QuickFixJ SSL debugging

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

QuickFixJ SSL debugging

QuickFIX/J mailing list
QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
QuickFIX/J Support: http://www.quickfixj.org/support/



 

   Working on my first QuickFix client request to a remote broker and running into a couple of problem.

 

   Setting up an initiator to connect with the broker and I cannot seem to get SSL configured, executing correctly and having difficulty in configuring the debug level for the initiator to show any kind of helpful tracing information. I am convinced that it is a certificate/SSL problem since I can connect using other utilities and successfully post a logon fix message.

 

   My certificates, keystore, truststore and keys are all self signed and freshly created.

 

  1. Is there some trick to getting log4j configured to see output from quickfixj ?
  2. What debug information should I expect to see ?
  3. Does the following configuration look proper ?

 

[default]
FileStorePath=target/classes/
ConnectionType=initiator
SenderCompID=SenderCOMPID
TargetCompID=TargetCOMPID
SocketConnectHost=hostname
StartTime=00:00:00
EndTime=00:00:00
HeartBtInt=30
ReconnectInterval=5
ResetOnLogon=Y
#SSL Config
SocketUseSSL=Y
CipherSuites=TLS_RSA_WITH_AES_128_CBC_SHA
EnabledProtocols=TLSv1.2
SocketKeyStore=identity.jks
SocketKeyStorePassword=password
SocketTrustStore=trust.jks
SocketTrustStorePassword=password

 

The error that I am receiving when the connection is rejected by the broker server

 

14:10:04.384 [QFJ Message Processor] INFO quickfix.SocketInitiator - Started QFJ Message Processor

14:10:04.491 [NioProcessor-2] INFO quickfix.mina.initiator.InitiatorIoHandler - MINA session created <id>-><id>: local=/10.2.30.104:52583, class org.apache.mina.transport.socket.nio.NioSocketSession, remote=<serverip>:9100

<20170712-20:10:05<id>-><id>, outgoing> (8=FIX.4.49=8335=A34=4449=<id>52=20170712-20:10:05.41456=<id>98=0108=3010=123)

<20170712-20:10:05<id>-><id>, event> (Initiated logon request)

<20170712-20:10:05, <id>-><id>, error> (Disconnecting: Socket exception (<server-ip>:9100): java.io.IOException: An existing connection was forcibly closed by the remote host)

14:10:06.507 [QFJ Timer] INFO display.quickfix.mina.initiator.IoSessionInitiator - [<id>-><id>] - reset IoConnector


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Quickfixj-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/quickfixj-users
Reply | Threaded
Open this post in threaded view
|

Re: QuickFixJ SSL debugging

thannon
Try adding '-Djavax.net.debug=ssl:handshake' to your JVM command.
Reply | Threaded
Open this post in threaded view
|

Re: QuickFixJ SSL debugging

QuickFIX/J mailing list
QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
QuickFIX/J Support: http://www.quickfixj.org/support/



After many variations I am still unable to connect from the banzai client to the providers sim environment.

[default]
FileStorePath=target/classes/
ConnectionType=initiator
SenderCompID=XXX.RFS.NY.SIM.XXXX.5272
TargetCompID=XXX
SocketConnectHost=xxxx-nysim.xxxxxx.com
StartTime=00:00:00
EndTime=00:00:00
HeartBtInt=30
ReconnectInterval=5
#ResetOnLogon=Y
SocketUseSSL=Y
CipherSuites=TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
EnabledProtocols=TLSv1.2
SocketKeyStore=c:\\progra~1\\java\\jdk1.8.0_131\\jre\\lib\\security\\keystore.jks
SocketKeyStorePassword=password
SocketTrustStore=c:\\progra~1\\java\\jdk1.8.0_131\\jre\\lib\\security\\cacerts
SocketTrustStorePassword=changeit

[session]
BeginString=FIX.4.4
SocketConnectPort=9120
DataDictionary=FIX44.xml

***********************

"C:\Program Files\Java\jdk1.8.0_131\bin\java" -Djavax.net.debug=all
14:28:35.576 [main] INFO quickfix.SessionSchedule - [FIX.4.4:XXX.XXX.XX.XXX.XXXX.XXXX->AAA] daily, 00:00:00-UTC - 00:00:00-UTC
<20170717-20:28:35, FIX.4.4:XXX.XXX.XX.XXX.XXXX.XXXX->AAA, event> (Session FIX.4.4:XXX.XXX.XX.XXX.XXXX.XXXX->AAA schedule is daily, 00:00:00-UTC - 00:00:00-UTC)
<20170717-20:28:35, FIX.4.4:XXX.XXX.XX.XXX.XXXX.XXXX->AAA, event> (Created session: FIX.4.4:XXX.XXX.XX.XXX.XXXX.XXXX->AAA)
14:28:35.602 [main] INFO quickfix.mina.NetworkingOptions - Socket option: SocketTcpNoDelay=true
14:28:35.603 [main] INFO quickfix.mina.NetworkingOptions - Socket option: SocketSynchronousWrites=false
14:28:35.603 [main] INFO quickfix.mina.NetworkingOptions - Socket option: SocketSynchronousWriteTimeout=30000
***
found key for : companyname
chain [0] = [
[
  Version: V3
  Subject: CN=R Mackay, OU=companyname, O=companyname, L=orem, ST=UT, C=US
  Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11

  Key:  Sun RSA public key, 2048 bits
  modulus: 17612335763847397150819712914571034069624222376405399260494861776097456953379591552228837403953510141271672142889600571112607436191177264801593195432167944019241315694293991979034526120315912174074064000320083155874103442880436712089026152550162263363327407465908951035889612735490787795810200005426289550472886888375641865598857293244187410120279521217546570698722283829142020209511842530608671734356258336681844693012434105744277637562301258652203534439079877162131390543264655228359789685582081300314784929908703520859134103299451975883128831725846301088359645175808207030257815512498452329527540028997638730448687
  public exponent: 65537
  Validity: [From: Fri Jul 14 08:41:14 MDT 2017,
               To: Thu Oct 12 08:41:14 MDT 2017]
  Issuer: CN=R Mackay, OU=companyname, O=companyname, L=orem, ST=UT, C=US
  SerialNumber: [    62e2108f]

Certificate Extensions: 1
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: B7 E3 44 4D 06 8F 2A 23   9E CA 2F 59 05 34 F6 A0  ..DM..*#../Y.4..
0010: 2B A3 A1 65                                        +..e
]
]

]
  Algorithm: [SHA256withRSA]
  Signature:
0000: 6F 8A 1B DA 36 65 41 34   E0 EC 10 66 52 A8 4F 16  o...6eA4...fR.O.
0010: 76 45 E7 36 19 CF 87 5D   EF 6E 52 E4 D2 1E 43 D8  vE.6...].nR...C.
0020: 73 44 26 A5 80 7F 8A 7A   8B 96 00 53 FA FB 2B FA  sD&....z...S..+.
0030: 6E FB 59 41 7D 3A 06 1B   F4 E2 5E 70 AD 58 CC 9B  n.YA.:....^p.X..
0040: 72 31 87 B6 B7 3F 84 22   01 C1 AB 27 26 7D 6F 19  r1...?."...'&.o.
0050: 48 11 18 AB 9D 5D 45 70   B8 6B 02 E6 21 AF 3E 6B  H....]Ep.k..!.>k
0060: EC E0 9B F3 3A 13 28 EF   D7 12 EE 8C 8C 35 79 59  ....:.(......5yY
0070: 52 3D BF 60 3C B8 23 28   2E D0 57 49 45 9E 03 87  R=.`<.#(..WIE...
0080: 9C D4 EB BB BC 07 A2 BD   D4 6C 07 42 D2 42 37 D1  .........l.B.B7.
0090: 7B 8E 68 47 68 B1 F2 68   D3 E0 75 40 9D 79 9C 19  ..hGh..h..u@.y..
00A0: EC F9 CC F5 4C 00 AC 0F   29 DA 6E 71 96 94 D8 5A  ....L...).nq...Z
00B0: E5 F4 94 BA A3 40 A8 C0   D2 0A 93 C5 9E 97 0D EB  .....@..........
00C0: D1 B3 50 35 96 F6 33 7E   72 5C 8E 5D 6B 0C 1B F9  ..P5..3.r\.]k...
00D0: 51 EA C2 BE B6 D1 20 0C   8B FD CD 55 57 D9 6A B4  Q..... ....UW.j.
00E0: D7 28 B3 0D E1 7F 37 C8   6D 70 A5 C6 76 79 91 4D  .(....7.mp..vy.M
00F0: A4 0D 0A 70 32 F8 A6 41   E0 91 94 0D CA 38 52 2A  ...p2..A.....8R*

]
***
adding as trusted cert:
  Subject: CN=xxxx-xxxxx.xxxxxxx.com, OU=nsProtect Secure Xpress, OU=Domain Control Validated
  Issuer:  CN=Network Solutions DV Server CA 2, O=Network Solutions L.L.C., L=Herndon, ST=VA, C=US
  Algorithm: RSA; Serial number: 0xc8ad7bb4981ff744122b3b69cfe9cd3e
  Valid from Thu Apr 21 18:00:00 MDT 2016 until Mon Apr 22 17:59:59 MDT 2019

trigger seeding of SecureRandom
done seeding SecureRandom
14:28:35.902 [main] INFO display.quickfix.mina.initiator.IoSessionInitiator - [FIX.4.4:XXX.XXX.XX.XXX.XXXX.XXXX->AAA] [xxxx-xxxxx.xxxxxxx.com/1.1.1.1:9120]
14:28:35.904 [main] INFO quickfix.SocketInitiator - SessionTimer started
14:28:35.904 [QFJ Message Processor] INFO quickfix.SocketInitiator - Started QFJ Message Processor
14:28:36.024 [NioProcessor-2] DEBUG org.apache.mina.filter.ssl.SslFilter - Adding the SSL Filter SslFilter to the chain
14:28:36.029 [NioProcessor-2] DEBUG org.apache.mina.filter.ssl.SslHandler - Session Client[1](no sslEngine) Initializing the SSL Handler
Using SSLEngineImpl.
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
%% No cached client session
*** ClientHello, TLSv1.2
RandomCookie:  GMT: 1500323060 bytes = { 164, 184, 166, 103, 78, 98, 226, 222, 108, 248, 133, 98, 88, 95, 25, 120, 132, 25, 37, 149, 100, 107, 109, 36, 255, 219, 187, 85 }
Session ID:  {}
Cipher Suites: [TLS_DHE_RSA_WITH_AES_256_GCM_SHA384]
Compression Methods:  { 0 }
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA
Extension renegotiation_info, renegotiated_connection: <empty>
***
[write] MD5 and SHA1 hashes:  len = 78
0000: 01 00 00 4A 03 03 59 6D   1D F4 A4 B8 A6 67 4E 62  ...J..Ym.....gNb
0010: E2 DE 6C F8 85 62 58 5F   19 78 84 19 25 95 64 6B  ..l..bX_.x..%.dk
0020: 6D 24 FF DB BB 55 00 00   02 00 9F 01 00 00 1F 00  m$...U..........
0030: 0D 00 16 00 14 06 03 06   01 05 03 05 01 04 03 04  ................
0040: 01 04 02 02 03 02 01 02   02 FF 01 00 01 00        ..............
NioProcessor-2, WRITE: TLSv1.2 Handshake, length = 78
14:28:36.068 [NioProcessor-2] DEBUG org.apache.mina.filter.ssl.SslHandler - Session Client[1](no sslEngine) SSL Handler Initialization done.
14:28:36.068 [NioProcessor-2] DEBUG org.apache.mina.filter.ssl.SslFilter - Session Client[1](ssl...) : Starting the first handshake
14:28:36.069 [NioProcessor-2] DEBUG org.apache.mina.filter.ssl.SslHandler - Session Client[1](ssl...) processing the NEED_WRAP state
[Raw write]: length = 83
0000: 16 03 03 00 4E 01 00 00   4A 03 03 59 6D 1D F4 A4  ....N...J..Ym...
0010: B8 A6 67 4E 62 E2 DE 6C   F8 85 62 58 5F 19 78 84  ..gNb..l..bX_.x.
0020: 19 25 95 64 6B 6D 24 FF   DB BB 55 00 00 02 00 9F  .%.dkm$...U.....
0030: 01 00 00 1F 00 0D 00 16   00 14 06 03 06 01 05 03  ................
0040: 05 01 04 03 04 01 04 02   02 03 02 01 02 02 FF 01  ................
0050: 00 01 00                                           ...
14:28:36.070 [NioProcessor-2] DEBUG org.apache.mina.filter.ssl.SslFilter - Session Client[1](ssl...): Writing Message : WriteRequest: HeapBuffer[pos=0 lim=83 cap=132: 16 03 03 00 4E 01 00 00 4A 03 03 59 6D 1D F4 A4...]
14:28:36.072 [NioProcessor-2] DEBUG org.apache.mina.filter.ssl.SslHandler - Session Client[1](ssl...) processing the NEED_UNWRAP state
14:28:36.073 [NioProcessor-2] INFO quickfix.mina.initiator.InitiatorIoHandler - MINA session created for FIX.4.4:XXX.XXX.XX.XXX.XXXX.XXXX->AAA: local=/10.2.30.104:53081, class org.apache.mina.transport.socket.nio.NioSocketSession, remote=xxxx-xxxxx.xxxxxxx.com/1.1.1.1:9120
<20170717-20:28:36, FIX.4.4:XXX.XXX.XX.XXX.XXXX.XXXX->AAA, error> (Disconnecting: Socket exception (xxxx-xxxxx.xxxxxxx.com/1.1.1.1:9120): java.io.IOException: An existing connection was forcibly closed by the remote host)
NioProcessor-2, called closeOutbound()
NioProcessor-2, closeOutboundInternal()
NioProcessor-2, SEND TLSv1.2 ALERT:  warning, description = close_notify
NioProcessor-2, WRITE: TLSv1.2 Alert, length = 2
[Raw write]: length = 7
0000: 15 03 03 00 02 01 00                               .......
14:28:36.170 [NioProcessor-2] DEBUG org.apache.mina.filter.ssl.SslFilter - Session Client[1]: Writing Message : WriteRequest: HeapBuffer[pos=0 lim=7 cap=8: 15 03 03 00 02 01 00]
NioProcessor-2, called closeInbound()
NioProcessor-2, fatal error: 80: Inbound closed before receiving peer's close_notify: possible truncation attack?
javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?
NioProcessor-2, SEND TLSv1.2 ALERT:  fatal, description = internal_error
NioProcessor-2, Exception sending alert: java.io.IOException: writer side was already closed.
14:28:36.173 [NioProcessor-2] DEBUG org.apache.mina.filter.ssl.SslHandler - Unexpected exception from SSLEngine.closeInbound().
javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
        at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1666)
        at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1634)
        at sun.security.ssl.SSLEngineImpl.closeInbound(SSLEngineImpl.java:1561)
        at org.apache.mina.filter.ssl.SslHandler.destroy(SslHandler.java:213)
        at org.apache.mina.filter.ssl.SslFilter.sessionClosed(SslFilter.java:473)
        at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextSessionClosed(DefaultIoFilterChain.java:504)
        at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$900(DefaultIoFilterChain.java:48)
        at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.sessionClosed(DefaultIoFilterChain.java:927)
        at org.apache.mina.core.filterchain.IoFilterAdapter.sessionClosed(IoFilterAdapter.java:88)
        at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextSessionClosed(DefaultIoFilterChain.java:504)
        at org.apache.mina.core.filterchain.DefaultIoFilterChain.fireSessionClosed(DefaultIoFilterChain.java:497)
        at org.apache.mina.core.service.IoServiceListenerSupport.fireSessionDestroyed(IoServiceListenerSupport.java:245)
        at org.apache.mina.core.polling.AbstractPollingIoProcessor.removeNow(AbstractPollingIoProcessor.java:587)
        at org.apache.mina.core.polling.AbstractPollingIoProcessor.writeBuffer(AbstractPollingIoProcessor.java:923)
        at org.apache.mina.core.polling.AbstractPollingIoProcessor.flushNow(AbstractPollingIoProcessor.java:840)
        at org.apache.mina.core.polling.AbstractPollingIoProcessor.flush(AbstractPollingIoProcessor.java:767)
        at org.apache.mina.core.polling.AbstractPollingIoProcessor.access$700(AbstractPollingIoProcessor.java:68)
        at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:1125)
        at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
        at java.lang.Thread.run(Thread.java:748)
NioProcessor-2, called closeOutbound()
NioProcessor-2, closeOutboundInternal()
14:28:37.088 [QFJ Timer] INFO display.quickfix.mina.initiator.IoSessionInitiator - [FIX.4.4:XXX.XXX.XX.XXX.XXXX.XXXX->AAA] - reset IoConnector

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Quickfixj-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/quickfixj-users
Reply | Threaded
Open this post in threaded view
|

Re: QuickFixJ SSL debugging

QuickFIX/J mailing list
QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
QuickFIX/J Support: http://www.quickfixj.org/support/



Hi,

where did you get that certificate from? Looks like you created one for yourself and imported it into the JDK keystore?
For the brokers that use SSL (e.g. we connect to Bloomberg) we get a certificate from them. Then we specify it in the SocketKeyStore properties just like you. We do not use a trust store. But that should be explained in the documentation from the broker/exchange that you are trying to connect to.

Cheers,
Chris.

On 17/07/17 23:07, Robert MacKay via Quickfixj-users wrote:
QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
QuickFIX/J Support: http://www.quickfixj.org/support/



After many variations I am still unable to connect from the banzai client to the providers sim environment.

[default]
FileStorePath=target/classes/
ConnectionType=initiator
SenderCompID=XXX.RFS.NY.SIM.XXXX.5272
TargetCompID=XXX
SocketConnectHost=xxxx-nysim.xxxxxx.com
StartTime=00:00:00
EndTime=00:00:00
HeartBtInt=30
ReconnectInterval=5
#ResetOnLogon=Y
SocketUseSSL=Y
CipherSuites=TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
EnabledProtocols=TLSv1.2
SocketKeyStore=c:\\progra~1\\java\\jdk1.8.0_131\\jre\\lib\\security\\keystore.jks
SocketKeyStorePassword=password
SocketTrustStore=c:\\progra~1\\java\\jdk1.8.0_131\\jre\\lib\\security\\cacerts
SocketTrustStorePassword=changeit

[session]
BeginString=FIX.4.4
SocketConnectPort=9120
DataDictionary=FIX44.xml

***********************

"C:\Program Files\Java\jdk1.8.0_131\bin\java" -Djavax.net.debug=all 
14:28:35.576 [main] INFO quickfix.SessionSchedule - [FIX.4.4:XXX.XXX.XX.XXX.XXXX.XXXX->AAA] daily, 00:00:00-UTC - 00:00:00-UTC
<20170717-20:28:35, FIX.4.4:XXX.XXX.XX.XXX.XXXX.XXXX->AAA, event> (Session FIX.4.4:XXX.XXX.XX.XXX.XXXX.XXXX->AAA schedule is daily, 00:00:00-UTC - 00:00:00-UTC)
<20170717-20:28:35, FIX.4.4:XXX.XXX.XX.XXX.XXXX.XXXX->AAA, event> (Created session: FIX.4.4:XXX.XXX.XX.XXX.XXXX.XXXX->AAA)
14:28:35.602 [main] INFO quickfix.mina.NetworkingOptions - Socket option: SocketTcpNoDelay=true
14:28:35.603 [main] INFO quickfix.mina.NetworkingOptions - Socket option: SocketSynchronousWrites=false
14:28:35.603 [main] INFO quickfix.mina.NetworkingOptions - Socket option: SocketSynchronousWriteTimeout=30000
***
found key for : companyname
chain [0] = [
[
  Version: V3
  Subject: CN=R Mackay, OU=companyname, O=companyname, L=orem, ST=UT, C=US
  Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11

  Key:  Sun RSA public key, 2048 bits
  modulus: 17612335763847397150819712914571034069624222376405399260494861776097456953379591552228837403953510141271672142889600571112607436191177264801593195432167944019241315694293991979034526120315912174074064000320083155874103442880436712089026152550162263363327407465908951035889612735490787795810200005426289550472886888375641865598857293244187410120279521217546570698722283829142020209511842530608671734356258336681844693012434105744277637562301258652203534439079877162131390543264655228359789685582081300314784929908703520859134103299451975883128831725846301088359645175808207030257815512498452329527540028997638730448687
  public exponent: 65537
  Validity: [From: Fri Jul 14 08:41:14 MDT 2017,
               To: Thu Oct 12 08:41:14 MDT 2017]
  Issuer: CN=R Mackay, OU=companyname, O=companyname, L=orem, ST=UT, C=US
  SerialNumber: [    62e2108f]

Certificate Extensions: 1
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: B7 E3 44 4D 06 8F 2A 23   9E CA 2F 59 05 34 F6 A0  ..DM..*#../Y.4..
0010: 2B A3 A1 65                                        +..e
]
]

]
  Algorithm: [SHA256withRSA]
  Signature:
0000: 6F 8A 1B DA 36 65 41 34   E0 EC 10 66 52 A8 4F 16  o...6eA4...fR.O.
0010: 76 45 E7 36 19 CF 87 5D   EF 6E 52 E4 D2 1E 43 D8  vE.6...].nR...C.
0020: 73 44 26 A5 80 7F 8A 7A   8B 96 00 53 FA FB 2B FA  sD&....z...S..+.
0030: 6E FB 59 41 7D 3A 06 1B   F4 E2 5E 70 AD 58 CC 9B  n.YA.:....^p.X..
0040: 72 31 87 B6 B7 3F 84 22   01 C1 AB 27 26 7D 6F 19  r1...?."...'&.o.
0050: 48 11 18 AB 9D 5D 45 70   B8 6B 02 E6 21 AF 3E 6B  H....]Ep.k..!.>k
0060: EC E0 9B F3 3A 13 28 EF   D7 12 EE 8C 8C 35 79 59  ....:.(......5yY
0070: 52 3D BF 60 3C B8 23 28   2E D0 57 49 45 9E 03 87  R=.`<.#(..WIE...
0080: 9C D4 EB BB BC 07 A2 BD   D4 6C 07 42 D2 42 37 D1  .........l.B.B7.
0090: 7B 8E 68 47 68 B1 F2 68   D3 E0 75 40 9D 79 9C 19  ..hGh..h..u@.y..
00A0: EC F9 CC F5 4C 00 AC 0F   29 DA 6E 71 96 94 D8 5A  ....L...).nq...Z
00B0: E5 F4 94 BA A3 40 A8 C0   D2 0A 93 C5 9E 97 0D EB  .....@..........
00C0: D1 B3 50 35 96 F6 33 7E   72 5C 8E 5D 6B 0C 1B F9  ..P5..3.r\.]k...
00D0: 51 EA C2 BE B6 D1 20 0C   8B FD CD 55 57 D9 6A B4  Q..... ....UW.j.
00E0: D7 28 B3 0D E1 7F 37 C8   6D 70 A5 C6 76 79 91 4D  .(....7.mp..vy.M
00F0: A4 0D 0A 70 32 F8 A6 41   E0 91 94 0D CA 38 52 2A  ...p2..A.....8R*

]
***
adding as trusted cert:
  Subject: CN=xxxx-xxxxx.xxxxxxx.com, OU=nsProtect Secure Xpress, OU=Domain Control Validated
  Issuer:  CN=Network Solutions DV Server CA 2, O=Network Solutions L.L.C., L=Herndon, ST=VA, C=US
  Algorithm: RSA; Serial number: 0xc8ad7bb4981ff744122b3b69cfe9cd3e
  Valid from Thu Apr 21 18:00:00 MDT 2016 until Mon Apr 22 17:59:59 MDT 2019

trigger seeding of SecureRandom
done seeding SecureRandom
14:28:35.902 [main] INFO display.quickfix.mina.initiator.IoSessionInitiator - [FIX.4.4:XXX.XXX.XX.XXX.XXXX.XXXX->AAA] [xxxx-xxxxx.xxxxxxx.com/1.1.1.1:9120]
14:28:35.904 [main] INFO quickfix.SocketInitiator - SessionTimer started
14:28:35.904 [QFJ Message Processor] INFO quickfix.SocketInitiator - Started QFJ Message Processor
14:28:36.024 [NioProcessor-2] DEBUG org.apache.mina.filter.ssl.SslFilter - Adding the SSL Filter SslFilter to the chain
14:28:36.029 [NioProcessor-2] DEBUG org.apache.mina.filter.ssl.SslHandler - Session Client[1](no sslEngine) Initializing the SSL Handler
Using SSLEngineImpl.
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
%% No cached client session
*** ClientHello, TLSv1.2
RandomCookie:  GMT: 1500323060 bytes = { 164, 184, 166, 103, 78, 98, 226, 222, 108, 248, 133, 98, 88, 95, 25, 120, 132, 25, 37, 149, 100, 107, 109, 36, 255, 219, 187, 85 }
Session ID:  {}
Cipher Suites: [TLS_DHE_RSA_WITH_AES_256_GCM_SHA384]
Compression Methods:  { 0 }
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA
Extension renegotiation_info, renegotiated_connection: <empty>
***
[write] MD5 and SHA1 hashes:  len = 78
0000: 01 00 00 4A 03 03 59 6D   1D F4 A4 B8 A6 67 4E 62  ...J..Ym.....gNb
0010: E2 DE 6C F8 85 62 58 5F   19 78 84 19 25 95 64 6B  ..l..bX_.x..%.dk
0020: 6D 24 FF DB BB 55 00 00   02 00 9F 01 00 00 1F 00  m$...U..........
0030: 0D 00 16 00 14 06 03 06   01 05 03 05 01 04 03 04  ................
0040: 01 04 02 02 03 02 01 02   02 FF 01 00 01 00        ..............
NioProcessor-2, WRITE: TLSv1.2 Handshake, length = 78
14:28:36.068 [NioProcessor-2] DEBUG org.apache.mina.filter.ssl.SslHandler - Session Client[1](no sslEngine) SSL Handler Initialization done.
14:28:36.068 [NioProcessor-2] DEBUG org.apache.mina.filter.ssl.SslFilter - Session Client[1](ssl...) : Starting the first handshake
14:28:36.069 [NioProcessor-2] DEBUG org.apache.mina.filter.ssl.SslHandler - Session Client[1](ssl...) processing the NEED_WRAP state
[Raw write]: length = 83
0000: 16 03 03 00 4E 01 00 00   4A 03 03 59 6D 1D F4 A4  ....N...J..Ym...
0010: B8 A6 67 4E 62 E2 DE 6C   F8 85 62 58 5F 19 78 84  ..gNb..l..bX_.x.
0020: 19 25 95 64 6B 6D 24 FF   DB BB 55 00 00 02 00 9F  .%.dkm$...U.....
0030: 01 00 00 1F 00 0D 00 16   00 14 06 03 06 01 05 03  ................
0040: 05 01 04 03 04 01 04 02   02 03 02 01 02 02 FF 01  ................
0050: 00 01 00                                           ...
14:28:36.070 [NioProcessor-2] DEBUG org.apache.mina.filter.ssl.SslFilter - Session Client[1](ssl...): Writing Message : WriteRequest: HeapBuffer[pos=0 lim=83 cap=132: 16 03 03 00 4E 01 00 00 4A 03 03 59 6D 1D F4 A4...]
14:28:36.072 [NioProcessor-2] DEBUG org.apache.mina.filter.ssl.SslHandler - Session Client[1](ssl...) processing the NEED_UNWRAP state
14:28:36.073 [NioProcessor-2] INFO quickfix.mina.initiator.InitiatorIoHandler - MINA session created for FIX.4.4:XXX.XXX.XX.XXX.XXXX.XXXX->AAA: local=/10.2.30.104:53081, class org.apache.mina.transport.socket.nio.NioSocketSession, remote=xxxx-xxxxx.xxxxxxx.com/1.1.1.1:9120
<20170717-20:28:36, FIX.4.4:XXX.XXX.XX.XXX.XXXX.XXXX->AAA, error> (Disconnecting: Socket exception (xxxx-xxxxx.xxxxxxx.com/1.1.1.1:9120): java.io.IOException: An existing connection was forcibly closed by the remote host)
NioProcessor-2, called closeOutbound()
NioProcessor-2, closeOutboundInternal()
NioProcessor-2, SEND TLSv1.2 ALERT:  warning, description = close_notify
NioProcessor-2, WRITE: TLSv1.2 Alert, length = 2
[Raw write]: length = 7
0000: 15 03 03 00 02 01 00                               .......
14:28:36.170 [NioProcessor-2] DEBUG org.apache.mina.filter.ssl.SslFilter - Session Client[1]: Writing Message : WriteRequest: HeapBuffer[pos=0 lim=7 cap=8: 15 03 03 00 02 01 00]
NioProcessor-2, called closeInbound()
NioProcessor-2, fatal error: 80: Inbound closed before receiving peer's close_notify: possible truncation attack?
javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?
NioProcessor-2, SEND TLSv1.2 ALERT:  fatal, description = internal_error
NioProcessor-2, Exception sending alert: java.io.IOException: writer side was already closed.
14:28:36.173 [NioProcessor-2] DEBUG org.apache.mina.filter.ssl.SslHandler - Unexpected exception from SSLEngine.closeInbound().
javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?
	at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
	at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1666)
	at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1634)
	at sun.security.ssl.SSLEngineImpl.closeInbound(SSLEngineImpl.java:1561)
	at org.apache.mina.filter.ssl.SslHandler.destroy(SslHandler.java:213)
	at org.apache.mina.filter.ssl.SslFilter.sessionClosed(SslFilter.java:473)
	at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextSessionClosed(DefaultIoFilterChain.java:504)
	at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$900(DefaultIoFilterChain.java:48)
	at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.sessionClosed(DefaultIoFilterChain.java:927)
	at org.apache.mina.core.filterchain.IoFilterAdapter.sessionClosed(IoFilterAdapter.java:88)
	at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextSessionClosed(DefaultIoFilterChain.java:504)
	at org.apache.mina.core.filterchain.DefaultIoFilterChain.fireSessionClosed(DefaultIoFilterChain.java:497)
	at org.apache.mina.core.service.IoServiceListenerSupport.fireSessionDestroyed(IoServiceListenerSupport.java:245)
	at org.apache.mina.core.polling.AbstractPollingIoProcessor.removeNow(AbstractPollingIoProcessor.java:587)
	at org.apache.mina.core.polling.AbstractPollingIoProcessor.writeBuffer(AbstractPollingIoProcessor.java:923)
	at org.apache.mina.core.polling.AbstractPollingIoProcessor.flushNow(AbstractPollingIoProcessor.java:840)
	at org.apache.mina.core.polling.AbstractPollingIoProcessor.flush(AbstractPollingIoProcessor.java:767)
	at org.apache.mina.core.polling.AbstractPollingIoProcessor.access$700(AbstractPollingIoProcessor.java:68)
	at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:1125)
	at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:748)
NioProcessor-2, called closeOutbound()
NioProcessor-2, closeOutboundInternal()
14:28:37.088 [QFJ Timer] INFO display.quickfix.mina.initiator.IoSessionInitiator - [FIX.4.4:XXX.XXX.XX.XXX.XXXX.XXXX->AAA] - reset IoConnector

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Quickfixj-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/quickfixj-users

--
Christoph John
Development & Support
Direct: +49 241 557080-28
Mailto:Christoph.John@...



http://www.macd.com


MACD GmbH
Oppenhoffallee 103
D-52066 Aachen
Tel: +49 241 557080-0 | Fax: +49 241 557080-10
 Amtsgericht Aachen: HRB 8151
Ust.-Id: DE 813021663

Geschäftsführer: George Macdonald


take care of the environment - print only if necessary

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Quickfixj-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/quickfixj-users