FULL PRODUCT VERSION :
Java(TM) SE Runtime Environment (build 1.7.0_03-b04)
Java HotSpot(TM) Server VM (build 22.1-b02, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
SunOS v245gw2 5.10 Generic_141414-10 sun4u sparc SUNW,Sun-Fire-V245
A DESCRIPTION OF THE PROBLEM :
Our application creates a tls server socket which is accessed by mobile device, it was working with jre 1.6.0_27 but not working with 1.6.0_31 and higher versions including 1.7.0_04. It is reported from mobile device vendors that packet size is wrong, below is the tls debug info for both 1.6.0_27 and 1.6.0_31;
=================== 1.6.0_27 ===================
Finalizer, called close()
Finalizer, called closeInternal(true)
Mar 23, 2012 6:23:58 PM org.apache.coyote.http11.Http11Protocol start
INFO: Starting Coyote HTTP/1.1 on http-8080
Mar 23, 2012 6:23:58 PM org.apache.jk.common.ChannelSocket init
INFO: JK: ajp13 listening on /0.0.0.0:8009
Mar 23, 2012 6:23:58 PM org.apache.jk.server.JkMain start
INFO: Jk running ID=0 time=0/70 config=null
Mar 23, 2012 6:23:58 PM org.apache.catalina.startup.Catalina start
INFO: Server startup in 17760 ms
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
SSLSocketListener:7275, setSoTimeout(1000) called
[Raw read]: length = 5
0000: 16 03 01 00 45 ....E
[Raw read]: length = 69
0000: 01 00 00 41 03 01 4F 6C A3 D0 D9 5A 75 FE 79 0A ...A..Ol...Zu.y.
0010: 72 B0 80 CD 9A 94 FC 5B CF FB 75 49 86 A2 1A 92 r......[..uI....
0020: FB 0B CA 6B EA BF 00 00 1A 00 35 00 2F 00 0A 00 ...k......5./...
0030: 16 00 13 00 05 00 04 00 09 00 12 00 08 00 03 00 ................
0040: 11 00 14 01 00 .....
pool-20-thread-1, READ: TLSv1 Handshake, length = 69
*** ClientHello, TLSv1
RandomCookie: GMT: 1332454096 bytes = { 217, 90, 117, 254, 121, 10, 114, 176, 128, 205, 154, 148, 252, 91, 207, 251, 117, 73, 134, 162, 26, 146, 251, 11, 202, 107, 234, 191 }
Session ID: {}
Cipher Suites: [TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
***
Warning: No renegotiation indication in ClientHello, allow legacy ClientHello
[read] MD5 and SHA1 hashes: len = 69
0000: 01 00 00 41 03 01 4F 6C A3 D0 D9 5A 75 FE 79 0A ...A..Ol...Zu.y.
0010: 72 B0 80 CD 9A 94 FC 5B CF FB 75 49 86 A2 1A 92 r......[..uI....
0020: FB 0B CA 6B EA BF 00 00 1A 00 35 00 2F 00 0A 00 ...k......5./...
0030: 16 00 13 00 05 00 04 00 09 00 12 00 08 00 03 00 ................
0040: 11 00 14 01 00 .....
%% Created: [Session-1, TLS_RSA_WITH_AES_128_CBC_SHA]
*** ServerHello, TLSv1
RandomCookie: GMT: 1332454097 bytes = { 239, 228, 128, 15, 41, 248, 199, 164, 38, 34, 53, 112, 191, 197, 246, 49, 255, 76, 229, 195, 227, 92, 191, 72, 244, 248, 205, 30 }
Session ID: {79, 108, 163, 209, 184, 114, 97, 180, 115, 39, 110, 53, 192, 228, 65, 16, 211, 248, 46, 18, 36, 53, 24, 212, 13, 238, 152, 161, 44, 51, 85, 146}
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA
Compression Method: 0
***
Cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: CN=supl.oksijen.com, OU=Domain Validated, OU=Thawte SSL123 certificate, OU=Go to https://www.thawte.com/repository/index.html, O=supl.oksijen.com
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: SunPKCS11-Solaris RSA public key, 1024 bits (id 85629832, session object)
modulus: 120598275309494828650775439122182490971314974575342901792485396175797849226277121851592853233827395922531208074888178314834470710699640438647970178816434399898627584108914505608176980008499085664214564719055962194153955275587611402977329362759107538999228807303416149258304360535491035210594226346396297578637
public exponent: 65537
Validity: [From: Tue Nov 29 02:00:00 EET 2011,
To: Tue Nov 27 01:59:59 EET 2012]
Issuer: CN=Thawte DV SSL CA, OU=Domain Validated SSL, O="Thawte, Inc.", C=US
SerialNumber: [ 4c9aeb87 b7fca2e3 46edb8de 3f12c7ac]
Certificate Extensions: 4
[1]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://svr-dv-crl.thawte.com/ThawteDV.crl]
]]
[2]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
]
[3]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: 1.3.6.1.5.5.7.48.1
accessLocation: URIName: http://ocsp.thawte.com]
]
[4]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:false
PathLen: undefined
]
]
Algorithm: [SHA1withRSA]
Signature:
0000: 2B 92 E3 A9 3B D3 07 CD FC 5B 9E 88 3B 34 39 0B +...;....[..;49.
0010: C9 47 2A 03 05 9B 35 41 BF 3D 60 5D 88 FD D6 74 .G*...5A.=`]...t
0020: F4 9B BB F0 49 2A 9B BC F4 10 C3 71 69 8D FA 6A ....I*.....qi..j
0030: 87 B7 0B 08 97 16 2A 83 08 54 97 34 FA 20 0B 19 ......*..T.4. ..
0040: 56 05 39 76 2A BA 20 7F CD 54 24 53 3F D1 06 1D V.9v*. ..T$S?...
0050: 63 DE C1 6F 9C 06 1E 5C 14 A3 9D 52 13 F4 20 FB c..o...\...R.. .
0060: F9 BF F4 1A 14 E7 3A A2 5D EE 81 B7 7E E0 DA AF ......:.].......
0070: 95 04 27 60 A6 D6 4A 43 D5 76 1A B2 C5 21 07 FD ..'`..JC.v...!..
0080: 6B 8B B5 B5 6F 28 AA 72 C3 A8 E2 31 BE D1 23 69 k...o(.r...1..#i
0090: 29 01 18 02 79 51 D8 8F BE 28 C3 4E FC 76 42 2C )...yQ...(.N.vB,
00A0: BC 01 E6 B6 5A F9 83 23 F0 42 01 77 0F 76 CD A2 ....Z..#.B.w.v..
00B0: 4F 81 F4 2B 3C 63 CC 57 31 E1 F2 54 3C E5 D3 3C O..+<c.W1..T<..<
00C0: 69 B9 DE 97 38 3F 18 C8 D3 88 F3 7B 88 C4 0A 2A i...8?.........*
00D0: 3B D3 9D A3 42 07 0D 5D 35 AA C9 08 F2 80 87 A1 ;...B..]5.......
00E0: 00 69 3C E8 CC 1A CA 8B F7 15 AF 23 0B 2E 70 F5 .i<........#..p.
00F0: AE 8E D1 26 14 DB F7 77 05 D6 DC 54 EE 59 FF 13 ...&...w...T.Y..
]
chain [1] = [
[
Version: V3
Subject: CN=Thawte DV SSL CA, OU=Domain Validated SSL, O="Thawte, Inc.", C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: SunPKCS11-Solaris RSA public key, 2048 bits (id 6198152, session object)
modulus: 25701717484853491437424643587435384947655042879579017200377794747735174183061275533271946354928754299745436930612096732059592290036133242863382696145247614638515940329571878798930120591612643480548140260642028775565866916653370805995814318360170559409969976874936984219480826128934300421815326970163576991408271640964914878312951354774468261605313367681695404259766066048556173382828286811361298161501279248814379846142433083837533966218185592141533643687375820728335650809270604148582814639876630437931801822297685398714224714209072329881336663635057667849684253169486424858469933035820711409092091268640626960413269
public exponent: 65537
Validity: [From: Thu Feb 18 02:00:00 EET 2010,
To: Tue Feb 18 01:59:59 EET 2020]
Issuer: CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US
SerialNumber: [ 7610128a 17b682bb 3a1f9d1a 9a35c092]
Certificate Extensions: 7
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: AB 44 E4 5D EC 83 C7 D9 C0 85 9F F7 E1 C6 97 90 .D.]............
0010: B0 8C 3F 98 ..?.
]
]
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 7B 5B 45 CF AF CE CB 7A FD 31 92 1A 6A B6 F3 46 .[E....z.1..j..F
0010: EB 57 48 50 .WHP
]
]
[3]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
CN=VeriSignMPKI-2-11
]
[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl.thawte.com/ThawtePCA.crl]
]]
[5]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
]
[6]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:0
]
[7]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: 1.3.6.1.5.5.7.48.1
accessLocation: URIName: http://ocsp.thawte.com]
]
]
Algorithm: [SHA1withRSA]
Signature:
0000: 04 BA FB AC BB FC 4B 54 11 A3 2D 88 B3 3C BD 00 ......KT..-..<..
0010: 6D 8A 1A B6 8D C4 C1 83 F8 C7 53 2A C1 32 6E 3A m.........S*.2n:
0020: 81 A1 54 7D DA 1A 3F 3A 45 4F 36 E7 42 B0 0A 42 ..T...?:EO6.B..B
0030: 85 97 A0 AC FB E5 87 A7 83 4F E8 B1 B7 9B 58 65 .........O....Xe
0040: 6E 26 80 0B 92 4D 47 55 B9 61 16 51 65 E9 2B F1 n&...MGU.a.Qe.+.
0050: 68 D9 58 B8 03 81 D1 B7 66 1C D3 BC C5 A6 7B 5F h.X.....f......_
0060: 3E C5 38 46 76 E7 75 B4 A0 0C 4B CE A2 C2 A9 C1 >.8Fv.u...K.....
0070: CC 36 73 7B FB B9 24 24 A0 5E A7 F6 FA BB 0C 28 .6s...$$.^.....(
0080: 43 9E 1D F0 4E F0 3F D8 24 B0 21 DC 6D 2D EE BF C...N.?.$.!.m-..
0090: 5A 3B FA 88 9C 74 6C AF 21 DD 92 EC C3 15 EF 94 Z;...tl.!.......
00A0: 75 26 46 D6 A6 3F BF 66 48 AA 1D EF DD 27 E6 B7 u&F..?.fH....'..
00B0: 51 89 38 7D 13 84 0C 40 FC D0 B5 F1 E0 DB F9 4F Q.8....@.......O
00C0: 2F 40 1C B4 8E 47 22 61 B8 4C 96 DE F0 5F 11 7E /@...G"a.L..._..
00D0: 4F 11 D9 EC 50 47 22 0E C5 1D E2 64 49 E7 68 63 O...PG"....dI.hc
00E0: 45 3A 8A D9 71 F4 5E F1 6E B7 14 4D 3E 6F 14 1E E:..q.^.n..M>o..
00F0: DC 52 FE BC DF 0C BD 29 3F 76 FB 11 5F 68 68 15 .R.....)?v.._hh.
]
chain [2] = [
[
Version: V3
Subject: CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: SunPKCS11-Solaris RSA public key, 2048 bits (id 14331544, session object)
modulus: 21792351585640198823010717570910971808469628036117065647538316584461104694117982485319401124457220049283378312411354535779127606968916044780332786260035481781765039797362215672421915437872814686294860940985466198627244991233897031307285975552662073780174254767374930165493818669253271286259780239288988465335988816384343753406049170266376223419710437879015046905429855225019948986073114815226362934518604529274034324266651314733393135633945096089333067879884414870938531015147310124871986717553381366235085215677397428475777665806913759265262907501168121945007318159396049901049180479495316851639382710767187677533597
public exponent: 65537
Validity: [From: Fri Nov 17 02:00:00 EET 2006,
To: Thu Dec 31 01:59:59 EET 2020]
Issuer: EMAILADDRESS=###@###.###, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
SerialNumber: [ 33655008 79ad73e2 30b9e01d 0d7fac91]
Certificate Extensions: 5
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 7B 5B 45 CF AF CE CB 7A FD 31 92 1A 6A B6 F3 46 .[E....z.1..j..F
0010: EB 57 48 50 .WHP
]
]
[2]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl.thawte.com/ThawtePremiumServerCA.crl]
]]
[3]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
]
[4]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.5.29.32.0]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 1A 68 74 74 70 73 3A 2F 2F 77 77 77 2E 74 68 ..https://www.th
0010: 61 77 74 65 2E 63 6F 6D 2F 63 70 73 awte.com/cps
]] ]
]
[5]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
]
]
Algorithm: [SHA1withRSA]
Signature:
0000: 84 A8 4C C9 3E 2A BC 9A E2 CC 8F 0B B2 25 77 C4 ..L.>*.......%w.
0010: 61 89 89 63 5A D4 A3 15 40 D4 FB 5E 3F B4 43 EA a..cZ...@..^?.C.
0020: 63 17 2B 6B 99 74 9E 09 A8 DD D4 56 15 2E 7A 79 c.+k.t.....V..zy
0030: 31 5F 63 96 53 1B 34 D9 15 EA 4F 6D 70 CA BE F6 1_c.S.4...Omp...
0040: 82 A9 ED DA 85 77 CC 76 1C 6A 81 0A 21 D8 41 99 .....w.v.j..!.A.
0050: 7F 5E 2E 82 C1 E8 AA F7 93 81 05 AA 92 B4 1F B7 .^..............
0060: 9A C0 07 17 F5 CB C6 B4 4C 0E D7 56 DC 71 20 74 ........L..V.q t
0070: 38 D6 74 C6 D6 8F 6B AF 8B 8D A0 6C 29 0B 61 E0 8.t...k....l).a.
]
***
*** ServerHelloDone
[write] MD5 and SHA1 hashes: len = 3318
0000: 02 00 00 46 03 01 4F 6C A3 D1 EF E4 80 0F 29 F8 ...F..Ol......).
0010: C7 A4 26 22 35 70 BF C5 F6 31 FF 4C E5 C3 E3 5C ..&"5p...1.L...0020: BF 48 F4 F8 CD 1E 20 4F 6C A3 D1 B8 72 61 B4 73 .H.... Ol...ra.s
0030: 27 6E 35 C0 E4 41 10 D3 F8 2E 12 24 35 18 D4 0D 'n5..A.....$5...
0040: EE 98 A1 2C 33 55 92 00 2F 00 0B 00 0C A4 00 0C ...,3U../.......
0050: A1 00 03 BC 30 82 03 B8 30 82 02 A0 A0 03 02 01 ....0...0.......
0060: 02 02 10 4C 9A EB 87 B7 FC A2 E3 46 ED B8 DE 3F ...L.......F...?
0070: 12 C7 AC 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 ...0...*.H......
0080: 05 00 30 5E 31 0B 30 09 06 03 55 04 06 13 02 55 ..0^1.0...U....U
0090: 53 31 15 30 13 06 03 55 04 0A 13 0C 54 68 61 77 S1.0...U....Thaw
00A0: 74 65 2C 20 49 6E 63 2E 31 1D 30 1B 06 03 55 04 te, Inc.1.0...U.
00B0: 0B 13 14 44 6F 6D 61 69 6E 20 56 61 6C 69 64 61 ...Domain Valida
00C0: 74 65 64 20 53 53 4C 31 19 30 17 06 03 55 04 03 ted SSL1.0...U..
00D0: 13 10 54 68 61 77 74 65 20 44 56 20 53 53 4C 20 ..Thawte DV SSL
00E0: 43 41 30 1E 17 0D 31 31 31 31 32 39 30 30 30 30 CA0...1111290000
00F0: 30 30 5A 17 0D 31 32 31 31 32 36 32 33 35 39 35 00Z..12112623595
0100: 39 5A 30 81 B2 31 19 30 17 06 03 55 04 0A 13 10 9Z0..1.0...U....
0110: 73 75 70 6C 2E 6F 6B 73 69 6A 65 6E 2E 63 6F 6D supl.oksijen.com
0120: 31 3B 30 39 06 03 55 04 0B 13 32 47 6F 20 74 6F 1;09..U...2Go to
0130: 20 68 74 74 70 73 3A 2F 2F 77 77 77 2E 74 68 61 https://www.tha
0140: 77 74 65 2E 63 6F 6D 2F 72 65 70 6F 73 69 74 6F wte.com/reposito
0150: 72 79 2F 69 6E 64 65 78 2E 68 74 6D 6C 31 22 30 ry/index.html1"0
0160: 20 06 03 55 04 0B 13 19 54 68 61 77 74 65 20 53 ..U....Thawte S
0170: 53 4C 31 32 33 20 63 65 72 74 69 66 69 63 61 74 SL123 certificat
0180: 65 31 19 30 17 06 03 55 04 0B 13 10 44 6F 6D 61 e1.0...U....Doma
0190: 69 6E 20 56 61 6C 69 64 61 74 65 64 31 19 30 17 in Validated1.0.
01A0: 06 03 55 04 03 13 10 73 75 70 6C 2E 6F 6B 73 69 ..U....supl.oksi
01B0: 6A 65 6E 2E 63 6F 6D 30 81 9F 30 0D 06 09 2A 86 jen.com0..0...*.
01C0: 48 86 F7 0D 01 01 01 05 00 03 81 8D 00 30 81 89 H............0..
01D0: 02 81 81 00 AB BC D6 47 B1 EC 88 F1 7D 0A E5 91 .......G........
01E0: 69 D9 BF C6 F9 CB 87 CD 03 AD 81 C1 09 43 6B 74 i............Ckt
01F0: D5 25 0D F9 15 12 4A 5B EB 8D F8 6D 74 2B 7F 1F .%....J[...mt+..
0200: 3C 25 93 04 22 53 8C 5F 46 66 52 08 6E 4E 18 F6 <%.."S._FfR.nN..
0210: F8 56 2E B5 BD F4 9C 41 F0 B5 89 5C A6 59 89 F0 .V.....A...\.Y..
0220: 78 02 D3 46 93 43 90 FF A3 1B 9A 99 4B 4F DC CA x..F.C......KO..
0230: C2 F0 8C FA 17 D6 54 40 92 80 66 E9 C0 52 DB 74 ......T@..f..R.t
0240: 2C 3A 0A C7 3E CB CF BE CE 06 0F 21 0D B8 95 ED ,:..>......!....
0250: E3 C9 C8 8D 02 03 01 00 01 A3 81 A0 30 81 9D 30 ............0..0
0260: 0C 06 03 55 1D 13 01 01 FF 04 02 30 00 30 3A 06 ...U.......0.0:.
0270: 03 55 1D 1F 04 33 30 31 30 2F A0 2D A0 2B 86 29 .U...3010/.-.+.)
0280: 68 74 74 70 3A 2F 2F 73 76 72 2D 64 76 2D 63 72 http://svr-dv-cr
0290: 6C 2E 74 68 61 77 74 65 2E 63 6F 6D 2F 54 68 61 l.thawte.com/Tha
02A0: 77 74 65 44 56 2E 63 72 6C 30 1D 06 03 55 1D 25 wteDV.crl0...U.%
02B0: 04 16 30 14 06 08 2B 06 01 05 05 07 03 01 06 08 ..0...+.........
02C0: 2B 06 01 05 05 07 03 02 30 32 06 08 2B 06 01 05 +.......02..+...
02D0: 05 07 01 01 04 26 30 24 30 22 06 08 2B 06 01 05
( This report has more than 16,000 characters and has been truncated. )