Home » Java » java – Embedded MQTT broker: error on TLS handshake-Exceptionshub

java – Embedded MQTT broker: error on TLS handshake-Exceptionshub

Posted by: admin February 25, 2020 Leave a comment

Questions:

I am currently using an embedded MQTT broker (moquette) on an android application, when using TLS got the error: SSLHandshakeException: Remote host closed connection during a handshake. Don’t know what is the problem.

Client Code:

    KeyStore caKs = KeyStore.getInstance(KeyStore.getDefaultType());
            caKs.load(null, null);
            caKs.setCertificateEntry("ca-certificate", caCert);
            TrustManagerFactory tmf = TrustManagerFactory.getInstance("X509");
            tmf.init(caKs);

            // client key and certificates are sent to server so it can authenticate
            // us
            KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
            ks.load(null, null);
            ks.setCertificateEntry("certificate", cert);
            ks.setKeyEntry("private-key", key.getPrivate(), password.toCharArray(),
                    new java.security.cert.Certificate[] { cert });
            KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory
                    .getDefaultAlgorithm());
            kmf.init(ks, password.toCharArray());

            // finally, create SSL socket factory
            SSLContext context = SSLContext.getInstance("TLSv1.2");
            context.init(kmf.getKeyManagers(), tmf.getTrustManagers(), new SecureRandom());

            return context.getSocketFactory();

Server code:

     // Init keystore for KeyManagerFactory
        KeyStore ks = KeyStore.getInstance("pkcs12");
        ks.load(null, null);
        ks.setKeyEntry("server", privateKeyEntry.getPrivateKey(), password, privateKeyEntry.getCertificateChain());
        // Init KeyManagerFactory
        final KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        kmf.init(ks, password);


        // Init keystore for TrustManagerFactory
        KeyStore ks2 = KeyStore.getInstance("pkcs12");
        ks2.load(null, null);
        ks2.setCertificateEntry("ca", keyStore.getCertificate("ca_cert"));
        // Init TrustManagerFactory
        final TrustManagerFactory my_trust_manager = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        my_trust_manager.init(ks2);


        // Init default trust manager
        X509TrustManager myTm = null;
        for (TrustManager tm : my_trust_manager.getTrustManagers()) {
            if (tm instanceof X509TrustManager) {
                myTm = (X509TrustManager) tm;
                break;
            }
        }


        final X509TrustManager finalMyTm = myTm;

        // Init add our custom ca certificate to default trust manager
        X509TrustManager customTrust = new X509TrustManager() {
            @Override
            public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
                if(finalMyTm == null){
                    throw new CertificateException("Trust manager could not be loades");
                }

                finalMyTm.checkClientTrusted(chain, authType); //                setPresentedCertByClient(chain[0]);
            }

            @Override
            public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
                if(finalMyTm == null){
                    throw new CertificateException("Trust manager could not be loades");
                }
                finalMyTm.checkServerTrusted(chain, authType);
            }

            @Override
            public X509Certificate[] getAcceptedIssuers() {
                if(finalMyTm == null){
                    return null;
                }
                return finalMyTm.getAcceptedIssuers();
            }
        };



        SSLContext serverContext = SSLContext.getInstance("TLSv1.2");
        serverContext.init(kmf.getKeyManagers(), new TrustManager[]{ customTrust } , new SecureRandom());

TLS stack trace (this message was too big, so I deleted some hashed text)


found key for : private-key
chain [0] = [
[
Version: V1
Subject: CN=cliente externo, OU=lsdi, O=ufma, L=slz, ST=ma, C=br
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key:  Sun RSA public key, 2048 bits
modulus: 29117495739230712393462545551735561211933494734166812671336243903431145258876257112878861065792592013047750043602236523431977238494810101
public exponent: 65537
Validity: [From: Tue Feb 18 13:34:02 BRT 2020,
To: Fri Jul 02 13:34:02 BRT 2021]
Issuer: CN=ca-lsdi, OU=lsdi, O=ufma, L=slz, ST=ma, C=br
SerialNumber: [    7e214139 cce17338 c6b7cfa2 32af30b0 924c7314]
]
Algorithm: [SHA256withRSA]
Signature:
0000: 62 EF 81 DE 0A 14 F5 69   19 ED 95 78 63 8D AC 56  b......i...xc..V
0010: F4 69 B6 0A 0A 96 51 92   60 B3 37 7C 96 BB EA 4A  .i....Q.`.7....J
01D0: 07 4A 89 2C A1 00 B1 0E   06 13 01 1D C5 3E 63 C7  .J.,.........>c.
01E0: BE 7B C4 06 28 4D 3A EF   3D 83 97 28 B2 04 B6 C6  ....(M:.=..(....
01F0: 40 02 AD 9B AF AA 69 C9   79 39 F1 6D 8D DF 36 8F  @.....i.y9.m..6.
]
***
System property jdk.tls.client.cipherSuites is set to 'null'
System property jdk.tls.server.cipherSuites is set to 'null'
Ignoring disabled cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA
Ignoring disabled cipher suite: SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
trigger seeding of SecureRandom
done seeding SecureRandom
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
MQTT Con: cliente-externo, setSoTimeout(1000) called
MQTT Con: cliente-externo, setSoTimeout(30000) called
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1.1
%% No cached client session
update handshake state: client_hello[1]
upcoming handshake states: server_hello[2]
*** ClientHello, TLSv1.2
RandomCookie:  GMT: 1582047780 bytes = { 245, 163, 31, 239, 231, 60, 152, 22, 139, 178, 73, 104, 240, 163, 5, 191, 10, 70, 133, 99, 42, 216, 143, 188, 167, 242, 109, 110 }
Session ID:  {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods:  { 0 }
Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA224withECDSA, SHA224withRSA, SHA224withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA
Extension extended_master_secret
Extension server_name, server_name: [type=host_name (0), value=192.168.10.31]
***
[write] MD5 and SHA1 hashes:  len = 207
0000: 01 00 00 CB 03 03 5E 4C   22 24 F5 A3 1F EF E7 3C  ......^L"$.....<
0010: 98 16 8B B2 49 68 F0 A3   05 BF 0A 46 85 63 2A D8  ....Ih.....F.c*.
0090: 0B 00 02 01 00 00 0D 00   1C 00 1A 06 03 06 01 05  ................
00A0: 03 05 01 04 03 04 01 04   02 03 03 03 01 03 02 02  ................
00B0: 03 02 01 02 02 00 17 00   00 00 00 00 12 00 10 00  ................
00C0: 00 0D 31 39 32 2E 31 36   38 2E 31 30 2E 33 31     ..192.168.10.31
MQTT Con: cliente-externo, WRITE: TLSv1.2 Handshake, length = 207
[Raw write]: length = 212
0000: 16 03 03 00 CF 01 00 00   CB 03 03 5E 4C 22 24 F5  ...........^L"$.
0010: A3 1F EF E7 3C 98 16 8B   B2 49 68 F0 A3 05 BF 0A  ....<....Ih.....
00C0: 00 12 00 10 00 00 0D 31   39 32 2E 31 36 38 2E 31  .......192.168.1
00D0: 30 2E 33 31                                        0.31
[Raw read]: length = 5
0000: 16 03 03 00 5B                                     ....[
[Raw read]: length = 91
0000: 02 00 00 57 03 03 5E 4C   22 24 60 CC 27 59 EA 1A  ...W..^L"$`.'Y..
0010: 5A 56 E7 C4 21 B9 6D BF   1C 4D BF B8 BC 68 48 BD  ZV..!.m..M...hH.
0020: 53 4E CA 94 DC 39 20 01   29 1D F9 99 AB 44 03 31  SN...9 .)....D.1
0030: 5C 15 9E D6 2E 9C A3 BA   FB 63 97 7A AB 78 03 47  \........c.z.x.G
0040: D5 26 C9 FF 26 CF E7 C0   2F 00 00 0F FF 01 00 01  .&..&.../.......
0050: 00 00 17 00 00 00 0B 00   02 01 00                 ...........
MQTT Con: cliente-externo, READ: TLSv1.2 Handshake, length = 91
check handshake state: server_hello[2]
*** ServerHello, TLSv1.2
RandomCookie:  GMT: 1582047780 bytes = { 96, 204, 39, 89, 234, 26, 90, 86, 231, 196, 33, 185, 109, 191, 28, 77, 191, 184, 188, 104, 72, 189, 83, 78, 202, 148, 220, 57 }
Session ID:  {1, 41, 29, 249, 153, 171, 68, 3, 49, 92, 21, 158, 214, 46, 156, 163, 186, 251, 99, 151, 122, 171, 120, 3, 71, 213, 38, 201, 255, 38, 207, 231}
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
Extension extended_master_secret
Extension ec_point_formats, formats: [uncompressed]
***
%% Initialized:  [Session-1, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]
** TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
update handshake state: server_hello[2]
upcoming handshake states: server certificate[11]
upcoming handshake states: server_key_exchange[12](optional)
upcoming handshake states: certificate_request[13](optional)
upcoming handshake states: server_hello_done[14]
upcoming handshake states: client certificate[11](optional)
upcoming handshake states: client_key_exchange[16]
upcoming handshake states: certificate_verify[15](optional)
upcoming handshake states: client change_cipher_spec[-1]
upcoming handshake states: client finished[20]
upcoming handshake states: server change_cipher_spec[-1]
upcoming handshake states: server finished[20]
[read] MD5 and SHA1 hashes:  len = 91
0000: 02 00 00 57 03 03 5E 4C   22 24 60 CC 27 59 EA 1A  ...W..^L"$`.'Y..
0050: 00 00 17 00 00 00 0B 00   02 01 00                 ...........
[Raw read]: length = 5
0000: 16 03 03 09 BA                                     .....
[Raw read]: length = 2490
0000: 0B 00 09 B6 00 09 B3 00   04 18 30 82 04 14 30 82  ..........0...0.
09B0: 21 E0 D1 BA E8 0B 2F 00   13 A7                    !...../...
MQTT Con: cliente-externo, READ: TLSv1.2 Handshake, length = 2490
check handshake state: certificate[11]
update handshake state: certificate[11]
upcoming handshake states: server_key_exchange[12](optional)
upcoming handshake states: certificate_request[13](optional)
upcoming handshake states: server_hello_done[14]
upcoming handshake states: client certificate[11](optional)
upcoming handshake states: client_key_exchange[16]
upcoming handshake states: certificate_verify[15](optional)
upcoming handshake states: client change_cipher_spec[-1]
upcoming handshake states: client finished[20]
upcoming handshake states: server change_cipher_spec[-1]
upcoming handshake states: server finished[20]
*** Certificate chain
chain [0] = [
[
Version: V1
Subject: O=ufma, OU=lsdi, CN=teste-broker
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key:  Sun RSA public key, 2048 bits
modulus: 2335107480292160968310434273785959653293337137696961927189611358367649135551602079910761188194610032565284442249233070117357717769818931826728385338093819514455862844510360973522689631527998983020876908198564333611187272615053634929743330568957072968095163358848690623133698841698192340591145591011187277450657863346759764682003070406398315646178183577605003305459876639276941
public exponent: 65537
Validity: [From: Mon Feb 17 16:09:13 BRT 2020,
To: Thu Jul 01 16:09:13 BRT 2021]
Issuer: CN=ca-lsdi, OU=lsdi, O=ufma, L=slz, ST=ma, C=br
SerialNumber: [    7e214139 cce17338 c6b7cfa2 32af30b0 924c7313]
]
Algorithm: [SHA256withRSA]
Signature:
0000: 65 2F A0 95 8E 0C 9C 49   13 AD 88 59 B3 5D FA 34  e/.....I...Y.].4
0010: 86 D5 92 AF 1E 3E 47 69   54 01 98 AC 3C E9 CC C6  .....>GiT...<...
01F0: C1 F0 74 2F BB 0E 14 0E   A2 45 23 49 49 18 80 5E  ..t/.....E#II..^
]
chain [1] = [
[
Version: V3
Subject: CN=ca-lsdi, OU=lsdi, O=ufma, L=slz, ST=ma, C=br
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key:  Sun RSA public key, 4096 bits
modulus: 772853948839620394007937584067274558772670023513673934546662003074505129241495814287658883757532795304104808275462124709720251807658975041930997119386033032131175810029254024239215608741630848531376074569611382121213578208607457084141927155989120935929911184052237201151958782852975039535374209703169314321090438761277978261732659014804782080053331262633085691671864411
public exponent: 65537
Validity: [From: Mon Feb 17 15:36:57 BRT 2020,
To: Wed Dec 07 15:36:57 BRT 2022]
Issuer: CN=ca-lsdi, OU=lsdi, O=ufma, L=slz, ST=ma, C=br
SerialNumber: [    21859667 17017143 51dec5a8 2b9ab4eb 2353fcd0]
Certificate Extensions: 3
[1]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 2C B0 C9 D6 EC D2 54 E1   4B AE 09 32 57 61 1A 79  ,.....T.K..2Wa.y
0010: 84 77 18 8C                                        .w..
]
]
[2]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
]
[3]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 2C B0 C9 D6 EC D2 54 E1   4B AE 09 32 57 61 1A 79  ,.....T.K..2Wa.y
0010: 84 77 18 8C                                        .w..
]
]
]
Algorithm: [SHA256withRSA]
Signature:
0000: 0A 02 67 27 BD D6 16 2F   FD 50 91 95 57 6E FE F2  ..g'.../.P..Wn..
01F0: 79 79 C5 50 08 AD 21 E0   D1 BA E8 0B 2F 00 13 A7  yy.P..!...../...
]
***
Found trusted certificate:
[
[
Version: V3
Subject: CN=ca-lsdi, OU=lsdi, O=ufma, L=slz, ST=ma, C=br
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key:  Sun RSA public key, 4096 bits
modulus: 772853948839620394007937584067274558772670023513673934546662003074505129241495814287658883757532795304104808275462124709720251807658975041930997119386033032131175810029254024239215608741630848374209703169314321090438761277978261732659014804782080053331262633085691671864411
public exponent: 65537
Validity: [From: Mon Feb 17 15:36:57 BRT 2020,
To: Wed Dec 07 15:36:57 BRT 2022]
Issuer: CN=ca-lsdi, OU=lsdi, O=ufma, L=slz, ST=ma, C=br
SerialNumber: [    21859667 17017143 51dec5a8 2b9ab4eb 2353fcd0]
Certificate Extensions: 3
[1]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 2C B0 C9 D6 EC D2 54 E1   4B AE 09 32 57 61 1A 79  ,.....T.K..2Wa.y
0010: 84 77 18 8C                                        .w..
]
]
[2]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
]
[3]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 2C B0 C9 D6 EC D2 54 E1   4B AE 09 32 57 61 1A 79  ,.....T.K..2Wa.y
0010: 84 77 18 8C                                        .w..
]
]
]
Algorithm: [SHA256withRSA]
Signature:
0000: 0A 02 67 27 BD D6 16 2F   FD 50 91 95 57 6E FE F2  ..g'.../.P..Wn..
01E0: 42 E9 8E 54 6C 8B 93 54   4E D0 79 8C 28 7D 33 2D  B..Tl..TN.y.(.3-
01F0: 79 79 C5 50 08 AD 21 E0   D1 BA E8 0B 2F 00 13 A7  yy.P..!...../...
]
[read] MD5 and SHA1 hashes:  len = 2490
0000: 0B 00 09 B6 00 09 B3 00   04 18 30 82 04 14 30 82  ..........0...0.
0010: 01 FC 02 14 7E 21 41 39   CC E1 73 38 C6 B7 CF A2  .....!A9..s8....
09A0: 93 54 4E D0 79 8C 28 7D   33 2D 79 79 C5 50 08 AD  .TN.y.(.3-yy.P..
09B0: 21 E0 D1 BA E8 0B 2F 00   13 A7                    !...../...
[Raw read]: length = 5
0000: 16 03 03 01 4D                                     ....M
[Raw read]: length = 333
0000: 0C 00 01 49 03 00 17 41   04 8B 76 49 99 FE 2F C1  ...I...A..vI../.
0110: DD A9 25 3E AF DC 47 B0   8F 24 5C 97 7D 7E E0 ED  ..%>..G..$\.....
0120: 54 AB 36 66 79 1E 5C 50   65 B2 56 AF 2E 65 10 5F  T.6fy.\Pe.V..e._
0130: 1B 4C 7B 4D 46 E9 74 CF   B9 32 6B 5D F8 4C B6 58  .L.MF.t..2k].L.X
0140: CB 02 6B 17 EB 40 FF ED   C5 20 75 9B 0D           [email protected] u..
MQTT Con: cliente-externo, READ: TLSv1.2 Handshake, length = 333
check handshake state: server_key_exchange[12]
update handshake state: server_key_exchange[12]
upcoming handshake states: certificate_request[13](optional)
upcoming handshake states: server_hello_done[14]
upcoming handshake states: client certificate[11](optional)
upcoming handshake states: client_key_exchange[16]
upcoming handshake states: certificate_verify[15](optional)
upcoming handshake states: client change_cipher_spec[-1]
upcoming handshake states: client finished[20]
upcoming handshake states: server change_cipher_spec[-1]
upcoming handshake states: server finished[20]
*** ECDH ServerKeyExchange
Signature Algorithm SHA256withRSA
Server key: Sun EC public key, 256 bits
public x coord: 63080481885842000889869033933951908473524368433833255089908062798703700253318
public y coord: 17031529858475965704322672986593754958216956478134681632478893295611510883286
parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7)
[read] MD5 and SHA1 hashes:  len = 333
0000: 0C 00 01 49 03 00 17 41   04 8B 76 49 99 FE 2F C1  ...I...A..vI../.
0010: 8A 5B 3C E0 04 52 68 BF   F7 9B 21 C0 58 BA AE 0C  .[<..Rh...!.X...
0020: C3 36 B5 AF CF 3D B8 9A   86 25 A7 81 19 11 16 DE  .6...=...%......
00F0: B9 37 23 CD 44 32 A1 8C   AD 98 D1 03 95 AC B2 8C  .7#.D2..........
0100: 17 22 4F 86 C5 0C 31 A0   E1 48 CC 39 4E 2C 64 F9  ."O...1..H.9N,d.
0110: DD A9 25 3E AF DC 47 B0   8F 24 5C 97 7D 7E E0 ED  ..%>..G..$\.....
0120: 54 AB 36 66 79 1E 5C 50   65 B2 56 AF 2E 65 10 5F  T.6fy.\Pe.V..e._
0130: 1B 4C 7B 4D 46 E9 74 CF   B9 32 6B 5D F8 4C B6 58  .L.MF.t..2k].L.X
0140: CB 02 6B 17 EB 40 FF ED   C5 20 75 9B 0D           [email protected] u..
[Raw read]: length = 5
0000: 16 03 03 00 75                                     ....u
[Raw read]: length = 117
0000: 0D 00 00 71 02 01 40 00   0E 04 03 04 01 05 03 05  [email protected]
0060: 73 64 69 31 10 30 0E 06   03 55 04 03 0C 07 63 61  sdi1.0...U....ca
0070: 2D 6C 73 64 69                                     -lsdi
MQTT Con: cliente-externo, READ: TLSv1.2 Handshake, length = 117
check handshake state: unknown[13]
*** CertificateRequest
Cert Types: RSA, ECDSA
Supported Signature Algorithms: SHA256withECDSA, SHA256withRSA, SHA384withECDSA, SHA384withRSA, SHA512withECDSA, SHA512withRSA, SHA1withRSA
Cert Authorities:
<CN=ca-lsdi, OU=lsdi, O=ufma, L=slz, ST=ma, C=br>
update handshake state: unknown[13]
upcoming handshake states: server_hello_done[14]
upcoming handshake states: client certificate[11](optional)
upcoming handshake states: client_key_exchange[16]
upcoming handshake states: certificate_verify[15](optional)
upcoming handshake states: client change_cipher_spec[-1]
upcoming handshake states: client finished[20]
upcoming handshake states: server change_cipher_spec[-1]
upcoming handshake states: server finished[20]
[read] MD5 and SHA1 hashes:  len = 117
0000: 0D 00 00 71 02 01 40 00   0E 04 03 04 01 05 03 05  [email protected]
0070: 2D 6C 73 64 69                                     -lsdi
[Raw read]: length = 5
0000: 16 03 03 00 04                                     .....
[Raw read]: length = 4
0000: 0E 00 00 00                                        ....
MQTT Con: cliente-externo, READ: TLSv1.2 Handshake, length = 4
check handshake state: server_hello_done[14]
update handshake state: server_hello_done[14]
upcoming handshake states: client certificate[11](optional)
upcoming handshake states: client_key_exchange[16]
upcoming handshake states: certificate_verify[15](optional)
upcoming handshake states: client change_cipher_spec[-1]
upcoming handshake states: client finished[20]
upcoming handshake states: server change_cipher_spec[-1]
upcoming handshake states: server finished[20]
*** ServerHelloDone
[read] MD5 and SHA1 hashes:  len = 4
0000: 0E 00 00 00                                        ....
matching alias: private-key
*** Certificate chain
chain [0] = [
[
Version: V1
Subject: CN=cliente externo, OU=lsdi, O=ufma, L=slz, ST=ma, C=br
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key:  Sun RSA public key, 2048 bits
modulus: 29117495739230712393462545551735561211933494734166812671336243903431145258876257112878861065792592013047750043602236523431977238494810101
public exponent: 65537
Validity: [From: Tue Feb 18 13:34:02 BRT 2020,
To: Fri Jul 02 13:34:02 BRT 2021]
Issuer: CN=ca-lsdi, OU=lsdi, O=ufma, L=slz, ST=ma, C=br
SerialNumber: [    7e214139 cce17338 c6b7cfa2 32af30b0 924c7314]
]
Algorithm: [SHA256withRSA]
Signature:
0000: 62 EF 81 DE 0A 14 F5 69   19 ED 95 78 63 8D AC 56  b......i...xc..V
01F0: 40 02 AD 9B AF AA 69 C9   79 39 F1 6D 8D DF 36 8F  @.....i.y9.m..6.
]
***
update handshake state: certificate[11]
upcoming handshake states: client_key_exchange[16]
upcoming handshake states: certificate_verify[15](optional)
upcoming handshake states: client change_cipher_spec[-1]
upcoming handshake states: client finished[20]
upcoming handshake states: server change_cipher_spec[-1]
upcoming handshake states: server finished[20]
*** ECDHClientKeyExchange
ECDH Public value:  { 4, 94, 235, 42, 233, 136, 53, 73, 225, 77, 100, 199, 35, 212, 237, 86, 249, 17, 121, 241, 94, 142, 115, 7, 27, 247, 14, 101, 41, 47, 130, 205, 216, 112, 133, 37, 136, 170, 30, 214, 138, 58, 47, 77, 140, 106, 247, 114, 182, 211, 202, 113, 52, 98, 21, 200, 242, 97, 84, 8, 156, 203, 60, 10, 160 }
update handshake state: client_key_exchange[16]
upcoming handshake states: certificate_verify[15](optional)
upcoming handshake states: client change_cipher_spec[-1]
upcoming handshake states: client finished[20]
upcoming handshake states: server change_cipher_spec[-1]
upcoming handshake states: server finished[20]
[write] MD5 and SHA1 hashes:  len = 1171
0000: 0B 00 04 49 00 04 46 00   04 43 30 82 04 3F 30 82  ...I..F..C0..?0.
0400: 67 23 3F 48 AF A1 D5 97   F9 81 D4 60 46 C9 E0 E8  g#?H.......`F...
0410: 5B 46 CD 36 DC D2 10 C4   67 E9 60 B8 A2 07 4A 89  [F.6....g.`...J.
0420: 2C A1 00 B1 0E 06 13 01   1D C5 3E 63 C7 BE 7B C4  ,.........>c....
0430: 06 28 4D 3A EF 3D 83 97   28 B2 04 B6 C6 40 02 AD  .(M:.=..([email protected]
0440: 9B AF AA 69 C9 79 39 F1   6D 8D DF 36 8F 10 00 00  ...i.y9.m..6....
0450: 42 41 04 5E EB 2A E9 88   35 49 E1 4D 64 C7 23 D4  BA.^.*..5I.Md.#.
0460: ED 56 F9 11 79 F1 5E 8E   73 07 1B F7 0E 65 29 2F  .V..y.^.s....e)/
0470: 82 CD D8 70 85 25 88 AA   1E D6 8A 3A 2F 4D 8C 6A  ...p.%.....:/M.j
0480: F7 72 B6 D3 CA 71 34 62   15 C8 F2 61 54 08 9C CB  .r...q4b...aT...
0490: 3C 0A A0                                           <..
MQTT Con: cliente-externo, WRITE: TLSv1.2 Handshake, length = 1171
[Raw write]: length = 1176
0000: 16 03 03 04 93 0B 00 04   49 00 04 46 00 04 43 30  ........I..F..C0
0010: 82 04 3F 30 82 02 27 02   14 7E 21 41 39 CC E1 73  ..?0..'...!A9..s
0460: 4D 64 C7 23 D4 ED 56 F9   11 79 F1 5E 8E 73 07 1B  Md.#..V..y.^.s..
0470: F7 0E 65 29 2F 82 CD D8   70 85 25 88 AA 1E D6 8A  ..e)/...p.%.....
0480: 3A 2F 4D 8C 6A F7 72 B6   D3 CA 71 34 62 15 C8 F2  :/M.j.r...q4b...
0490: 61 54 08 9C CB 3C 0A A0                            aT...<..
SESSION KEYGEN:
PreMaster Secret:
0000: 7E FD FD 6B 34 4A 99 23   21 CE 05 A7 B7 34 93 99  ...k4J.#!....4..
0010: 40 DE 5C 33 4E 69 1B E9   A2 5B 4B 7E DA 9D 7D BA  @.\3Ni...[K.....
CONNECTION KEYGEN:
Client Nonce:
0000: 5E 4C 22 24 F5 A3 1F EF   E7 3C 98 16 8B B2 49 68  ^L"$.....<....Ih
0010: F0 A3 05 BF 0A 46 85 63   2A D8 8F BC A7 F2 6D 6E  .....F.c*.....mn
Server Nonce:
0000: 5E 4C 22 24 60 CC 27 59   EA 1A 5A 56 E7 C4 21 B9  ^L"$`.'Y..ZV..!.
0010: 6D BF 1C 4D BF B8 BC 68   48 BD 53 4E CA 94 DC 39  m..M...hH.SN...9
Master Secret:
0000: 5B E3 43 29 72 8D CB B3   6C 12 E7 0B 2F 86 67 8F  [.C)r...l.../.g.
0010: 0C B6 E8 42 F7 04 BE 9E   6B 04 E7 2B 48 94 4F C2  ...B....k..+H.O.
0020: 13 D9 43 E8 31 CC 49 22   E7 C3 DB E8 8C B3 F6 77  ..C.1.I".......w
... no MAC keys used for this cipher
Client write key:
0000: 90 47 68 C8 F8 33 84 1C   C7 7D C3 8E E6 61 7C F0  .Gh..3.......a..
Server write key:
0000: 20 4A BB DA 26 AF 4F CF   C1 5B 93 A1 83 AC 30 9B   J..&.O..[....0.
Client write IV:
0000: 4D 00 49 7B                                        M.I.
Server write IV:
0000: 45 A5 2F A4                                        E./.
*** CertificateVerify
Signature Algorithm SHA256withRSA
update handshake state: certificate_verify[15]
upcoming handshake states: client change_cipher_spec[-1]
upcoming handshake states: client finished[20]
upcoming handshake states: server change_cipher_spec[-1]
upcoming handshake states: server finished[20]
[write] MD5 and SHA1 hashes:  len = 264
0000: 0F 00 01 04 04 01 01 00   86 1C CB D6 60 5B 8C 4A  ............`[.J
0010: 20 B5 24 FD 40 89 12 DF   C4 47 27 5D 8E AE CC 82   [email protected]']....
0020: 29 52 00 F5 E0 9F AB A0   DE 41 1D C5 D1 71 98 56  )R.......A...q.V
00D0: 04 14 8B F7 3D 5C 47 20   41 42 41 5E 5C 6E 8D D7  ....=\G ABA^\n..
00E0: C7 B0 35 6D FD 9F 72 11   9F EB D8 9C 8C 83 24 31  ..5m..r.......$1
00F0: 5B E0 23 81 D2 E5 5F 5F   6A 3E B9 88 C4 83 15 7E  [.#...__j>......
0100: 11 14 83 F1 DD 9C D9 C3                            ........
MQTT Con: cliente-externo, WRITE: TLSv1.2 Handshake, length = 264
MQTT Con: cliente-externo, waiting for close_notify or alert: state 1
MQTT Con: cliente-externo, received EOFException: error
MQTT Con: cliente-externo, Exception while waiting for close javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
MQTT Con: cliente-externo, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
%% Invalidated:  [Session-1, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]
MQTT Con: cliente-externo, SEND TLSv1.2 ALERT:  fatal, description = handshake_failure
MQTT Con: cliente-externo, WRITE: TLSv1.2 Alert, length = 2
MQTT Con: cliente-externo, Exception sending alert: java.net.SocketException: Broken pipe (Write failed)
MQTT Con: cliente-externo, called closeSocket()
MQTT Con: cliente-externo, called close()
MQTT Con: cliente-externo, called closeInternal(true)
How to&Answers: