Gazelle Security Suite

Permanent link

https://twlab.technikum-wien.at/gss/details/connection.seam?id=3

Connection date

9/29/17 10:04:48 AM (CEST GMT+0200)

SUT address

188.165.194.55 :3202

Simulator address

twlab:52148

Simulator keyword

client_18353

Simulator certificate

C=AT,O=TWGmbH,CN=TWGmbH CA

Handshake success

Protocol

Cipher suite

Error message

result=FAILED
errors list :
PKIX validation : The root certificate of the certificate path was issued by a
CA that is not in the the trusted-root-certificate-store used for the path
validation. The name of the CA is "CN=IHE Europe CA, O=IHE Europe, C=FR". The
trusted-root-certificate store contains 2 CA(s). (PKIX)
PKIX validation (CN=IHE Europe CA, O=IHE Europe, C=FR) : The certificate has a
valid signature, but is no trust anchor (PKIX)

Error stack trace

javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1395)
at
        sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:516)
at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:794)
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:762)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1212)
at org.jboss.netty.handler.ssl.SslHandler.decode(SslHandler.java:910)
at org.jboss.netty.handler.codec.frame.FrameDecoder.callDecode(FrameDe-
        coder.java:425)
at org.jboss.netty.handler.codec.frame.FrameDecoder.messageReceived(Fr-
        ameDecoder.java:310)
at org.jboss.netty.channel.SimpleChannelUpstreamHandler.handleUpstream-
        (SimpleChannelUpstreamHandler.java:70)
at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(Default-
        ChannelPipeline.java:560)
at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(Default-
        ChannelPipeline.java:555)
at
        org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:268)
at
        org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:255)
at org.jboss.netty.channel.socket.nio.NioWorker.read(NioWorker.java:88)
at org.jboss.netty.channel.socket.nio.AbstractNioWorker.process(Abstra-
        ctNioWorker.java:107)
at org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(Abstract-
        NioSelector.java:312)
at org.jboss.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNi-
        oWorker.java:88)
at org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:178)
at org.jboss.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunna-
        ble.java:108)
at org.jboss.netty.util.internal.DeadLockProofWorker$1.run(DeadLockPro-
        ofWorker.java:42)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecuto-
        r.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecut-
        or.java:615)
at java.lang.Thread.run(Thread.java:745)
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1702)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:281)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:273)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshake-
        r.java:1477)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.j-
        ava:213)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:961)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:901)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:899)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1333)
at org.jboss.netty.handler.ssl.SslHandler$4.run(SslHandler.java:1348)
at org.jboss.netty.handler.ssl.ImmediateExecutor.execute(ImmediateExec-
        utor.java:31)
at org.jboss.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler-
        .java:1345)
at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1232)
... 18 more
Caused by: java.security.cert.CertificateException: result=FAILED
errors list :
PKIX validation : The root certificate of the certificate path was issued by a
CA that is not in the the trusted-root-certificate-store used for the path
validation. The name of the CA is "CN=IHE Europe CA, O=IHE Europe, C=FR". The
trusted-root-certificate store contains 2 CA(s). (PKIX)
PKIX validation (CN=IHE Europe CA, O=IHE Europe, C=FR) : The certificate has a
valid signature, but is no trust anchor (PKIX)

at net.ihe.gazelle.simulators.tls.common.TestTrustManager.checkServerT-
        rusted(TestTrustManager.java:58)
at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSL-
        ContextImpl.java:920)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshake-
        r.java:1464)
... 28 more

TLS/SSL events

Date

09/29/2017 08:04:48.398

Type

CHECK_TRUSTED_SERVER

Details

Details

result=FAILED errors list : PKIX validation : The root certificate of the certificate path was issued by a CA that is not in the the trusted-root-certificate-store used for the path validation. The name of the CA is "CN=IHE Europe CA, O=IHE Europe, C=FR". The trusted-root-certificate store contains 2 CA(s). (PKIX) PKIX validation (CN=IHE Europe CA, O=IHE Europe, C=FR) : The certificate has a valid signature, but is no trust anchor (PKIX)

CN=Syslog Server, O=IHE Europe, C=FR
[
[
  Version: V3
  Subject: CN=Syslog Server, O=IHE Europe, C=FR
  Signature Algorithm: SHA512withRSA, OID = 1.2.840.113549.1.1.13

  Key:  Sun RSA public key, 1024 bits
  modulus: 1378040690818918690880481911783342834572802696445357083264409066062-
  5164590542091029052734029532124158639821219762487897454612188897932491645601-
  5927011282573257735034688034519986282515910357408720841778923444113060772504-
  7705914754137486991349640869137030475968948657770431327997930084742617049647-
  82767994676453
  public exponent: 65537
  Validity: [From: Thu Mar 19 19:36:42 CET 2015,
               To: Wed Mar 19 19:36:42 CET 2025]
  Issuer: CN=IHE Europe CA, O=IHE Europe, C=FR
  SerialNumber: [    01d4]

Certificate Extensions: 9
[1]: ObjectId: 2.16.840.1.113730.1.3 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 2E 16 2C 68 74 74 70   3A 2F 2F 67 61 7A 65 6C  ...,http://gazel
0010: 6C 65 2E 69 68 65 2E 6E   65 74 2F 70 6B 69 2F 63  le.ihe.net/pki/c
0020: 72 6C 2F 36 34 33 2F 63   61 63 72 6C 2E 63 72 6C  rl/643/cacrl.crl

[2]: ObjectId: 2.16.840.1.113730.1.4 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 2E 16 2C 68 74 74 70   3A 2F 2F 67 61 7A 65 6C  ...,http://gazel
0010: 6C 65 2E 69 68 65 2E 6E   65 74 2F 70 6B 69 2F 63  le.ihe.net/pki/c
0020: 72 6C 2F 36 34 33 2F 63   61 63 72 6C 2E 63 72 6C  rl/643/cacrl.crl

[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: EC 33 0E 13 C8 22 5E A2   E1 6B AF 43 7B 7A 5D D2  .3..."^..k.C.z].
0010: 77 73 1D 7E                                        ws..
]
]

[4]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
  CA:false
  PathLen: undefined
]

[5]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
  [DistributionPoint:
     [URIName: http://gazelle.ihe.net/pki/crl/643/cacrl.crl]
]]

[6]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
  clientAuth
  emailProtection
  1.3.6.1.4.1.311.20.2.2
  serverAuth
]

[7]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
  DigitalSignature
  Non_repudiation
  Key_Encipherment
  Data_Encipherment
]

[8]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
   SSL client
   SSL server
   S/MIME
]

[9]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 9E DF C8 72 EF CF F1 64   A4 58 EA 91 38 71 9B 7A  ...r...d.X..8q.z
0010: 34 F5 93 CC                                        4...
]
]

]
  Algorithm: [SHA512withRSA]
  Signature:
0000: 14 D3 53 EE FA 44 A5 EE   56 93 AD 7B 9E 4D AE 1D  ..S..D..V....M..
0010: 2F 68 F8 4E AC 23 B0 F9   7C 62 39 08 64 6B F3 E6  /h.N.#...b9.dk..
0020: CE 5D E7 D8 81 A6 C5 F6   29 86 A8 62 3F 47 8D 74  .]......)..b?G.t
0030: 45 9F D7 C4 AF B9 C3 9C   34 04 97 C3 D8 E8 FB F6  E.......4.......
0040: DF E2 79 24 FE FD A5 66   BD 27 B8 A6 92 0D D4 65  ..y$...f.'.....e
0050: 9A CD D5 F1 52 FE CB D1   98 98 A3 F7 98 FC C7 06  ....R...........
0060: B0 32 67 9D 3E 3F E7 53   96 4B D6 30 62 3F D3 20  .2g.>?.S.K.0b?.
0070: 2B F5 F2 9D EF 11 49 29   36 81 F0 BC F9 AF 5F F7  +.....I)6....._.

]
CN=IHE Europe CA, O=IHE Europe, C=FR
[
[
  Version: V3
  Subject: CN=IHE Europe CA, O=IHE Europe, C=FR
  Signature Algorithm: SHA512withRSA, OID = 1.2.840.113549.1.1.13

  Key:  Sun RSA public key, 1024 bits
  modulus: 1223114762172295074914607115833884715673819911434433250029311589293-
  3635726929248734918092640687895615386965973776845408505224672891713177323656-
  9273535538283856478146559047495530521903589399279450494904648132906921410964-
  2590329859163570970989879626538564528258356714667125516378936294866620614002-
  61448914013237
  public exponent: 65537
  Validity: [From: Fri Sep 28 13:19:29 CEST 2012,
               To: Wed Sep 28 13:19:29 CEST 2022]
  Issuer: CN=IHE Europe CA, O=IHE Europe, C=FR
  SerialNumber: [    01]

Certificate Extensions: 8
[1]: ObjectId: 2.16.840.1.113730.1.3 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 2E 16 2C 68 74 74 70   3A 2F 2F 67 61 7A 65 6C  ...,http://gazel
0010: 6C 65 2E 69 68 65 2E 6E   65 74 2F 70 6B 69 2F 63  le.ihe.net/pki/c
0020: 72 6C 2F 36 34 33 2F 63   61 63 72 6C 2E 63 72 6C  rl/643/cacrl.crl

[2]: ObjectId: 2.16.840.1.113730.1.4 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 2E 16 2C 68 74 74 70   3A 2F 2F 67 61 7A 65 6C  ...,http://gazel
0010: 6C 65 2E 69 68 65 2E 6E   65 74 2F 70 6B 69 2F 63  le.ihe.net/pki/c
0020: 72 6C 2F 36 34 33 2F 63   61 63 72 6C 2E 63 72 6C  rl/643/cacrl.crl

[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: EC 33 0E 13 C8 22 5E A2   E1 6B AF 43 7B 7A 5D D2  .3..."^..k.C.z].
0010: 77 73 1D 7E                                        ws..
]
]

[4]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
  CA:true
  PathLen:2147483647
]

[5]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
  [DistributionPoint:
     [URIName: http://gazelle.ihe.net/pki/crl/643/cacrl.crl]
]]

[6]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
  Key_CertSign
  Crl_Sign
]

[7]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
   SSL CA
   S/MIME CA
   Object Signing CA]

[8]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: EC 33 0E 13 C8 22 5E A2   E1 6B AF 43 7B 7A 5D D2  .3..."^..k.C.z].
0010: 77 73 1D 7E                                        ws..
]
]

]
  Algorithm: [SHA512withRSA]
  Signature:
0000: 57 CF 7E BF C2 8E 4F D9   06 C0 C8 F5 27 47 19 8A  W.....O.....'G..
0010: A5 1C 02 5A 25 A2 57 FD   FA 57 22 ED DA 90 46 71  ...Z%.W..W"...Fq
0020: 08 FC CC 26 44 DE 0C 31   EF 50 E1 9A 68 FE DB 00  ...&D..1.P..h...
0030: 71 A7 4C 1B 12 F2 B4 7D   08 3E A0 C9 45 49 9A B0  q.L......>..EI..
0040: BF 7E 4E BF 42 86 05 55   A3 CD 38 61 B6 33 52 A7  ..N.B..U..8a.3R.
0050: 03 5E 1B C2 1A E2 60 B5   D5 D4 83 6C 53 08 FF 8D  .^....`....lS...
0060: 44 DD 49 2B EB 3E 05 7C   5D D7 60 33 C5 60 04 B0  D.I+.>..].`3.`..
0070: 17 E7 D5 47 F7 88 EE 7C   33 CE 3E AC 15 D7 EF 8F  ...G....3.>.....

]

Connection Id	Index	Details	Date	Time (µs)	From	To	Proxy	Info
Number of results per page :
3	1	Details	9/29/17 10:04:48 AM (CEST GMT+0200)	351447	127.0.0.1 : 41250	188.165.194.55 : 3202	1024	<85>1 2017-09-29T08:...

TLS/SSL connection

Connection details

Error stack trace

Details

Intercepted messages