Problème de connexion SSLv3 avec navigateur

Bonjours, ayant essayé de trouver une solution sans grande réussite. Je me tourne vers vos âmes charitables ;)
Je créer une application qui doit ce connecter avec l'aide de certificats dans les deux sens, le problème est que je reçois des erreurs une fois que je lance l'application.
Si quelqu'un d'autre est intéresser par le problème, il est le bienvenue :D


Voici la classe qui initialise le context de ma connexion:

Code:

---

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246

import java.io.FileInputStream; import java.io.IOException; import java.io.InputStream; import java.security.KeyManagementException; import java.security.KeyStore; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; import java.security.Security; import java.security.UnrecoverableKeyException; import java.security.cert.CertificateException;   import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLServerSocket; import javax.net.ssl.SSLServerSocketFactory; import javax.net.ssl.SSLSocket; import javax.net.ssl.TrustManager; import javax.net.ssl.TrustManagerFactory; import java.util.Properties;       public class ConfigConnexion {           ///** Algorihtme de certification. */ //public static final String ALGORITHM = "sunx509";   /** Type du conteneur keystore. */ public static final String KEYSTORE_TYPE = "JKS";   /** Protocole SSL à utiliser. */ public final static String PROTOCOL = "SSLv3";   /**                  *                  * @throws KeyStoreException                  * @throws IOException                  * @throws FileNotFoundException                  */   // Récupérer les infos. final int port; final String keystorePath; final String keystorePass; final String truststorePath; final String truststorePass;   boolean over = true;   // Les objets que l'on va utiliser. Properties data = null; SSLSocket ssls = null; SSLServerSocket sslss = null; SSLServerSocketFactory sslssf = null; KeyManagerFactory kmf = null; TrustManagerFactory tmf = null; KeyStore ks = null; KeyStore ts = null; SSLContext sslc = null; TrustManager[] trustManagers = null; Thread t2 = null;                 public ConfigConnexion(Properties properties) {   this.data = properties;   System.out.println(properties.getProperty("Port", "defaultPort")); this.port = Integer.parseInt(properties.getProperty("Port"));   System.out.println(properties.getProperty("KeystorePath", "defaultPort")); this.keystorePath = (properties.getProperty("KeystorePath"));   System.out.println(properties.getProperty("KeystorePass", "defaultPort")); this.keystorePass = (properties.getProperty("KeystorePass"));   System.out.println(properties.getProperty("TruststorePath", "defaultPort")); this.truststorePath = (properties.getProperty("TruststorePath"));   System.out.println(properties.getProperty("TruststorePass", "defaultPort")); this.truststorePass = (properties.getProperty("TruststorePass")); }     public void initConfigConnexion() throws IOException {   initKeyStore(); initKeyManagerFactory(); initTrustManagerFactory(); initSSLContext(); initServerSocketFactory();       }     public SSLSocket getSsls() { return ssls; }     public void setSsls(SSLSocket ssls) { this.ssls = ssls; }     public SSLServerSocket getSslss() { return sslss; }     public void setSslss(SSLServerSocket sslss) { this.sslss = sslss; }     // Récupérer la keystore et charger le fichier. public void initKeyStore() throws IOException { System.out.print("Récupération du keystore... "); try {   ks = KeyStore.getInstance(KEYSTORE_TYPE); ks.load(new FileInputStream(keystorePath), keystorePass.toCharArray()); } catch (NoSuchAlgorithmException | KeyStoreException | CertificateException e) { // TODO Auto-generated catch block e.printStackTrace(); } System.out.print("OK\n"); }     // Récupérer une instance d'un KeyManagerFactory et l'initialiser. public void initKeyManagerFactory() {   System.out.print("Récupération et configuration du KeyManager..."); try {   this.kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); this.kmf.init(ks, keystorePass.toCharArray());   } catch (UnrecoverableKeyException | KeyStoreException | NoSuchAlgorithmException e2) { // TODO Auto-generated catch block e2.printStackTrace(); } System.out.print(" OK\n");   }   // Récupérer une instance d'un TrustManagerFactory et l'initialiser. public void initTrustManagerFactory() throws IOException {   System.out.print("Récupération et configuration du Trust... ");     try { ts = KeyStore.getInstance("JKS");     // this.getResources().openRawResource(R.raw.mykeystore); InputStream inputStream = new java.io.FileInputStream( truststorePath);   ts.load(inputStream, truststorePass.toCharArray());     tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); //TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(ALGORITHM); //TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("PKIX");   tmf.init(ts);   } catch (KeyStoreException e) { // TODO Auto-generated catch block e.printStackTrace(); } catch (NoSuchAlgorithmException e) { // TODO Auto-generated catch block e.printStackTrace(); } catch (CertificateException e) { // TODO Auto-generated catch block e.printStackTrace(); }     System.out.print("OK\n");   }   // Récupérer une instace d'un SSLContext et l'initialiser. public void initSSLContext() {   System.out.print("Récupération et configuration de SSL ... "); try {   sslc = SSLContext.getInstance(PROTOCOL); sslc.init(kmf.getKeyManagers(), trustManagers, null);   } catch (KeyManagementException | NoSuchAlgorithmException e) { // TODO Auto-generated catch block e.printStackTrace(); } System.out.print("OK\n");   }   // Récupérer une instance d'une fabrique à socket SSL, // puis intancier une socket. public void initServerSocketFactory() {   System.out.print("Récupération et configuration de SSL fac ... ");   sslssf = sslc.getServerSocketFactory();   try { sslss = (SSLServerSocket) sslssf.createServerSocket(port); } catch (IOException e) { // TODO Auto-generated catch block e.printStackTrace(); System.out.println("Le port est déjà utiliser!"); }   sslss.setUseClientMode(false); sslss.setNeedClientAuth(true); sslss.setWantClientAuth(true); Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());   System.out.print("OK\n"); }         }

---

et celle qui reçoit les client:

Code:

---

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80

import java.io.*; import java.util.Properties; import java.util.Timer;   import javax.net.ssl.SSLServerSocket; import javax.net.ssl.SSLSession; import javax.net.ssl.SSLSocket;   public class Accepter_connexion_Socket implements Runnable {   private String Mod_Auth; private Properties properties; private SSLServerSocket sslss = null; private SSLSocket ssls = null; private SSLSession session = null; public Thread t1; //private GUI app; boolean ecoute = true;     public Accepter_connexion_Socket(Properties properties, ConfigConnexion cc) {   this.properties = properties; this.Mod_Auth = (String) properties.get("Mod_Auth"); this.ssls = cc.getSsls(); this.sslss = cc.getSslss(); }   public void run() {   try {   while (ecoute) {   try { initConnexion(); Thread.sleep(4000); } catch (InterruptedException e) { // TODO Auto-generated catch block e.printStackTrace(); }   System.out.println("Un Client veut se connecter\n");   if(this.Mod_Auth.equalsIgnoreCase("Authentification_Login")){ Authentification_Par_Mdp amp = new Authentification_Par_Mdp(ssls, sslss, properties); t1 = new Thread(amp); t1.start(); }   if(this.Mod_Auth.equalsIgnoreCase("Authentification_Certificat")){ t1 = new Thread(new Authentification_Par_Certificat(ssls, sslss,properties)); t1.start();   } ecoute = false;   } } catch (IOException e) {   System.err.println("Vous n'avez pas bien configuré le mode d'Authentification de vôtre fichier config.txt"); }   }   // Attendre la connexion d'un client. public void initConnexion() throws IOException, InterruptedException { System.out.print("Attendre une connexion ... "); this.ssls = (SSLSocket) this.sslss.accept();   session = ssls.getSession();   //Timer sessionTimer = new Timer(); //sessionTimer.schedule(new ExpireSession(sessionTimer, session, // this.app, ssls.getInetAddress()), 5*60*1000); System.out.print("client présent \n");   }   }

---

Une fois lancé, je reçois les erreurs suivantes:

Citation:

---

javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
Erreur d'envoi javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
at sun.security.ssl.SSLSocketImpl.checkEOF(SSLSocketImpl.java:1476)
at sun.security.ssl.AppInputStream.read(AppInputStream.java:92)
at sun.nio.cs.StreamDecoder.readBytes(StreamDecoder.java:283)
at sun.nio.cs.StreamDecoder.implRead(StreamDecoder.java:325)
at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:177)
at java.io.InputStreamReader.read(InputStreamReader.java:184)
at java.io.BufferedReader.fill(BufferedReader.java:154)
at java.io.BufferedReader.readLine(BufferedReader.java:317)
at java.io.BufferedReader.readLine(BufferedReader.java:382)
at Authentification_Par_Certificat.run(Authentification_Par_Certificat.java:44)
at java.lang.Thread.run(Thread.java:724)
Caused by: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:946)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)
at sun.security.ssl.SSLSocketImpl.getSession(SSLSocketImpl.java:2171)
at Accepter_connexion_Socket.initConnexion(Accepter_connexion_Socket.java:71)
at Accepter_connexion_Socket.run(Accepter_connexion_Socket.java:36)
... 1 more
Caused by: java.io.EOFException: SSL peer shut down incorrectly
at sun.security.ssl.InputRecord.read(InputRecord.java:482)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:927)
... 6 more

---

Ca ressemble à un problème de protocole SSLv3 vs TLS.
Si tu active les logs avec l'option -Djavax.net.debug=ssl ça donne quoi ?

J'ignore totalement comment ajouter cette option avec eclipse! :?

Si tu lances ton programme via eclipse, va dans le menu "Run" puis "run configurations".
Ensuite dans l'onglet "Arguments", ajoute la variable de JVM (cf screenshot)

Je l'avais mis sur la zone juste au dessus :roll:
Voila ce que ça m'a généré:

Citation:

---

Récupération du keystore... OK
Récupération et configuration du KeyManager...***
found key for : server
chain [0] = [
[
Version: V1
Subject: CN=127.0.0.1, OU=INFORMATIQUE, O=AFC, L=PARIS, ST=ILE DE FRANCE, C=FR
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

Key: Sun RSA public key, 1024 bits
modulus: 1442229755
public exponent: 65537
Validity: [From: Tue Oct 22 12:11:10 CEST 2013,
To: Thu Oct 15 12:11:10 CEST 2043]
Issuer: EMAILADDRESS=pinformatique.fr, CN=wwformatique.fr, OU=INFORMATIQUE, O=AFC, L=PARIS, ST=ILE DE FRANCE, C=FR
SerialNumber: [ 03]

]
Algorithm: [SHA1withRSA]
Signature:
0000: 69 95 A3 86 BB 76 7E 6C 44 C4 50 99 26 81 D9 C0 i....v.lD.P.&...
0010: 1F AE D2 D4 BC A3 B7 EC 65 E6 A0 DB 5C 49 7F B9 ........e...\I..
0020: A0 27 26 C1 0E FA 5F FA 1C C6 6A 21 64 6A B2 DC .'&..._...j!dj..
0030: 1C FD 0E 4B D4 16 42 4B 62 54 1C CF 98 9F FA E3 ...K..BKbT......
0040: C1 E6 DB 99 82 6B 2C D6 15 DB 66 E4 64 FF D2 D8 .....k,...f.d...
0050: 8F B9 B5 95 A3 D5 F3 DE 11 F7 29 69 FB 73 E5 7F ..........)i.s..
0060: D6 3C E2 2F C6 71 C7 A7 FA 37 EB DB E4 A4 1B DA .<./.q...7......
0070: 08 6C 48 E8 89 2E 00 AB 8C 2B 82 27 3E 41 FA 98 .lH......+.'>A..

]
chain [1] = [
[
Version: V3
Subject: EMAILADDRESS=pmnformatique.fr, CN=wwormatique.fr, OU=INFORMATIQUE, O=AFC, L=PARIS, ST=ILE DE FRANCE, C=FR
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

Key: Sun RSA public key, 1024 bits
modulus: 145442877103150917381365954479685606627025693072557347972854760429110118468945572757617689680743951249667817856613966840197770797461033533885293703507978648655382155354248655829241670721007186609508273301973050175841372224395627268318799398713095336510102241931915763317981284486712811396753297293100495301633
public exponent: 65537
Validity: [From: Tue Oct 22 11:45:10 CEST 2013,
To: Thu Oct 15 11:45:10 CEST 2043]
Issuer: EMAILADDRESS=pmimatique.fr, CN=wwmatique.fr, OU=INFORMATIQUE, O=AFC, L=PARIS, ST=ILE DE FRANCE, C=FR
SerialNumber: [ b910a1e6 a3ae3e18]

Certificate Extensions: 3
[1]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: E4 59 2D 1C 35 F1 C2 3F F7 46 74 0C B4 CE E9 7B .Y-.5..?.Ft.....
0010: A1 DD 2E 1C ....
]
]

[2]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
]

[3]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: E4 59 2D 1C 35 F1 C2 3F F7 46 74 0C B4 CE E9 7B .Y-.5..?.Ft.....
0010: A1 DD 2E 1C ....
]
]

]
Algorithm: [SHA1withRSA]
Signature:
0000: 47 55 E0 4B D1 6F 40 16 E9 F1 2C 3F E7 E2 89 4F GU.K.o@...,?...O
0010: 7E 69 22 A7 45 9A 3B AF 35 CD 08 3F B6 3C 74 5D .i".E.;.5..?.<t]
0020: 3A C7 E7 1B 8C EB 34 45 B7 12 99 84 6C 6F D0 C1 :.....4E....lo..
0030: 1A 10 75 10 1F C5 53 07 5F AC 15 B7 CB FE 83 22 ..u...S._......"
0040: A3 F7 97 63 5B 48 84 79 C8 EB 4C 58 73 02 97 52 ...c[H.y..LXs..R
0050: 26 39 38 73 7B F9 E2 81 30 84 53 2A FD 7C 5C 8A &98s....0.S*..\.
0060: 6B 58 26 52 8D 52 BA 66 3C 37 FF FA E9 44 D4 F5 kX&R.R.f<7...D..
0070: CD 77 1E 77 12 F7 D2 69 A0 E9 FC 40 B4 07 EC BB .w.w...i...@....

]
***
OK
Récupération et configuration du Trust... adding as trusted cert:
Subject: EMAILADDRESS=pmimatique.fr, CN=wwrmatique.fr, OU=INFORMATIQUE, O=AFC, L=PARIS, ST=ILE DE FRANCE, C=FR
Issuer: EMAILADDRESS=prmatique.fr, CN=wwrmatique.fr, OU=INFORMATIQUE, O=AFC, L=PARIS, ST=ILE DE FRANCE, C=FR
Algorithm: RSA; Serial number: 0xb910a1e6a3ae3e18
Valid from Tue Oct 22 11:45:10 CEST 2013 until Thu Oct 15 11:45:10 CEST 2043

adding as trusted cert:
Subject: EMAILADDRESS=fdf@aaaa, CN=127.0.0.1, OU=afc, O=fzrz, L=fzrz, ST=frz, C=FR
Issuer: EMAILADDRESS=p@.fr, CN=wwinformatique.fr, OU=INFORMATIQUE, O=AFC, L=PARIS, ST=ILE DE FRANCE, C=FR
Algorithm: RSA; Serial number: 0x9
Valid from Tue Oct 29 15:35:28 CET 2013 until Thu Oct 22 16:35:28 CEST 2043

OK
Récupération et configuration de SSL ... trigger seeding of SecureRandom
done seeding SecureRandom
OK
Récupération et configuration de SSL fac ... Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
OK
Attendre une connexion ... Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA

---

Une fois que j'essaye de me connecter avec un client:

Citation:

---

Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.1
main, READ: TLSv1.2 Handshake, length = 213
*** ClientHello, TLSv1.2
RandomCookie: GMT: 1382997982 bytes = { 184, 180, 12, 19, 217, 178, 26, 227, 226, 25, 92, 108, 83, 47, 137, 15, 150, 172, 130, 76, 129, 190, 236, 19, 207, 24, 182, 13 }
Session ID: {82, 111, 223, 146, 240, 66, 105, 5, 37, 155, 109, 20, 62, 86, 81, 243, 129, 106, 117, 68, 232, 244, 33, 254, 212, 248, 85, 19, 39, 164, 106, 48}
Cipher Suites: [TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, SSL_RSA_WITH_3DES_EDE_CBC_SHA]
Compression Methods: { 0 }
Extension renegotiation_info, renegotiated_connection: <empty>
Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1}
Extension ec_point_formats, formats: [uncompressed]
Unsupported extension type_35, data:
Unsupported extension type_13172, data:
Unsupported extension type_16, data: 00:20:06:73:70:64:79:2f:32:06:73:70:64:79:2f:33:08:73:70:64:79:2f:33:2e:31:08:68:74:74:70:2f:31:2e:31
Unsupported extension type_30031, data:
Unsupported extension status_request, data: 01:00:00:00:00
Extension signature_algorithms, signature_algorithms: SHA256withRSA, SHA384withRSA, SHA1withRSA, SHA256withECDSA, SHA384withECDSA, SHA1withECDSA, Unknown (hash:0x4, signature:0x2), SHA1withDSA
***
%% Initialized: [Session-1, SSL_NULL_WITH_NULL_NULL]
matching alias: server
%% Negotiating: [Session-1, TLS_ECDHE_RSA_WITH_RC4_128_SHA]
*** ServerHello, TLSv1.2
RandomCookie: GMT: 1382997982 bytes = { 184, 161, 219, 233, 96, 172, 219, 122, 247, 221, 127, 8, 10, 68, 223, 185, 145, 146, 245, 238, 226, 204, 93, 213, 165, 109, 60, 164 }
Session ID: {82, 111, 224, 222, 116, 213, 131, 115, 53, 52, 42, 179, 30, 46, 118, 255, 100, 179, 55, 50, 144, 80, 43, 161, 85, 95, 63, 155, 208, 125, 104, 65}
Cipher Suite: TLS_ECDHE_RSA_WITH_RC4_128_SHA
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
***
Cipher suite: TLS_ECDHE_RSA_WITH_RC4_128_SHA
*** Certificate chain
chain [0] = [
[
Version: V1
Subject: CN=127.0.0.1, OU=INFORMATIQUE, O=FC, L=PARIS, ST=ILE DE FRANCE, C=FR
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

Key: Sun RSA public key, 1024 bits
modulus: 144222975510803978287492475670552160513903572799235601729449393127861447216510057680274344092250098371921241885109997966917292759129030308001883299528522550838750785478596629675167953690876861987892576421577789495450679894386188640124394524940818575041574060969782499791227370701974814303871172756822403452051
public exponent: 65537
Validity: [From: Tue Oct 22 12:11:10 CEST 2013,
To: Thu Oct 15 12:11:10 CEST 2043]
Issuer: EMAILADDRESS=pinformatique.fr, CN=wwrmatique.fr, OU=INFORMATIQUE, O=AFC, L=PARIS, ST=ILE DE FRANCE, C=FR
SerialNumber: [ 03]

]
Algorithm: [SHA1withRSA]
Signature:
0000: 69 95 A3 86 BB 76 7E 6C 44 C4 50 99 26 81 D9 C0 i....v.lD.P.&...
0010: 1F AE D2 D4 BC A3 B7 EC 65 E6 A0 DB 5C 49 7F B9 ........e...\I..
0020: A0 27 26 C1 0E FA 5F FA 1C C6 6A 21 64 6A B2 DC .'&..._...j!dj..
0030: 1C FD 0E 4B D4 16 42 4B 62 54 1C CF 98 9F FA E3 ...K..BKbT......
0040: C1 E6 DB 99 82 6B 2C D6 15 DB 66 E4 64 FF D2 D8 .....k,...f.d...
0050: 8F B9 B5 95 A3 D5 F3 DE 11 F7 29 69 FB 73 E5 7F ..........)i.s..
0060: D6 3C E2 2F C6 71 C7 A7 FA 37 EB DB E4 A4 1B DA .<./.q...7......
0070: 08 6C 48 E8 89 2E 00 AB 8C 2B 82 27 3E 41 FA 98 .lH......+.'>A..

]
chain [1] = [
[
Version: V3
Subject: EMAILADDRESS=pinformatique.fr, CN=wwwormatique.fr, OU=INFORMATIQUE, O=FC, L=PARIS, ST=ILE DE FRANCE, C=FR
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

Key: Sun RSA public key, 1024 bits
modulus: 145442877103150917381365954479685606627025693072557347972854760429110118468945572757617689680743951249667817856613966840197770797461033533885293703507978648655382155354248655829241670721007186609508273301973050175841372224395627268318799398713095336510102241931915763317981284486712811396753297293100495301633
public exponent: 65537
Validity: [From: Tue Oct 22 11:45:10 CEST 2013,
To: Thu Oct 15 11:45:10 CEST 2043]
Issuer: EMAILADDRESS=pnformatique.fr, CN=wrmatique.fr, OU=INFORMATIQUE, O=FC, L=PARIS, ST=ILE DE FRANCE, C=FR
SerialNumber: [ b910a1e6 a3ae3e18]

Certificate Extensions: 3
[1]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: E4 59 2D 1C 35 F1 C2 3F F7 46 74 0C B4 CE E9 7B .Y-.5..?.Ft.....
0010: A1 DD 2E 1C ....
]
]

[2]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
]

[3]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: E4 59 2D 1C 35 F1 C2 3F F7 46 74 0C B4 CE E9 7B .Y-.5..?.Ft.....
0010: A1 DD 2E 1C ....
]
]

]
Algorithm: [SHA1withRSA]
Signature:
0000: 47 55 E0 4B D1 6F 40 16 E9 F1 2C 3F E7 E2 89 4F GU.K.o@...,?...O
0010: 7E 69 22 A7 45 9A 3B AF 35 CD 08 3F B6 3C 74 5D .i".E.;.5..?.<t]
0020: 3A C7 E7 1B 8C EB 34 45 B7 12 99 84 6C 6F D0 C1 :.....4E....lo..
0030: 1A 10 75 10 1F C5 53 07 5F AC 15 B7 CB FE 83 22 ..u...S._......"
0040: A3 F7 97 63 5B 48 84 79 C8 EB 4C 58 73 02 97 52 ...c[H.y..LXs..R
0050: 26 39 38 73 7B F9 E2 81 30 84 53 2A FD 7C 5C 8A &98s....0.S*..\.
0060: 6B 58 26 52 8D 52 BA 66 3C 37 FF FA E9 44 D4 F5 kX&R.R.f<7...D..
0070: CD 77 1E 77 12 F7 D2 69 A0 E9 FC 40 B4 07 EC BB .w.w...i...@....

]
***
*** ECDH ServerKeyExchange
Signature Algorithm SHA256withRSA
Server key: Sun EC public key, 256 bits
public x coord: 75328610743352812010256842397906153800080284379670777999529127079341079041186
public y coord: 15585864712706099516253749189783848222367848609247289950469884807325777715261
parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7)
*** CertificateRequest
Cert Types: RSA, DSS, ECDSA
Supported Signature Algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA, MD5withRSA
Cert Authorities:
<EMAILADDRESS=pmillanvois@afc-informatique.fr, CN=www.afc-informatique.fr, OU=INFORMATIQUE, O=AFC, L=PARIS, ST=ILE DE FRANCE, C=FR>
<EMAILADDRESS=fdf@aaaa, CN=127.0.0.1, OU=afc, O=fzrz, L=fzrz, ST=frz, C=FR>
*** ServerHelloDone
main, WRITE: TLSv1.2 Handshake, length = 2102
main, received EOFException: error
main, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
%% Invalidated: [Session-1, TLS_ECDHE_RSA_WITH_RC4_128_SHA]
main, SEND TLSv1.2 ALERT: fatal, description = handshake_failure
main, WRITE: TLSv1.2 Alert, length = 2
main, called closeSocket()
main, IOException in getSession(): javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
client présent
SSL_NULL_WITH_NULL_NULL
null
-1
[Ljava.lang.String;@389405
Un Client veut se connecter

Attendre une connexion ... Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.1
main, READ: TLSv1.2 Handshake, length = 213
*** ClientHello, TLSv1.2
RandomCookie: GMT: 1382997982 bytes = { 136, 168, 207, 182, 68, 218, 126, 121, 147, 178, 198, 65, 78, 45, 89, 46, 178, 43, 201, 155, 140, 235, 191, 233, 222, 205, 149, 203 }
Session ID: {82, 111, 223, 146, 240, 66, 105, 5, 37, 155, 109, 20, 62, 86, 81, 243, 129, 106, 117, 68, 232, 244, 33, 254, 212, 248, 85, 19, 39, 164, 106, 48}
Cipher Suites: [TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, SSL_RSA_WITH_3DES_EDE_CBC_SHA]
Compression Methods: { 0 }
Extension renegotiation_info, renegotiated_connection: <empty>
Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1}
Extension ec_point_formats, formats: [uncompressed]
Unsupported extension type_35, data:
Unsupported extension type_13172, data:
Unsupported extension type_16, data: 00:20:06:73:70:64:79:2f:32:06:73:70:64:79:2f:33:08:73:70:64:79:2f:33:2e:31:08:68:74:74:70:2f:31:2e:31
Unsupported extension type_30031, data:
Unsupported extension status_request, data: 01:00:00:00:00
Extension signature_algorithms, signature_algorithms: SHA256withRSA, SHA384withRSA, SHA1withRSA, SHA256withECDSA, SHA384withECDSA, SHA1withECDSA, Unknown (hash:0x4, signature:0x2), SHA1withDSA
***
%% Initialized: [Session-2, SSL_NULL_WITH_NULL_NULL]
%% Negotiating: [Session-2, TLS_ECDHE_RSA_WITH_RC4_128_SHA]
*** ServerHello, TLSv1.2
RandomCookie: GMT: 1382997984 bytes = { 183, 90, 210, 65, 65, 145, 238, 109, 232, 160, 245, 179, 255, 185, 136, 144, 33, 15, 37, 157, 199, 128, 130, 177, 209, 123, 170, 248 }
Session ID: {82, 111, 224, 224, 8, 4, 151, 24, 248, 142, 186, 170, 145, 149, 2, 131, 39, 182, 33, 178, 1, 186, 82, 188, 158, 119, 11, 236, 30, 210, 52, 228}
Cipher Suite: TLS_ECDHE_RSA_WITH_RC4_128_SHA
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
***
Cipher suite: TLS_ECDHE_RSA_WITH_RC4_128_SHA
*** Certificate chain
chain [0] = [
[
Version: V1
Subject: CN=127.0.0.1, OU=INFORMATIQUE, O=FC, L=PARIS, ST=ILE DE FRANCE, C=FR
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

Key: Sun RSA public key, 1024 bits
modulus: 144222975510803978287492475670552160513903572799235601729449393127861447216510057680274344092250098371921241885109997966917292759129030308001883299528522550838750785478596629675167953690876861987892576421577789495450679894386188640124394524940818575041574060969782499791227370701974814303871172756822403452051
public exponent: 65537
Validity: [From: Tue Oct 22 12:11:10 CEST 2013,
To: Thu Oct 15 12:11:10 CEST 2043]
Issuer: EMAILADDRESS=pinformatique.fr, CN=wwformatique.fr, OU=INFORMATIQUE, O=FC, L=PARIS, ST=ILE DE FRANCE, C=FR
SerialNumber: [ 03]

]
Algorithm: [SHA1withRSA]
Signature:
0000: 69 95 A3 86 BB 76 7E 6C 44 C4 50 99 26 81 D9 C0 i....v.lD.P.&...
0010: 1F AE D2 D4 BC A3 B7 EC 65 E6 A0 DB 5C 49 7F B9 ........e...\I..
0020: A0 27 26 C1 0E FA 5F FA 1C C6 6A 21 64 6A B2 DC .'&..._...j!dj..
0030: 1C FD 0E 4B D4 16 42 4B 62 54 1C CF 98 9F FA E3 ...K..BKbT......
0040: C1 E6 DB 99 82 6B 2C D6 15 DB 66 E4 64 FF D2 D8 .....k,...f.d...
0050: 8F B9 B5 95 A3 D5 F3 DE 11 F7 29 69 FB 73 E5 7F ..........)i.s..
0060: D6 3C E2 2F C6 71 C7 A7 FA 37 EB DB E4 A4 1B DA .<./.q...7......
0070: 08 6C 48 E8 89 2E 00 AB 8C 2B 82 27 3E 41 FA 98 .lH......+.'>A..

]
chain [1] = [
[
Version: V3
Subject: EMAILADDRESS=pnformatique.fr, CN=wwormatique.fr, OU=INFORMATIQUE, O=FC, L=PARIS, ST=ILE DE FRANCE, C=FR
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

Key: Sun RSA public key, 1024 bits
modulus: 145442877103150917381365954479685606627025693072557347972854760429110118468945572757617689680743951249667817856613966840197770797461033533885293703507978648655382155354248655829241670721007186609508273301973050175841372224395627268318799398713095336510102241931915763317981284486712811396753297293100495301633
public exponent: 65537
Validity: [From: Tue Oct 22 11:45:10 CEST 2013,
To: Thu Oct 15 11:45:10 CEST 2043]
Issuer: EMAILADDRESS=pnformatique.fr, CN=wwormatique.fr, OU=INFORMATIQUE, O=FC, L=PARIS, ST=ILE DE FRANCE, C=FR
SerialNumber: [ b910a1e6 a3ae3e18]

Certificate Extensions: 3
[1]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: E4 59 2D 1C 35 F1 C2 3F F7 46 74 0C B4 CE E9 7B .Y-.5..?.Ft.....
0010: A1 DD 2E 1C ....
]
]

[2]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
]

[3]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: E4 59 2D 1C 35 F1 C2 3F F7 46 74 0C B4 CE E9 7B .Y-.5..?.Ft.....
0010: A1 DD 2E 1C ....
]
]

]
Algorithm: [SHA1withRSA]
Signature:
0000: 47 55 E0 4B D1 6F 40 16 E9 F1 2C 3F E7 E2 89 4F GU.K.o@...,?...O
0010: 7E 69 22 A7 45 9A 3B AF 35 CD 08 3F B6 3C 74 5D .i".E.;.5..?.<t]
0020: 3A C7 E7 1B 8C EB 34 45 B7 12 99 84 6C 6F D0 C1 :.....4E....lo..
0030: 1A 10 75 10 1F C5 53 07 5F AC 15 B7 CB FE 83 22 ..u...S._......"
0040: A3 F7 97 63 5B 48 84 79 C8 EB 4C 58 73 02 97 52 ...c[H.y..LXs..R
0050: 26 39 38 73 7B F9 E2 81 30 84 53 2A FD 7C 5C 8A &98s....0.S*..\.
0060: 6B 58 26 52 8D 52 BA 66 3C 37 FF FA E9 44 D4 F5 kX&R.R.f<7...D..
0070: CD 77 1E 77 12 F7 D2 69 A0 E9 FC 40 B4 07 EC BB .w.w...i...@....

]
***
*** ECDH ServerKeyExchange
Signature Algorithm SHA256withRSA
Server key: Sun EC public key, 256 bits
public x coord: 107653867587829413193598653297029651182947774099859301750088670013020261623685
public y coord: 47928076545709207145790819268253076565910594250971735831653012103771043413260
parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7)
*** CertificateRequest
Cert Types: RSA, DSS, ECDSA
Supported Signature Algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA, MD5withRSA
Cert Authorities:
<EMAILADDRESS=pmillanvois@afc-informatique.fr, CN=www.afc-informatique.fr, OU=INFORMATIQUE, O=AFC, L=PARIS, ST=ILE DE FRANCE, C=FR>
<EMAILADDRESS=fdf@aaaa, CN=127.0.0.1, OU=afc, O=fzrz, L=fzrz, ST=frz, C=FR>
*** ServerHelloDone
main, WRITE: TLSv1.2 Handshake, length = 2102
main, received EOFException: error
main, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
%% Invalidated: [Session-2, TLS_ECDHE_RSA_WITH_RC4_128_SHA]
main, SEND TLSv1.2 ALERT: fatal, description = handshake_failure
main, WRITE: TLSv1.2 Alert, length = 2
main, called closeSocket()
main, IOException in getSession(): javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
client présent
SSL_NULL_WITH_NULL_NULL
null
-1
[Ljava.lang.String;@de6570
Un Client veut se connecter

début de la réception ... javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshakeErreur d'envoi javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
Thread-0, called close()
Thread-0, called closeInternal(true)

at sun.security.ssl.SSLSocketImpl.checkEOF(SSLSocketImpl.java:1476)
at sun.security.ssl.AppInputStream.read(AppInputStream.java:92)
at sun.nio.cs.StreamDecoder.readBytes(StreamDecoder.java:283)
at sun.nio.cs.StreamDecoder.implRead(StreamDecoder.java:325)
at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:177)
at java.io.InputStreamReader.read(InputStreamReader.java:184)
at java.io.BufferedReader.fill(BufferedReader.java:154)
at java.io.BufferedReader.readLine(BufferedReader.java:317)
at java.io.BufferedReader.readLine(BufferedReader.java:382)
at Authentification_Par_Certificat.run(Authentification_Par_Certificat.java:44)
at java.lang.Thread.run(Thread.java:724)
Caused by: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:946)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)
at sun.security.ssl.SSLSocketImpl.getSession(SSLSocketImpl.java:2171)
at Accepter_connexion_Socket.initConnexion(Accepter_connexion_Socket.java:74)
at Accepter_connexion_Socket.start(Accepter_connexion_Socket.java:35)
at Serveur.main(Serveur.java:27)
Caused by: java.io.EOFException: SSL peer shut down incorrectly
at sun.security.ssl.InputRecord.read(InputRecord.java:482)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:927)
... 6 more
Attendre une connexion ... Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.1
main, READ: TLSv1 Handshake, length = 181
*** ClientHello, TLSv1.2
RandomCookie: GMT: 1382997984 bytes = { 71, 142, 131, 247, 79, 200, 247, 38, 140, 90, 233, 114, 86, 155, 72, 39, 152, 98, 224, 242, 154, 139, 190, 208, 151, 85, 50, 118 }
Session ID: {}
Cipher Suites: [TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, SSL_RSA_WITH_3DES_EDE_CBC_SHA]
Compression Methods: { 0 }
Extension renegotiation_info, renegotiated_connection: <empty>
Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1}
Extension ec_point_formats, formats: [uncompressed]
Unsupported extension type_35, data:
Unsupported extension type_13172, data:
Unsupported extension type_16, data: 00:20:06:73:70:64:79:2f:32:06:73:70:64:79:2f:33:08:73:70:64:79:2f:33:2e:31:08:68:74:74:70:2f:31:2e:31
Unsupported extension type_30031, data:
Unsupported extension status_request, data: 01:00:00:00:00
Extension signature_algorithms, signature_algorithms: SHA256withRSA, SHA384withRSA, SHA1withRSA, SHA256withECDSA, SHA384withECDSA, SHA1withECDSA, Unknown (hash:0x4, signature:0x2), SHA1withDSA
***
%% Initialized: [Session-3, SSL_NULL_WITH_NULL_NULL]
%% Negotiating: [Session-3, TLS_ECDHE_RSA_WITH_RC4_128_SHA]
*** ServerHello, TLSv1.2
RandomCookie: GMT: 1382997986 bytes = { 147, 170, 143, 41, 171, 236, 166, 40, 60, 193, 103, 29, 124, 197, 254, 173, 116, 13, 112, 95, 138, 118, 162, 153, 180, 47, 255, 107 }
Session ID: {82, 111, 224, 226, 159, 106, 2, 133, 120, 62, 233, 177, 129, 130, 140, 115, 98, 69, 130, 101, 139, 227, 250, 183, 206, 199, 43, 99, 174, 209, 101, 136}
Cipher Suite: TLS_ECDHE_RSA_WITH_RC4_128_SHA
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
***
Cipher suite: TLS_ECDHE_RSA_WITH_RC4_128_SHA
*** Certificate chain
chain [0] = [
[
Version: V1
Subject: CN=127.0.0.1, OU=INFORMATIQUE, O=AFC, L=PARIS, ST=ILE DE FRANCE, C=FR
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

Key: Sun RSA public key, 1024 bits
modulus: 144222975510803978287492475670552160513903572799235601729449393127861447216510057680274344092250098371921241885109997966917292759129030308001883299528522550838750785478596629675167953690876861987892576421577789495450679894386188640124394524940818575041574060969782499791227370701974814303871172756822403452051
public exponent: 65537
Validity: [From: Tue Oct 22 12:11:10 CEST 2013,
To: Thu Oct 15 12:11:10 CEST 2043]
Issuer: EMAILADDRESS=pnformatique.fr, CN=wwformatique.fr, OU=INFORMATIQUE, O=FC, L=PARIS, ST=ILE DE FRANCE, C=FR
SerialNumber: [ 03]

]
Algorithm: [SHA1withRSA]
Signature:
0000: 69 95 A3 86 BB 76 7E 6C 44 C4 50 99 26 81 D9 C0 i....v.lD.P.&...
0010: 1F AE D2 D4 BC A3 B7 EC 65 E6 A0 DB 5C 49 7F B9 ........e...\I..
0020: A0 27 26 C1 0E FA 5F FA 1C C6 6A 21 64 6A B2 DC .'&..._...j!dj..
0030: 1C FD 0E 4B D4 16 42 4B 62 54 1C CF 98 9F FA E3 ...K..BKbT......
0040: C1 E6 DB 99 82 6B 2C D6 15 DB 66 E4 64 FF D2 D8 .....k,...f.d...
0050: 8F B9 B5 95 A3 D5 F3 DE 11 F7 29 69 FB 73 E5 7F ..........)i.s..
0060: D6 3C E2 2F C6 71 C7 A7 FA 37 EB DB E4 A4 1B DA .<./.q...7......
0070: 08 6C 48 E8 89 2E 00 AB 8C 2B 82 27 3E 41 FA 98 .lH......+.'>A..

]
chain [1] = [
[
Version: V3
Subject: EMAILADDRESS=pnformatique.fr, CN=wwmatique.fr, OU=INFORMATIQUE, O=FC, L=PARIS, ST=ILE DE FRANCE, C=FR
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

Key: Sun RSA public key, 1024 bits
modulus: 145442877103150917381365954479685606627025693072557347972854760429110118468945572757617689680743951249667817856613966840197770797461033533885293703507978648655382155354248655829241670721007186609508273301973050175841372224395627268318799398713095336510102241931915763317981284486712811396753297293100495301633
public exponent: 65537
Validity: [From: Tue Oct 22 11:45:10 CEST 2013,
To: Thu Oct 15 11:45:10 CEST 2043]
Issuer: EMAILADDRESS=pinformatique.fr, CN=wwformatique.fr, OU=INFORMATIQUE, O=FC, L=PARIS, ST=ILE DE FRANCE, C=FR
SerialNumber: [ b910a1e6 a3ae3e18]

Certificate Extensions: 3
[1]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: E4 59 2D 1C 35 F1 C2 3F F7 46 74 0C B4 CE E9 7B .Y-.5..?.Ft.....
0010: A1 DD 2E 1C ....
]
]

[2]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
]

[3]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: E4 59 2D 1C 35 F1 C2 3F F7 46 74 0C B4 CE E9 7B .Y-.5..?.Ft.....
0010: A1 DD 2E 1C ....
]
]

]
Algorithm: [SHA1withRSA]
Signature:
0000: 47 55 E0 4B D1 6F 40 16 E9 F1 2C 3F E7 E2 89 4F GU.K.o@...,?...O
0010: 7E 69 22 A7 45 9A 3B AF 35 CD 08 3F B6 3C 74 5D .i".E.;.5..?.<t]
0020: 3A C7 E7 1B 8C EB 34 45 B7 12 99 84 6C 6F D0 C1 :.....4E....lo..
0030: 1A 10 75 10 1F C5 53 07 5F AC 15 B7 CB FE 83 22 ..u...S._......"
0040: A3 F7 97 63 5B 48 84 79 C8 EB 4C 58 73 02 97 52 ...c[H.y..LXs..R
0050: 26 39 38 73 7B F9 E2 81 30 84 53 2A FD 7C 5C 8A &98s....0.S*..\.
0060: 6B 58 26 52 8D 52 BA 66 3C 37 FF FA E9 44 D4 F5 kX&R.R.f<7...D..
0070: CD 77 1E 77 12 F7 D2 69 A0 E9 FC 40 B4 07 EC BB .w.w...i...@....

]
***
*** ECDH ServerKeyExchange
Signature Algorithm SHA256withRSA
Server key: Sun EC public key, 256 bits
public x coord: 108001662559194153984375351070038067171882469537539114496283876744158537951137
public y coord: 9087066975903864110819816169681475837305256896016378046259580870876871224437
parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7)
*** CertificateRequest
Cert Types: RSA, DSS, ECDSA
Supported Signature Algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA, MD5withRSA
Cert Authorities:
<EMAILADDRESS=pnformatique.fr, CN=wwwormatique.fr, OU=INFORMATIQUE, O=FC, L=PARIS, ST=ILE DE FRANCE, C=FR>
<EMAILADDRESS=fdf@aaaa, CN=127.0.0.1, OU=afc, O=fzrz, L=fzrz, ST=frz, C=FR>
*** ServerHelloDone
main, WRITE: TLSv1.2 Handshake, length = 2102
main, READ: TLSv1.2 Handshake, length = 876
*** Certificate chain
chain [0] = [
[
Version: V1
Subject: EMAILADDRESS=fdf@aaaa, CN=127.0.0.1, OU=afc, O=fzrz, L=fzrz, ST=frz, C=FR
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

Key: Sun RSA public key, 1024 bits
modulus: 143414412114721896330749843841876478642414085169077374819498747050897631292707034114374383727932128072736823347197396435134381568737550428822952493455616306215585653867224793630349451562236926123643246561997394772073496184595282382973639759586952737057428607691920014990037874909972401254171133390344300908791
public exponent: 65537
Validity: [From: Tue Oct 29 15:35:28 CET 2013,
To: Thu Oct 22 16:35:28 CEST 2043]
Issuer: EMAILADDRESS=pinformatique.fr, CN=wwnformatique.fr, OU=INFORMATIQUE, O=FC, L=PARIS, ST=ILE DE FRANCE, C=FR
SerialNumber: [ 09]

]
Algorithm: [SHA1withRSA]
Signature:
0000: 6E 09 48 5E 1D DE CD 7F EA 3D 38 CB 8A C8 93 F0 n.H^.....=8.....
0010: 2E 2E D4 F9 51 82 97 F7 27 FF 90 49 CE 92 9A 55 ....Q...'..I...U
0020: BD 08 57 84 ED 31 72 13 05 BD F6 CE 96 FF BD D8 ..W..1r.........
0030: DE 98 14 2C 9F 7D ED 05 9D 0F 29 A3 1E 5E EC 7B ...,......)..^..
0040: 95 7D 5F E4 7A 95 74 B7 AA 7B 65 95 2E D8 5D 38 .._.z.t...e...]8
0050: D1 D1 46 5C 39 23 3C B7 E5 B8 46 C6 9A A2 C4 B9 ..F\9#<...F.....
0060: 2A 89 92 02 E1 82 49 80 DA 1D 87 63 66 B4 DA 9E *.....I....cf...
0070: CD 75 2D 86 87 DE 27 8E 40 16 67 1A F3 2E 28 52 .u-...'.@.g...(R

]
***
Found trusted certificate:
[
[
Version: V1
Subject: EMAILADDRESS=fdf@aaaa, CN=127.0.0.1, OU=afc, O=fzrz, L=fzrz, ST=frz, C=FR
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

Key: Sun RSA public key, 1024 bits
modulus: 143414412114721896330749843841876478642414085169077374819498747050897631292707034114374383727932128072736823347197396435134381568737550428822952493455616306215585653867224793630349451562236926123643246561997394772073496184595282382973639759586952737057428607691920014990037874909972401254171133390344300908791
public exponent: 65537
Validity: [From: Tue Oct 29 15:35:28 CET 2013,
To: Thu Oct 22 16:35:28 CEST 2043]
Issuer: EMAILADDRESS=pinformatique.fr, CN=wwwnformatique.fr, OU=INFORMATIQUE, O=FC, L=PARIS, ST=ILE DE FRANCE, C=FR
SerialNumber: [ 09]

]
Algorithm: [SHA1withRSA]
Signature:
0000: 6E 09 48 5E 1D DE CD 7F EA 3D 38 CB 8A C8 93 F0 n.H^.....=8.....
0010: 2E 2E D4 F9 51 82 97 F7 27 FF 90 49 CE 92 9A 55 ....Q...'..I...U
0020: BD 08 57 84 ED 31 72 13 05 BD F6 CE 96 FF BD D8 ..W..1r.........
0030: DE 98 14 2C 9F 7D ED 05 9D 0F 29 A3 1E 5E EC 7B ...,......)..^..
0040: 95 7D 5F E4 7A 95 74 B7 AA 7B 65 95 2E D8 5D 38 .._.z.t...e...]8
0050: D1 D1 46 5C 39 23 3C B7 E5 B8 46 C6 9A A2 C4 B9 ..F\9#<...F.....
0060: 2A 89 92 02 E1 82 49 80 DA 1D 87 63 66 B4 DA 9E *.....I....cf...
0070: CD 75 2D 86 87 DE 27 8E 40 16 67 1A F3 2E 28 52 .u-...'.@.g...(R

]
*** ECDHClientKeyExchange
ECDH Public value: { 4, 100, 31, 24, 237, 21, 253, 114, 122, 91, 55, 245, 9, 108, 67, 109, 17, 83, 27, 137, 241, 46, 21, 169, 95, 61, 91, 124, 186, 80, 107, 205, 218, 230, 229, 103, 248, 39, 199, 107, 177, 104, 36, 190, 111, 86, 78, 99, 35, 36, 28, 67, 227, 120, 165, 77, 49, 235, 5, 204, 59, 227, 118, 221, 125 }
SESSION KEYGEN:
PreMaster Secret:
0000: 90 A9 2E 1D 6A E8 E4 D4 96 68 D7 C6 AB 39 DC 73 ....j....h...9.s
0010: 72 C3 83 3B B3 D5 B4 C4 26 28 62 B7 EC 96 DC 20 r..;....&(b....
CONNECTION KEYGEN:
Client Nonce:
0000: 52 6F E0 E0 47 8E 83 F7 4F C8 F7 26 8C 5A E9 72 Ro..G...O..&.Z.r
0010: 56 9B 48 27 98 62 E0 F2 9A 8B BE D0 97 55 32 76 V.H'.b.......U2v
Server Nonce:
0000: 52 6F E0 E2 93 AA 8F 29 AB EC A6 28 3C C1 67 1D Ro.....)...(<.g.
0010: 7C C5 FE AD 74 0D 70 5F 8A 76 A2 99 B4 2F FF 6B ....t.p_.v.../.k
Master Secret:
0000: 2C 81 B0 99 95 1B F2 DF 53 75 62 A9 9F 64 C3 A0 ,.......Sub..d..
0010: 4F 1C B5 9E 52 F8 4A 43 E8 E5 B5 F5 9D 07 B5 BF O...R.JC........
0020: DD 86 CC DB 7E B9 56 99 D2 E2 C9 19 77 6E EC 8A ......V.....wn..
Client MAC write Secret:
0000: 81 1C CF D9 72 8F 46 4A D7 AB A6 DD EB 17 86 A8 ....r.FJ........
0010: 72 9F EB 9E r...
Server MAC write Secret:
0000: D1 29 A0 7E 19 1C 42 0B BB A4 1C 35 1E 89 B7 FA .)....B....5....
0010: B7 43 8E 07 .C..
Client write key:
0000: 23 B8 21 54 22 1D B4 0F 1F 6D 3F 0B 95 17 AB 1C #.!T"....m?.....
Server write key:
0000: B0 A4 32 CA 4B 9C F3 DA 59 F7 79 F9 16 18 3A 1C ..2.K...Y.y...:.
... no IV derived for this protocol
*** CertificateVerify
Signature Algorithm SHA1withRSA
main, READ: TLSv1.2 Change Cipher Spec, length = 1
Finalizer, called close()
Finalizer, called closeInternal(true)
main, READ: TLSv1.2 Handshake, length = 36
*** Finished
verify_data: { 168, 73, 41, 67, 61, 103, 17, 29, 123, 144, 222, 212 }
***
main, WRITE: TLSv1.2 Change Cipher Spec, length = 1
*** Finished
verify_data: { 43, 152, 106, 146, 220, 237, 88, 36, 157, 157, 123, 24 }
***
main, WRITE: TLSv1.2 Handshake, length = 36
%% Cached server session: [Session-3, TLS_ECDHE_RSA_WITH_RC4_128_SHA]
client présent
TLS_ECDHE_RSA_WITH_RC4_128_SHA
127.0.0.1
3563
[Ljava.lang.String;@be9340
Un Client veut se connecter

début de la réception ... javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
Erreur d'envoi javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
Thread-1, called close()
Thread-1, called closeInternal(true)
at sun.security.ssl.SSLSocketImpl.checkEOF(SSLSocketImpl.java:1476)
at sun.security.ssl.AppInputStream.read(AppInputStream.java:92)
at sun.nio.cs.StreamDecoder.readBytes(StreamDecoder.java:283)
at sun.nio.cs.StreamDecoder.implRead(StreamDecoder.java:325)
at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:177)
at java.io.InputStreamReader.read(InputStreamReader.java:184)
at java.io.BufferedReader.fill(BufferedReader.java:154)
at java.io.BufferedReader.readLine(BufferedReader.java:317)
at java.io.BufferedReader.readLine(BufferedReader.java:382)
at Authentification_Par_Certificat.run(Authentification_Par_Certificat.java:44)
at java.lang.Thread.run(Thread.java:724)
Caused by: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:946)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)
at sun.security.ssl.SSLSocketImpl.getSession(SSLSocketImpl.java:2171)
at Accepter_connexion_Socket.initConnexion(Accepter_connexion_Socket.java:74)
at Accepter_connexion_Socket.start(Accepter_connexion_Socket.java:35)
at Serveur.main(Serveur.java:27)
Caused by: java.io.EOFException: SSL peer shut down incorrectly
at sun.security.ssl.InputRecord.read(InputRecord.java:482)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:927)
... 6 more
Attendre une connexion ... Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
début de la réception ... Thread-2, READ: TLSv1.2 Application Data, length = 400
Client : Host: 127.0.0.1:8888
Client : Cache-Control: max-age=0
Client : User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.101 Safari/537.36
Client : Accept-Language: fr-FR,fr;q=0.8,en-US;q=0.6,en;q=0.4
Thread-2, WRITE: TLSv1.2 Application Data, length = 37
Thread-2, WRITE: TLSv1.2 Application Data, length = 22


Salutation envoyé


Thread-2, called close()
Thread-2, called closeInternal(true)
Thread-2, SEND TLSv1.2 ALERT: warning, description = close_notify
Thread-2, WRITE: TLSv1.2 Alert, length = 22
Thread-2, called closeSocket(selfInitiated)
Connexion fermé
Thread-2, called close()
Thread-2, called closeInternal(true)
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.1
main, READ: TLSv1.2 Handshake, length = 213
*** ClientHello, TLSv1.2
RandomCookie: GMT: 1382997990 bytes = { 128, 138, 242, 222, 233, 128, 62, 75, 171, 135, 224, 227, 16, 36, 213, 107, 103, 62, 62, 23, 150, 230, 143, 237, 82, 102, 229, 125 }
Session ID: {82, 111, 224, 226, 159, 106, 2, 133, 120, 62, 233, 177, 129, 130, 140, 115, 98, 69, 130, 101, 139, 227, 250, 183, 206, 199, 43, 99, 174, 209, 101, 136}
Cipher Suites: [TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, SSL_RSA_WITH_3DES_EDE_CBC_SHA]
Compression Methods: { 0 }
Extension renegotiation_info, renegotiated_connection: <empty>
Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1}
Extension ec_point_formats, formats: [uncompressed]
Unsupported extension type_35, data:
Unsupported extension type_13172, data:
Unsupported extension type_16, data: 00:20:06:73:70:64:79:2f:32:06:73:70:64:79:2f:33:08:73:70:64:79:2f:33:2e:31:08:68:74:74:70:2f:31:2e:31
Unsupported extension type_30031, data:
Unsupported extension status_request, data: 01:00:00:00:00
Extension signature_algorithms, signature_algorithms: SHA256withRSA, SHA384withRSA, SHA1withRSA, SHA256withECDSA, SHA384withECDSA, SHA1withECDSA, Unknown (hash:0x4, signature:0x2), SHA1withDSA
***
%% Resuming [Session-3, TLS_ECDHE_RSA_WITH_RC4_128_SHA]
*** ServerHello, TLSv1.2
RandomCookie: GMT: 1382997990 bytes = { 33, 34, 255, 165, 206, 81, 244, 45, 165, 109, 224, 8, 13, 109, 114, 123, 11, 9, 66, 99, 124, 204, 31, 151, 10, 222, 100, 35 }
Session ID: {82, 111, 224, 226, 159, 106, 2, 133, 120, 62, 233, 177, 129, 130, 140, 115, 98, 69, 130, 101, 139, 227, 250, 183, 206, 199, 43, 99, 174, 209, 101, 136}
Cipher Suite: TLS_ECDHE_RSA_WITH_RC4_128_SHA
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
***
Cipher suite: TLS_ECDHE_RSA_WITH_RC4_128_SHA
CONNECTION KEYGEN:
Client Nonce:
0000: 52 6F E0 E6 80 8A F2 DE E9 80 3E 4B AB 87 E0 E3 Ro........>K....
0010: 10 24 D5 6B 67 3E 3E 17 96 E6 8F ED 52 66 E5 7D .$.kg>>.....Rf..
Server Nonce:
0000: 52 6F E0 E6 21 22 FF A5 CE 51 F4 2D A5 6D E0 08 Ro..!"...Q.-.m..
0010: 0D 6D 72 7B 0B 09 42 63 7C CC 1F 97 0A DE 64 23 .mr...Bc......d#
Master Secret:
0000: 2C 81 B0 99 95 1B F2 DF 53 75 62 A9 9F 64 C3 A0 ,.......Sub..d..
0010: 4F 1C B5 9E 52 F8 4A 43 E8 E5 B5 F5 9D 07 B5 BF O...R.JC........
0020: DD 86 CC DB 7E B9 56 99 D2 E2 C9 19 77 6E EC 8A ......V.....wn..
Client MAC write Secret:
0000: E3 39 37 EA 4B 56 6F A4 DD 1A D9 2D D8 45 91 24 .97.KVo....-.E.$
0010: 2F D8 FB 61 /..a
Server MAC write Secret:
0000: 2B CD 34 06 28 02 BF 34 10 BB 22 B6 B2 15 4D 8E +.4.(..4.."...M.
0010: 24 29 BC B9 $)..
Client write key:
0000: 8F BD D6 A7 35 4A 41 B9 80 88 29 AE E7 03 D7 D9 ....5JA...).....
Server write key:
0000: F8 74 25 BF 4F 9A 3E 6B 34 F7 0C 3B BF 4A 02 E2 .t%.O.>k4..;.J..
... no IV derived for this protocol
main, WRITE: TLSv1.2 Handshake, length = 81
main, WRITE: TLSv1.2 Change Cipher Spec, length = 1
*** Finished
verify_data: { 176, 155, 161, 43, 153, 10, 65, 190, 34, 120, 67, 168 }
***
main, WRITE: TLSv1.2 Handshake, length = 36
main, READ: TLSv1.2 Change Cipher Spec, length = 1
main, READ: TLSv1.2 Handshake, length = 36
*** Finished
verify_data: { 38, 203, 198, 129, 188, 116, 162, 248, 59, 161, 237, 167 }
***
client présent
TLS_ECDHE_RSA_WITH_RC4_128_SHA
127.0.0.1
3563
[Ljava.lang.String;@cc518c
Un Client veut se connecter

Attendre une connexion ... Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
début de la réception ... Thread-3, READ: TLSv1.2 Application Data, length = 314
Client : Host: 127.0.0.1:8888
Client : Accept: */*
Client : Accept-Encoding: gzip,deflate,sdch
Client :

---

Citation:

---

*** ClientHello, TLSv1.2
*** ServerHello, TLSv1.2

---

Visiblement la communication se fait avec le protocole TLSV1.2, pas SSLV3.

http://docs.oracle.com/javase/7/docs...tml#SSLContext

Ouais mais bon dans le cas présent, ça change pas grand chose :)

Coté client, ça dit quoi? Parce que, visiblement, c'est le client qui droppe la connection. Je sais que firefox refuse certains certificats ou certaines négociations quand il pense qu'elles ne sont pas suffisamment sécurisée. Mais il dit toujours à l'utilisateur pourquoi.

Ce peux changer quelque chose si c'est effectivement Firefox qui est utilisé comme navigateur.
Dans Firefox 24, ni TLSv1.1 ni TLSv1.2 ne sont pris en charge par défaut, le niveau maximum pris en charge est TLSv1.0
Il faut changer la config du navigateur pour activer la prise en charge de TLS > v1.0.
http://kb.mozillazine.org/Security.tls.version.*

Code:

---

1 2 3

about:config security.tls.version.max ==> remplacer '1' par '3' pour activer TLSv1.2

---

J'ai pas essayé avec Firefox mais avec I.E et Chrome, mais rien de concluant.
Je comprend pas pourquoi en lui demandant une connexion SSLv3 il me la fait en TLS1.2.

Au niveau de la réaction du client:

-Soit j'ai une boucle qui ne fait qu'un tour avant de s'arrêter et le navigateur ouvre une fenêtre pour envoyer le certificat, mais dans ce cas le programme s'arrête. Donc obliger de le relancer.

-Soit la boucle accepte les connexion entrantes sans s'arrêter et la au bout de quelque connexions, le client ce connecte, mais de façons pas très catholique je pense :)

Parce que SSLContext.getInstance(PROTOCOL); te retourne, comme c'est indiqué, un contexte qui "supporte" le SSLv3, pas un contexte qui n'accepte que le SSLv3. En l'occurence, tu récupère probablement un contexte supportant SSLv2, v3 et TLS.

tu peux éventuellement modifier ton code comme ceci:

Code:

---

1 2 3 4 5 6 7 8 9

try { sslss = (SSLServerSocket) sslssf.createServerSocket(port); sslss.setEnabledProtocol(new String[]{"SSLv3"}); } catch (IOException e) { // TODO Auto-generated catch block e.printStackTrace(); System.out.println("Le port est déjà utiliser!"); }

---

Ah okay je comprend mieux pourquoi il me fournit un TLS1.2 maintenant!
Mais le problème reste identique.

Quels sont les cipher disponibles ?

Code:

---

1 2 3

sslss.setEnabledProtocol(new String[]{"SSLv3"}); String[] enabledChipers = sslss.getEnabledCipherSuites()

---

je ne pense pas que les ciphers soit en cause à moins qu'il ne soit pas supporter par le navigateur, je me tourne plus sur les erreurs rencontrées ici:

Citation:

---

main, WRITE: SSLv3 Handshake, length = 2074
main, received EOFException: error
main, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
%% Invalidated: [Session-1, TLS_ECDHE_RSA_WITH_RC4_128_SHA]
main, SEND SSLv3 ALERT: fatal, description = handshake_failure
main, WRITE: SSLv3 Alert, length = 2
main, called closeSocket()
main, IOException in getSession(): javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake

---

Voilà la liste:

Citation:

---

TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
TLS_ECDHE_RSA_WITH_RC4_128_SHA
SSL_RSA_WITH_RC4_128_SHA
TLS_ECDH_ECDSA_WITH_RC4_128_SHA
TLS_ECDH_RSA_WITH_RC4_128_SHA
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
SSL_RSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
SSL_RSA_WITH_RC4_128_MD5
TLS_EMPTY_RENEGOTIATION_INFO_SCSV

---

La question est, les navigateurs supporte t-il ce genre d'authentification?

Citation:

---

Envoyé par AlexXx_29

-Soit j'ai une boucle qui ne fait qu'un tour avant de s'arrêter et le navigateur ouvre une fenêtre pour envoyer le certificat, mais dans ce cas le programme s'arrête. Donc obliger de le relancer.

---

J'ai l'impression que ton serveur exige un certificat de la part du client. Du coup comme le client n'en a pas à fournir, réaction naturelle, il coupe la connection, demande à l'utilisateur de choisir un certificat et recommence, plutot que de laisser la connection en suspend pendant de longues minutes. Si au final, ton navigateur arrive à se connecter, c'est ce qui compte. Oui, la navigateurs on parfois la facheuse habitude de faire n'importe quoi avec les connections, faut dire que le protocole http s'y prete assez bien ^^

Oui en effet il l'exige et c'est voulu!
Pourtant le serveur et le client possède tous les deux des certificats signé par une CA et possède chacun le certificat de l'autre.
Le but étant que plusieurs clients puissent ce connecter en même temps au serveur avec un échange de certificat. :mrgreen:

oui, mais visiblement ton browser pope quand même une fenetre pour demander quel certificat il doit fournir (ce qui est normal), du coup il coupe la connection en attendant.

Donc ces connections là, je pense que tu peux carrément les dropper sans arrière pensées :) Je pensais que ton client n'arrivait jamais à se connecter. Si il y arrive, c'est tout bon alors ^^

Des connections et de handshake qui s'interrompent, tu en aura toujours.

Moi qui espérait trouver une solution un peut plus propre :koi:
Mais bon :zen: je vais tenter ton approche et voir ce que sa donne ;)

J'ai un tomcat qui tourne, et même en HTTP, alors que dans mes service, on a déjà passé toutes les phases de négociation de protocole ou autre, j'au toujours, occasionnellement, de jolies stacktrace parce qu'en plein milieu du service, le navigateur a laissé tombé et coupé la socket :)

Les joies de la connexion ^^
Dans tout les cas un grand merci pour l'aide, il me reste encore pas mal de choses à faire sur cette application :D