Java 在与maven的FTP SSL连接期间,没有主题替代名称
我正在使用maven将文件上载到FTP服务器。在没有通知的情况下,他们似乎已经将安全性调整为SSL。在我的maven脚本中,我对url进行了更改,但是现在我得到了一个CertificationException,我不知道如何解决这个问题 我改成ftps://ftp01.company.nl 因为我得到了以下错误(这样做似乎是正确的) 然而ftps://ftp01.company.nl 我收到一个新错误:Java 在与maven的FTP SSL连接期间,没有主题替代名称,java,maven,ssl,ftps,apache-commons-net,Java,Maven,Ssl,Ftps,Apache Commons Net,我正在使用maven将文件上载到FTP服务器。在没有通知的情况下,他们似乎已经将安全性调整为SSL。在我的maven脚本中,我对url进行了更改,但是现在我得到了一个CertificationException,我不知道如何解决这个问题 我改成ftps://ftp01.company.nl 因为我得到了以下错误(这样做似乎是正确的) 然而ftps://ftp01.company.nl 我收到一个新错误: Reply received: 220 Microsoft FTP Service Co
Reply received: 220 Microsoft FTP Service
Command sent: AUTH TLS
Reply received: 234 AUTH command ok. Expecting TLS Negotiation.
Session error: javax.net.ssl.SSLHandshakeException:
java.security.cert.CertificateException: No subject alternative names matching
IP address 54.111.424.3 found
ftps://ftp01.company.nl- Session: Connection refused
[ERROR] Failed to execute goal org.codehaus.mojo:wagon-maven-plugin:1.0:upload (upload-philips-site) on project nl.esi.comma.types: Unable to create a Wagon instance for ftps://ftp01.company.nl: Could not connect to server. java.security.cert.CertificateException: No subject alternative names matching IP address 54.111.424.3 found -> [Help 1]
org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal org.codehaus.mojo:wagon-maven-plugin:1.0:upload (upload-philips-site) on project nl.esi.comma.types: Unable to create a Wagon instance for ftps://134.221.44.5:21
at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:213)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:154)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:146)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:117)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:81)
at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build(SingleThreadedBuilder.java:51)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute(LifecycleStarter.java:128)
at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:309)
at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:194)
at org.apache.maven.DefaultMaven.execute(DefaultMaven.java:107)
at org.apache.maven.cli.MavenCli.execute(MavenCli.java:993)
at org.apache.maven.cli.MavenCli.doMain(MavenCli.java:345)
at org.apache.maven.cli.MavenCli.main(MavenCli.java:191)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced(Launcher.java:289)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch(Launcher.java:229)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode(Launcher.java:415)
at org.codehaus.plexus.classworlds.launcher.Launcher.main(Launcher.java:356)
Caused by: org.apache.maven.plugin.MojoExecutionException: Unable to create a Wagon instance for ftps://ftp01.company.nl
at org.codehaus.mojo.wagon.AbstractWagonMojo.createWagon(AbstractWagonMojo.java:86)
at org.codehaus.mojo.wagon.AbstractSingleWagonMojo.execute(AbstractSingleWagonMojo.java:63)
at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo(DefaultBuildPluginManager.java:134)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:208)
... 20 more
Caused by: org.apache.maven.wagon.authentication.AuthenticationException: Could not connect to server.
at org.apache.maven.wagon.providers.ftp.FtpWagon.openConnectionInternal(FtpWagon.java:163)
at org.apache.maven.wagon.AbstractWagon.openConnection(AbstractWagon.java:115)
at org.apache.maven.wagon.AbstractWagon.connect(AbstractWagon.java:215)
at org.apache.maven.wagon.AbstractWagon.connect(AbstractWagon.java:152)
at org.codehaus.mojo.wagon.shared.WagonUtils.createWagon(WagonUtils.java:75)
at org.codehaus.mojo.wagon.AbstractWagonMojo.createWagon(AbstractWagonMojo.java:82)
... 23 more
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names matching IP address 134.221.44.5 found
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1959)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:961)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
at org.apache.commons.net.ftp.FTPSClient.sslNegotiation(FTPSClient.java:289)
at org.apache.commons.net.ftp.FTPSClient._connectAction_(FTPSClient.java:226)
at org.apache.commons.net.SocketClient.connect(SocketClient.java:189)
at org.apache.commons.net.SocketClient.connect(SocketClient.java:209)
at org.apache.maven.wagon.providers.ftp.FtpWagon.openConnectionInternal(FtpWagon.java:128)
... 28 more
Caused by: java.security.cert.CertificateException: No subject alternative names matching IP address 54.111.424.3 found
at sun.security.util.HostnameChecker.matchIP(HostnameChecker.java:168)
at sun.security.util.HostnameChecker.match(HostnameChecker.java:94)
at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:455)
at sun.security.ssl.AbstractTrustManagerWrapper.checkAdditionalTrust(SSLContextImpl.java:1019)
at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:986)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1496)
... 40 more
CONNECTED(000001A4)
depth=1 C = BE, O = GlobalSign nv-sa, CN = GlobalSign Organization Validation CA - SHA256 - G2
verify error:num=20:unable to get local issuer certificate
---
Certificate chain
0 s:/C=NL/ST=Zuid-Holland/L=Den Haag/OU=Information Services/O=COMPANY/CN=ftp01.company.nl
i:/C=BE/O=GlobalSign nv-sa/CN=GlobalSign Organization Validation CA - SHA256 - G2
-----BEGIN CERTIFICATE-----
MIIGTjCCBTagAwIBAgIMToqSFenheZ4SdipkMA0GCSqGSIb3DQEBCwUAMGYxCzAJ
BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTwwOgYDVQQDEzNH
bG9iYWxTaWduIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0g
RzIwHhcNMTgwMzE5MTU1MzI0WhcNMTkwMzIwMTU1MzI0WjB7MQswCQYDVQQGEwJO
TDEVMBMGA1UECAwMWnVpZC1Ib2xsYW5kMREwDwYDVQQHDAhEZW4gSGFhZzEdMBsG
A1UECwwUSW5mb3JtYXRpb24gU2VydmljZXMxDDAKBgNVBAoMA1ROTzEVMBMGA1UE
AwwMZnRwMDEudG5vLm5sMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
zSs0FmfHVtFzD3cEurv+l97RrSFPtBgzdK00dRaXomXaOFbkhW7BaI9yinkSdx7O
yFrxgfx9RvF4bfAtVD19wZkQo3KR4Qlmt8gRslGUOv4A/XWOXBrMxdaZM1omSPsd
lmfdzSZiCUelOxwwiWaR/EJTm7XUVa9zWatHdPQu9kNziDVJAHpSl3VeS7Q8QD65
nzseANKdNw7quyzMaiGNYKvzIfbExZ9OLVlpyC8CDur8ke75yIWNFJv0ybDKIbku
0AMu1PZfgvJ5ig3DKDyRw34lMds23+PIM5fDBWpjqHb441nG6rQ18GYBylFm9ibO
il20xxuNN8ayqO70awYgcQIDAQABo4IC5TCCAuEwDgYDVR0PAQH/BAQDAgWgMIGg
BggrBgEFBQcBAQSBkzCBkDBNBggrBgEFBQcwAoZBaHR0cDovL3NlY3VyZS5nbG9i
YWxzaWduLmNvbS9jYWNlcnQvZ3Nvcmdhbml6YXRpb252YWxzaGEyZzJyMS5jcnQw
PwYIKwYBBQUHMAGGM2h0dHA6Ly9vY3NwMi5nbG9iYWxzaWduLmNvbS9nc29yZ2Fu
aXphdGlvbnZhbHNoYTJnMjBWBgNVHSAETzBNMEEGCSsGAQQBoDIBFDA0MDIGCCsG
AQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzAI
BgZngQwBAgIwCQYDVR0TBAIwADBJBgNVHR8EQjBAMD6gPKA6hjhodHRwOi8vY3Js
Lmdsb2JhbHNpZ24uY29tL2dzL2dzb3JnYW5pemF0aW9udmFsc2hhMmcyLmNybDAX
BgNVHREEEDAOggxmdHAwMS50bm8ubmwwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
AQUFBwMCMB0GA1UdDgQWBBQrNLnI+fR/fg9+a9yu5b0mywKe+jAfBgNVHSMEGDAW
gBSW3mHxvRwWKVMcwMx9O4MAQOYafDCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB1
AG9Tdqwx8DEZ2JkApFEV/3cVHBHZAsEAKQaNsgiaN9kTAAABYj73JEkAAAQDAEYw
RAIgY69omnBaw9JQexXM6kUcbBMXtw3UYDbUepwNGqHzFlgCIGqK06EYkh9jnSg0
WsZEiXXO4f28EBlNJcrpkQCTEhRZAHcApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+4
43fNDsgN3BAAAAFiPvclegAABAMASDBGAiEAoDPScqwsg6fPZzgmLhyocgYNu7Em
XAIqmGgQwLBSOEMCIQD2V8+AfnAbRbW0GkFuzlWxj/fseKMMOLs3aEVhqKB9gDAN
BgkqhkiG9w0BAQsFAAOCAQEACcwFOiaqJFaN2gl2hGmoafD2+NOuobgA1nj1ow1X
dWTxNIJhVDCloTZkoJ2UrHn/I5kT+TF7CA95k4G7lCzVJsgByn1SWY+ENYZ0vBsB
6EmELTXqZTgpDLRnOQtm8kEM4UJGGResgbqMMknfOB6kuRaPCjViKM4MROsMZeUU
952o9h4IQQIejDN58FekT9FBbijCSeWfAJ72Oksrqvk6NDlUuYROp0PRTMYBDCf9
ZUMO0EaoBHtn2A+iK/ZVLz5MmjqF1ubCukSKF8GjeDaptgPEjRQpcEVXjm5fzyMB
+ik/Z1orH/ukIQPU8Jy5eJZPb7rlaURw5TpgF58s4/+ckQ==
-----END CERTIFICATE-----
1 s:/C=BE/O=GlobalSign nv-sa/CN=GlobalSign Organization Validation CA - SHA256 - G2
i:/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA
-----BEGIN CERTIFICATE-----
MIIEaTCCA1GgAwIBAgILBAAAAAABRE7wQkcwDQYJKoZIhvcNAQELBQAwVzELMAkG
A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xNDAyMjAxMDAw
MDBaFw0yNDAyMjAxMDAwMDBaMGYxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
YWxTaWduIG52LXNhMTwwOgYDVQQDEzNHbG9iYWxTaWduIE9yZ2FuaXphdGlvbiBW
YWxpZGF0aW9uIENBIC0gU0hBMjU2IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDHDmw/I5N/zHClnSDDDlM/fsBOwphJykfVI+8DNIV0yKMCLkZc
C33JiJ1Pi/D4nGyMVTXbv/Kz6vvjVudKRtkTIso21ZvBqOOWQ5PyDLzm+ebomchj
SHh/VzZpGhkdWtHUfcKc1H/hgBKueuqI6lfYygoKOhJJomIZeg0k9zfrtHOSewUj
mxK1zusp36QUArkBpdSmnENkiN74fv7j9R7l/tyjqORmMdlMJekYuYlZCa7pnRxt
Nw9KHjUgKOKv1CGLAcRFrW4rY6uSa2EKTSDtc7p8zv4WtdufgPDWi2zZCHlKT3hl
2pK8vjX5s8T5J4BO/5ZS5gIg4Qdz6V0rvbLxAgMBAAGjggElMIIBITAOBgNVHQ8B
Af8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUlt5h8b0cFilT
HMDMfTuDAEDmGnwwRwYDVR0gBEAwPjA8BgRVHSAAMDQwMgYIKwYBBQUHAgEWJmh0
dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMDMGA1UdHwQsMCow
KKAmoCSGImh0dHA6Ly9jcmwuZ2xvYmFsc2lnbi5uZXQvcm9vdC5jcmwwPQYIKwYB
BQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwOi8vb2NzcC5nbG9iYWxzaWduLmNv
bS9yb290cjEwHwYDVR0jBBgwFoAUYHtmGkUNl8qJUC99BM00qP/8/UswDQYJKoZI
hvcNAQELBQADggEBAEYq7l69rgFgNzERhnF0tkZJyBAW/i9iIxerH4f4gu3K3w4s
32R1juUYcqeMOovJrKV3UPfvnqTgoI8UV6MqX+x+bRDmuo2wCId2Dkyy2VG7EQLy
XN0cvfNVlg/UBsD84iOKJHDTu/B5GqdhcIOKrwbFINihY9Bsrk8y1658GEV1BSl3
30JAZGSGvip2CTFvHST0mdCF/vIhCPnG9vHQWe3WVjwIKANnuvD58ZAWR65n5ryA
SOlCdjSXVWkkDoPWoC209fN5ikkodBpBocLTJIg1MGCUF7ThBCIxPTsvFwayuJ2G
K1pp74P1S8SqtCr4fKGxhZSM9AyHDPSsQPhZSZg=
-----END CERTIFICATE-----
---
Server certificate
subject=/C=NL/ST=Zuid-Holland/L=Den Haag/OU=Information Services/O=COMPANY/CN=ftp01.company.nl
issuer=/C=BE/O=GlobalSign nv-sa/CN=GlobalSign Organization Validation CA - SHA256 - G2
---
No client certificate CA names sent
Peer signing digest: SHA1
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 3282 bytes and written 342 bytes
Verification error: unable to get local issuer certificate
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES128-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-SHA256
Session-ID: 1E21000059E17A809E4D608A47B6E9A2F0ABF48751C43771ACDE452BD1245976
Session-ID-ctx:
Master-Key: CF98458314DFC1EC86699F9E0D881B69A5651BC5AA31D1879D5ED35E89C5EC15259EE15C58DDE016D5F06596F4131CE2
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1522331987
Timeout : 7200 (sec)
Verify return code: 20 (unable to get local issuer certificate)
Extended master secret: yes
---
220 Microsoft FTP Service
read:errno=0
<extension>
<groupId>org.apache.maven.wagon</groupId>
<artifactId>wagon-ftp</artifactId>
<version>3.0.0</version>
</extension>
...
...
<groupId>org.codehaus.mojo</groupId>
<artifactId>wagon-maven-plugin</artifactId>
<version>1.0</version>
<executions>
<execution>
<id>upload-site</id>
<phase>install</phase>
<goals>
<goal>upload</goal>
</goals>
<configuration>
<fromDir>../project/target/repository</fromDir>
<includes>**</includes>
<toDir>/location/</toDir>
<url>ftps://ftp01.company.nl</url>
<serverId>project-company-site</serverId>
</configuration>
</execution>
org.apache.maven.wagen
货车ftp
3.0.0
...
...
org.codehaus.mojo
货车司机插件
1
上传站点
安装
上传
../project/target/repository
**
/位置/
ftps://ftp01.company.nl
项目公司现场
Reply received: 220 Microsoft FTP Service
Command sent: AUTH TLS
Reply received: 234 AUTH command ok. Expecting TLS Negotiation.
trigger seeding of SecureRandom
done seeding SecureRandom
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1.1
%% No cached client session
*** ClientHello, TLSv1.2
RandomCookie: GMT: 1505632364 bytes = { 242, 165, 204, 139, 161, 64, 186, 156, 83, 226, 52, 246, 47, 120, 200, 177, 14, 56, 75, 178, 233, 35, 193, 96, 245, 134, 132, 191 }
Session ID: {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA
Extension extended_master_secret
***
main, WRITE: TLSv1.2 Handshake, length = 207
main, READ: TLSv1.2 Handshake, length = 3186
*** ServerHello, TLSv1.2
RandomCookie: GMT: 1505632315 bytes = { 15, 31, 179, 34, 223, 202, 91, 45, 105, 137, 88, 242, 124, 143, 54, 152, 143, 62, 144, 193, 98, 61, 21, 188, 123, 97, 161, 162 }
Session ID: {130, 1, 0, 0, 232, 235, 43, 27, 234, 233, 4, 148, 139, 8, 158, 147, 48, 16, 98, 200, 200, 115, 114, 185, 28, 21, 145, 79, 237, 147, 59, 246}
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Compression Method: 0
Extension extended_master_secret
Extension renegotiation_info, renegotiated_connection: <empty>
***
%% Initialized: [Session-4, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256]
** TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: CN=ftp01.company.nl, O=company, OU=Information Services, L=Den Haag, ST=Zuid-Holland, C=NL
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 2048 bits
modulus: 25900156941586816520413887033350249400393624576347862043983159913455812253648708590570114642493898690741793139995814318263915068692576230769170799471589433261405072688634547243472406197930596801161287736220338406394900314757646067417670876456965056307622794328274717528814007924177382904986265419059902363250704562989321715192902962892892868249292162997393582399055970676023717823596154154205859665046489196487884354445817517012498822165974731700475504207566052583002530592503560144376539770967391053009210483477086614983678518980796021381371942861266049670709421281434758586007062786241498555010556257989170248949873
public exponent: 65537
Validity: [From: Mon Mar 19 16:53:24 CET 2018,
To: Wed Mar 20 16:53:24 CET 2019]
Issuer: CN=GlobalSign Organization Validation CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE
SerialNumber: [ 4e8a9215 e9e1799e 12762a64]
Certificate Extensions: 10
[1]: ObjectId: 1.3.6.1.4.1.11129.2.4.2 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 81 F5 04 81 F2 00 F0 00 75 00 6F 53 76 AC 31 .........u.oSv.1
0010: F0 31 19 D8 99 00 A4 51 15 FF 77 15 1C 11 D9 02 .1.....Q..w.....
0020: C1 00 29 06 8D B2 08 9A 37 D9 13 00 00 01 62 3E ..).....7.....b>
0030: F7 24 49 00 00 04 03 00 46 30 44 02 20 63 AF 68 .$I.....F0D. c.h
0040: 9A 70 5A C3 D2 50 7B 15 CC EA 45 1C 6C 13 17 B7 .pZ..P....E.l...
0050: 0D D4 60 36 D4 7A 9C 0D 1A A1 F3 16 58 02 20 6A ..`6.z......X. j
0060: 8A D3 A1 18 92 1F 63 9D 28 34 5A C6 44 89 75 CE ......c.(4Z.D.u.
0070: E1 FD BC 10 19 4D 25 CA E9 91 00 93 12 14 59 00 .....M%.......Y.
0080: 77 00 A4 B9 09 90 B4 18 58 14 87 BB 13 A2 CC 67 w.......X......g
0090: 70 0A 3C 35 98 04 F9 1B DF B8 E3 77 CD 0E C8 0D p.<5.......w....
00A0: DC 10 00 00 01 62 3E F7 25 7A 00 00 04 03 00 48 .....b>.%z.....H
00B0: 30 46 02 21 00 A0 33 D2 72 AC 2C 83 A7 CF 67 38 0F.!..3.r.,...g8
00C0: 26 2E 1C A8 72 06 0D BB B1 26 5C 02 2A 98 68 10 &...r....&\.*.h.
00D0: C0 B0 52 38 43 02 21 00 F6 57 CF 80 7E 70 1B 45 ..R8C.!..W...p.E
00E0: B5 B4 1A 41 6E CE 55 B1 8F F7 EC 78 A3 0C 38 BB ...An.U....x..8.
00F0: 37 68 45 61 A8 A0 7D 80 7hEa....
[2]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: caIssuers
accessLocation: URIName: http://secure.globalsign.com/cacert/gsorganizationvalsha2g2r1.crt
,
accessMethod: ocsp
accessLocation: URIName: http://ocsp2.globalsign.com/gsorganizationvalsha2g2
]
]
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 96 DE 61 F1 BD 1C 16 29 53 1C C0 CC 7D 3B 83 00 ..a....)S....;..
0010: 40 E6 1A 7C @...
]
]
[4]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
]
[5]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl.globalsign.com/gs/gsorganizationvalsha2g2.crl]
]]
[6]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [1.3.6.1.4.1.4146.1.20]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 26 68 74 74 70 73 3A 2F 2F 77 77 77 2E 67 6C .&https://www.gl
0010: 6F 62 61 6C 73 69 67 6E 2E 63 6F 6D 2F 72 65 70 obalsign.com/rep
0020: 6F 73 69 74 6F 72 79 2F ository/
]] ]
[CertificatePolicyId: [2.23.140.1.2.2]
[] ]
]
[7]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
]
[8]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_Encipherment
]
[9]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
DNSName: ftp01.company.nl
]
[10]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 2B 34 B9 C8 F9 F4 7F 7E 0F 7E 6B DC AE E5 BD 26 +4........k....&
0010: CB 02 9E FA ....
]
]
]
Algorithm: [SHA256withRSA]
Signature:
0000: 09 CC 05 3A 26 AA 24 56 8D DA 09 76 84 69 A8 69 ...:&.$V...v.i.i
0010: F0 F6 F8 D3 AE A1 B8 00 D6 78 F5 A3 0D 57 75 64 .........x...Wud
0020: F1 34 82 61 54 30 A5 A1 36 64 A0 9D 94 AC 79 FF .4.aT0..6d....y.
0030: 23 99 13 F9 31 7B 08 0F 79 93 81 BB 94 2C D5 26 #...1...y....,.&
0040: C8 01 CA 7D 52 59 8F 84 35 86 74 BC 1B 01 E8 49 ....RY..5.t....I
0050: 84 2D 35 EA 65 38 29 0C B4 67 39 0B 66 F2 41 0C .-5.e8)..g9.f.A.
0060: E1 42 46 19 17 AC 81 BA 8C 32 49 DF 38 1E A4 B9 .BF......2I.8...
0070: 16 8F 0A 35 62 28 CE 0C 44 EB 0C 65 E5 14 F7 9D ...5b(..D..e....
0080: A8 F6 1E 08 41 02 1E 8C 33 79 F0 57 A4 4F D1 41 ....A...3y.W.O.A
0090: 6E 28 C2 49 E5 9F 00 9E F6 3A 4B 2B AA F9 3A 34 n(.I.....:K+..:4
00A0: 39 54 B9 84 4E A7 43 D1 4C C6 01 0C 27 FD 65 43 9T..N.C.L...'.eC
00B0: 0E D0 46 A8 04 7B 67 D8 0F A2 2B F6 55 2F 3E 4C ..F...g...+.U/>L
00C0: 9A 3A 85 D6 E6 C2 BA 44 8A 17 C1 A3 78 36 A9 B6 .:.....D....x6..
00D0: 03 C4 8D 14 29 70 45 57 8E 6E 5F CF 23 01 FA 29 ....)pEW.n_.#..)
00E0: 3F 67 5A 2B 1F FB A4 21 03 D4 F0 9C B9 78 96 4F ?gZ+...!.....x.O
00F0: 6F BA E5 69 44 70 E5 3A 60 17 9F 2C E3 FF 9C 91 o..iDp.:`..,....
]
chain [1] = [
[
Version: V3
Subject: CN=GlobalSign Organization Validation CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 2048 bits
modulus: 25128534854946729689874225426937401505000881204706872255627098498474475295641403147428295231173090028665490451781016201369028386293751105000607980749389164896950295472415799544200821826598281622670047877476444380361331431510582219613042406283138772574077178828514459453291208108705648245160199047848714530696719439161049181407350831720090579906068909416515809757315311589912849752912945272005465192109502201681085714022553142452002065884519487869175097916258424515352321964381962068601310395827347949688386139631202235593096601000028863153912492627308071474449386570163993017908691119484112907211941619220357798802161
public exponent: 65537
Validity: [From: Thu Feb 20 11:00:00 CET 2014,
To: Tue Feb 20 11:00:00 CET 2024]
Issuer: CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE
SerialNumber: [ 04000000 0001444e f04247]
Certificate Extensions: 7
[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: ocsp
accessLocation: URIName: http://ocsp.globalsign.com/rootr1
]
]
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 60 7B 66 1A 45 0D 97 CA 89 50 2F 7D 04 CD 34 A8 `.f.E....P/...4.
0010: FF FC FD 4B ...K
]
]
[3]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:0
]
[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl.globalsign.net/root.crl]
]]
[5]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.5.29.32.0]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 26 68 74 74 70 73 3A 2F 2F 77 77 77 2E 67 6C .&https://www.gl
0010: 6F 62 61 6C 73 69 67 6E 2E 63 6F 6D 2F 72 65 70 obalsign.com/rep
0020: 6F 73 69 74 6F 72 79 2F ository/
]] ]
]
[6]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
]
[7]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 96 DE 61 F1 BD 1C 16 29 53 1C C0 CC 7D 3B 83 00 ..a....)S....;..
0010: 40 E6 1A 7C @...
]
]
]
Algorithm: [SHA256withRSA]
Signature:
0000: 46 2A EE 5E BD AE 01 60 37 31 11 86 71 74 B6 46 F*.^...`71..qt.F
0010: 49 C8 10 16 FE 2F 62 23 17 AB 1F 87 F8 82 ED CA I..../b#........
0020: DF 0E 2C DF 64 75 8E E5 18 72 A7 8C 3A 8B C9 AC ..,.du...r..:...
0030: A5 77 50 F7 EF 9E A4 E0 A0 8F 14 57 A3 2A 5F EC .wP........W.*_.
0040: 7E 6D 10 E6 BA 8D B0 08 87 76 0E 4C B2 D9 51 BB .m.......v.L..Q.
0050: 11 02 F2 5C DD 1C BD F3 55 96 0F D4 06 C0 FC E2 ...\....U.......
0060: 23 8A 24 70 D3 BB F0 79 1A A7 61 70 83 8A AF 06 #.$p...y..ap....
0070: C5 20 D8 A1 63 D0 6C AE 4F 32 D7 AE 7C 18 45 75 . ..c.l.O2....Eu
0080: 05 29 77 DF 42 40 64 64 86 BE 2A 76 09 31 6F 1D .)w.B@dd..*v.1o.
0090: 24 F4 99 D0 85 FE F2 21 08 F9 C6 F6 F1 D0 59 ED $......!......Y.
00A0: D6 56 3C 08 28 03 67 BA F0 F9 F1 90 16 47 AE 67 .V<.(.g......G.g
00B0: E6 BC 80 48 E9 42 76 34 97 55 69 24 0E 83 D6 A0 ...H.Bv4.Ui$....
00C0: 2D B4 F5 F3 79 8A 49 28 74 1A 41 A1 C2 D3 24 88 -...y.I(t.A...$.
00D0: 35 30 60 94 17 B4 E1 04 22 31 3D 3B 2F 17 06 B2 50`....."1=;/...
00E0: B8 9D 86 2B 5A 69 EF 83 F5 4B C4 AA B4 2A F8 7C ...+Zi...K...*..
00F0: A1 B1 85 94 8C F4 0C 87 0C F4 AC 40 F8 59 49 98 ...........@.YI.
]
***
%% Invalidated: [Session-4, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256]
main, SEND TLSv1.2 ALERT: fatal, description = certificate_unknown
main, WRITE: TLSv1.2 Alert, length = 2
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names matching IP address 123.123.12.1 found
Session error: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names matching IP address 123.123.12.1 found
ftps://ftp01.company.nl - Session: Connection refused
收到回复:220 Microsoft FTP服务
已发送命令:AUTH TLS
收到回复:234 AUTH命令正常。期待TLS谈判。
随机触发种子
随机完成
允许不安全的重新协商:false
允许旧版hello消息:true
第一次握手是否正确
是否安全重新谈判:错误
允许不安全的重新协商:false
允许旧版hello消息:true
第一次握手是否正确
是否安全重新谈判:错误
忽略不支持的密码套件:TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
忽略不支持的密码套件:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
忽略不支持的密码套件:TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
忽略不支持的密码套件:TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
忽略不支持的密码套件:TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
忽略不支持的密码套件:TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
忽略不支持的密码套件:TLS_DHE_DSS_WITH_AES_256_CBC_SHA256用于TLSv1
忽略不支持的密码套件:TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
忽略不支持的密码套件:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
忽略不支持的密码套件:TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
忽略不支持的密码套件:TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
忽略不支持的密码套件:TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
忽略不支持的密码套件:TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
忽略不支持的密码套件:TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1.1
%%没有缓存的客户端会话
***ClientHello,TLSv1.2
RandomCookie:GMT:1505632364字节={242、165、204、139、161、64、186、156、83、226、52、246、47、120、200、177、14、56、75、178、233、35、193、96、245、134、132、191}
会话ID:{}
密码套件:(TLS)他们是一个宗教信仰的人,他们是一个宗教信仰的人,他们是一个宗教信仰的人,他们是一个RSA是一个带有宗教信仰的人,他们是一个宗教信仰的人,他们是一个宗教信仰的人,他们是一个宗教信仰的人,他们是一个宗教信仰的人,他们是一个宗教信仰的人,他们是他们是一个宗教信仰他们是一个RSA是一个RSA是他们是一个宗教信仰的人,他们是他们是他们是他们是他们是他们是一个宗教是他们是一个宗教信仰的人,他们是他们是一个宗教是一个宗教的人,他们是他们是一个宗教是他们是一个宗教是一个宗教是一个宗教的人,他们是他们是一个宗教是一个宗教是一个宗教是他们是一个宗教是一个宗教的人,他们是他们是一个宗教是一个宗教是一个宗教是一个宗教是他们是一个宗教信仰的人,他们是一个_SHA256,TLS_ECDHE_ECDSA_与_AES_256_CBC_SHA,TLS_ECDHE_RSA_与_AES_256_CBC_SHA,TLS_RSA_W有人用它来写了一个256个字母来写的256个字母来写的一个字母来写的一个256个字母来写的一个256个字母来写的一个256个字母来写的一个256个字母来写的一个256个字母来写的一个256个字母来写的便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便便U 128_CBC_SHA256,TLS_ECDH_ECDSA_带AES_128_CBC_SHA256,TLS_ECDH_RSA_带AES_128_CBC_SHA256、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6、6 U DHE_RSA_与_AES_128_CBC_SHA,TLS_DHE_DSS_与_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_与_AES_256_研究者们用了384年的GCM-SHA384,他们用了384年的GCM-SHA384,他们用128年的128年的128年的GCM-SHA256年的256年的GCM-SHA384,他们用128年的128年的GCM-SHA256年的GCM-SHA256年的GCM-SHA384,他们用用128年的128年的128年的GCM-SHA256年的GCM-SHA256年的SHA256年的GCM-SHA256年的GCM-SHA384,他们他们用用用他们用他们他们用他们用他们用他们用他们用他们用他们用他们用他们用他们用他们用他们用他们用他们的加密加密加密加密求求求求求求求求求求求求求求求求求求你们你们们的RSA加密加密加密加密加密加密加密加密加密加密加密加密和RSA用用用用用用用用用用用用用用用用用用他们的256年的256年的256年的RSA加密加密256 AES_256_GCM_SHA384,TLS_ECDHE_RSA_与AES_128_GCM_SHA256,TLS_RSA_与AES_128_GCM_SHA256,他们的研究结果是一个ECDH和一个ECDH一个ECDH一个ECDSA和一个128个128个128个GCM的SHA256,他们的研究结果是一个RSA和一个128个128个128个128个128个128个128个128个128个128个128个128个128个128个128个128个128个128个128个128个128个128个128个GCM的GCM的GGM的东西,他们的研究结果是一个RSA和一个用128个128个128个128个128个128个128个128个128个128个128个128个128个128个128个128个128个128个128个128个128个128个128个128个128个128个128个128个GCM的GCM的G的GGGGGGGGGGGGGGM的东西的东西的东西的东西的东西的东西的东西的东西的东西的东西的东西的东西的东西的东西的东西的东西的东西的东西的东西的东西SHA、TLS、ECDH、ECDSA和CBC、TLS、ECDH、RSA和CBC、SSL和H_3DES_EDE_CBC_SHA、SSL_DHE_DSS_与_3DES_EDE_CBC_SHA、TLS_EMPTY_重新协商_信息_SCSV]
压缩方法:{0}
扩展椭圆曲线,曲线名称:{secp256r1,secp384r1,secp521r1,sect283k1,sect283r1,sect409k1,sect409r1,sect571k1,secp256k1}
扩展ec_点_格式,格式:[未压缩]
扩展签名算法,签名算法:带ECDSA的SHA512,带RSA的SHA512,带ECDSA的SHA384,带RSA的SHA384,带ECDSA的SHA256,带RSA的SHA256,带DSA的SHA256,带ECDSA的SHA1,带RSA的SHA1,带DSA的SHA1
扩展\u主\u密钥
***
main,WRITE:TLSv1.2握手,长度=207
主,读取:TLSv1.2握手,长度=3186
***服务器你好,TLSv1.2
RandomCookie:GMT:1505632315字节={15,31,179,34,223,202,91,45,105,137,88,242,124,143,54,152,143,62,144,193
Reply received: 220 Microsoft FTP Service
Command sent: AUTH TLS
Reply received: 234 AUTH command ok. Expecting TLS Negotiation.
trigger seeding of SecureRandom
done seeding SecureRandom
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1.1
%% No cached client session
*** ClientHello, TLSv1.2
RandomCookie: GMT: 1505632364 bytes = { 242, 165, 204, 139, 161, 64, 186, 156, 83, 226, 52, 246, 47, 120, 200, 177, 14, 56, 75, 178, 233, 35, 193, 96, 245, 134, 132, 191 }
Session ID: {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA
Extension extended_master_secret
***
main, WRITE: TLSv1.2 Handshake, length = 207
main, READ: TLSv1.2 Handshake, length = 3186
*** ServerHello, TLSv1.2
RandomCookie: GMT: 1505632315 bytes = { 15, 31, 179, 34, 223, 202, 91, 45, 105, 137, 88, 242, 124, 143, 54, 152, 143, 62, 144, 193, 98, 61, 21, 188, 123, 97, 161, 162 }
Session ID: {130, 1, 0, 0, 232, 235, 43, 27, 234, 233, 4, 148, 139, 8, 158, 147, 48, 16, 98, 200, 200, 115, 114, 185, 28, 21, 145, 79, 237, 147, 59, 246}
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Compression Method: 0
Extension extended_master_secret
Extension renegotiation_info, renegotiated_connection: <empty>
***
%% Initialized: [Session-4, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256]
** TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: CN=ftp01.company.nl, O=company, OU=Information Services, L=Den Haag, ST=Zuid-Holland, C=NL
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 2048 bits
modulus: 25900156941586816520413887033350249400393624576347862043983159913455812253648708590570114642493898690741793139995814318263915068692576230769170799471589433261405072688634547243472406197930596801161287736220338406394900314757646067417670876456965056307622794328274717528814007924177382904986265419059902363250704562989321715192902962892892868249292162997393582399055970676023717823596154154205859665046489196487884354445817517012498822165974731700475504207566052583002530592503560144376539770967391053009210483477086614983678518980796021381371942861266049670709421281434758586007062786241498555010556257989170248949873
public exponent: 65537
Validity: [From: Mon Mar 19 16:53:24 CET 2018,
To: Wed Mar 20 16:53:24 CET 2019]
Issuer: CN=GlobalSign Organization Validation CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE
SerialNumber: [ 4e8a9215 e9e1799e 12762a64]
Certificate Extensions: 10
[1]: ObjectId: 1.3.6.1.4.1.11129.2.4.2 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 81 F5 04 81 F2 00 F0 00 75 00 6F 53 76 AC 31 .........u.oSv.1
0010: F0 31 19 D8 99 00 A4 51 15 FF 77 15 1C 11 D9 02 .1.....Q..w.....
0020: C1 00 29 06 8D B2 08 9A 37 D9 13 00 00 01 62 3E ..).....7.....b>
0030: F7 24 49 00 00 04 03 00 46 30 44 02 20 63 AF 68 .$I.....F0D. c.h
0040: 9A 70 5A C3 D2 50 7B 15 CC EA 45 1C 6C 13 17 B7 .pZ..P....E.l...
0050: 0D D4 60 36 D4 7A 9C 0D 1A A1 F3 16 58 02 20 6A ..`6.z......X. j
0060: 8A D3 A1 18 92 1F 63 9D 28 34 5A C6 44 89 75 CE ......c.(4Z.D.u.
0070: E1 FD BC 10 19 4D 25 CA E9 91 00 93 12 14 59 00 .....M%.......Y.
0080: 77 00 A4 B9 09 90 B4 18 58 14 87 BB 13 A2 CC 67 w.......X......g
0090: 70 0A 3C 35 98 04 F9 1B DF B8 E3 77 CD 0E C8 0D p.<5.......w....
00A0: DC 10 00 00 01 62 3E F7 25 7A 00 00 04 03 00 48 .....b>.%z.....H
00B0: 30 46 02 21 00 A0 33 D2 72 AC 2C 83 A7 CF 67 38 0F.!..3.r.,...g8
00C0: 26 2E 1C A8 72 06 0D BB B1 26 5C 02 2A 98 68 10 &...r....&\.*.h.
00D0: C0 B0 52 38 43 02 21 00 F6 57 CF 80 7E 70 1B 45 ..R8C.!..W...p.E
00E0: B5 B4 1A 41 6E CE 55 B1 8F F7 EC 78 A3 0C 38 BB ...An.U....x..8.
00F0: 37 68 45 61 A8 A0 7D 80 7hEa....
[2]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: caIssuers
accessLocation: URIName: http://secure.globalsign.com/cacert/gsorganizationvalsha2g2r1.crt
,
accessMethod: ocsp
accessLocation: URIName: http://ocsp2.globalsign.com/gsorganizationvalsha2g2
]
]
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 96 DE 61 F1 BD 1C 16 29 53 1C C0 CC 7D 3B 83 00 ..a....)S....;..
0010: 40 E6 1A 7C @...
]
]
[4]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
]
[5]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl.globalsign.com/gs/gsorganizationvalsha2g2.crl]
]]
[6]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [1.3.6.1.4.1.4146.1.20]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 26 68 74 74 70 73 3A 2F 2F 77 77 77 2E 67 6C .&https://www.gl
0010: 6F 62 61 6C 73 69 67 6E 2E 63 6F 6D 2F 72 65 70 obalsign.com/rep
0020: 6F 73 69 74 6F 72 79 2F ository/
]] ]
[CertificatePolicyId: [2.23.140.1.2.2]
[] ]
]
[7]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
]
[8]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_Encipherment
]
[9]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
DNSName: ftp01.company.nl
]
[10]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 2B 34 B9 C8 F9 F4 7F 7E 0F 7E 6B DC AE E5 BD 26 +4........k....&
0010: CB 02 9E FA ....
]
]
]
Algorithm: [SHA256withRSA]
Signature:
0000: 09 CC 05 3A 26 AA 24 56 8D DA 09 76 84 69 A8 69 ...:&.$V...v.i.i
0010: F0 F6 F8 D3 AE A1 B8 00 D6 78 F5 A3 0D 57 75 64 .........x...Wud
0020: F1 34 82 61 54 30 A5 A1 36 64 A0 9D 94 AC 79 FF .4.aT0..6d....y.
0030: 23 99 13 F9 31 7B 08 0F 79 93 81 BB 94 2C D5 26 #...1...y....,.&
0040: C8 01 CA 7D 52 59 8F 84 35 86 74 BC 1B 01 E8 49 ....RY..5.t....I
0050: 84 2D 35 EA 65 38 29 0C B4 67 39 0B 66 F2 41 0C .-5.e8)..g9.f.A.
0060: E1 42 46 19 17 AC 81 BA 8C 32 49 DF 38 1E A4 B9 .BF......2I.8...
0070: 16 8F 0A 35 62 28 CE 0C 44 EB 0C 65 E5 14 F7 9D ...5b(..D..e....
0080: A8 F6 1E 08 41 02 1E 8C 33 79 F0 57 A4 4F D1 41 ....A...3y.W.O.A
0090: 6E 28 C2 49 E5 9F 00 9E F6 3A 4B 2B AA F9 3A 34 n(.I.....:K+..:4
00A0: 39 54 B9 84 4E A7 43 D1 4C C6 01 0C 27 FD 65 43 9T..N.C.L...'.eC
00B0: 0E D0 46 A8 04 7B 67 D8 0F A2 2B F6 55 2F 3E 4C ..F...g...+.U/>L
00C0: 9A 3A 85 D6 E6 C2 BA 44 8A 17 C1 A3 78 36 A9 B6 .:.....D....x6..
00D0: 03 C4 8D 14 29 70 45 57 8E 6E 5F CF 23 01 FA 29 ....)pEW.n_.#..)
00E0: 3F 67 5A 2B 1F FB A4 21 03 D4 F0 9C B9 78 96 4F ?gZ+...!.....x.O
00F0: 6F BA E5 69 44 70 E5 3A 60 17 9F 2C E3 FF 9C 91 o..iDp.:`..,....
]
chain [1] = [
[
Version: V3
Subject: CN=GlobalSign Organization Validation CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 2048 bits
modulus: 25128534854946729689874225426937401505000881204706872255627098498474475295641403147428295231173090028665490451781016201369028386293751105000607980749389164896950295472415799544200821826598281622670047877476444380361331431510582219613042406283138772574077178828514459453291208108705648245160199047848714530696719439161049181407350831720090579906068909416515809757315311589912849752912945272005465192109502201681085714022553142452002065884519487869175097916258424515352321964381962068601310395827347949688386139631202235593096601000028863153912492627308071474449386570163993017908691119484112907211941619220357798802161
public exponent: 65537
Validity: [From: Thu Feb 20 11:00:00 CET 2014,
To: Tue Feb 20 11:00:00 CET 2024]
Issuer: CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE
SerialNumber: [ 04000000 0001444e f04247]
Certificate Extensions: 7
[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: ocsp
accessLocation: URIName: http://ocsp.globalsign.com/rootr1
]
]
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 60 7B 66 1A 45 0D 97 CA 89 50 2F 7D 04 CD 34 A8 `.f.E....P/...4.
0010: FF FC FD 4B ...K
]
]
[3]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:0
]
[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl.globalsign.net/root.crl]
]]
[5]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.5.29.32.0]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 26 68 74 74 70 73 3A 2F 2F 77 77 77 2E 67 6C .&https://www.gl
0010: 6F 62 61 6C 73 69 67 6E 2E 63 6F 6D 2F 72 65 70 obalsign.com/rep
0020: 6F 73 69 74 6F 72 79 2F ository/
]] ]
]
[6]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
]
[7]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 96 DE 61 F1 BD 1C 16 29 53 1C C0 CC 7D 3B 83 00 ..a....)S....;..
0010: 40 E6 1A 7C @...
]
]
]
Algorithm: [SHA256withRSA]
Signature:
0000: 46 2A EE 5E BD AE 01 60 37 31 11 86 71 74 B6 46 F*.^...`71..qt.F
0010: 49 C8 10 16 FE 2F 62 23 17 AB 1F 87 F8 82 ED CA I..../b#........
0020: DF 0E 2C DF 64 75 8E E5 18 72 A7 8C 3A 8B C9 AC ..,.du...r..:...
0030: A5 77 50 F7 EF 9E A4 E0 A0 8F 14 57 A3 2A 5F EC .wP........W.*_.
0040: 7E 6D 10 E6 BA 8D B0 08 87 76 0E 4C B2 D9 51 BB .m.......v.L..Q.
0050: 11 02 F2 5C DD 1C BD F3 55 96 0F D4 06 C0 FC E2 ...\....U.......
0060: 23 8A 24 70 D3 BB F0 79 1A A7 61 70 83 8A AF 06 #.$p...y..ap....
0070: C5 20 D8 A1 63 D0 6C AE 4F 32 D7 AE 7C 18 45 75 . ..c.l.O2....Eu
0080: 05 29 77 DF 42 40 64 64 86 BE 2A 76 09 31 6F 1D .)w.B@dd..*v.1o.
0090: 24 F4 99 D0 85 FE F2 21 08 F9 C6 F6 F1 D0 59 ED $......!......Y.
00A0: D6 56 3C 08 28 03 67 BA F0 F9 F1 90 16 47 AE 67 .V<.(.g......G.g
00B0: E6 BC 80 48 E9 42 76 34 97 55 69 24 0E 83 D6 A0 ...H.Bv4.Ui$....
00C0: 2D B4 F5 F3 79 8A 49 28 74 1A 41 A1 C2 D3 24 88 -...y.I(t.A...$.
00D0: 35 30 60 94 17 B4 E1 04 22 31 3D 3B 2F 17 06 B2 50`....."1=;/...
00E0: B8 9D 86 2B 5A 69 EF 83 F5 4B C4 AA B4 2A F8 7C ...+Zi...K...*..
00F0: A1 B1 85 94 8C F4 0C 87 0C F4 AC 40 F8 59 49 98 ...........@.YI.
]
***
%% Invalidated: [Session-4, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256]
main, SEND TLSv1.2 ALERT: fatal, description = certificate_unknown
main, WRITE: TLSv1.2 Alert, length = 2
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names matching IP address 123.123.12.1 found
Session error: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names matching IP address 123.123.12.1 found
ftps://ftp01.company.nl - Session: Connection refused
46.235.43.64 ftp01.company.nl
$ grep 'void sslNegotiation' -A 30 -n commons-net/src/main/java/org/apache/commons/net/ftp/FTPSClient.java
261: protected void sslNegotiation() throws IOException {
262- plainSocket = _socket_;
263- initSslContext();
264-
265- SSLSocketFactory ssf = context.getSocketFactory();
266- String host = (_hostname_ != null) ? _hostname_ : getRemoteAddress().getHostAddress();
267- int port = _socket_.getPort();
268- SSLSocket socket =
269- (SSLSocket) ssf.createSocket(_socket_, host, port, false);
270- socket.setEnableSessionCreation(isCreation);
271- socket.setUseClientMode(isClientMode);
272-
273- // client mode
274- if (isClientMode) {
275- if (tlsEndpointChecking) {
276- SSLSocketUtils.enableEndpointNameVerification(socket);
277- }
278- } else { // server mode
279- socket.setNeedClientAuth(isNeedClientAuth);
280- socket.setWantClientAuth(isWantClientAuth);
281- }
282-
283- if (protocols != null) {
284- socket.setEnabledProtocols(protocols);
285- }
286- if (suites != null) {
287- socket.setEnabledCipherSuites(suites);
288- }
289- socket.startHandshake();
290-
291- // TODO the following setup appears to duplicate that in the super class methods