javax.net.ssl|DEBUG|01|main|2021-02-08 11:32:36.124 MSK|SSLCipher.java:465|jdk.tls.keyLimits: entry = AES/GCM/NoPadding KeyUpdate 2^37. AES/GCM/NOPADDING:KEYUPDATE = 137438953472 javax.net.ssl|WARNING|01|main|2021-02-08 11:32:36.418 MSK|SignatureScheme.java:282|Signature algorithm, ed25519, not supported by JSSE javax.net.ssl|WARNING|01|main|2021-02-08 11:32:36.418 MSK|SignatureScheme.java:282|Signature algorithm, ed448, not supported by JSSE javax.net.ssl|INFO|01|main|2021-02-08 11:32:36.467 MSK|AlpnExtension.java:165|No available application protocols javax.net.ssl|DEBUG|01|main|2021-02-08 11:32:36.467 MSK|SSLExtensions.java:260|Ignore, context unavailable extension: application_layer_protocol_negotiation javax.net.ssl|DEBUG|01|main|2021-02-08 11:32:36.467 MSK|SessionTicketExtension.java:408|Stateless resumption supported javax.net.ssl|DEBUG|01|main|2021-02-08 11:32:36.468 MSK|SSLExtensions.java:260|Ignore, context unavailable extension: cookie javax.net.ssl|DEBUG|01|main|2021-02-08 11:32:36.480 MSK|SSLExtensions.java:260|Ignore, context unavailable extension: renegotiation_info javax.net.ssl|DEBUG|01|main|2021-02-08 11:32:36.481 MSK|PreSharedKeyExtension.java:660|No session to resume. javax.net.ssl|DEBUG|01|main|2021-02-08 11:32:36.481 MSK|SSLExtensions.java:260|Ignore, context unavailable extension: pre_shared_key javax.net.ssl|DEBUG|01|main|2021-02-08 11:32:36.485 MSK|ClientHello.java:652|Produced ClientHello handshake message ( "ClientHello": { "client version" : "TLSv1.2", "random" : "44 E9 A9 CB F5 E4 C3 D3 DE 36 40 C5 3F 5A B9 46 AE 50 28 FD 6E 64 86 90 AE E6 BF C4 47 55 C6 D1", "session id" : "6E 59 11 71 5A 28 25 7C DD C5 B7 AC F2 28 F0 49 3C C4 DC C6 95 C9 96 31 EF 76 A1 4F C3 A2 F7 F2", "cipher suites" : "[TLS_AES_256_GCM_SHA384(0x1302), TLS_AES_128_GCM_SHA256(0x1301), TLS_CHACHA20_POLY1305_SHA256(0x1303), TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384(0xC02C), TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(0xC02B), TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256(0xCCA9), TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(0xC030), TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256(0xCCA8), TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(0xC02F), TLS_DHE_RSA_WITH_AES_256_GCM_SHA384(0x009F), TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256(0xCCAA), TLS_DHE_DSS_WITH_AES_256_GCM_SHA384(0x00A3), TLS_DHE_RSA_WITH_AES_128_GCM_SHA256(0x009E), TLS_DHE_DSS_WITH_AES_128_GCM_SHA256(0x00A2), TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384(0xC024), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384(0xC028), TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256(0xC023), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256(0xC027), TLS_DHE_RSA_WITH_AES_256_CBC_SHA256(0x006B), TLS_DHE_DSS_WITH_AES_256_CBC_SHA256(0x006A), TLS_DHE_RSA_WITH_AES_128_CBC_SHA256(0x0067), TLS_DHE_DSS_WITH_AES_128_CBC_SHA256(0x0040), TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384(0xC02E), TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384(0xC032), TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256(0xC02D), TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256(0xC031), TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384(0xC026), TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384(0xC02A), TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256(0xC025), TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256(0xC029), TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA(0xC00A), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(0xC014), TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA(0xC009), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(0xC013), TLS_DHE_RSA_WITH_AES_256_CBC_SHA(0x0039), TLS_DHE_DSS_WITH_AES_256_CBC_SHA(0x0038), TLS_DHE_RSA_WITH_AES_128_CBC_SHA(0x0033), TLS_DHE_DSS_WITH_AES_128_CBC_SHA(0x0032), TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA(0xC005), TLS_ECDH_RSA_WITH_AES_256_CBC_SHA(0xC00F), TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA(0xC004), TLS_ECDH_RSA_WITH_AES_128_CBC_SHA(0xC00E), TLS_RSA_WITH_AES_256_GCM_SHA384(0x009D), TLS_RSA_WITH_AES_128_GCM_SHA256(0x009C), TLS_RSA_WITH_AES_256_CBC_SHA256(0x003D), TLS_RSA_WITH_AES_128_CBC_SHA256(0x003C), TLS_RSA_WITH_AES_256_CBC_SHA(0x0035), TLS_RSA_WITH_AES_128_CBC_SHA(0x002F), TLS_EMPTY_RENEGOTIATION_INFO_SCSV(0x00FF)]", "compression methods" : "00", "extensions" : [ "server_name (0)": { type=host_name (0), value=sso.rbo.raiffeisen.ru }, "status_request (5)": { "certificate status type": ocsp "OCSP status request": { "responder_id": "request extensions": { } } }, "supported_groups (10)": { "versions": [x25519, secp256r1, secp384r1, secp521r1, x448, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192] }, "ec_point_formats (11)": { "formats": [uncompressed] }, "signature_algorithms (13)": { "signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha224, rsa_sha224, dsa_sha224, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1] }, "signature_algorithms_cert (50)": { "signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha224, rsa_sha224, dsa_sha224, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1] }, "status_request_v2 (17)": { "cert status request": { "certificate status type": ocsp_multi "OCSP status request": { "responder_id": "request extensions": { } } } }, "extended_master_secret (23)": { }, "session_ticket (35)": { }, "supported_versions (43)": { "versions": [TLSv1.3, TLSv1.2, TLSv1.1, TLSv1] }, "psk_key_exchange_modes (45)": { "ke_modes": [psk_dhe_ke] }, "key_share (51)": { "client_shares": [ { "named group": x25519 "key_exchange": { 0000: AF 8C 7C A7 B6 A4 C9 5A 9C 66 38 9A 30 7F 66 AE .......Z.f8.0.f. 0010: CD 56 2B 2E 21 55 4E A4 93 EE 8C AF AF BB F7 08 .V+.!UN......... } }, ] } ] } ) javax.net.ssl|DEBUG|01|main|2021-02-08 11:32:36.495 MSK|ServerHello.java:891|Consuming ServerHello handshake message ( "ServerHello": { "server version" : "TLSv1.2", "random" : "51 85 4D 7C 31 80 FE 81 06 68 DF 7B D6 B9 E8 F0 1D BD 77 D2 34 C1 84 85 7B 1E F1 66 F4 9C 40 21", "session id" : "", "cipher suite" : "TLS_RSA_WITH_AES_256_CBC_SHA256(0x003D)", "compression methods" : "00", "extensions" : [ "server_name (0)": { }, "renegotiation_info (65,281)": { "renegotiated connection": [] }, "session_ticket (35)": { } ] } ) javax.net.ssl|DEBUG|01|main|2021-02-08 11:32:36.495 MSK|SSLExtensions.java:173|Ignore unavailable extension: supported_versions javax.net.ssl|DEBUG|01|main|2021-02-08 11:32:36.495 MSK|ServerHello.java:987|Negotiated protocol version: TLSv1.2 javax.net.ssl|DEBUG|01|main|2021-02-08 11:32:36.496 MSK|SSLExtensions.java:192|Consumed extension: renegotiation_info javax.net.ssl|DEBUG|01|main|2021-02-08 11:32:36.496 MSK|SSLExtensions.java:192|Consumed extension: server_name javax.net.ssl|DEBUG|01|main|2021-02-08 11:32:36.497 MSK|SSLExtensions.java:173|Ignore unavailable extension: max_fragment_length javax.net.ssl|DEBUG|01|main|2021-02-08 11:32:36.497 MSK|SSLExtensions.java:173|Ignore unavailable extension: status_request javax.net.ssl|DEBUG|01|main|2021-02-08 11:32:36.497 MSK|SSLExtensions.java:173|Ignore unavailable extension: ec_point_formats javax.net.ssl|DEBUG|01|main|2021-02-08 11:32:36.497 MSK|SSLExtensions.java:173|Ignore unavailable extension: status_request_v2 javax.net.ssl|DEBUG|01|main|2021-02-08 11:32:36.497 MSK|SSLExtensions.java:192|Consumed extension: session_ticket javax.net.ssl|DEBUG|01|main|2021-02-08 11:32:36.497 MSK|SSLExtensions.java:163|Ignore unsupported extension: supported_versions javax.net.ssl|DEBUG|01|main|2021-02-08 11:32:36.497 MSK|SSLExtensions.java:163|Ignore unsupported extension: key_share javax.net.ssl|DEBUG|01|main|2021-02-08 11:32:36.498 MSK|SSLExtensions.java:192|Consumed extension: renegotiation_info javax.net.ssl|DEBUG|01|main|2021-02-08 11:32:36.498 MSK|SSLExtensions.java:163|Ignore unsupported extension: pre_shared_key javax.net.ssl|DEBUG|01|main|2021-02-08 11:32:36.498 MSK|ServerHello.java:1131|Locally assigned Session Id: FC C6 7E 8C 68 70 D6 0E CE B7 68 FB 20 8A 61 3A 2F 1B D1 00 63 A4 55 B8 05 C1 27 BC 75 1B 57 9E javax.net.ssl|WARNING|01|main|2021-02-08 11:32:36.498 MSK|SSLExtensions.java:215|Ignore impact of unsupported extension: server_name javax.net.ssl|DEBUG|01|main|2021-02-08 11:32:36.498 MSK|SSLExtensions.java:207|Ignore unavailable extension: max_fragment_length javax.net.ssl|DEBUG|01|main|2021-02-08 11:32:36.498 MSK|SSLExtensions.java:207|Ignore unavailable extension: status_request javax.net.ssl|DEBUG|01|main|2021-02-08 11:32:36.499 MSK|SSLExtensions.java:207|Ignore unavailable extension: ec_point_formats javax.net.ssl|DEBUG|01|main|2021-02-08 11:32:36.499 MSK|SSLExtensions.java:207|Ignore unavailable extension: application_layer_protocol_negotiation javax.net.ssl|DEBUG|01|main|2021-02-08 11:32:36.499 MSK|SSLExtensions.java:207|Ignore unavailable extension: status_request_v2 javax.net.ssl|DEBUG|01|main|2021-02-08 11:32:36.499 MSK|SSLExtensions.java:207|Ignore unavailable extension: extended_master_secret javax.net.ssl|WARNING|01|main|2021-02-08 11:32:36.499 MSK|SSLExtensions.java:215|Ignore impact of unsupported extension: session_ticket javax.net.ssl|DEBUG|01|main|2021-02-08 11:32:36.499 MSK|SSLExtensions.java:207|Ignore unavailable extension: supported_versions javax.net.ssl|DEBUG|01|main|2021-02-08 11:32:36.499 MSK|SSLExtensions.java:207|Ignore unavailable extension: key_share javax.net.ssl|WARNING|01|main|2021-02-08 11:32:36.499 MSK|SSLExtensions.java:215|Ignore impact of unsupported extension: renegotiation_info javax.net.ssl|DEBUG|01|main|2021-02-08 11:32:36.500 MSK|SSLExtensions.java:207|Ignore unavailable extension: pre_shared_key javax.net.ssl|DEBUG|01|main|2021-02-08 11:32:36.508 MSK|CertificateMessage.java:366|Consuming server Certificate handshake message ( "Certificates": [ "certificate" : { "version" : "v3", "serial number" : "09 1B AD 6D F7 B7 F4 98 C1 9A 2D AB 62 79 FD 40", "signature algorithm": "SHA256withRSA", "issuer" : "CN=Thawte RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US", "not before" : "2020-08-14 03:00:00.000 MSK", "not after" : "2022-08-19 15:00:00.000 MSK", "subject" : "CN=*.rbo.raiffeisen.ru, O=AO Raiffeisenbank, L=Moscow, C=RU", "subject public key" : "RSA", "extensions" : [ { ObjectId: 1.3.6.1.4.1.11129.2.4.2 Criticality=false }, { ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false AuthorityInfoAccess [ [ accessMethod: ocsp accessLocation: URIName: http://status.thawte.com , accessMethod: caIssuers accessLocation: URIName: http://cacerts.thawte.com/ThawteRSACA2018.crt ] ] }, { ObjectId: 2.5.29.35 Criticality=false AuthorityKeyIdentifier [ KeyIdentifier [ 0000: A3 C8 5E 65 54 E5 30 78 C1 05 EA 07 0A 6A 59 CC ..^eT.0x.....jY. 0010: B9 FE DE 5A ...Z ] ] }, { ObjectId: 2.5.29.19 Criticality=true BasicConstraints:[ CA:false PathLen: undefined ] }, { ObjectId: 2.5.29.31 Criticality=false CRLDistributionPoints [ [DistributionPoint: [URIName: http://cdp.thawte.com/ThawteRSACA2018.crl] ]] }, { ObjectId: 2.5.29.32 Criticality=false CertificatePolicies [ [CertificatePolicyId: [2.16.840.1.114412.1.1] [PolicyQualifierInfo: [ qualifierID: 1.3.6.1.5.5.7.2.1 qualifier: 0000: 16 1C 68 74 74 70 73 3A 2F 2F 77 77 77 2E 64 69 ..https://www.di 0010: 67 69 63 65 72 74 2E 63 6F 6D 2F 43 50 53 gicert.com/CPS ]] ] [CertificatePolicyId: [2.23.140.1.2.2] [] ] ] }, { ObjectId: 2.5.29.37 Criticality=false ExtendedKeyUsages [ serverAuth clientAuth ] }, { ObjectId: 2.5.29.15 Criticality=true KeyUsage [ DigitalSignature Key_Encipherment ] }, { ObjectId: 2.5.29.17 Criticality=false SubjectAlternativeName [ DNSName: *.rbo.raiffeisen.ru ] }, { ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: C8 DF 6B BF 4D D1 67 FB B3 7D CE 6E 7D CE AE F8 ..k.M.g....n.... 0010: 32 E7 2E 8F 2... ] ] } ]}, "certificate" : { "version" : "v3", "serial number" : "02 5A 8A EF 19 6F 7E 0D 6C 21 04 B2 1A E6 70 2B", "signature algorithm": "SHA256withRSA", "issuer" : "CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US", "not before" : "2017-11-06 15:23:52.000 MSK", "not after" : "2027-11-06 15:23:52.000 MSK", "subject" : "CN=Thawte RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US", "subject public key" : "RSA", "extensions" : [ { ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false AuthorityInfoAccess [ [ accessMethod: ocsp accessLocation: URIName: http://ocsp.digicert.com ] ] }, { ObjectId: 2.5.29.35 Criticality=false AuthorityKeyIdentifier [ KeyIdentifier [ 0000: 03 DE 50 35 56 D1 4C BB 66 F0 A3 E2 1B 1B C3 97 ..P5V.L.f....... 0010: B2 3D D1 55 .=.U ] ] }, { ObjectId: 2.5.29.19 Criticality=true BasicConstraints:[ CA:true PathLen:0 ] }, { ObjectId: 2.5.29.31 Criticality=false CRLDistributionPoints [ [DistributionPoint: [URIName: http://crl3.digicert.com/DigiCertGlobalRootCA.crl] ]] }, { ObjectId: 2.5.29.32 Criticality=false CertificatePolicies [ [CertificatePolicyId: [2.5.29.32.0] [PolicyQualifierInfo: [ qualifierID: 1.3.6.1.5.5.7.2.1 qualifier: 0000: 16 1C 68 74 74 70 73 3A 2F 2F 77 77 77 2E 64 69 ..https://www.di 0010: 67 69 63 65 72 74 2E 63 6F 6D 2F 43 50 53 gicert.com/CPS ]] ] ] }, { ObjectId: 2.5.29.37 Criticality=false ExtendedKeyUsages [ serverAuth clientAuth ] }, { ObjectId: 2.5.29.15 Criticality=true KeyUsage [ DigitalSignature Key_CertSign Crl_Sign ] }, { ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: A3 C8 5E 65 54 E5 30 78 C1 05 EA 07 0A 6A 59 CC ..^eT.0x.....jY. 0010: B9 FE DE 5A ...Z ] ] } ]}, "certificate" : { "version" : "v3", "serial number" : "08 3B E0 56 90 42 46 B1 A1 75 6A C9 59 91 C7 4A", "signature algorithm": "SHA1withRSA", "issuer" : "CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US", "not before" : "2006-11-10 03:00:00.000 MSK", "not after" : "2031-11-10 03:00:00.000 MSK", "subject" : "CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US", "subject public key" : "RSA", "extensions" : [ { ObjectId: 2.5.29.35 Criticality=false AuthorityKeyIdentifier [ KeyIdentifier [ 0000: 03 DE 50 35 56 D1 4C BB 66 F0 A3 E2 1B 1B C3 97 ..P5V.L.f....... 0010: B2 3D D1 55 .=.U ] ] }, { ObjectId: 2.5.29.19 Criticality=true BasicConstraints:[ CA:true PathLen:2147483647 ] }, { ObjectId: 2.5.29.15 Criticality=true KeyUsage [ DigitalSignature Key_CertSign Crl_Sign ] }, { ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: 03 DE 50 35 56 D1 4C BB 66 F0 A3 E2 1B 1B C3 97 ..P5V.L.f....... 0010: B2 3D D1 55 .=.U ] ] } ]} ] ) javax.net.ssl|DEBUG|01|main|2021-02-08 11:32:36.538 MSK|ServerHelloDone.java:151|Consuming ServerHelloDone handshake message ( ) javax.net.ssl|DEBUG|01|main|2021-02-08 11:32:36.543 MSK|RSAClientKeyExchange.java:193|Produced RSA ClientKeyExchange handshake message ( "RSA ClientKeyExchange": { "client_version": TLSv1.2 "encncrypted": { 0000: 38 D7 70 15 92 A2 62 C7 EE 92 1F 09 28 7A 73 90 8.p...b.....(zs. 0010: 8A 83 4A 04 36 F8 E2 CA DC 18 AA 07 DF 04 C8 60 ..J.6..........` 0020: 60 AA FB D1 76 19 D3 3A 60 3B E8 EF B8 B9 22 45 `...v..:`;...."E 0030: 67 21 7E B1 B1 6E 04 00 9C 5E EE 94 0C C8 B5 90 g!...n...^...... 0040: 3B 68 9D BA 46 4B 11 2D 92 9E B0 D5 AB 81 F7 D2 ;h..FK.-........ 0050: 62 D5 D8 D8 30 F9 48 47 5F 4B 01 30 13 3B FB B2 b...0.HG_K.0.;.. 0060: D7 75 94 32 29 91 63 15 8B 68 27 52 F5 9D 4C 61 .u.2).c..h'R..La 0070: D4 8D 9F 40 33 A5 47 09 9D A6 D0 3B 58 C1 F2 33 ...@3.G....;X..3 0080: 93 36 74 82 5A 8B 15 7B 5B E7 A7 9B 80 A6 40 64 .6t.Z...[.....@d 0090: E9 CC F3 FC F4 39 B4 1C F3 4A B5 3C 04 DF 1A 05 .....9...J.<.... 00A0: 5E 5A 23 33 D8 AA B9 FC 10 7F 3D 40 A9 7A 10 25 ^Z#3......=@.z.% 00B0: C9 18 1F F7 B6 68 96 F0 2E DF 98 7A B3 EC F4 6B .....h.....z...k 00C0: BE 7D CB 11 18 38 45 9A 67 15 AA EB 3E F2 15 6C .....8E.g...>..l 00D0: B2 24 09 F6 C5 29 B2 A1 A0 E2 B3 4A 5F EF 55 B9 .$...).....J_.U. 00E0: 9D 9A B1 54 65 99 3E B1 97 79 98 17 DC 5E C7 D0 ...Te.>..y...^.. 00F0: 6E C9 8F A8 E6 C0 CB 7E 6F C4 27 C8 10 CE 99 92 n.......o.'..... } } ) javax.net.ssl|DEBUG|01|main|2021-02-08 11:32:36.551 MSK|ChangeCipherSpec.java:115|Produced ChangeCipherSpec message javax.net.ssl|DEBUG|01|main|2021-02-08 11:32:36.551 MSK|Finished.java:398|Produced client Finished handshake message ( "Finished": { "verify data": { 0000: 81 12 3E DB 02 A5 A9 F6 D3 EA E2 AB }'} ) javax.net.ssl|DEBUG|01|main|2021-02-08 11:32:36.559 MSK|NewSessionTicket.java:678|Consuming NewSessionTicket "NewSessionTicket": { "ticket_lifetime" : "300", "ticket" : { 0000: 57 78 4C 48 76 D8 EC 0E E2 C4 38 74 0B 86 1E DC WxLHv.....8t.... 0010: 4B 79 D6 93 FD D7 D4 F1 D8 D3 D5 8A FC 2F 7C 04 Ky.........../.. 0020: 69 19 80 F6 2F 54 10 5C 86 7F 85 F8 AB 53 BC 0C i.../T.\.....S.. 0030: 0E 5A 19 40 C6 71 2B 43 B3 17 F2 5E 67 2E 7A F2 .Z.@.q+C...^g.z. 0040: 8B 08 EF 4A F2 E3 98 FD 5D E9 FB AC 29 B4 F5 BB ...J....]...)... 0050: 48 33 94 4A 02 A3 91 1A 29 BF 3D FA D9 EF C8 D8 H3.J....).=..... 0060: 31 DC D7 EC 54 DB 09 CD 83 30 EF 07 F6 D0 A8 50 1...T....0.....P 0070: 4A C0 11 14 36 0B 99 1E 3C 49 E9 A5 A7 02 86 2E J...6... "request extensions": { } } }, "supported_groups (10)": { "versions": [x25519, secp256r1, secp384r1, secp521r1, x448, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192] }, "ec_point_formats (11)": { "formats": [uncompressed] }, "signature_algorithms (13)": { "signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha224, rsa_sha224, dsa_sha224, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1] }, "signature_algorithms_cert (50)": { "signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha224, rsa_sha224, dsa_sha224, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1] }, "status_request_v2 (17)": { "cert status request": { "certificate status type": ocsp_multi "OCSP status request": { "responder_id": "request extensions": { } } } }, "extended_master_secret (23)": { }, "session_ticket (35)": { }, "supported_versions (43)": { "versions": [TLSv1.3, TLSv1.2, TLSv1.1, TLSv1] }, "psk_key_exchange_modes (45)": { "ke_modes": [psk_dhe_ke] }, "key_share (51)": { "client_shares": [ { "named group": x25519 "key_exchange": { 0000: 0C 4F FB 06 98 35 1E 1F 3A 4F 36 39 1E 1C 85 4D .O...5..:O69...M 0010: CB FC 20 65 7A 4E D0 7D F2 1E A0 CA F9 0C 06 61 .. ezN.........a } }, ] } ] } ) javax.net.ssl|DEBUG|01|main|2021-02-08 11:32:37.621 MSK|ServerHello.java:891|Consuming ServerHello handshake message ( "ServerHello": { "server version" : "TLSv1.2", "random" : "57 7B A8 13 7C 79 74 76 AB 29 81 36 6E FE 4B EF 15 F3 AD 42 FC CB 01 84 FE 79 AD C6 B1 88 0D 94", "session id" : "", "cipher suite" : "TLS_RSA_WITH_AES_256_CBC_SHA256(0x003D)", "compression methods" : "00", "extensions" : [ "server_name (0)": { }, "renegotiation_info (65,281)": { "renegotiated connection": [] }, "session_ticket (35)": { } ] } ) javax.net.ssl|DEBUG|01|main|2021-02-08 11:32:37.622 MSK|SSLExtensions.java:173|Ignore unavailable extension: supported_versions javax.net.ssl|DEBUG|01|main|2021-02-08 11:32:37.622 MSK|ServerHello.java:987|Negotiated protocol version: TLSv1.2 javax.net.ssl|DEBUG|01|main|2021-02-08 11:32:37.622 MSK|SSLExtensions.java:192|Consumed extension: renegotiation_info javax.net.ssl|DEBUG|01|main|2021-02-08 11:32:37.622 MSK|SSLExtensions.java:192|Consumed extension: server_name javax.net.ssl|DEBUG|01|main|2021-02-08 11:32:37.622 MSK|SSLExtensions.java:173|Ignore unavailable extension: max_fragment_length javax.net.ssl|DEBUG|01|main|2021-02-08 11:32:37.623 MSK|SSLExtensions.java:173|Ignore unavailable extension: status_request javax.net.ssl|DEBUG|01|main|2021-02-08 11:32:37.623 MSK|SSLExtensions.java:173|Ignore unavailable extension: ec_point_formats javax.net.ssl|DEBUG|01|main|2021-02-08 11:32:37.623 MSK|SSLExtensions.java:173|Ignore unavailable extension: status_request_v2 javax.net.ssl|DEBUG|01|main|2021-02-08 11:32:37.623 MSK|SSLExtensions.java:192|Consumed extension: session_ticket javax.net.ssl|DEBUG|01|main|2021-02-08 11:32:37.623 MSK|SSLExtensions.java:163|Ignore unsupported extension: supported_versions javax.net.ssl|DEBUG|01|main|2021-02-08 11:32:37.623 MSK|SSLExtensions.java:163|Ignore unsupported extension: key_share javax.net.ssl|DEBUG|01|main|2021-02-08 11:32:37.623 MSK|SSLExtensions.java:192|Consumed extension: renegotiation_info javax.net.ssl|DEBUG|01|main|2021-02-08 11:32:37.623 MSK|SSLExtensions.java:163|Ignore unsupported extension: pre_shared_key javax.net.ssl|DEBUG|01|main|2021-02-08 11:32:37.624 MSK|ServerHello.java:1131|Locally assigned Session Id: 78 ED 9A 5D 7D 94 F7 88 77 94 95 75 01 F0 63 3C C0 E6 F5 DF 87 7F 0B 9C 76 BA FC 18 36 A7 55 BA javax.net.ssl|WARNING|01|main|2021-02-08 11:32:37.624 MSK|SSLExtensions.java:215|Ignore impact of unsupported extension: server_name javax.net.ssl|DEBUG|01|main|2021-02-08 11:32:37.624 MSK|SSLExtensions.java:207|Ignore unavailable extension: max_fragment_length javax.net.ssl|DEBUG|01|main|2021-02-08 11:32:37.624 MSK|SSLExtensions.java:207|Ignore unavailable extension: status_request javax.net.ssl|DEBUG|01|main|2021-02-08 11:32:37.624 MSK|SSLExtensions.java:207|Ignore unavailable extension: ec_point_formats javax.net.ssl|DEBUG|01|main|2021-02-08 11:32:37.624 MSK|SSLExtensions.java:207|Ignore unavailable extension: application_layer_protocol_negotiation javax.net.ssl|DEBUG|01|main|2021-02-08 11:32:37.624 MSK|SSLExtensions.java:207|Ignore unavailable extension: status_request_v2 javax.net.ssl|DEBUG|01|main|2021-02-08 11:32:37.624 MSK|SSLExtensions.java:207|Ignore unavailable extension: extended_master_secret javax.net.ssl|WARNING|01|main|2021-02-08 11:32:37.624 MSK|SSLExtensions.java:215|Ignore impact of unsupported extension: session_ticket javax.net.ssl|DEBUG|01|main|2021-02-08 11:32:37.624 MSK|SSLExtensions.java:207|Ignore unavailable extension: supported_versions javax.net.ssl|DEBUG|01|main|2021-02-08 11:32:37.625 MSK|SSLExtensions.java:207|Ignore unavailable extension: key_share javax.net.ssl|WARNING|01|main|2021-02-08 11:32:37.625 MSK|SSLExtensions.java:215|Ignore impact of unsupported extension: renegotiation_info javax.net.ssl|DEBUG|01|main|2021-02-08 11:32:37.625 MSK|SSLExtensions.java:207|Ignore unavailable extension: pre_shared_key javax.net.ssl|DEBUG|01|main|2021-02-08 11:32:37.627 MSK|CertificateMessage.java:366|Consuming server Certificate handshake message ( "Certificates": [ "certificate" : { "version" : "v3", "serial number" : "09 1B AD 6D F7 B7 F4 98 C1 9A 2D AB 62 79 FD 40", "signature algorithm": "SHA256withRSA", "issuer" : "CN=Thawte RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US", "not before" : "2020-08-14 03:00:00.000 MSK", "not after" : "2022-08-19 15:00:00.000 MSK", "subject" : "CN=*.rbo.raiffeisen.ru, O=AO Raiffeisenbank, L=Moscow, C=RU", "subject public key" : "RSA", "extensions" : [ { ObjectId: 1.3.6.1.4.1.11129.2.4.2 Criticality=false }, { ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false AuthorityInfoAccess [ [ accessMethod: ocsp accessLocation: URIName: http://status.thawte.com , accessMethod: caIssuers accessLocation: URIName: http://cacerts.thawte.com/ThawteRSACA2018.crt ] ] }, { ObjectId: 2.5.29.35 Criticality=false AuthorityKeyIdentifier [ KeyIdentifier [ 0000: A3 C8 5E 65 54 E5 30 78 C1 05 EA 07 0A 6A 59 CC ..^eT.0x.....jY. 0010: B9 FE DE 5A ...Z ] ] }, { ObjectId: 2.5.29.19 Criticality=true BasicConstraints:[ CA:false PathLen: undefined ] }, { ObjectId: 2.5.29.31 Criticality=false CRLDistributionPoints [ [DistributionPoint: [URIName: http://cdp.thawte.com/ThawteRSACA2018.crl] ]] }, { ObjectId: 2.5.29.32 Criticality=false CertificatePolicies [ [CertificatePolicyId: [2.16.840.1.114412.1.1] [PolicyQualifierInfo: [ qualifierID: 1.3.6.1.5.5.7.2.1 qualifier: 0000: 16 1C 68 74 74 70 73 3A 2F 2F 77 77 77 2E 64 69 ..https://www.di 0010: 67 69 63 65 72 74 2E 63 6F 6D 2F 43 50 53 gicert.com/CPS ]] ] [CertificatePolicyId: [2.23.140.1.2.2] [] ] ] }, { ObjectId: 2.5.29.37 Criticality=false ExtendedKeyUsages [ serverAuth clientAuth ] }, { ObjectId: 2.5.29.15 Criticality=true KeyUsage [ DigitalSignature Key_Encipherment ] }, { ObjectId: 2.5.29.17 Criticality=false SubjectAlternativeName [ DNSName: *.rbo.raiffeisen.ru ] }, { ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: C8 DF 6B BF 4D D1 67 FB B3 7D CE 6E 7D CE AE F8 ..k.M.g....n.... 0010: 32 E7 2E 8F 2... ] ] } ]}, "certificate" : { "version" : "v3", "serial number" : "02 5A 8A EF 19 6F 7E 0D 6C 21 04 B2 1A E6 70 2B", "signature algorithm": "SHA256withRSA", "issuer" : "CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US", "not before" : "2017-11-06 15:23:52.000 MSK", "not after" : "2027-11-06 15:23:52.000 MSK", "subject" : "CN=Thawte RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US", "subject public key" : "RSA", "extensions" : [ { ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false AuthorityInfoAccess [ [ accessMethod: ocsp accessLocation: URIName: http://ocsp.digicert.com ] ] }, { ObjectId: 2.5.29.35 Criticality=false AuthorityKeyIdentifier [ KeyIdentifier [ 0000: 03 DE 50 35 56 D1 4C BB 66 F0 A3 E2 1B 1B C3 97 ..P5V.L.f....... 0010: B2 3D D1 55 .=.U ] ] }, { ObjectId: 2.5.29.19 Criticality=true BasicConstraints:[ CA:true PathLen:0 ] }, { ObjectId: 2.5.29.31 Criticality=false CRLDistributionPoints [ [DistributionPoint: [URIName: http://crl3.digicert.com/DigiCertGlobalRootCA.crl] ]] }, { ObjectId: 2.5.29.32 Criticality=false CertificatePolicies [ [CertificatePolicyId: [2.5.29.32.0] [PolicyQualifierInfo: [ qualifierID: 1.3.6.1.5.5.7.2.1 qualifier: 0000: 16 1C 68 74 74 70 73 3A 2F 2F 77 77 77 2E 64 69 ..https://www.di 0010: 67 69 63 65 72 74 2E 63 6F 6D 2F 43 50 53 gicert.com/CPS ]] ] ] }, { ObjectId: 2.5.29.37 Criticality=false ExtendedKeyUsages [ serverAuth clientAuth ] }, { ObjectId: 2.5.29.15 Criticality=true KeyUsage [ DigitalSignature Key_CertSign Crl_Sign ] }, { ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: A3 C8 5E 65 54 E5 30 78 C1 05 EA 07 0A 6A 59 CC ..^eT.0x.....jY. 0010: B9 FE DE 5A ...Z ] ] } ]}, "certificate" : { "version" : "v3", "serial number" : "08 3B E0 56 90 42 46 B1 A1 75 6A C9 59 91 C7 4A", "signature algorithm": "SHA1withRSA", "issuer" : "CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US", "not before" : "2006-11-10 03:00:00.000 MSK", "not after" : "2031-11-10 03:00:00.000 MSK", "subject" : "CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US", "subject public key" : "RSA", "extensions" : [ { ObjectId: 2.5.29.35 Criticality=false AuthorityKeyIdentifier [ KeyIdentifier [ 0000: 03 DE 50 35 56 D1 4C BB 66 F0 A3 E2 1B 1B C3 97 ..P5V.L.f....... 0010: B2 3D D1 55 .=.U ] ] }, { ObjectId: 2.5.29.19 Criticality=true BasicConstraints:[ CA:true PathLen:2147483647 ] }, { ObjectId: 2.5.29.15 Criticality=true KeyUsage [ DigitalSignature Key_CertSign Crl_Sign ] }, { ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: 03 DE 50 35 56 D1 4C BB 66 F0 A3 E2 1B 1B C3 97 ..P5V.L.f....... 0010: B2 3D D1 55 .=.U ] ] } ]} ] ) javax.net.ssl|DEBUG|01|main|2021-02-08 11:32:37.629 MSK|ServerHelloDone.java:151|Consuming ServerHelloDone handshake message ( ) javax.net.ssl|DEBUG|01|main|2021-02-08 11:32:37.630 MSK|RSAClientKeyExchange.java:193|Produced RSA ClientKeyExchange handshake message ( "RSA ClientKeyExchange": { "client_version": TLSv1.2 "encncrypted": { 0000: 2D BC 6A F1 21 70 8B F3 69 AB B7 EF 3A C8 BD C7 -.j.!p..i...:... 0010: 06 C7 A9 18 8B FE 6D 4F 87 84 08 84 5F 62 48 2B ......mO...._bH+ 0020: 00 04 B7 52 3B A1 7E 1E A6 82 19 7E 81 7C 03 43 ...R;..........C 0030: BF 03 FC FE 21 07 0F F9 43 92 31 00 E4 11 D4 75 ....!...C.1....u 0040: 69 C5 F3 3C F5 2C 63 18 7E 46 32 C3 AD 73 32 BE i..<.,c..F2..s2. 0050: C7 B4 79 18 B1 26 44 2E C8 34 08 93 06 16 D8 E8 ..y..&D..4...... 0060: 11 64 4E C2 66 FD 5C 84 0F 3A 90 E4 36 15 9F F1 .dN.f.\..:..6... 0070: 91 22 78 1B DA 24 4D F4 22 6E B0 82 93 B2 25 AF ."x..$M."n....%. 0080: BE CE 1D 36 B5 9D 0E 02 41 29 2B 28 C7 DB 57 69 ...6....A)+(..Wi 0090: CA F4 55 BD 74 3C 03 95 CC 49 CD C3 E4 60 57 06 ..U.t<...I...`W. 00A0: 4F AE E2 B5 0B 98 1F A2 9F A5 78 2A BC E7 46 FD O.........x*..F. 00B0: CF EF 38 85 2A E9 FD C7 35 C0 BF DE FC 49 BA 69 ..8.*...5....I.i 00C0: 90 71 26 25 CA CC 0F 10 8F B3 C8 82 12 A9 22 48 .q&%.........."H 00D0: 0C 6D 77 4C F3 3D A4 6A 25 52 FA 0A 69 CB DE 64 .mwL.=.j%R..i..d 00E0: AE DF 66 D0 BD E9 C9 EB 5B 1F 18 4E CB 98 99 B8 ..f.....[..N.... 00F0: 1A 46 71 95 04 D2 96 A6 34 7A 84 24 09 3E E1 B8 .Fq.....4z.$.>.. } } ) javax.net.ssl|DEBUG|01|main|2021-02-08 11:32:37.632 MSK|ChangeCipherSpec.java:115|Produced ChangeCipherSpec message javax.net.ssl|DEBUG|01|main|2021-02-08 11:32:37.632 MSK|Finished.java:398|Produced client Finished handshake message ( "Finished": { "verify data": { 0000: 7D 79 20 A6 4D FA 04 2F 6B FA 84 B9 }'} ) javax.net.ssl|DEBUG|01|main|2021-02-08 11:32:37.640 MSK|NewSessionTicket.java:678|Consuming NewSessionTicket "NewSessionTicket": { "ticket_lifetime" : "300", "ticket" : { 0000: 57 78 4C 48 76 D8 EC 0E E2 C4 38 74 0B 86 1E DC WxLHv.....8t.... 0010: 6E 9A DF 74 4A 4B D2 6B 38 44 F0 6A 0F F7 D6 7F n..tJK.k8D.j.... 0020: 4B 5F D6 84 4B FA 70 E6 99 07 E3 6D B5 CD 17 06 K_..K.p....m.... 0030: E6 6A E4 26 C6 99 A5 94 80 CA 29 F1 3C 77 79 2F .j.&......).