java 无法使用ssl_Java SSL握手失败(SSLPoke)

我已经将证书导入到信任库,但是仍然不能

?成功连接到该URL.我已经尝试了所有方法

?任何人都可以看到输出并帮助您解决问题吗？

java -Djavax.net.debug=all SSLPoke services.americanexpress.com 443

keyStore is :

keyStore type is : jks

keyStore provider is :

init keystore

init keymanager of type SunX509

trustStore is: /usr/java/jdk1.8.0_60/jre/lib/security/cacerts

trustStore type is : jks

trustStore provider is :

init truststore

adding as trusted cert:

......

adding as trusted cert:

Subject: CN=services.americanexpress.com, OU=Web Hosting, O=American Express Company, L=Phoenix, ST=Arizona, C=US

Issuer: CN=VeriSign Class 3 International Server CA - G3, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Algorithm: RSA; Serial number: 0x35f39c9233cdc61333b1d58614e578b2

Valid from Wed Jun 26 00:00:00 UTC 2013 until Fri Sep 01 23:59:59 UTC 2017

....

trigger seeding of SecureRandom

done seeding SecureRandom

Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384

Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

Allow unsafe renegotiation: false

Allow legacy hello messages: true

Is initial handshake: true

Is secure renegotiation: false

Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1

for TLSv1.1

Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.1

%% No cached client session

*** ClientHello, TLSv1.2

RandomCookie: GMT: 1464494977 bytes = { 253, 148, 218, 101, 153, 160, 57, 246, 36, 129, 111, 62, 106, 226, 141, 140, 102, 47, 123, 244, 108, 192, 12, 140, 187, 249, 208, 106 }

Session ID: {}

Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, 28_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]

Compression Methods: { 0 }

Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}

Extension ec_point_formats, formats: [uncompressed]

Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA, MD5withRSA

Extension server_name, server_name: [type=host_name (0), value=services.americanexpress.com]

***

[write] MD5 and SHA1 hashes: len = 232

00B0: 03 05 01 04 03 04 01 03 03 03 01 02 03 02 01 02 ................

00C0: 02 01 01 00 00 00 21 00 1F 00 00 1C 73 65 72 76 ......!.....serv

00D0: 69 63 65 73 2E 61 6D 65 72 69 63 61 6E 65 78 70 ices.americanexp

00E0: 72 65 73 73 2E 63 6F 6D ress.com

main, WRITE: TLSv1.2 Handshake, length = 232

[Raw write]: length = 237

0000: 16 03 03 00 E8 01 00 00 E4 03 03 57 4A 6C 81 FD ...........WJl..

0010: 94 DA 65 99 A0 39 F6 24 81 6F 3E 6A E2 8D 8C 66 ..e..9.$.o>j...f

0020: 2F 7B F4 6C C0 0C 8C BB F9 D0 6A 00 00 3A C0 23 /..l......j..:.#

0030: C0 27 00 3C C0 25 C0 29 00 67 00 40 C0 09 C0 13 .'.<.>

0040: 00 2F C0 04 C0 0E 00 33 00 32 C0 2B C0 2F 00 9C ./.....3.2.+./..

00D0: 1C 73 65 72 76 69 63 65 73 2E 61 6D 65 72 69 63 .services.americ

00E0: 61 6E 65 78 70 72 65 73 73 2E 63 6F 6D anexpress.com

[Raw read]: length = 5

0000: 16 03 03 00 51 ....Q

[Raw read]: length = 81

0000: 02 00 00 4D 03 03 90 E6 BB 39 B7 B1 8E 67 DA 71 ...M.....9...g.q

0010: 65 74 25 D1 B7 CF ED D4 1A 6C 2B 0B 06 8C 0E 5E et%......l+....^

0020: 25 07 3F 8D E3 6F 20 49 AD 22 CA E7 8B 8A E5 41 %.?..o I.".....A

0030: BE 9A B5 25 E0 70 D8 F9 73 A0 E0 5D 2F F3 3C AD ...%.p..s..]/.<.>

0040: DE 1E 88 98 3B 65 B1 00 3C 00 00 05 FF 01 00 01 ....;e..<.......>

0050: 00 .

main, READ: TLSv1.2 Handshake, length = 81

*** ServerHello, TLSv1.2

RandomCookie: GMT: -1880769735 bytes = { 183, 177, 142, 103, 218, 113, 101, 116, 37, 209, 183, 207, 237, 212, 26, 108, 43, 11, 6, 140, 14, 94, 37, 7, 63, 141, 227, 111 }

Session ID: {73, 173, 34, 202, 231, 139, 138, 229, 65, 190, 154, 181, 37, 224, 112, 216, 249, 115, 160, 224, 93, 47, 243, 60, 173, 222, 30, 136, 152, 59, 101, 177}

Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256

Compression Method: 0

Extension renegotiation_info, renegotiated_connection:

***

%% Initialized: [Session-1, TLS_RSA_WITH_AES_128_CBC_SHA256]

** TLS_RSA_WITH_AES_128_CBC_SHA256

[read] MD5 and SHA1 hashes: len = 81

0000: 02 00 00 4D 03 03 90 E6 BB 39 B7 B1 8E 67 DA 71 ...M.....9...g.q

0010: 65 74 25 D1 B7 CF ED D4 1A 6C 2B 0B 06 8C 0E 5E et%......l+....^

0020: 25 07 3F 8D E3 6F 20 49 AD 22 CA E7 8B 8A E5 41 %.?..o I.".....A

0030: BE 9A B5 25 E0 70 D8 F9 73 A0 E0 5D 2F F3 3C AD ...%.p..s..]/.<.>

0040: DE 1E 88 98 3B 65 B1 00 3C 00 00 05 FF 01 00 01 ....;e..<.......>

0050: 00 .

[Raw read]: length = 5

0000: 16 03 03 10 8E .....

[Raw read]: length = 4238

0310: 03 55 1D 0F 01 01 FF 04 04 03 02 05 A0 30 34 06 .U...........04.

0320: 03 55 1D 25 04 2D 30 2B 06 08 2B 06 01 05 05 07 .U.%.-0+..+.....

0450: 33 2D 61 69 61 2E 76 65 72 69 73 69 67 6E 2E 63 3-aia.verisign.c

0460: 6F 6D 2F 53 56 52 49 6E 74 6C 47 33 2E 63 65 72 om/SVRIntlG3.cer

main, READ: TLSv1.2 Handshake, length = 4238

*** Certificate chain

chain [0] = [

[

Version: V3

Subject: CN=services.americanexpress.com, OU=Web Hosting, O=American Express Company, L=Phoenix, ST=Arizona, C=US

Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

Key: Sun RSA public key, 2048 bits

modulus: 30229676159696194917135440681975777728948709702479449945212097279930911021756291412408692828743836980749310830284879195994844527811837445892117218165863252223136982773

public exponent: 65537

Validity: [From: Wed Jun 26 00:00:00 UTC 2013,

To: Fri Sep 01 23:59:59 UTC 2017]

Issuer: CN=VeriSign Class 3 International Server CA - G3, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

SerialNumber: [ 35f39c92 33cdc613 33b1d586 14e578b2]

Certificate Extensions: 8

[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false

AuthorityInfoAccess [

[

accessMethod: ocsp

accessLocation: URIName: http://ocsp.verisign.com

,

accessMethod: caIssuers

accessLocation: URIName: http://SVRIntl-G3-aia.verisign.com/SVRIntlG3.cer

]

]

[2]: ObjectId: 2.5.29.35 Criticality=false

AuthorityKeyIdentifier [

KeyIdentifier [

0000: D7 9B 7C D8 22 A0 15 F7 DD AD 5F CE 29 9B 58 C3 ...."....._.).X.

0010: BC 46 00 B5 .F..

]

]

[3]: ObjectId: 2.5.29.19 Criticality=false

BasicConstraints:[

CA:false

PathLen: undefined

]

[4]: ObjectId: 2.5.29.31 Criticality=false

CRLDistributionPoints [

[DistributionPoint:

[URIName: http://SVRIntl-G3-crl.verisign.com/SVRIntlG3.crl]

]]

[5]: ObjectId: 2.5.29.32 Criticality=false

CertificatePolicies [

[CertificatePolicyId: [2.16.840.1.113733.1.7.54]

[PolicyQualifierInfo: [

qualifierID: 1.3.6.1.5.5.7.2.1

qualifier: 0000: 16 1C 68 74 74 70 73 3A 2F 2F 77 77 77 2E 76 65 ..https://www.ve

0010: 72 69 73 69 67 6E 2E 63 6F 6D 2F 63 70 73 risign.com/cps

]] ]

]

[6]: ObjectId: 2.5.29.37 Criticality=false

ExtendedKeyUsages [

serverAuth

clientAuth

2.16.840.1.113730.4.1

1.3.6.1.4.1.311.10.3.3

]

[7]: ObjectId: 2.5.29.15 Criticality=true

KeyUsage [

DigitalSignature

Key_Encipherment

]

[8]: ObjectId: 2.5.29.17 Criticality=false

SubjectAlternativeName [

DNSName: services.americanexpress.com

]

]

Algorithm: [SHA1withRSA]

Signature:

0000: 2D E6 45 41 B1 52 D9 55 57 04 45 DC 07 51 E5 8E -.EA.R.UW.E..Q..

0010: 5C 00 41 5F AB D5 84 A4 64 4D 55 CC 38 88 18 4E \.A_....dMU.8..N

00D0: FD E9 93 D2 6A 55 24 F3 62 BE BD 99 EE 24 53 F5 ....jU$.b....$S.

00E0: 96 E7 2E DE 3E D2 7B 1C 77 9A 45 C7 FA 68 A1 76 ....>...w.E..h.v

00F0: 67 BA EC 81 83 FF 54 E2 A4 7E 47 AD 2C 39 62 F2 g.....T...G.,9b.

]

chain [1] = [

[

Version: V3

Subject: CN=VeriSign Class 3 International Server CA - G3, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

Key: Sun RSA public key, 2048 bits

modulus: 19420289231323388569960227299938029487260953720447310437792509462236918786001726710037662040142546936643383523519471181931421354900828966157275086870493679916429749573

public exponent: 65537

Validity: [From: Mon Feb 08 00:00:00 UTC 2010,

To: Fri Feb 07 23:59:59 UTC 2020]

Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

SerialNumber: [ 641be820 ce020813 f32d4d2d 95d67e67]

Certificate Extensions: 10

[1]: ObjectId: 1.3.6.1.5.5.7.1.12 Criticality=false

Extension unknown: DER encoded OCTET string =

0000: 04 61 30 5F A1 5D A0 5B 30 59 30 57 30 55 16 09 .a0_.].[0Y0W0U..

0010: 69 6D 61 67 65 2F 67 69 66 30 21 30 1F 30 07 06 image/gif0!0.0..

0020: 05 2B 0E 03 02 1A 04 14 8F E5 D3 1A 86 AC 8D 8E .+..............

0030: 6B C3 CF 80 6A D4 48 18 2C 7B 19 2E 30 25 16 23 k...j.H.,...0%.#

0040: 68 74 74 70 3A 2F 2F 6C 6F 67 6F 2E 76 65 72 69 http://logo.veri

0050: 73 69 67 6E 2E 63 6F 6D 2F 76 73 6C 6F 67 6F 2E sign.com/vslogo.

0060: 67 69 66 gif

[2]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false

AuthorityInfoAccess [

[

accessMethod: ocsp

accessLocation: URIName: http://ocsp.verisign.com

]

]

[3]: ObjectId: 2.5.29.35 Criticality=false

AuthorityKeyIdentifier [

KeyIdentifier [

0000: 7F D3 65 A7 C2 DD EC BB F0 30 09 F3 43 39 FA 02 ..e......0..C9..

0010: AF 33 31 33 .313

]

]

[4]: ObjectId: 2.5.29.19 Criticality=true

BasicConstraints:[

CA:true

PathLen:0

]

[5]: ObjectId: 2.5.29.31 Criticality=false

CRLDistributionPoints [

[DistributionPoint:

[URIName: http://crl.verisign.com/pca3-g5.crl]

]]

[6]: ObjectId: 2.5.29.32 Criticality=false

CertificatePolicies [

[CertificatePolicyId: [2.16.840.1.113733.1.7.23.3]

[PolicyQualifierInfo: [

qualifierID: 1.3.6.1.5.5.7.2.1

qualifier: 0000: 16 1C 68 74 74 70 73 3A 2F 2F 77 77 77 2E 76 65 ..https://www.ve

0010: 72 69 73 69 67 6E 2E 63 6F 6D 2F 63 70 73 risign.com/cps

], PolicyQualifierInfo: [

qualifierID: 1.3.6.1.5.5.7.2.2

qualifier: 0000: 30 1E 1A 1C 68 74 74 70 73 3A 2F 2F 77 77 77 2E 0...https://www.

0010: 76 65 72 69 73 69 67 6E 2E 63 6F 6D 2F 72 70 61 verisign.com/rpa

]] ]

]

[7]: ObjectId: 2.5.29.37 Criticality=false

ExtendedKeyUsages [

serverAuth

clientAuth

2.16.840.1.113730.4.1

2.16.840.1.113733.1.8.1

]

[8]: ObjectId: 2.5.29.15 Criticality=true

KeyUsage [

Key_CertSign

Crl_Sign

]

[9]: ObjectId: 2.5.29.17 Criticality=false

SubjectAlternativeName [

CN=VeriSignMPKI-2-7

]

[10]: ObjectId: 2.5.29.14 Criticality=false

SubjectKeyIdentifier [

KeyIdentifier [

0000: D7 9B 7C D8 22 A0 15 F7 DD AD 5F CE 29 9B 58 C3 ...."....._.).X.

0010: BC 46 00 B5 .F..

]

]

]

Algorithm: [SHA1withRSA]

Signature:

0000: 71 B5 7D 73 52 4A DD D7 4D 34 2B 2E AF 94 46 A5 q..sRJ..M4+...F.

0010: 49 50 02 4F F8 2F 17 70 F2 13 DC 1F 21 86 AA C2 IP.O./.p....!...

0020: 4F 7C 37 3C D4 46 78 AE 5D 78 6F D1 BA 5A BC 10 O.7<.fx.>

0030: AB 58 36 C5 8C 62 15 45 60 17 21 E2 D5 42 A8 77 .X6..b.E`.!..B.w

0040: A1 55 D8 43 04 51 F6 6E BA 48 E6 5D 4C B7 44 D3 .U.C.Q.n.H.]L.D.

0050: 3E A4 D5 D6 33 9A 9F 0D E6 D7 4E 96 44 95 5A 6C >...3.....N.D.Zl

0060: D6 A3 16 53 0E 98 43 CE A4 B8 C3 66 7A 05 5C 62 ...S..C....fz.\b

0070: 10 E8 1B 12 DB 7D 2E 76 50 FF DF D7 6B 1B CC 8A .......vP...k...

0080: CC 71 FA B3 40 56 7C 33 7A 77 94 5B F5 0B 53 FB .q..@V.3zw.[..S.

0090: 0E 5F BC 68 FB AF 2A EE 30 37 79 16 93 25 7F 4D ._.h..*.07y..%.M

00A0: 10 FF 57 FB BF 6E 3B 33 21 DE 79 DC 86 17 59 2D ..W..n;3!.y...Y-

00B0: 43 64 B7 A6 66 87 EA BC 96 46 19 1A 86 8B 6F D7 Cd..f....F....o.

00C0: B7 49 00 5B DB A3 BF 29 9A EE F7 D3 33 AE A3 F4 .I.[...)....3...

00D0: 9E 4C CA 5E 69 D4 1B AD B7 90 77 6A D8 59 6F 79 .L.^i.....wj.Yoy

00E0: AB 01 FA 55 F0 8A 21 66 E5 65 6E FD 7C D3 DF 1E ...U..!f.en.....

00F0: EB 7E 3F 06 90 FB 19 0B D3 06 02 1B 78 43 99 A8 ..?.........xC..

]

chain [2] = [

[

Version: V3

Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

Key: Sun RSA public key, 2048 bits

modulus: 22109471102059671383796642714942393631149792360856487955190294587841800871022486252652612163196360832938367608763978013876844944237576704237206902072810376180366897841695320192789360300658269712766474225042097261456189264772686300705672328691871464945536513831768596383894122798581104077921511815271705394605095257256954381366139644740877956016759414080557948459417160074173313082409422023967584984099389949088073277478112907997447136173994433125025479812790590943737038696590266840534396683337181295383175344548120097700121250428676269067140626584500149856482388498317203907790209503513966223821253856296202557465877

public exponent: 65537

Validity: [From: Wed Nov 08 00:00:00 UTC 2006,

To: Wed Jul 16 23:59:59 UTC 2036]

Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

SerialNumber: [ 18dad19e 267de8bb 4a2158cd cc6b3b4a]

Certificate Extensions: 4

[1]: ObjectId: 1.3.6.1.5.5.7.1.12 Criticality=false

Extension unknown: DER encoded OCTET string =

0000: 04 61 30 5F A1 5D A0 5B 30 59 30 57 30 55 16 09 .a0_.].[0Y0W0U..

0010: 69 6D 61 67 65 2F 67 69 66 30 21 30 1F 30 07 06 image/gif0!0.0..

0020: 05 2B 0E 03 02 1A 04 14 8F E5 D3 1A 86 AC 8D 8E .+..............

0030: 6B C3 CF 80 6A D4 48 18 2C 7B 19 2E 30 25 16 23 k...j.H.,...0%.#

0040: 68 74 74 70 3A 2F 2F 6C 6F 67 6F 2E 76 65 72 69 http://logo.veri

0050: 73 69 67 6E 2E 63 6F 6D 2F 76 73 6C 6F 67 6F 2E sign.com/vslogo.

0060: 67 69 66 gif

[2]: ObjectId: 2.5.29.19 Criticality=true

BasicConstraints:[

CA:true

PathLen:2147483647

]

[3]: ObjectId: 2.5.29.15 Criticality=true

KeyUsage [

Key_CertSign

Crl_Sign

]

[4]: ObjectId: 2.5.29.14 Criticality=false

SubjectKeyIdentifier [

KeyIdentifier [

0000: 7F D3 65 A7 C2 DD EC BB F0 30 09 F3 43 39 FA 02 ..e......0..C9..

0010: AF 33 31 33 .313

]

]

]

Algorithm: [SHA1withRSA]

Signature:

0000: 93 24 4A 30 5F 62 CF D8 1A 98 2F 3D EA DC 99 2D .$J0_b..../=...-

00C0: EF A5 7D 45 40 72 8E B7 0E 6B 0E 06 FB 33 35 48 ...E@r...k...35H

00D0: 71 B8 9D 27 8B C4 65 5F 0D 86 76 9C 44 7A F6 95 q..'..e_..v.Dz..

00E0: 5C F6 5D 32 08 33 A4 54 B6 18 3F 68 5C F2 42 4A \.]2.3.T..?h\.BJ

00F0: 85 38 54 83 5F D1 E8 2C F2 AC 11 D6 A8 ED 63 6A .8T._..,......cj

]

***

Found trusted certificate:

[

[

Version: V3

Subject: CN=services.americanexpress.com, OU=Web Hosting, O=American Express Company, L=Phoenix, ST=Arizona, C=US

Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

Key: Sun RSA public key, 2048 bits

modulus: 30229676159696194917135440681975777728948709702479449945212097279930911021756291412408692828743836980749310830284879195994844527811837445892117218165863252223136982773

public exponent: 65537

Validity: [From: Wed Jun 26 00:00:00 UTC 2013,

To: Fri Sep 01 23:59:59 UTC 2017]

Issuer: CN=VeriSign Class 3 International Server CA - G3, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

SerialNumber: [ 35f39c92 33cdc613 33b1d586 14e578b2]

Certificate Extensions: 8

[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false

AuthorityInfoAccess [

[

accessMethod: ocsp

accessLocation: URIName: http://ocsp.verisign.com

,

accessMethod: caIssuers

accessLocation: URIName: http://SVRIntl-G3-aia.verisign.com/SVRIntlG3.cer

]

]

[2]: ObjectId: 2.5.29.35 Criticality=false

AuthorityKeyIdentifier [

KeyIdentifier [

0000: D7 9B 7C D8 22 A0 15 F7 DD AD 5F CE 29 9B 58 C3 ...."....._.).X.

0010: BC 46 00 B5 .F..

]

]

[3]: ObjectId: 2.5.29.19 Criticality=false

BasicConstraints:[

CA:false

PathLen: undefined

]

[4]: ObjectId: 2.5.29.31 Criticality=false

CRLDistributionPoints [

[DistributionPoint:

[URIName: http://SVRIntl-G3-crl.verisign.com/SVRIntlG3.crl]

]]

[5]: ObjectId: 2.5.29.32 Criticality=false

CertificatePolicies [

[CertificatePolicyId: [2.16.840.1.113733.1.7.54]

[PolicyQualifierInfo: [

qualifierID: 1.3.6.1.5.5.7.2.1

qualifier: 0000: 16 1C 68 74 74 70 73 3A 2F 2F 77 77 77 2E 76 65 ..https://www.ve

0010: 72 69 73 69 67 6E 2E 63 6F 6D 2F 63 70 73 risign.com/cps

]] ]

]

[6]: ObjectId: 2.5.29.37 Criticality=false

ExtendedKeyUsages [

serverAuth

clientAuth

2.16.840.1.113730.4.1

1.3.6.1.4.1.311.10.3.3

]

[7]: ObjectId: 2.5.29.15 Criticality=true

KeyUsage [

DigitalSignature

Key_Encipherment

]

[8]: ObjectId: 2.5.29.17 Criticality=false

SubjectAlternativeName [

DNSName: services.americanexpress.com

]

]

Algorithm: [SHA1withRSA]

Signature:

0000: 2D E6 45 41 B1 52 D9 55 57 04 45 DC 07 51 E5 8E -.EA.R.UW.E..Q..

0010: 5C 00 41 5F AB D5 84 A4 64 4D 55 CC 38 88 18 4E \.A_....dMU.8..N

0020: 1D CB 0D 88 D5 02 A5 E2 73 72 62 B3 51 49 6F 20 ........srb.QIo

00C0: B7 1E 87 B7 AE D8 AB 29 83 A5 69 00 D3 07 BE 45 .......)..i....E

00D0: FD E9 93 D2 6A 55 24 F3 62 BE BD 99 EE 24 53 F5 ....jU$.b....$S.

00E0: 96 E7 2E DE 3E D2 7B 1C 77 9A 45 C7 FA 68 A1 76 ....>...w.E..h.v

00F0: 67 BA EC 81 83 FF 54 E2 A4 7E 47 AD 2C 39 62 F2 g.....T...G.,9b.

]

[read] MD5 and SHA1 hashes: len = 4238

0000: 0B 00 10 8A 00 10 87 00 05 7A 30 82 05 76 30 82 .........z0..v0.

0010: 04 5E A0 03 02 01 02 02 10 35 F3 9C 92 33 CD C6 .^.......5...3..

0020: 13 33 B1 D5 86 14 E5 78 B2 30 0D 06 09 2A 86 48 .3.....x.0...*.H

0030: 86 F7 0D 01 01 05 05 00 30 81 BC 31 0B 30 09 06 ........0..1.0..

0040: 03 55 04 06 13 02 55 53 31 17 30 15 06 03 55 04 .U....US1.0...U.

0050: 0A 13 0E 56 65 72 69 53 69 67 6E 2C 20 49 6E 63 ...VeriSign, Inc

0060: 2E 31 1F 30 1D 06 03 55 04 0B 13 16 56 65 72 69 .1.0...U....Veri

0070: 53 69 67 6E 20 54 72 75 73 74 20 4E 65 74 77 6F Sign Trust Netwo

07A0: C4 28 C6 E3 AD 79 1F 27 10 98 B8 BB 20 97 C1 28 .(...y.'.... ..(

07B0: 44 41 0F EA A9 A8 52 CF 4D 4E 1B 8B BB B5 C4 76 DA....R.MN.....v

07C0: D9 CC 56 06 EE B3 55 20 2A DE 15 8D 71 CB 54 C8 ..V...U *...q.T.

07D0: 6F 17 CD 89 00 E4 DC FF E1 C0 1F 68 71 E9 C7 29 o..........hq..)

07E0: 2E 7E BC 3B FC E5 BB AB 26 54 8B 66 90 CD F6 92 ...;....&T.f....

07F0: B9 31 24 80 BC 9E 6C D5 FC 7E D2 E1 4B 8C DC 42 .1$...l.....K..B

1080: 54 83 5F D1 E8 2C F2 AC 11 D6 A8 ED 63 6A T._..,......cj

[Raw read]: length = 5

0000: 16 03 03 00 2E .....

[Raw read]: length = 46

0000: 0D 00 00 26 03 01 02 40 00 1E 06 01 06 02 06 03 ...&...@........

0010: 05 01 05 02 05 03 04 01 04 02 04 03 03 01 03 02 ................

0020: 03 03 02 01 02 02 02 03 00 00 0E 00 00 00 ..............

main, READ: TLSv1.2 Handshake, length = 46

*** CertificateRequest

Cert Types: RSA, DSS, ECDSA

Supported Signature Algorithms: SHA512withRSA, Unknown (hash:0x6, signature:0x2), SHA512withECDSA, SHA384withRSA, Unknown (hash:0x5, signature:0x2), SHA384withECDSA, SHA256withRSA, Unknown (hash:0x4, signature:0x2), SHA256withECDSA, SHA224withRSA, Unknown (hash:0x3, signature:0x2), SHA224withECDSA, SHA1withRSA, SHA1withDSA, SHA1withECDSA

Cert Authorities:

[read] MD5 and SHA1 hashes: len = 42

0000: 0D 00 00 26 03 01 02 40 00 1E 06 01 06 02 06 03 ...&...@........

0010: 05 01 05 02 05 03 04 01 04 02 04 03 03 01 03 02 ................

0020: 03 03 02 01 02 02 02 03 00 00 ..........

*** ServerHelloDone

[read] MD5 and SHA1 hashes: len = 4

0000: 0E 00 00 00 ....

Warning: no suitable certificate found - continuing without client authentication

*** Certificate chain

***

*** ClientKeyExchange, RSA PreMasterSecret, TLSv1.2

[write] MD5 and SHA1 hashes: len = 269

0000: 0B 00 00 03 00 00 00 10 00 01 02 01 00 BE 4B B7 ..............K.

0110: 8F 98 ..

SESSION KEYGEN:

PreMaster Secret:

0000: 03 03 8D 61 C0 F9 AC 11 FA 20 C4 6D 78 C0 2E 3F ...a..... .mx..?

0010: 0A 60 C6 BA 36 C2 E6 28 AE B3 12 38 EC F0 52 E0 .`..6..(...8..R.

0020: 72 BC 31 16 34 B5 88 3C 4E BB C8 E2 50 EA 20 00 r.1.4..

CONNECTION KEYGEN:

Client Nonce:

0000: 57 4A 6C 81 FD 94 DA 65 99 A0 39 F6 24 81 6F 3E WJl....e..9.$.o>

0010: 6A E2 8D 8C 66 2F 7B F4 6C C0 0C 8C BB F9 D0 6A j...f/..l......j

Server Nonce:

0000: 90 E6 BB 39 B7 B1 8E 67 DA 71 65 74 25 D1 B7 CF ...9...g.qet%...

0010: ED D4 1A 6C 2B 0B 06 8C 0E 5E 25 07 3F 8D E3 6F ...l+....^%.?..o

Master Secret:

0000: 38 C7 96 B8 C2 C3 51 55 49 E2 95 C2 D8 23 28 E9 8.....QUI....#(.

0010: 9D 08 40 21 3F C6 85 E9 3E 3B B7 67 6A 76 26 7E ..@!?...>;.gjv&.

0020: 97 E6 2C 80 FF 81 C4 33 D1 9F BF 42 35 2D AB 73 ..,....3...B5-.s

Client MAC write Secret:

0000: 67 7E 5C C7 7B 2B 5F 5E 38 42 A1 21 2C FE F1 F2 g.\..+_^8B.!,...

0010: DD E4 BB 46 7D 35 BF C6 29 40 A8 8B B5 D6 DE 11 ...F.5..)@......

Server MAC write Secret:

0000: AD 34 13 00 5F 27 F1 21 AA 3B 63 75 76 1A 1A 89 .4.._'.!.;cuv...

0010: 9A CD 4D E3 1B DB 7F 83 65 1A 6A EE 0A 6F 33 86 ..M.....e.j..o3.

Client write key:

0000: E7 8D 41 0F FB 52 FF BF A1 D4 DB E8 BB 25 91 96 ..A..R.......%..

Server write key:

0000: 3E 09 29 43 AF F4 AB 98 2A C3 4D 53 B1 9D 33 5D >.)C....*.MS..3]

... no IV derived for this protocol

main, WRITE: TLSv1.2 Change Cipher Spec, length = 1

[Raw write]: length = 6

0000: 14 03 03 00 01 01 ......

*** Finished

verify_data: { 82, 58, 56, 177, 242, 110, 34, 212, 168, 243, 94, 249 }

***

[write] MD5 and SHA1 hashes: len = 16

0000: 14 00 00 0C 52 3A 38 B1 F2 6E 22 D4 A8 F3 5E F9 ....R:8..n"...^.

Padded plaintext before ENCRYPTION: len = 80

0000: 8C E5 C6 F2 8F A1 37 D2 7B 43 6A 26 FD 9F 23 48 ......7..Cj&..#H

0010: 14 00 00 0C 52 3A 38 B1 F2 6E 22 D4 A8 F3 5E F9 ....R:8..n"...^.

0020: EE EF 79 2B C0 62 2A 7B C9 63 A3 71 41 F3 CE E2 ..y+.b*..c.qA...

0030: C2 6D EA 72 78 3C B5 10 FE BF D1 10 E8 A8 C1 BA .m.rx<..........>

0040: 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F ................

main, WRITE: TLSv1.2 Handshake, length = 80

[Raw write]: length = 85

0000: 16 03 03 00 50 A5 DE 9B 39 37 C5 1F 81 3E E4 00 ....P...97...>..

0010: 18 C8 89 6B F3 46 9B 89 73 4A 64 20 52 0E BD 93 ...k.F..sJd R...

0020: 4D F3 AF D8 6B 90 56 60 4F 9E DE 96 06 EE 05 F3 M...k.V`O.......

0030: 32 CC 7A A6 85 C9 22 72 59 A9 05 B3 D4 A5 A9 E2 2.z..."rY.......

0040: A9 6A B5 51 49 B8 E9 DC CC 56 DB EF DB DB 06 8E .j.QI....V......

0050: 37 BB F4 48 7F 7..H.

[Raw read]: length = 5

0000: 15 03 03 00 02 .....

[Raw read]: length = 2

0000: 02 28 .(

main, READ: TLSv1.2 Alert, length = 2

main, RECV TLSv1.2 ALERT: fatal, handshake_failure

%% Invalidated: [Session-1, TLS_RSA_WITH_AES_128_CBC_SHA256]

main, called closeSocket()

main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

无法弄清楚这是什么,应用程序正在使用java1.6,但是SSLPoke无法通过两种情况