Gazelle Security Suite

Permanent link

https://twlab.technikum-wien.at/gss/details/connection.seam?id=6

Connection date

9/29/17 11:09:28 AM (CEST GMT+0200)

SUT address

188.165.194.55 :10009

Simulator address

twlab:32855

Simulator keyword

Client_IES_dummy

Simulator certificate

C=AT,O=TWGmbH,CN=TWGmbH CA

Handshake success

Protocol

Cipher suite

Error message

result=FAILED
errors list :
PKIX validation : The root certificate of the certificate path was issued by a
CA that is not in the the trusted-root-certificate-store used for the path
validation. The name of the CA is "CN=IHE Europe CA, O=IHE Europe, C=FR". The
trusted-root-certificate store contains 1 CA(s). (PKIX)
PKIX validation (CN=IHE Europe CA, O=IHE Europe, C=FR) : The certificate has a
valid signature, but is no trust anchor (PKIX)

Error stack trace

javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1395)
at
        sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:516)
at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:794)
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:762)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1212)
at org.jboss.netty.handler.ssl.SslHandler.decode(SslHandler.java:910)
at org.jboss.netty.handler.codec.frame.FrameDecoder.callDecode(FrameDe-
        coder.java:425)
at org.jboss.netty.handler.codec.frame.FrameDecoder.messageReceived(Fr-
        ameDecoder.java:310)
at org.jboss.netty.channel.SimpleChannelUpstreamHandler.handleUpstream-
        (SimpleChannelUpstreamHandler.java:70)
at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(Default-
        ChannelPipeline.java:560)
at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(Default-
        ChannelPipeline.java:555)
at
        org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:268)
at
        org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:255)
at org.jboss.netty.channel.socket.nio.NioWorker.read(NioWorker.java:88)
at org.jboss.netty.channel.socket.nio.AbstractNioWorker.process(Abstra-
        ctNioWorker.java:107)
at org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(Abstract-
        NioSelector.java:312)
at org.jboss.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNi-
        oWorker.java:88)
at org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:178)
at org.jboss.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunna-
        ble.java:108)
at org.jboss.netty.util.internal.DeadLockProofWorker$1.run(DeadLockPro-
        ofWorker.java:42)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecuto-
        r.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecut-
        or.java:615)
at java.lang.Thread.run(Thread.java:745)
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1702)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:281)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:273)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshake-
        r.java:1477)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.j-
        ava:213)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:961)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:901)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:899)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1333)
at org.jboss.netty.handler.ssl.SslHandler$4.run(SslHandler.java:1348)
at org.jboss.netty.handler.ssl.ImmediateExecutor.execute(ImmediateExec-
        utor.java:31)
at org.jboss.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler-
        .java:1345)
at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1232)
... 18 more
Caused by: java.security.cert.CertificateException: result=FAILED
errors list :
PKIX validation : The root certificate of the certificate path was issued by a
CA that is not in the the trusted-root-certificate-store used for the path
validation. The name of the CA is "CN=IHE Europe CA, O=IHE Europe, C=FR". The
trusted-root-certificate store contains 1 CA(s). (PKIX)
PKIX validation (CN=IHE Europe CA, O=IHE Europe, C=FR) : The certificate has a
valid signature, but is no trust anchor (PKIX)

at net.ihe.gazelle.simulators.tls.common.TestTrustManager.checkServerT-
        rusted(TestTrustManager.java:58)
at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSL-
        ContextImpl.java:920)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshake-
        r.java:1464)
... 28 more

TLS/SSL events

Date

09/29/2017 09:09:28.797

Type

CHECK_TRUSTED_SERVER

Details

Details

result=FAILED errors list : PKIX validation : The root certificate of the certificate path was issued by a CA that is not in the the trusted-root-certificate-store used for the path validation. The name of the CA is "CN=IHE Europe CA, O=IHE Europe, C=FR". The trusted-root-certificate store contains 1 CA(s). (PKIX) PKIX validation (CN=IHE Europe CA, O=IHE Europe, C=FR) : The certificate has a valid signature, but is no trust anchor (PKIX)

CN=TlsTools2, O=IHE, C=FR
[
[
  Version: V3
  Subject: CN=TlsTools2, O=IHE, C=FR
  Signature Algorithm: SHA512withRSA, OID = 1.2.840.113549.1.1.13

  Key:  Sun RSA public key, 1024 bits
  modulus: 1134471514181878013147764553433757888874212291742350800576718636276-
  5004759355846663688518514496537720359601837761088592805683496143918762890795-
  5113577371257401498141760157311031480739021235329120480250641109408241350593-
  8258831837389468421171947702070057414574128692124768159404165577881862149178-
  88470037592549
  public exponent: 65537
  Validity: [From: Wed Oct 10 09:07:25 CEST 2012,
               To: Mon Oct 10 09:07:25 CEST 2022]
  Issuer: CN=IHE Europe CA, O=IHE Europe, C=FR
  SerialNumber: [    10]

]
  Algorithm: [SHA512withRSA]
  Signature:
0000: 01 C8 0B BE 3B F9 87 60   58 B6 66 B7 7E 42 8C FD  ....;..`X.f..B..
0010: 8D 1C 7A D4 FF AD A9 68   78 AE 18 C4 14 05 D8 28  ..z....hx......(
0020: BA ED 1D 66 4A 7B D0 5D   2C A3 C4 77 34 47 C4 42  ...fJ..],..w4G.B
0030: 0B FE E0 EE 0C F6 ED 9B   3D A2 76 70 89 D3 17 21  ........=.vp...!
0040: 8F 85 75 3C A2 74 C5 F6   59 EA EF 8E ED FA 69 4C  ..u<.t..Y.....iL
0050: 16 A8 07 5B 4F A9 32 38   D4 A5 B2 BD E1 80 08 66  ...[O.28.......f
0060: E8 3F D8 86 5C 2F 60 E0   77 78 60 6A E8 66 A6 50  .?..\/`.wx`j.f.P
0070: 90 45 59 36 6B 9A D3 5E   32 3E B6 99 3F 57 18 A0  .EY6k..^2>..?W..

]
CN=IHE Europe CA, O=IHE Europe, C=FR
[
[
  Version: V3
  Subject: CN=IHE Europe CA, O=IHE Europe, C=FR
  Signature Algorithm: SHA512withRSA, OID = 1.2.840.113549.1.1.13

  Key:  Sun RSA public key, 1024 bits
  modulus: 1223114762172295074914607115833884715673819911434433250029311589293-
  3635726929248734918092640687895615386965973776845408505224672891713177323656-
  9273535538283856478146559047495530521903589399279450494904648132906921410964-
  2590329859163570970989879626538564528258356714667125516378936294866620614002-
  61448914013237
  public exponent: 65537
  Validity: [From: Fri Sep 28 13:19:29 CEST 2012,
               To: Wed Sep 28 13:19:29 CEST 2022]
  Issuer: CN=IHE Europe CA, O=IHE Europe, C=FR
  SerialNumber: [    01]

Certificate Extensions: 8
[1]: ObjectId: 2.16.840.1.113730.1.3 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 2E 16 2C 68 74 74 70   3A 2F 2F 67 61 7A 65 6C  ...,http://gazel
0010: 6C 65 2E 69 68 65 2E 6E   65 74 2F 70 6B 69 2F 63  le.ihe.net/pki/c
0020: 72 6C 2F 36 34 33 2F 63   61 63 72 6C 2E 63 72 6C  rl/643/cacrl.crl

[2]: ObjectId: 2.16.840.1.113730.1.4 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 2E 16 2C 68 74 74 70   3A 2F 2F 67 61 7A 65 6C  ...,http://gazel
0010: 6C 65 2E 69 68 65 2E 6E   65 74 2F 70 6B 69 2F 63  le.ihe.net/pki/c
0020: 72 6C 2F 36 34 33 2F 63   61 63 72 6C 2E 63 72 6C  rl/643/cacrl.crl

[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: EC 33 0E 13 C8 22 5E A2   E1 6B AF 43 7B 7A 5D D2  .3..."^..k.C.z].
0010: 77 73 1D 7E                                        ws..
]
]

[4]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
  CA:true
  PathLen:2147483647
]

[5]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
  [DistributionPoint:
     [URIName: http://gazelle.ihe.net/pki/crl/643/cacrl.crl]
]]

[6]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
  Key_CertSign
  Crl_Sign
]

[7]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
   SSL CA
   S/MIME CA
   Object Signing CA]

[8]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: EC 33 0E 13 C8 22 5E A2   E1 6B AF 43 7B 7A 5D D2  .3..."^..k.C.z].
0010: 77 73 1D 7E                                        ws..
]
]

]
  Algorithm: [SHA512withRSA]
  Signature:
0000: 57 CF 7E BF C2 8E 4F D9   06 C0 C8 F5 27 47 19 8A  W.....O.....'G..
0010: A5 1C 02 5A 25 A2 57 FD   FA 57 22 ED DA 90 46 71  ...Z%.W..W"...Fq
0020: 08 FC CC 26 44 DE 0C 31   EF 50 E1 9A 68 FE DB 00  ...&D..1.P..h...
0030: 71 A7 4C 1B 12 F2 B4 7D   08 3E A0 C9 45 49 9A B0  q.L......>..EI..
0040: BF 7E 4E BF 42 86 05 55   A3 CD 38 61 B6 33 52 A7  ..N.B..U..8a.3R.
0050: 03 5E 1B C2 1A E2 60 B5   D5 D4 83 6C 53 08 FF 8D  .^....`....lS...
0060: 44 DD 49 2B EB 3E 05 7C   5D D7 60 33 C5 60 04 B0  D.I+.>..].`3.`..
0070: 17 E7 D5 47 F7 88 EE 7C   33 CE 3E AC 15 D7 EF 8F  ...G....3.>.....

]

Connection Id	Index	Details	Date	Time (µs)	From	To	Proxy	Info
Number of results per page :
6	1	Details	9/29/17 11:09:27 AM (CEST GMT+0200)	828687	127.0.0.1 : 42574	188.165.194.55 : 10009	1024	<85>1 2017-09-29T09:...

TLS/SSL connection

Connection details

Error stack trace

Details

Intercepted messages