TLSv1 Application Data, length = 48 main, READ: TLSv1 Handshake, length = 96 *** ServerHello, TLSv1 RandomCookie: GMT: 1111734671 bytes = { 172, 192, 94, 22 Session ID: {66, 68, 186, 142, 195, 126, 97, 92, 127, 59 Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA Compression Method: 0 *** CONNECTION KEYGEN: Client Nonce: 0000: 42 44 BA 8F B4 0D 0D C0 2A 41 EC F5 A7 FA 79 34 0010: CD 5E 62 E2 04 13 68 84 D0 62 98 1E C0 1F 15 AA Server Nonce: 0000: 42 44 BA 8F AC C0 5E E0 74 61 C1 34 E5 14 88 2F 0010: 6D 16 0F E2 EE 27 A5 D1 FA 52 BB 8B A5 21 A7 4A Master Secret: 0000: 49 B5 9D BC 38 95 E6 34 EE 10 89 7E 3E 53 77 F9 0010: BD 93 83 F7 FC D1 F1 6F B1 95 83 B5 97 63 1F 2B 0020: 0D A6 05 50 DA B7 21 28 EB B9 D5 6B A4 2D F0 02 Client MAC write Secret: 0000: 7F F0 DC C8 FE E4 9D 57 6E 5D E1 C4 D3 D5 9A 3E 0010: 9A 30 48 90 Server MAC write Secret: 0000: E6 F6 DC A1 87 D0 F2 93 0B E8 7C AE 9D BC 98 42 0010: 6A 22 0D 12 Client write key: 0000: AA 64 2F E3 54 E8 2D 86 61 39 F9 B8 C3 C9 73 79 Server write key: 0000: D8 54 5C 02 56 DE B8 1E ED 28 AC FD 5A 01 8A BD Client write IV: 0000: C9 EE F0 EB 24 41 1B 06 D7 D3 1A 7B DC CD 7C 59 Server write IV: 0000: 16 35 61 8A 34 F2 D4 76 6A 9A 13 FE 17 3E 74 41 %% Server resumed [Session-1, TLS_DHE_DSS_WITH_AES_128_CB main, READ: TLSv1 Change Cipher Spec, length = 32 main, READ: TLSv1 Handshake, length = 48 *** Finished verify_data: { 56, 41, 153, 87, 50, 152, 70, 168, 237, 1 *** main, WRITE: TLSv1 Change Cipher Spec, length = 32 *** Finished verify_data: { 254, 26, 149, 188, 239, 40, 18, 232, 72, *** main, WRITE: TLSv1 Handshake, length = 48 main, READ: TLSv1 Application Data, length = 48 !dlroW olleH main, WRITE: TLSv1 Application Data, length = 32 main, READ: TLSv1 Alert, length = 32 main, RECV TLSv1 ALERT: warning, close_notify main, called closeInternal(false) main, SEND TLSv1 ALERT: warning, description = close_not main, WRITE: TLSv1 Alert, length = 32 main, called close() main, called closeInternal(true) main, called close() main, called closeInternal(true) main, called close() main, called closeInternal(true)
Exercise : Revise both SslReverseEchoer.java and SslSocketClient.java so that client authentication is required.
Last update: 2014.
Table of Contents
Downloading and Installing JDK 1.8.0 on Windows
Downloading and Installing JDK 1.7.0 on Windows
Downloading and Installing JDK 1.6.2 on Windows
Date, Time and Calendar Classes
Date and Time Object and String Conversion
Number Object and Numeric String Conversion
Locales, Localization Methods and Resource Bundles
Calling and Importing Classes Defined in Unnamed Packages
HashSet, Vector, HashMap and Collection Classes
Character Set Encoding Classes and Methods
Encoding Conversion Programs for Encoded Text Files
Datagram Network Communication
DOM (Document Object Model) - API for XML Files
DTD (Document Type Definition) - XML Validation
XSD (XML Schema Definition) - XML Validation
XSL (Extensible Stylesheet Language)
Message Digest Algorithm Implementations in JDK
Private key and Public Key Pair Generation
PKCS#8/X.509 Private/Public Encoding Standards
Digital Signature Algorithm and Sample Program
"keytool" Commands and "keystore" Files
KeyStore and Certificate Classes
Secret Key Generation and Management
Cipher - Secret Key Encryption and Decryption
The SSL (Secure Socket Layer) Protocol
►SSL Socket Communication Testing Programs
SslReverseEchoer.java - SSL Server Socket Example
SslSocketClient.java - SSL Client Socket Example
Making Self-Signed Certificates Trusted
►javax.net.debug - Debugging SSL Socket Communication