0

我已经学习 SSL/TSL 和证书一周了。

看起来它可以工作,并且我有 SSL/TLS 客户端/服务器证书,用于两种身份验证 SSL 工作。

Java 服务器在 PC win7 上,Java 客户端是 Android ICS。
客户端连接并发送文本字符串,服务器回复文本字符串。

传输有效,但我不确定它是否已加密,因为我看不到正在发送的数据。

如果我做错了什么,我想对调试日志有第二意见?
删除了很​​多二进制文本以适应此正文

adding as trusted cert:
  Subject: CN=smith.droid-ip.com, O=SMITH, C=SE
  Issuer:  CN=smith.droid-ip.com, O=SMITH, C=SE
  Algorithm: RSA; Serial number: 0xb4ba1f6a7902bb97
  Valid from Thu Oct 11 18:37:21 CEST 2012 until Fri Oct 11 18:37:21 CEST 2013

***
found key for : 1
chain [0] = [
[
  Version: V3
  Subject: CN=smith.droid-ip.com, O=SMITH, C=SE
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, 2048 bits
  modulus: 19828292987711460063479095233990735206267474911720200680398978846239921718204800830196446367271259853243857782157464503041073715350900882399263842246256739265150626309452599118681530205469111691215024194198408322269068550434706560902100199589198763096214957779831336905118521574867338194318861017871505432271905525399396261074008234892595483193798680621671023145911
  public exponent: 65537
  Validity: [From: Thu Oct 11 18:38:14 CEST 2012,
               To: Fri Oct 11 18:38:14 CEST 2013]
  Issuer: CN=smith.droid-ip.com, O=SMITH, C=SE
  SerialNumber: [    ef1a4465 3fb9d4ed]

Certificate Extensions: 3
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: F5 6E DA 1E DD 85 08 31   D9 16 AC 37 23 DB 52 6A  .n.....1...7#.Rj
0010: FF B3 D4 E3                                        ....
]
]

[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: F5 6E DA 1E DD 85 08 31   D9 16 AC 37 23 DB 52 6A  .n.....1...7#.Rj
0010: FF B3 D4 E3                                        ....
]
]

[3]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
  CA:true
  PathLen:2147483647
]

]
  Algorithm: [SHA1withRSA]
  Signature:
0000: 7C EA BF 17 BB 9C 6E E6   DC 6E D3 5D 7E B5 48 0F  ......n..n.]..H.
0010: 5A A1 98 5F 15 A8 46 49   36 D2 1B F9 05 60 87 ED  Z.._..FI6....`..
00E0: 61 9B 78 96 F7 54 D3 68   F2 91 9F 43 57 AB C5 0E  a.x..T.h...CW...
00F0: D8 9E 51 85 08 62 F6 B4   BB A4 70 04 0F BA D2 C6  ..Q..b....p.....

]
***
SSL Key 1
SSL Trust 1
trigger seeding of SecureRandom
done seeding SecureRandom
Server started
  Waiting for connection from client...
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
  Accepted connection from 192.168.1.1, port 54732
[Raw read]: length = 5
0000: 16 03 01 00 B3                                     .....
[Raw read]: length = 179
0000: 01 00 00 AF 03 01 50 77   38 3C 36 6C 05 1E DA AF  ......Pw8<6l....
0010: DA 43 76 EF 65 9B 43 C4   5A 05 34 FC 42 B9 4F 54  .Cv.e.C.Z.4.B.OT
0090: 08 00 09 00 0A 00 0B 00   0C 00 0D 00 0E 00 0F 00  ................
00A0: 10 00 11 00 12 00 13 00   14 00 15 00 16 00 17 00  ................
00B0: 18 00 19                                           ...
main, READ: TLSv1 Handshake, length = 179
*** ClientHello, TLSv1
RandomCookie:  GMT: 1349990460 bytes = { 54, 108, 5, 30, 218, 175, 218, 67, 118, 239, 101, 155, 67, 196, 90, 5, 52, 252, 66, 185, 79, 84, 176, 249, 20, 196, 174, 171 }
Session ID:  {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods:  { 0 }
Extension ec_point_formats, formats: [uncompressed, ansiX962_compressed_prime, ansiX962_compressed_char2]
Extension elliptic_curves, curve names: {sect163k1, sect163r1, sect163r2, sect193r1, sect193r2, sect233k1, sect233r1, sect239k1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, secp192k1, secp192r1, secp224k1, secp224r1, secp256k1, secp256r1, secp384r1, secp521r1}
***
[read] MD5 and SHA1 hashes:  len = 179
0000: 01 00 00 AF 03 01 50 77   38 3C 36 6C 05 1E DA AF  ......Pw8<6l....
0010: DA 43 76 EF 65 9B 43 C4   5A 05 34 FC 42 B9 4F 54  .Cv.e.C.Z.4.B.OT
0020: B0 F9 14 C4 AE AB 00 00   46 00 04 00 05 00 2F 00  ........F...../.
0090: 08 00 09 00 0A 00 0B 00   0C 00 0D 00 0E 00 0F 00  ................
00A0: 10 00 11 00 12 00 13 00   14 00 15 00 16 00 17 00  ................
00B0: 18 00 19                                           ...
%% Initialized:  [Session-1, SSL_NULL_WITH_NULL_NULL]
matching alias: 1
%% Negotiating:  [Session-1, SSL_RSA_WITH_RC4_128_MD5]
*** ServerHello, TLSv1
RandomCookie:  GMT: 1349990450 bytes = { 174, 0, 115, 139, 10, 24, 65, 65, 210, 225, 235, 246, 73, 222, 227, 2, 249, 108, 142, 119, 113, 131, 78, 202, 83, 67, 172, 181 }
Session ID:  {80, 119, 56, 50, 9, 30, 182, 174, 111, 28, 205, 221, 135, 132, 189, 19, 82, 157, 109, 159, 42, 162, 203, 141, 125, 61, 76, 105, 185, 192, 186, 184}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
***
Cipher suite:  SSL_RSA_WITH_RC4_128_MD5
*** Certificate chain
chain [0] = [
[
  Version: V3
  Subject: CN=smith.droid-ip.com, O=SMITH, C=SE
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, 2048 bits
  modulus: 198282929877114600634790952339907352062674749117202006803989788462399217182048008301964463672712598532438577821574645030410737153509008823992638422462567392651506263094525991186815305469111691215024194198408322269068550434706560902100199589198763096214957779831336905118521574867338194318861017871505432271905525399396261074008234892595483193798680621671023145911
  public exponent: 65537
  Validity: [From: Thu Oct 11 18:38:14 CEST 2012,
               To: Fri Oct 11 18:38:14 CEST 2013]
  Issuer: CN=smith.droid-ip.com, O=SMITH, C=SE
  SerialNumber: [    ef1a4465 3fb9d4ed]

Certificate Extensions: 3
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: F5 6E DA 1E DD 85 08 31   D9 16 AC 37 23 DB 52 6A  .n.....1...7#.Rj
0010: FF B3 D4 E3                                        ....
]
]

[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: F5 6E DA 1E DD 85 08 31   D9 16 AC 37 23 DB 52 6A  .n.....1...7#.Rj
0010: FF B3 D4 E3                                        ....
]
]

[3]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
  CA:true
  PathLen:2147483647
]

]
  Algorithm: [SHA1withRSA]
  Signature:
0000: 7C EA BF 17 BB 9C 6E E6   DC 6E D3 5D 7E B5 48 0F  ......n..n.]..H.
0010: 5A A1 98 5F 15 A8 46 49   36 D2 1B F9 05 60 87 ED  Z.._..FI6....`..
0020: F8 59 E5 08 9F 06 22 0F   18 4A F6 E6 6C 23 39 E8  .Y...."..J..l#9.
00D0: 5A F8 94 F4 5F C2 01 BE   EE E0 4E 8B BD CA 14 3C  Z..._.....N....<
00E0: 61 9B 78 96 F7 54 D3 68   F2 91 9F 43 57 AB C5 0E  a.x..T.h...CW...
00F0: D8 9E 51 85 08 62 F6 B4   BB A4 70 04 0F BA D2 C6  ..Q..b....p.....

]
***
*** CertificateRequest
Cert Types: RSA, DSS, ECDSA
Cert Authorities:
<CN=smith.droid-ip.com, O=SMITH, C=SE>
*** ServerHelloDone
[write] MD5 and SHA1 hashes:  len = 1022
0000: 02 00 00 4D 03 01 50 77   38 32 AE 00 73 8B 0A 18  ...M..Pw82..s...
0010: 41 41 D2 E1 EB F6 49 DE   E3 02 F9 6C 8E 77 71 83  AA....I....l.wq.
0060: 82 02 37 A0 03 02 01 02   02 09 00 EF 1A 44 65 3F  ..7..........De?
0070: B9 D4 ED 30 0D 06 09 2A   86 48 86 F7 0D 01 01 05  ...0...*.H......
0080: 05 00 30 3E 31 0B 30 09   06 03 55 04 06 13 02 53  ..0>1.0...U....S
0090: 45 31 0F 30 0D 06 03 55   04 0A 0C 06 53 50 52 49  E1.0...U....SPRI
00A0: 49 44 31 1E 30 1C 06 03   55 04 03 0C 15 64 72 75  ID1.0...U....dru
00B0: 74 74 65 6E 2E 64 79 6E   64 6E 73 2D 69 70 2E 63  tten.droid-ip.c
00C0: 6F 6D 30 1E 17 0D 31 32   31 30 31 31 31 36 33 38  om0...1210111638
00D0: 31 34 5A 17 0D 31 33 31   30 31 31 31 36 33 38 31  14Z..13101116381
00E0: 34 5A 30 3E 31 0B 30 09   06 03 55 04 06 13 02 53  4Z0>1.0...U....S
00F0: 45 31 0F 30 0D 06 03 55   04 0A 0C 06 53 50 52 49  E1.0...U....SPRI
0100: 49 44 31 1E 30 1C 06 03   55 04 03 0C 15 64 72 75  ID1.0...U....dru
0110: 74 74 65 6E 2E 64 79 6E   64 6E 73 2D 69 70 2E 63  tten.droid-ip.c
0120: 6F 6D 30 82 01 22 30 0D   06 09 2A 86 48 86 F7 0D  om0.."0...*.H...
03C0: 06 03 55 04 06 13 02 53   45 31 0F 30 0D 06 03 55  ..U....SE1.0...U
03D0: 04 0A 0C 06 53 50 52 49   49 44 31 1E 30 1C 06 03  ....SMITH1.0...
03E0: 55 04 03 0C 15 64 72 75   74 74 65 6E 2E 64 79 6E  U....smith.dyn
03F0: 64 6E 73 2D 69 70 2E 63   6F 6D 0E 00 00 00        dns-ip.com....
main, WRITE: TLSv1 Handshake, length = 1022
[Raw write]: length = 1027
0000: 16 03 01 03 FE 02 00 00   4D 03 01 50 77 38 32 AE  ........M..Pw82.
0010: 00 73 8B 0A 18 41 41 D2   E1 EB F6 49 DE E3 02 F9  .s...AA....I....
0020: 6C 8E 77 71 83 4E CA 53   43 AC B5 20 50 77 38 32  l.wq.N.SC.. Pw82
0090: 04 06 13 02 53 45 31 0F   30 0D 06 03 55 04 0A 0C  ....SE1.0...U...
00A0: 06 53 50 52 49 49 44 31   1E 30 1C 06 03 55 04 03  .SMITH1.0...U..
00B0: 0C 15 64 72 75 74 74 65   6E 2E 64 79 6E 64 6E 73  ..smith.droid
00C0: 2D 69 70 2E 63 6F 6D 30   1E 17 0D 31 32 31 30 31  -ip.com0...12101
00D0: 31 31 36 33 38 31 34 5A   17 0D 31 33 31 30 31 31  1163814Z..131011
03E0: 1E 30 1C 06 03 55 04 03   0C 15 64 72 75 74 74 65  .0...U....drutte
03F0: 6E 2E 64 79 6E 64 6E 73   2D 69 70 2E 63 6F 6D 0E  n.droid-ip.com.
0400: 00 00 00                                           ...
[Raw read]: length = 5
0000: 16 03 01 03 5D                                     ....]
[Raw read]: length = 861
0000: 0B 00 03 59 00 03 56 00   03 53 30 82 03 4F 30 82  ...Y..V..S0..O0.
0010: 02 37 A0 03 02 01 02 02   09 00 B4 BA 1F 6A 79 02  .7...........jy.
0020: BB 97 30 0D 06 09 2A 86   48 86 F7 0D 01 01 05 05  ..0...*.H.......
0030: 00 30 3E 31 0B 30 09 06   03 55 04 06 13 02 53 45  .0>1.0...U....SE
0040: 31 0F 30 0D 06 03 55 04   0A 0C 06 53 50 52 49 49  1.0...U....SPRII
0330: AD 48 3B FE 4B F9 1A 82   C9 CB 24 88 89 C3 78 8E  .H;.K.....$...x.
0340: A6 D4 FE CE 39 66 F4 48   39 16 7D 8E 08 DB 3E 24  ....9f.H9.....>$
0350: F7 FD 34 76 94 6D 37 BE   EF 53 BA 89 4D           ..4v.m7..S..M
main, READ: TLSv1 Handshake, length = 861
*** Certificate chain
chain [0] = [
[
  Version: V3
  Subject: CN=smith.droid-ip.com, O=SMITH, C=SE
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, 2048 bits
  modulus: 23496237719502336160731187123882087516857248303136016525007515477411820324389309412497616204841416737428369029539727911829957261900246123671755448783374076371585220700946079814339410199697877719076300791503351733152444962714618216706903270272228589537934701160017250218124068090224176369183083907456616852817429610227318879195807569316432328134191548839310114727528540673
  public exponent: 65537  Validity: [From: Thu Oct 11 18:37:21 CEST 2012,
               To: Fri Oct 11 18:37:21 CEST 2013]
  Issuer: CN=smith.droid-ip.com, O=SMITH, C=SE
  SerialNumber: [    b4ba1f6a 7902bb97]

Certificate Extensions: 3
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 28 E3 D4 F1 6B 59 12 54   26 6B 9B 09 6A 94 77 79  (...kY.T&k..j.wy
0010: AE BC 3D 2B                                        ..=+
]
]

[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 28 E3 D4 F1 6B 59 12 54   26 6B 9B 09 6A 94 77 79  (...kY.T&k..j.wy
0010: AE BC 3D 2B                                        ..=+
]
]

[3]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
  CA:true
  PathLen:2147483647
]

]
  Algorithm: [SHA1withRSA]
  Signature:
0000: B0 22 82 D5 1B AF 4C A7   7E D9 B4 27 F7 48 C4 D7  ."....L....'.H..
0010: DE A5 45 E6 72 D1 85 DE   CF F7 AF A4 97 7B 68 6A  ..E.r.........hj
0020: FE 22 D0 1A 38 E6 5F D4   6B ED CD F1 32 6B 29 E5  ."..8._.k...2k).
0030: 72 EE 9F 7F 4F 16 10 7D   C4 1B 6C 1A 31 4A 8E 3C  r...O.....l.1J.<
0040: E0 E9 8B 0E E2 D5 5B 01   00 29 1C 32 8B E8 D9 56  ......[..).2...V
0050: DF 5D 6A 95 F4 BA 20 7D   CA E7 FD 0E C5 C1 91 36  .]j... ........6
0060: 5C 13 00 F9 04 A8 4C 93   A7 46 0D C6 54 07 4B 7B  \.....L..F..T.K.
00F0: DB 3E 24 F7 FD 34 76 94   6D 37 BE EF 53 BA 89 4D  .>$..4v.m7..S..M

]
***
Found trusted certificate:
[
[
  Version: V3
  Subject: CN=smith.droid-ip.com, O=SMITH, C=SE
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, 2048 bits
  modulus: 23496237719502336160731187123882087516857248303136016525007515477411820324389309412497616204841416737428369029539727911829957261900246123671755448783374076371585220700946079814339410697877719076300791503351733152444962714618216706903270272228589537934701160017250218124068090224176369183083907456616852817429610227318879195807569316432328134191548839310114727528540673
  public exponent: 65537
  Validity: [From: Thu Oct 11 18:37:21 CEST 2012,
               To: Fri Oct 11 18:37:21 CEST 2013]
  Issuer: CN=smith.droid-ip.com, O=SMITH, C=SE
  SerialNumber: [    b4ba1f6a 7902bb97]

Certificate Extensions: 3
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 28 E3 D4 F1 6B 59 12 54   26 6B 9B 09 6A 94 77 79  (...kY.T&k..j.wy
0010: AE BC 3D 2B                                        ..=+
]
]

[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 28 E3 D4 F1 6B 59 12 54   26 6B 9B 09 6A 94 77 79  (...kY.T&k..j.wy
0010: AE BC 3D 2B                                        ..=+
]
]

[3]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
  CA:true
  PathLen:2147483647
]

]
  Algorithm: [SHA1withRSA]
  Signature:
0000: B0 22 82 D5 1B AF 4C A7   7E D9 B4 27 F7 48 C4 D7  ."....L....'.H..
0010: DE A5 45 E6 72 D1 85 DE   CF F7 AF A4 97 7B 68 6A  ..E.r.........hj
0020: FE 22 D0 1A 38 E6 5F D4   6B ED CD F1 32 6B 29 E5  ."..8._.k...2k).
00D0: CF 07 1B AD 48 3B FE 4B   F9 1A 82 C9 CB 24 88 89  ....H;.K.....$..
00E0: C3 78 8E A6 D4 FE CE 39   66 F4 48 39 16 7D 8E 08  .x.....9f.H9....
00F0: DB 3E 24 F7 FD 34 76 94   6D 37 BE EF 53 BA 89 4D  .>$..4v.m7..S..M

]
[read] MD5 and SHA1 hashes:  len = 861
0000: 0B 00 03 59 00 03 56 00   03 53 30 82 03 4F 30 82  ...Y..V..S0..O0.
0010: 02 37 A0 03 02 01 02 02   09 00 B4 BA 1F 6A 79 02  .7...........jy.
0030: 00 30 3E 31 0B 30 09 06   03 55 04 06 13 02 53 45  .0>1.0...U....SE
0040: 31 0F 30 0D 06 03 55 04   0A 0C 06 53 50 52 49 49  1.0...U....SPRII
00D0: 6D 30 82 01 22 30 0D 06   09 2A 86 48 86 F7 0D 01  m0.."0...*.H....
01D0: 4F DE F0 44 74 44 65 34   E5 05 79 01 B3 11 6F 56  O..DtDe4..y...oV
01E0: EC C0 54 54 BF E1 E9 AA   1E 8B E7 F7 32 7C 54 30  ..TT........2.T0
0340: A6 D4 FE CE 39 66 F4 48   39 16 7D 8E 08 DB 3E 24  ....9f.H9.....>$
0350: F7 FD 34 76 94 6D 37 BE   EF 53 BA 89 4D           ..4v.m7..S..M
[Raw read]: length = 5
0000: 16 03 01 01 06                                     .....
[Raw read]: length = 262
0000: 10 00 01 02 01 00 68 11   0C CB 8C 6D 92 37 18 B5  ......h....m.7..
0010: 4E FD 0E 78 75 8F D1 DB   66 0F EA BB D5 72 D0 3A  N..xu...f....r.:
0020: 1F 90 F3 43 59 6D 4B 41   12 ED 79 48 89 FF 76 59  ...CYmKA..yH..vY
0030: DF 37 0B 0D 9A AA 22 A6   CB EF 60 4E D3 39 39 81  .7...."...`N.99.
00E0: EC 82 8D 45 BA 4A 50 2D   6D D6 20 70 85 11 35 4A  ...E.JP-m. p..5J
00F0: 25 34 00 57 44 34 36 AE   3F 52 A9 8A 16 A1 B2 5A  %4.WD46.?R.....Z
0100: 5A 96 A9 F2 5D E4                                  Z...].
main, READ: TLSv1 Handshake, length = 262
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 D6 F1 4F BA 49 65   65 6E 06 F8 82 06 9C D7  ....O.Ieen......
0010: 4A C2 FA A8 2B 06 79 71   9B 3E CA 4D B7 2D D1 FE  J...+.yq.>.M.-..
0020: 81 50 20 43 B8 37 9D EA   67 F5 76 C3 EC E0 6B 79  .P C.7..g.v...ky
CONNECTION KEYGEN:
Client Nonce:
0000: 50 77 38 3C 36 6C 05 1E   DA AF DA 43 76 EF 65 9B  Pw8<6l.....Cv.e.
0010: 43 C4 5A 05 34 FC 42 B9   4F 54 B0 F9 14 C4 AE AB  C.Z.4.B.OT......
Server Nonce:
0000: 50 77 38 32 AE 00 73 8B   0A 18 41 41 D2 E1 EB F6  Pw82..s...AA....
0010: 49 DE E3 02 F9 6C 8E 77   71 83 4E CA 53 43 AC B5  I....l.wq.N.SC..
Master Secret:
0000: 1C 3A 33 0F 48 F6 EB D8   E4 89 67 06 3E E8 5A AF  .:3.H.....g.>.Z.
0010: 4A E9 18 C9 D2 BA 9B 5E   5F FE D5 A5 3A 84 47 54  J......^_...:.GT
0020: 0F 37 A3 6F A1 E9 F8 E8   F6 48 CD BA 59 60 54 AC  .7.o.....H..Y`T.
Client MAC write Secret:
0000: E7 E3 96 EB A2 8D A7 C0   AE 86 D7 E2 9E 92 F4 C6  ................
Server MAC write Secret:
0000: 01 BE 26 91 6C 97 03 BE   98 22 76 10 92 80 71 F1  ..&.l...."v...q.
Client write key:
0000: EF 91 16 71 44 15 66 AB   ED 8C 0E D8 1E EE DE B9  ...qD.f.........
Server write key:
0000: 7D CD 93 B3 35 53 1D 34   F8 6C 60 6C EC B5 F7 5A  ....5S.4.l`l...Z
... no IV used for this cipher
[read] MD5 and SHA1 hashes:  len = 262
0000: 10 00 01 02 01 00 68 11   0C CB 8C 6D 92 37 18 B5  ......h....m.7..
0010: 4E FD 0E 78 75 8F D1 DB   66 0F EA BB D5 72 D0 3A  N..xu...f....r.:
0020: 1F 90 F3 43 59 6D 4B 41   12 ED 79 48 89 FF 76 59  ...CYmKA..yH..vY
0030: DF 37 0B 0D 9A AA 22 A6   CB EF 60 4E D3 39 39 81  .7...."...`N.99.
00D0: D4 CB 63 98 27 D7 79 28   EE EA F6 83 0E 9A 49 0C  ..c.'.y(......I.
00E0: EC 82 8D 45 BA 4A 50 2D   6D D6 20 70 85 11 35 4A  ...E.JP-m. p..5J
00F0: 25 34 00 57 44 34 36 AE   3F 52 A9 8A 16 A1 B2 5A  %4.WD46.?R.....Z
0100: 5A 96 A9 F2 5D E4                                  Z...].
[Raw read]: length = 5
0000: 16 03 01 01 06                                     .....
[Raw read]: length = 262
0000: 0F 00 01 02 01 00 39 86   C9 39 9F 54 9A AF 49 40  ......9..9.T..I@
0010: B3 EB C4 81 2A 68 FA E8   ED CE 70 AF 1C 57 43 64  ....*h....p..WCd
0020: 5E C5 B7 86 01 0F 17 E1   BA 52 2A 98 63 33 BF E5  ^........R*.c3..
0030: 05 25 B4 68 6B 7E 0E 86   8A E0 21 66 C2 1A 93 E3  .%.hk.....!f....
0040: B7 3C DD B2 44 86 BF 39   54 00 93 55 1D 22 90 74  .<..D..9T..U.".t
00D0: 2D C5 AC C0 73 6B E4 89   01 6E 4E C5 9F 78 EF 8F  -...sk...nN..x..
00E0: 52 4A 7F 8C 47 AC 3A 37   FF FD 67 77 F9 37 F4 B8  RJ..G.:7..gw.7..
00F0: 82 B2 25 3C 8D A7 F2 4F   E2 D6 74 CA 67 9F 07 90  ..%<...O..t.g...
0100: 19 6D 89 2E 90 98                                  .m....
main, READ: TLSv1 Handshake, length = 262
*** CertificateVerify
[read] MD5 and SHA1 hashes:  len = 262
0000: 0F 00 01 02 01 00 39 86   C9 39 9F 54 9A AF 49 40  ......9..9.T..I@
0010: B3 EB C4 81 2A 68 FA E8   ED CE 70 AF 1C 57 43 64  ....*h....p..WCd
0020: 5E C5 B7 86 01 0F 17 E1   BA 52 2A 98 63 33 BF E5  ^........R*.c3..

00A0: 0C E5 B2 29 6D 68 94 FC   8C 06 77 3D B5 F2 1F 60  ...)mh....w=...`
00B0: 49 81 B7 82 D7 39 14 6B   0A 56 B4 A7 1A 18 B5 71  I....9.k.V.....q
00C0: 62 64 F6 C6 6C 9C 13 59   5B 85 7C 88 7E 31 43 E0  bd..l..Y[....1C.
00D0: 2D C5 AC C0 73 6B E4 89   01 6E 4E C5 9F 78 EF 8F  -...sk...nN..x..
00E0: 52 4A 7F 8C 47 AC 3A 37   FF FD 67 77 F9 37 F4 B8  RJ..G.:7..gw.7..
00F0: 82 B2 25 3C 8D A7 F2 4F   E2 D6 74 CA 67 9F 07 90  ..%<...O..t.g...
0100: 19 6D 89 2E 90 98                                  .m....
[Raw read]: length = 5
0000: 14 03 01 00 01                                     .....
[Raw read]: length = 1
0000: 01                                                 .
main, READ: TLSv1 Change Cipher Spec, length = 1
[Raw read]: length = 5
0000: 16 03 01 00 20                                     .... 
[Raw read]: length = 32
0000: 01 98 6F CA DD 51 09 F5   05 94 7F 52 DB 34 BD D8  ..o..Q.....R.4..
0010: 13 5A A5 76 3F D5 92 A8   A8 95 D9 22 99 B5 1E DF  .Z.v?......"....
main, READ: TLSv1 Handshake, length = 32
Padded plaintext after DECRYPTION:  len = 32
0000: 14 00 00 0C D6 D1 12 A7   F8 A4 7A 44 47 9C 47 3E  ..........zDG.G>
0010: BB 4E 1E 95 4E 50 44 B3   39 7E 30 09 77 6A DE 92  .N..NPD.9.0.wj..
*** Finished
verify_data:  { 214, 209, 18, 167, 248, 164, 122, 68, 71, 156, 71, 62 }
***
[read] MD5 and SHA1 hashes:  len = 16
0000: 14 00 00 0C D6 D1 12 A7   F8 A4 7A 44 47 9C 47 3E  ..........zDG.G>
main, WRITE: TLSv1 Change Cipher Spec, length = 1
[Raw write]: length = 6
0000: 14 03 01 00 01 01                                  ......
*** Finished
verify_data:  { 165, 58, 44, 99, 220, 79, 174, 0, 32, 51, 253, 168 }
***
[write] MD5 and SHA1 hashes:  len = 16
0000: 14 00 00 0C A5 3A 2C 63   DC 4F AE 00 20 33 FD A8  .....:,c.O.. 3..
Padded plaintext before ENCRYPTION:  len = 32
0000: 14 00 00 0C A5 3A 2C 63   DC 4F AE 00 20 33 FD A8  .....:,c.O.. 3..
0010: 62 F0 CA 30 9A 85 CC 70   4C C8 06 AB 4E C3 D4 51  b..0...pL...N..Q
main, WRITE: TLSv1 Handshake, length = 32
[Raw write]: length = 37
0000: 16 03 01 00 20 60 0E 0F   7F 02 92 30 80 95 F3 FD  .... `.....0....
0010: C9 64 76 7D 2F 38 08 5F   BF A8 CD 58 DD 67 77 52  .dv./8._...X.gwR
0020: E2 A5 0B 42 36                                     ...B6
%% Cached server session: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
printSocketInfo......
Server socket class: class sun.security.ssl.SSLServerSocketImpl
   Socker address = 0.0.0.0/0.0.0.0
   Socker port = 54012
   Need client authentication = true
   Want client authentication = false
   Use client mode = false
END printSocketInfo......
  Cipher suite used for this session: SSL_RSA_WITH_RC4_128_MD5
  Server -> receiving...
[Raw read]: length = 5
0000: 17 03 01 00 62                                     ....b
[Raw read]: length = 98
0000: E8 15 04 7C 7E 46 D5 57   5C 54 4A 60 56 40 BF B5  .....F.W\TJ`V@..
0010: 09 40 C3 E5 A9 DD DF CA   F7 B3 DE 93 C0 41 7A 84  .@...........Az.
0020: 1C 8E C2 81 98 FA 74 3C   80 13 FD B1 BB 97 B4 02  ......t<........
0030: A9 04 67 92 08 1D F6 24   D1 77 D0 89 D8 92 88 53  ..g....$.w.....S
0040: 33 47 00 DB E7 F8 B1 75   1C EC B8 A5 FA 60 12 2B  3G.....u.....`.+
0050: 7A 6C 88 4C 60 46 E6 89   61 96 53 7E 64 F1 F3 30  zl.L`F..a.S.d..0
0060: A5 B1                                              ..
main, READ: TLSv1 Application Data, length = 98
Padded plaintext after DECRYPTION:  len = 98
0000: 00 50 2A 2A 2A 2A 2A 2A   2A 2A 2A 20 54 68 69 73  .P********* This
0010: 20 6C 69 6E 65 20 69 73   20 73 65 6E 74 20 66 72   line is sent fr
0020: 6F 6D 20 41 6E 64 72 6F   69 64 20 63 6C 69 65 6E  om Android clien
0030: 74 2E 20 48 65 6C 6C 6F   20 73 73 6C 53 65 72 76  t. Hello sslServ
0040: 65 72 53 6F 63 6B 65 74   2A 2A 2A 2A 2A 2A 2A 2A  erSocket********
0050: 2A 2A 03 CE 95 53 B4 97   8D BE 2A 25 DD 52 6B 1F  **...S....*%.Rk.
0060: 19 44                                              .D
Padded plaintext before ENCRYPTION:  len = 88
0000: 00 46 2A 2A 2A 2A 2A 2A   2A 2A 2A 20 54 68 69 73  .F********* This
0010: 20 6C 69 6E 65 20 69 73   20 73 65 6E 74 20 66 72   line is sent fr
0020: 6F 6D 20 50 43 20 63 6C   69 65 6E 74 2E 20 48 65  om PC client. He
0030: 6C 6C 6F 20 53 53 4C 53   6F 63 6B 65 74 20 2A 2A  llo SSLSocket **
0040: 2A 2A 2A 2A 2A 2A 2A 2A   7B A6 BC 2F 8B C5 E0 A4  ********.../....
0050: B1 D7 F9 70 DD EF DF 6C                            ...p...l
main, WRITE: TLSv1 Application Data, length = 88
[Raw write]: length = 93
0000: 17 03 01 00 58 BA D5 B5   95 E2 12 7A D8 A7 1A D1  ....X......z....
0010: FD FB C6 01 39 2A AD 69   DE A9 6A AE CB 56 4A EF  ....9*.i..j..VJ.
0020: E1 B8 EF 20 9D E3 CB 95   EF 37 1D 0A 51 78 DA E6  ... .....7..Qx..
0030: 6C 7D 4C BB 70 B3 28 16   E1 44 9D 15 DA B5 C5 B3  l.L.p.(..D......
0040: C1 68 93 57 E8 2E 9A 2D   80 D4 F0 9C 95 CB 8E 32  .h.W...-.......2
0050: 13 9B 99 3B 68 3A 4F E0   E0 2C 8B 97 CD           ...;h:O..,...
********* This line is sent from Android client. Hello sslServerSocket**********
main, called close()
main, called closeInternal(true)
main, SEND TLSv1 ALERT:  warning, description = close_notify
Padded plaintext before ENCRYPTION:  len = 18
0000: 01 00 30 AA AA 69 87 AF   BF AC 5C CD 2D A9 92 29  ..0..i....\.-..)
0010: 00 F4                                              ..
main, WRITE: TLSv1 Alert, length = 18
[Raw write]: length = 23
0000: 15 03 01 00 12 C7 B4 E7   A6 27 7E B6 08 BD AD 54  .........'.....T
0010: AF 9E 1D 48 3B 66 16                               ...H;f.
main, called closeSocket(selfInitiated)
main, called close()
main, called closeInternal(true)
main, called close()
main, called closeInternal(true)
Server ended

***FROM ANDROID CLIENT LOGCAT
10-11 23:21:00.800: I/System.out(25493): Socket class: class org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl
10-11 23:21:00.800: I/System.out(25493):    Remote address = smith.droid-ip.com/82.209.154.27
10-11 23:21:00.800: I/System.out(25493):    Remote port = 54012
10-11 23:21:00.800: I/System.out(25493):    Local socket address = /192.168.1.251:54732
10-11 23:21:00.800: I/System.out(25493):    Local address = /192.168.1.251
10-11 23:21:00.800: I/System.out(25493):    Local port = 54732
10-11 23:21:00.800: I/System.out(25493):    Need client authentication = false
10-11 23:21:01.180: I/System.out(25493): Session class: class org.apache.harmony.xnet.provider.jsse.OpenSSLSessionImpl
10-11 23:21:01.180: I/System.out(25493):    Cipher suite = SSL_RSA_WITH_RC4_128_MD5
10-11 23:21:01.180: I/System.out(25493):    Protocol = TLSv1
10-11 23:21:01.180: I/System.out(25493):    PeerPrincipal = CN=smith.droid-ip.com,O=SMITH,C=SE
10-11 23:21:01.190: I/System.out(25493):    LocalPrincipal = CN=smith.droid-ip.com,O=SMITH,C=SE
10-11 23:21:01.190: I/System.out(25493):   Server -> receiving...
4

3 回答 3

1

除了查看调试日志,尝试使用 WireShark 或类似工具捕获服务器上的 http 流量。然后,您可以看到 TLS 握手并验证流量确实在线路上加密。

于 2012-10-12T02:22:02.830 回答
1

密码套件:SSL_RSA_WITH_RC4_128_MD5

这告诉你密码套件。这是一个加密密码套件。

它继续生成预主密钥和连接随机数:这些用于生成会话密钥,因此有一个会话密钥。

它是加密的。

于 2012-10-12T07:30:16.590 回答
1

如果您查看跟踪,在andCertificate之后有一条消息,以及一条消息(后跟一个successful ),表明发生了客户端证书身份验证。CertificateRequestServerHelloDoneCertificateVerifyFinished

稍后,您会在加密之前/之后获得一段纯文本:

Padded plaintext after DECRYPTION:  len = 98
0000: 00 50 2A 2A 2A 2A 2A 2A   2A 2A 2A 20 54 68 69 73  .P********* This
0010: 20 6C 69 6E 65 20 69 73   20 73 65 6E 74 20 66 72   line is sent fr
0020: 6F 6D 20 41 6E 64 72 6F   69 64 20 63 6C 69 65 6E  om Android clien
0030: 74 2E 20 48 65 6C 6C 6F   20 73 73 6C 53 65 72 76  t. Hello sslServ
0040: 65 72 53 6F 63 6B 65 74   2A 2A 2A 2A 2A 2A 2A 2A  erSocket********
0050: 2A 2A 03 CE 95 53 B4 97   8D BE 2A 25 DD 52 6B 1F  **...S....*%.Rk.
0060: 19 44                                              .D
Padded plaintext before ENCRYPTION:  len = 88
0000: 00 46 2A 2A 2A 2A 2A 2A   2A 2A 2A 20 54 68 69 73  .F********* This
0010: 20 6C 69 6E 65 20 69 73   20 73 65 6E 74 20 66 72   line is sent fr
0020: 6F 6D 20 50 43 20 63 6C   69 65 6E 74 2E 20 48 65  om PC client. He
0030: 6C 6C 6F 20 53 53 4C 53   6F 63 6B 65 74 20 2A 2A  llo SSLSocket **
0040: 2A 2A 2A 2A 2A 2A 2A 2A   7B A6 BC 2F 8B C5 E0 A4  ********.../....
0050: B1 D7 F9 70 DD EF DF 6C                            ...p...l

您还使用了支持加密和经过身份验证的密钥交换的密码套件:SSL_RSA_WITH_RC4_128_MD5. 话虽如此,基于 MD5 的密码套件可能不是最佳选择。这也是在 Java 7 的 SunJSSE 提供程序中默认启用的密码套件的优先顺序中的最后一个,但它是您的客户端发送的列表中的第一个。您当然可以更改客户端上的密码套件,或者在服务器上禁用它(setEnabledCipherSuites()在套接字上使用)。

它似乎在那里正常工作。

奇怪的是,您的客户端和服务器证书似乎都是具有相同名称的不同自签名证书(主题/颁发者 DN: CN=smith.droid-ip.com, O=SMITH, C=SE,但不同的密钥和序列号)。

这当然不是好的做法。即使您使用的是自签名证书,也不要让它们使用相同的名称。此外,您应该检查您的客户端是否正确验证了服务器名称:您可以尝试使用 IP 地址连接到服务器(假设证书没有该地址的 IP 地址 SAN),以检查它是否当它应该失败时。

于 2012-10-12T00:46:44.167 回答