How can I know which TLS version is currently being used by gRPC
I want to make it to use TLSv1.2 by passing the below argument to java "-Djdk.tls.client.protocols=TLSv1.2"
But I was not able to find which TLS version was being used by gRPC when I ran the application.
Can someone help me on how to find out the version which is being used by gRPC.
I want know, which TLS version is being used by gRPC
If you add the VM argument below, the application will tell you.
-Djavax.net.debug=SSL,keymanager,trustmanager,ssl:handshake
Just run a request and the output will be:
javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.621 CEST|ClientHello.java:796|Consuming ClientHello handshake message (
"ClientHello": {
"client version" : "TLSv1.2",
"random" : "81A7CE7656F219CE45AAE61551E6019C2C1A3E3471C6A829F877A1501A259888",
"session id" : "B42020E339E65569D0F583AA828A1BD814186106C64049DEE1AB814EAE516C04",
"cipher suites" : "[TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(0xC02B), TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(0xC02F), TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384(0xC02C), TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(0xC030), TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256(0xCCA9), TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256(0xCCA8), TLS_AES_128_GCM_SHA256(0x1301), TLS_AES_256_GCM_SHA384(0x1302), TLS_CHACHA20_POLY1305_SHA256(0x1303)]",
"compression methods" : "00",
"extensions" : [
"status_request (5)": {
"certificate status type": ocsp
"OCSP status request": {
"responder_id": <empty>
"request extensions": {
<empty>
}
}
},
"supported_groups (10)": {
"named groups": [x25519, secp256r1, secp384r1, secp521r1, x448, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192]
},
"ec_point_formats (11)": {
"formats": [uncompressed]
},
"application_layer_protocol_negotiation (16)": {
[h2]
},
"status_request_v2 (17)": {
"cert status request": {
"certificate status type": ocsp_multi
"OCSP status request": {
"responder_id": <empty>
"request extensions": {
<empty>
}
}
}
},
"extended_master_secret (23)": {
<empty>
},
"session_ticket (35)": {
<empty>
},
"signature_algorithms (13)": {
"signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, ed25519, ed448, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha224, rsa_sha224, dsa_sha224, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1]
},
"supported_versions (43)": {
"versions": [TLSv1.3, TLSv1.2]
},
"psk_key_exchange_modes (45)": {
"ke_modes": [psk_dhe_ke]
},
"signature_algorithms_cert (50)": {
"signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, ed25519, ed448, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha224, rsa_sha224, dsa_sha224, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1]
},
"key_share (51)": {
"client_shares": [
{
"named group": x25519
"key_exchange": {
0000: 16 E2 53 CC F2 A0 6F 5E 51 A2 36 48 E0 E2 34 98 ..S...o^Q.6H..4.
0010: D7 31 B6 A7 CF B3 1E A1 4D 34 C3 07 BF 8B E3 02 .1......M4......
}
},
{
"named group": secp256r1
"key_exchange": {
0000: 04 A6 D9 2E CC DA D0 59 12 E8 18 76 AA A4 03 F7 .......Y...v....
0010: 7A EE 03 56 45 FB DB E1 A5 C4 B0 3F C9 30 BF C9 z..VE......?.0..
0020: DD CB B6 65 44 FF 2A 20 27 CE 07 2E C7 84 F1 95 ...eD.* '.......
0030: 47 1A 2A 26 75 F6 E1 69 F4 8E D2 B4 A7 C5 43 14 G.*&u..i......C.
0040: 97
}
},
]
},
"renegotiation_info (65,281)": {
"renegotiated connection": [<no renegotiated connection>]
}
]
}
)
javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.621 CEST|SSLExtensions.java:204|Consumed extension: supported_versions
javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.622 CEST|ClientHello.java:826|Negotiated protocol version: TLSv1.3
javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.622 CEST|SSLExtensions.java:204|Consumed extension: psk_key_exchange_modes
javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.622 CEST|PreSharedKeyExtension.java:833|Handling pre_shared_key absence.
javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.622 CEST|SSLExtensions.java:185|Ignore unavailable extension: server_name
javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.622 CEST|SSLExtensions.java:185|Ignore unavailable extension: max_fragment_length
javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.622 CEST|SSLExtensions.java:204|Consumed extension: status_request
javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.623 CEST|SSLExtensions.java:204|Consumed extension: supported_groups
javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.623 CEST|SSLExtensions.java:175|Ignore unsupported extension: ec_point_formats
javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.623 CEST|SSLExtensions.java:204|Consumed extension: application_layer_protocol_negotiation
javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.623 CEST|SSLExtensions.java:175|Ignore unsupported extension: status_request_v2
javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.623 CEST|SSLExtensions.java:175|Ignore unsupported extension: extended_master_secret
javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.623 CEST|SSLExtensions.java:175|Ignore unsupported extension: session_ticket
javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.623 CEST|SSLExtensions.java:204|Consumed extension: signature_algorithms
javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.623 CEST|SSLExtensions.java:185|Ignore unavailable extension: cookie
javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.623 CEST|SSLExtensions.java:185|Ignore unavailable extension: certificate_authorities
javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.624 CEST|SSLExtensions.java:204|Consumed extension: signature_algorithms_cert
javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.627 CEST|SSLExtensions.java:204|Consumed extension: key_share
javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.627 CEST|SSLExtensions.java:175|Ignore unsupported extension: renegotiation_info
javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.628 CEST|SSLExtensions.java:219|Ignore unavailable extension: server_name
javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.628 CEST|SSLExtensions.java:219|Ignore unavailable extension: max_fragment_length
javax.net.ssl|WARNING|22|grpc-default-executor-0|2024-09-16 13:56:08.629 CEST|SSLExtensions.java:227|Ignore impact of unsupported extension: status_request
javax.net.ssl|WARNING|22|grpc-default-executor-0|2024-09-16 13:56:08.629 CEST|SSLExtensions.java:227|Ignore impact of unsupported extension: supported_groups
javax.net.ssl|WARNING|22|grpc-default-executor-0|2024-09-16 13:56:08.629 CEST|SSLExtensions.java:227|Ignore impact of unsupported extension: application_layer_protocol_negotiation
javax.net.ssl|WARNING|22|grpc-default-executor-0|2024-09-16 13:56:08.629 CEST|SignatureScheme.java:440|Unsupported signature scheme: dsa_sha256
javax.net.ssl|WARNING|22|grpc-default-executor-0|2024-09-16 13:56:08.629 CEST|SignatureScheme.java:440|Unsupported signature scheme: ecdsa_sha224
javax.net.ssl|WARNING|22|grpc-default-executor-0|2024-09-16 13:56:08.629 CEST|SignatureScheme.java:440|Unsupported signature scheme: rsa_sha224
javax.net.ssl|WARNING|22|grpc-default-executor-0|2024-09-16 13:56:08.629 CEST|SignatureScheme.java:440|Unsupported signature scheme: dsa_sha224
javax.net.ssl|WARNING|22|grpc-default-executor-0|2024-09-16 13:56:08.629 CEST|SignatureScheme.java:440|Unsupported signature scheme: dsa_sha1
javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.629 CEST|SSLExtensions.java:236|Populated with extension: signature_algorithms
javax.net.ssl|WARNING|22|grpc-default-executor-0|2024-09-16 13:56:08.629 CEST|SSLExtensions.java:227|Ignore impact of unsupported extension: supported_versions
javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.629 CEST|SSLExtensions.java:219|Ignore unavailable extension: cookie
javax.net.ssl|WARNING|22|grpc-default-executor-0|2024-09-16 13:56:08.629 CEST|SSLExtensions.java:227|Ignore impact of unsupported extension: psk_key_exchange_modes
javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.630 CEST|SSLExtensions.java:219|Ignore unavailable extension: certificate_authorities
javax.net.ssl|WARNING|22|grpc-default-executor-0|2024-09-16 13:56:08.630 CEST|SignatureScheme.java:440|Unsupported signature scheme: dsa_sha256
javax.net.ssl|WARNING|22|grpc-default-executor-0|2024-09-16 13:56:08.630 CEST|SignatureScheme.java:440|Unsupported signature scheme: ecdsa_sha224
javax.net.ssl|WARNING|22|grpc-default-executor-0|2024-09-16 13:56:08.630 CEST|SignatureScheme.java:440|Unsupported signature scheme: rsa_sha224
javax.net.ssl|WARNING|22|grpc-default-executor-0|2024-09-16 13:56:08.630 CEST|SignatureScheme.java:440|Unsupported signature scheme: dsa_sha224
javax.net.ssl|WARNING|22|grpc-default-executor-0|2024-09-16 13:56:08.630 CEST|SignatureScheme.java:440|Unsupported signature scheme: dsa_sha1
javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.630 CEST|SSLExtensions.java:236|Populated with extension: signature_algorithms_cert
javax.net.ssl|WARNING|22|grpc-default-executor-0|2024-09-16 13:56:08.630 CEST|SSLExtensions.java:227|Ignore impact of unsupported extension: key_share
javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.630 CEST|ServerHello.java:729|use cipher suite TLS_AES_128_GCM_SHA256
javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.640 CEST|SSLExtensions.java:272|Ignore, context unavailable extension: pre_shared_key
javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.641 CEST|ServerHello.java:581|Produced ServerHello handshake message (
"ServerHello": {
"server version" : "TLSv1.2",
"random" : "57DE2ADB325A86B79EF8563244FC15AF2B673A1099E7266EC4929F0D4E6E1B56",
"session id" : "B42020E339E65569D0F583AA828A1BD814186106C64049DEE1AB814EAE516C04",
"cipher suite" : "TLS_AES_128_GCM_SHA256(0x1301)",
"compression methods" : "00",
"extensions" : [
"supported_versions (43)": {
"selected version": [TLSv1.3]
},
"key_share (51)": {
"server_share": {
"named group": x25519
"key_exchange": {
0000: 23 9B DD 89 B7 66 A0 B4 77 AF FF 18 46 C2 41 75 #....f..w...F.Au
0010: A8 72 63 C4 7E A9 33 00 42 31 B3 0E E1 84 C3 60 .rc...3.B1.....`
}
},
}
]
}
)
javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.646 CEST|SSLCipher.java:1836|KeyLimit read side: algorithm = AES/GCM/NoPadding:KEYUPDATE
countdown value = 137438953472
javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.647 CEST|SSLCipher.java:1987|KeyLimit write side: algorithm = AES/GCM/NoPadding:KEYUPDATE
countdown value = 137438953472
javax.net.ssl|ALL|22|grpc-default-executor-0|2024-09-16 13:56:08.647 CEST|ServerNameExtension.java:527|Ignore unavailable extension: server_name
javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.647 CEST|SSLExtensions.java:272|Ignore, context unavailable extension: server_name
javax.net.ssl|ALL|22|grpc-default-executor-0|2024-09-16 13:56:08.647 CEST|MaxFragExtension.java:459|Ignore unavailable max_fragment_length extension
javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.647 CEST|SSLExtensions.java:272|Ignore, context unavailable extension: max_fragment_length
javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.648 CEST|EncryptedExtensions.java:138|Produced EncryptedExtensions message (
"EncryptedExtensions": [
"supported_groups (10)": {
"named groups": [x25519, secp256r1, secp384r1, secp521r1, x448, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192]
},
"application_layer_protocol_negotiation (16)": {
[h2]
}
]
)
javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.650 CEST|CertificateRequest.java:891|Produced CertificateRequest message (
"CertificateRequest": {
"certificate_request_context": "",
"extensions": [
"signature_algorithms (13)": {
"signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, ed25519, ed448, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, ecdsa_sha1, rsa_pkcs1_sha1]
},
"certificate_authorities (47)": {
"certificate authorities": [
CN=java-tutorials, OU=Altindag, O=Altindag, C=NL]
},
"signature_algorithms_cert (50)": {
"signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, ed25519, ed448, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, ecdsa_sha1, rsa_pkcs1_sha1]
}
]
}
)
javax.net.ssl|ALL|22|grpc-default-executor-0|2024-09-16 13:56:08.652 CEST|X509Authentication.java:289|No X.509 cert selected for EC
javax.net.ssl|ALL|22|grpc-default-executor-0|2024-09-16 13:56:08.652 CEST|X509Authentication.java:289|No X.509 cert selected for EdDSA
javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.652 CEST|SunX509KeyManagerImpl.java:388|matching alias: server
javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.653 CEST|StatusResponseManager.java:737|Staping disabled or is a resumed session
javax.net.ssl|ALL|22|grpc-default-executor-0|2024-09-16 13:56:08.653 CEST|CertStatusExtension.java:1116|Stapling is disabled for this connection
javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.653 CEST|SSLExtensions.java:272|Ignore, context unavailable extension: status_request
javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.654 CEST|CertificateMessage.java:1016|Produced server Certificate message (
"Certificate": {
"certificate_request_context": "",
"certificate_list": [
{
"certificate" : {
"version" : "v3",
"serial number" : "0096F7244042545685",
"signature algorithm": "SHA384withRSA",
"issuer" : "CN=Hakan, OU=Amsterdam, O=Thunderberry, C=NL",
"not before" : "2024-09-16 13:55:16.000 CEST",
"not after" : "2034-09-14 13:55:16.000 CEST",
"subject" : "CN=Hakan, OU=Amsterdam, O=Thunderberry, C=NL",
"subject public key" : "RSA",
"extensions" : [
{
ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
]
},
{
ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
DigitalSignature
Key_Encipherment
Data_Encipherment
Key_Agreement
]
},
{
ObjectId: 2.5.29.17 Criticality=true
SubjectAlternativeName [
DNSName: localhost
DNSName: raspberrypi.local
IPAddress: 127.0.0.1
]
},
{
ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 53 8C 4E 49 B4 91 68 AD 03 61 49 03 D8 CA F3 66 S.NI..h..aI....f
0010: AD 1E 7F 3E ...>
]
]
}
]}
"extensions": {
<no extension>
}
},
]
}
)
javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.682 CEST|CertificateVerify.java:1117|Produced server CertificateVerify handshake message (
"CertificateVerify": {
"signature algorithm": rsa_pss_rsae_sha256
"signature": {
0000: 56 2A 1A 96 C0 93 61 D0 89 CC B7 53 D6 C0 04 13 V*....a....S....
0010: 53 E6 6C 0C 70 4B 04 93 C4 D6 EB BF D9 01 EF 20 S.l.pK.........
0020: 6D E1 5A E1 B1 19 B0 58 D8 CE 0A ED 09 46 D5 6A m.Z....X.....F.j
0030: BC 75 CA 1F 2A 3C 2B 98 87 81 96 2C 88 58 23 50 .u..*<+....,.X#P
0040: AA C2 56 9B F1 9E CB B3 80 13 B9 80 09 07 F6 B4 ..V.............
0050: 1F C4 B8 FF 9F 54 B6 96 30 11 97 64 B3 95 58 07 .....T..0..d..X.
0060: C7 D5 7E 14 E6 6A 6A A2 7D 7E B7 DD F2 C6 96 81 .....jj.........
0070: A2 0D FE E7 61 A8 C7 04 0D 34 0A 9E 34 53 F5 FC ....a....4..4S..
0080: 83 4F C6 81 FE 62 3F 15 1A 1E 87 93 79 A0 64 19 .O...b?.....y.d.
0090: 73 E9 80 46 F5 CC 07 58 D8 FB 7F E5 52 7F 91 89 s..F...X....R...
00A0: 9F 12 25 3F DE 75 F6 2D 3A 67 BB B2 7D C6 93 22 ..%?.u.-:g....."
00B0: D9 12 35 A6 81 40 15 2E 49 03 83 95 D6 0B B3 BB [email protected].......
00C0: 71 E8 22 08 06 18 30 53 64 0B 45 5F 8D A3 E4 D9 q."...0Sd.E_....
00D0: D2 D9 BD 82 25 0E 20 20 B9 AF 01 F9 B9 29 2C 4D ....%. .....),M
00E0: 20 96 AC 67 1A F6 59 EA 04 80 11 CA BA 7C DA 3B ..g..Y........;
00F0: 0C C7 B6 89 A4 B0 BA 2E E8 FD FF 7E 53 6B 2F 2E ............Sk/.
}
}
)
javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.684 CEST|Finished.java:781|Produced server Finished handshake message (
"Finished": {
"verify data": {
0000: 77 B6 79 42 29 2C 94 34 BD D0 28 B0 28 7B 16 54 w.yB),.4..(.(..T
0010: F2 33 DB 1B 22 6B 71 48 1F 92 79 24 1D 7F A9 AF .3.."kqH..y$....
}
}
)
javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.684 CEST|SSLCipher.java:1987|KeyLimit write side: algorithm = AES/GCM/NoPadding:KEYUPDATE
countdown value = 137438953472
javax.net.ssl|DEBUG|12|grpc-nio-worker-ELG-3-1|2024-09-16 13:56:08.711 CEST|ChangeCipherSpec.java:244|Consuming ChangeCipherSpec message
javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.797 CEST|CertificateMessage.java:1141|Consuming client Certificate handshake message (
"Certificate": {
"certificate_request_context": "",
"certificate_list": [
{
"certificate" : {
"version" : "v3",
"serial number" : "19AF1029D5ACFCF4",
"signature algorithm": "SHA384withRSA",
"issuer" : "CN=java-tutorials, OU=Altindag, O=Altindag, C=NL",
"not before" : "2024-09-16 13:55:17.000 CEST",
"not after" : "2034-09-14 13:55:17.000 CEST",
"subject" : "CN=java-tutorials, OU=Altindag, O=Altindag, C=NL",
"subject public key" : "RSA",
"extensions" : [
{
ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
]
},
{
ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
DigitalSignature
Key_Encipherment
Data_Encipherment
Key_Agreement
]
},
{
ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 87 88 06 82 DA BB 87 CF 48 AD 27 70 0F 52 18 5B ........H.'p.R.[
0010: A0 C7 E6 78 ...x
]
]
}
]}
"extensions": {
<no extension>
}
},
]
}
)
javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.799 CEST|X509TrustManagerImpl.java:300|Found trusted certificate (
"certificate" : {
"version" : "v3",
"serial number" : "19AF1029D5ACFCF4",
"signature algorithm": "SHA384withRSA",
"issuer" : "CN=java-tutorials, OU=Altindag, O=Altindag, C=NL",
"not before" : "2024-09-16 13:55:17.000 CEST",
"not after" : "2034-09-14 13:55:17.000 CEST",
"subject" : "CN=java-tutorials, OU=Altindag, O=Altindag, C=NL",
"subject public key" : "RSA",
"extensions" : [
{
ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
]
},
{
ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
DigitalSignature
Key_Encipherment
Data_Encipherment
Key_Agreement
]
},
{
ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 87 88 06 82 DA BB 87 CF 48 AD 27 70 0F 52 18 5B ........H.'p.R.[
0010: A0 C7 E6 78 ...x
]
]
}
]}
)
javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.800 CEST|CertificateVerify.java:1169|Consuming CertificateVerify handshake message (
"CertificateVerify": {
"signature algorithm": rsa_pss_rsae_sha256
"signature": {
0000: 76 67 D2 5A 6E FF 4F 6D 70 DE A5 9F 54 29 2F F6 vg.Zn.Omp...T)/.
0010: DD 88 CB D3 20 1E 3A 65 D7 DA 41 5A E8 D5 28 7F .... .:e..AZ..(.
0020: 58 65 24 28 6A FC C1 D6 1E 84 6D 4B 3B 56 2C FC Xe$(j.....mK;V,.
0030: 56 AA E4 C7 E8 A4 64 77 04 18 7B EB BF A6 8D B1 V.....dw........
0040: F0 3E 77 DF 2C 6D 44 19 C0 9F D8 15 D6 94 0B D5 .>w.,mD.........
0050: B2 B9 73 59 7F 27 28 32 C9 7B CA B7 71 26 F2 FF ..sY.'(2....q&..
0060: 2A 39 A2 41 48 0E D4 95 F9 07 19 0B FE 58 4D 51 *9.AH........XMQ
0070: 44 8E 6D 8C 7A 01 1B 56 E2 14 B0 75 78 9B 61 F7 D.m.z..V...ux.a.
0080: E7 B0 08 65 13 5E E8 55 97 37 C2 C6 72 DA CC B7 ...e.^.U.7..r...
0090: BA 09 F5 AD 2D 06 A4 FF F3 C7 9F 70 AC 85 57 87 ....-......p..W.
00A0: C2 84 6A 5B 7B 3A 78 61 CF 45 64 FD 5D 7F 3E 38 ..j[.:xa.Ed.].>8
00B0: 62 76 72 F5 96 0E 24 2C A9 27 E1 F3 EC D5 F2 35 bvr...$,.'.....5
00C0: 0B 95 96 26 D3 99 3D B4 97 3D 83 CF C9 7E B5 93 ...&..=..=......
00D0: C5 EC D0 8C 15 C8 B8 A7 F5 94 1E F0 7F 82 BB 83 ................
00E0: 86 2D 6D CE A4 CC C8 0F E2 69 42 58 B3 E5 34 D7 .-m......iBX..4.
00F0: 68 BC 87 32 5B 9A F7 47 3D CC C2 2E 1A D4 F7 BB h..2[..G=.......
}
}
)
javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.801 CEST|Finished.java:1051|Consuming client Finished handshake message (
"Finished": {
"verify data": {
0000: 15 18 4F EE C4 B2 88 F5 96 F5 6A 7B 84 C7 81 0D ..O.......j.....
0010: 3D DA 02 11 DA EB 0F BE 47 60 16 A5 8C E9 CB DF =.......G`......
}
}
)
javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.801 CEST|SSLCipher.java:1836|KeyLimit read side: algorithm = AES/GCM/NoPadding:KEYUPDATE
countdown value = 137438953472
Search for the line similar to the below one in the full output and you will find the SSL/TLS version:
javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.622 CEST|ClientHello.java:826|Negotiated protocol version: TLSv1.3
javax.net.ssl|DEBUG|93|Thread-13|2024-09-16 20:12:53.255 IST|SSLCipher.java:466|jdk.tls.keyLimits: entry = AES/GCM/NoPadding KeyUpdate 2^37. AES/GCM/NOPADDING:KEYUPDATE = 137438953472 javax.net.ssl|DEBUG|93|Thread-13|2024-09-16 20:12:54.019 IST|SunX509KeyManagerImpl.java:160|found key for : key ( "certificate" : { "version" : "v3", "serial number" : "2AE8EFA8756437AD6E026615D9C01690786CC383", I'm getting this as output. I'm not able to find the TLS version or ClientHello or ServerHello. (The above is only a part of the output from the top).
Commented
Sep 16 at 14:56