随笔-448  评论-41  文章-0 

netty集成ssl完整参考指南(含完整源码)

 虽然我们在内部rpc通信中使用的是基于认证和报文头加密的方式实现安全性,但是有些时候仍然需要使用SSL加密,可能是因为对接的三方系统需要,也可能是由于open的考虑。中午特地测了下netty下集成ssl的功能,关于ssl的握手过程以及java安全框架中的相关组件说明,请参考如下链接:

http://www.cnblogs.com/zhjh256/p/6262620.html

http://www.cnblogs.com/zhjh256/p/6104537.html

网上搜了下,并没有看到完整的netty ssl示例例子,netty in action中也只是匆匆带过。特详细的测试和整理如下。

首先生成服务端证书:

D:\security\server>keytool -genkey -alias securechat -keysize 2048 -validity 365 -keyalg RSA -dname "CN=localhost" -keypass sNetty -storepass sNetty -keystore sChat.jks

D:\security\server>keytool -export -alias securechat -keystore sChat.jks -storepass sNetty -file sChat.cer
存储在文件 <sChat.cer> 中的证书

D:\security\server>cd /d ../client

D:\security\client>keytool -genkey -alias smcc -keysize 2048 -validity 365 -keyalg RSA -dname "CN=localhost" -keypass cNetty -storepass cNetty -keystore cChat.jks

D:\security\client>keytool -import -trustcacerts -alias securechat -file ../server\sChat.cer -storepass cNetty -keystore cChat.jks
所有者: CN=localhost
发布者: CN=localhost
序列号: 78384348
有效期开始日期: Wed Mar 01 12:48:48 CST 2017, 截止日期: Thu Mar 01 12:48:48 CST 2018
证书指纹:
MD5: 94:83:6C:6D:4B:0D:0B:E6:BF:39:B7:2C:17:29:E8:3C
SHA1: 9A:29:27:41:BE:71:38:C8:13:99:3A:8F:C6:37:C2:95:31:14:B4:98
SHA256: E9:31:40:C7:FC:EA:EF:24:54:EF:4C:59:50:44:CB:1F:9A:35:B7:26:07:2D:3B:1F:BC:30:8E:C0:63:45:4F:21
签名算法名称: SHA256withRSA
版本: 3

扩展:

#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 9B 96 0D 50 4A 5E AF 3D 56 25 9C A5 69 C1 3E CC ...PJ^.=V%..i.>.
0010: 32 85 0D A8 2...
]
]

是否信任此证书? [否]: 是
证书已添加到密钥库中

netty服务端源码:

package com.ld.net.spider.server;

import io.netty.channel.ChannelHandlerContext;
import io.netty.channel.SimpleChannelInboundHandler;

import java.net.InetSocketAddress;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

public class SpiderServerBusiHandler extends SimpleChannelInboundHandler<Object> {
    static final Logger logger = LoggerFactory.getLogger(SpiderServerBusiHandler.class);
    
    @Override
    protected void channelRead0(final ChannelHandlerContext ctx, final Object msg)
            throws Exception {
        System.out.println(msg.toString());
    }
    
    @Override 
    public void exceptionCaught(ChannelHandlerContext ctx,  
            Throwable cause) throws Exception {  
        logger.error("channel " + ((InetSocketAddress)ctx.channel().remoteAddress()).toString() + " exception:",cause);
        ctx.close();
    }
}
package com.ld.net.spider.channel;

import java.nio.charset.Charset;

import javax.net.ssl.SSLEngine;

import com.ld.net.spider.server.SpiderServerBusiHandler;

import io.netty.channel.Channel;
import io.netty.channel.ChannelInitializer;
import io.netty.channel.ChannelPipeline;
import io.netty.handler.codec.LengthFieldBasedFrameDecoder;
import io.netty.handler.codec.LengthFieldPrepender;
import io.netty.handler.codec.string.StringDecoder;
import io.netty.handler.codec.string.StringEncoder;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslHandler;

public class SslChannelInitializer extends ChannelInitializer<Channel> {
    private final SslContext context;

    public SslChannelInitializer(SslContext context) {
        this.context = context;
    }

    @Override
    protected void initChannel(Channel ch) throws Exception {
        SSLEngine engine = context.newEngine(ch.alloc());
        engine.setUseClientMode(false);
        ch.pipeline().addFirst("ssl", new SslHandler(engine));
        ChannelPipeline pipeline = ch.pipeline(); 
        pipeline.addLast("frameDecoder", new LengthFieldBasedFrameDecoder(Integer.MAX_VALUE, 0, 4, 0, 4));  
        pipeline.addLast("frameEncoder", new LengthFieldPrepender(4));  //最大16M                
        pipeline.addLast("decoder", new StringDecoder(Charset.forName("UTF-8")));  
        pipeline.addLast("encoder", new StringEncoder(Charset.forName("UTF-8")));  
        pipeline.addLast("spiderServerBusiHandler", new SpiderServerBusiHandler());
    }
}
package com.ld.net.spider.channel;

import io.netty.bootstrap.ServerBootstrap;
import io.netty.buffer.PooledByteBufAllocator;
import io.netty.channel.ChannelOption;
import io.netty.channel.EventLoopGroup;
import io.netty.channel.ServerChannel;
import io.netty.channel.nio.NioEventLoopGroup;
import io.netty.channel.socket.nio.NioServerSocketChannel;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;

import java.io.FileInputStream;
import java.security.KeyStore;

import javax.net.ssl.KeyManagerFactory;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

public class SocketServerHelper {
    static final Logger logger = LoggerFactory.getLogger(SocketServerHelper.class);
    private static int WORKER_GROUP_SIZE = Runtime.getRuntime().availableProcessors() * 2; 

    private static EventLoopGroup bossGroup; 
    private static EventLoopGroup workerGroup;  
    
    private static Class<? extends ServerChannel> channelClass;
    
    public static void startSpiderServer() throws Exception {
        ServerBootstrap b = new ServerBootstrap();
        b.childOption(ChannelOption.TCP_NODELAY, true)
        .childOption(ChannelOption.SO_KEEPALIVE, true)
        .childOption(ChannelOption.SO_REUSEADDR, true)    
        .childOption(ChannelOption.ALLOCATOR, new PooledByteBufAllocator(false))
        .childOption(ChannelOption.SO_RCVBUF, 1048576)
        .childOption(ChannelOption.SO_SNDBUF, 1048576);
        
        bossGroup = new NioEventLoopGroup(1);
        workerGroup = new NioEventLoopGroup(WORKER_GROUP_SIZE);
        channelClass = NioServerSocketChannel.class;
        logger.info("workerGroup size:" + WORKER_GROUP_SIZE);
        logger.info("preparing to start spider server...");
        b.group(bossGroup, workerGroup);  
        b.channel(channelClass);
        KeyManagerFactory keyManagerFactory = null;
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(new FileInputStream("D:\\security\\server\\sChat.jks"), "sNetty".toCharArray());
        keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
        keyManagerFactory.init(keyStore,"sNetty".toCharArray());
        SslContext sslContext = SslContextBuilder.forServer(keyManagerFactory).build();
        b.childHandler(new SslChannelInitializer(sslContext)); 
        b.bind(9912).sync();  
        logger.info("spider server start sucess, listening on port " + 9912 + ".");  
    }
    
    public static void main(String[] args) throws Exception {
        SocketServerHelper.startSpiderServer();
    }
      
    public static void shutdown() {  
        logger.debug("preparing to shutdown spider server...");
        bossGroup.shutdownGracefully();
        workerGroup.shutdownGracefully();  
        logger.debug("spider server is shutdown.");
    }
}
package com.ld.net.spider.channel;

import java.net.InetSocketAddress;
import java.nio.channels.ClosedChannelException;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import io.netty.buffer.ByteBuf;
import io.netty.channel.Channel;
import io.netty.channel.ChannelFuture;

public class SocketHelper {
    static final Logger logger = LoggerFactory.getLogger(SocketHelper.class);
    
    public static ChannelFuture writeMessage(Channel channel,String msg) {  
        if(channel!=null){  
            try {
                return channel.writeAndFlush(msg).sync();
            } catch (Exception e) {
                String otherInfo = "";
                
                if(channel.remoteAddress() != null) {
                    otherInfo = "remote address [" + ((InetSocketAddress)channel.remoteAddress()).toString() + "]";
                } else {
                    otherInfo = "channel is null.";
                }
                
                if(e instanceof ClosedChannelException) {
                    logger.error("channel to " + otherInfo + " is closed",e);
                } else {
                    logger.error("timeout occured during channel send msg, " + otherInfo,e);
                }
            }
        }else{
            logger.error("send msg failed, channel is disconnected or not connect. channel is null, please see caller log.");
        }
        return null;
    }
    
    public static ChannelFuture writeMessage(Channel channel,ByteBuf msg) {  
        if(channel!=null){  
            try {
                return channel.writeAndFlush(msg).sync();
            } catch (Exception e) {
                logger.error("timeout occured during channel send msg. remote address is:" + ((InetSocketAddress)channel.remoteAddress()).toString(),e);
            }
        }else{
            logger.error("send msg failed, channel is disconnected or not connect, channel is null, please see caller log.");
        }
        return null;
    }
}

客户端源码:

package com.ld.net.spider.client;

import io.netty.channel.ChannelHandlerContext;
import io.netty.channel.SimpleChannelInboundHandler;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

public class SpiderClientBusiHandler extends SimpleChannelInboundHandler<Object> {

    static final Logger logger = LoggerFactory.getLogger(SpiderClientBusiHandler.class);
    
    @Override
    protected void channelRead0(ChannelHandlerContext ctx, Object origMsg) {
        System.out.println(origMsg.toString());
    }
    
    @Override 
    public void exceptionCaught(ChannelHandlerContext ctx,  
            Throwable cause) throws Exception {  
        cause.printStackTrace();
    }
}
package com.ld.net.spider.channel;

import java.nio.charset.Charset;

import javax.net.ssl.SSLEngine;

import com.ld.net.spider.client.SpiderClientBusiHandler;

import io.netty.channel.Channel;
import io.netty.channel.ChannelInitializer;
import io.netty.channel.ChannelPipeline;
import io.netty.handler.codec.LengthFieldBasedFrameDecoder;
import io.netty.handler.codec.LengthFieldPrepender;
import io.netty.handler.codec.string.StringDecoder;
import io.netty.handler.codec.string.StringEncoder;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslHandler;

public class SslChannelInitializer extends ChannelInitializer<Channel> {
    private final SslContext context;

    public SslChannelInitializer(SslContext context) {
        this.context = context;
    }

    @Override
    protected void initChannel(Channel ch) throws Exception {
        SSLEngine engine = context.newEngine(ch.alloc());
        engine.setUseClientMode(true);
        ch.pipeline().addFirst("ssl", new SslHandler(engine));
        ChannelPipeline pipeline = ch.pipeline(); 
        pipeline.addLast("frameDecoder", new LengthFieldBasedFrameDecoder(Integer.MAX_VALUE, 0, 4, 0, 4));  
        pipeline.addLast("frameEncoder", new LengthFieldPrepender(4));  //最大16M                
        pipeline.addLast("decoder", new StringDecoder(Charset.forName("UTF-8")));  
        pipeline.addLast("encoder", new StringEncoder(Charset.forName("UTF-8")));  
        pipeline.addLast("spiderClientBusiHandler", new SpiderClientBusiHandler());
    }
}
package com.ld.net.spider.channel;

import io.netty.bootstrap.Bootstrap;
import io.netty.channel.Channel;
import io.netty.channel.ChannelOption;
import io.netty.channel.EventLoopGroup;
import io.netty.channel.nio.NioEventLoopGroup;
import io.netty.channel.socket.nio.NioSocketChannel;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;

import java.io.FileInputStream;
import java.security.KeyStore;
import java.text.MessageFormat;

import javax.net.ssl.TrustManagerFactory;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

public class SocketClientHelper {
    static final Logger logger = LoggerFactory.getLogger(SocketClientHelper.class);
    
    public static void main(String[] args) {
        Channel channel = SocketClientHelper.createChannel("localhost",9912);
        try {
            Thread.sleep(100);
        } catch (InterruptedException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        }
        SocketHelper.writeMessage(channel, "ssh over tcp test 1");
        SocketHelper.writeMessage(channel, "ssh over tcp test 2");
        SocketHelper.writeMessage(channel, "ssh over tcp test 3");
        SocketHelper.writeMessage(channel, "ssh over tcp test 4");
        SocketHelper.writeMessage(channel, "ssh over tcp test 5");
    }
    
    public static Channel createChannel(String host, int port) {
        Channel channel = null;  
        Bootstrap b = getBootstrap();
        try {  
            channel = b.connect(host, port).sync().channel();
            logger.info(MessageFormat.format("connect to spider server ({0}:{1,number,#}) success for thread [" + Thread.currentThread().getName() + "].", host,port));
        } catch (Exception e) {
            e.printStackTrace();
        }  
        return channel;
    }
    
    public static Bootstrap getBootstrap(){  
        EventLoopGroup group;
        Class<? extends Channel> channelClass = NioSocketChannel.class;
        group = new NioEventLoopGroup();
        Bootstrap b = new Bootstrap();  
        b.group(group).channel(channelClass);
        b.option(ChannelOption.SO_KEEPALIVE, true);
        b.option(ChannelOption.TCP_NODELAY, true);
        b.option(ChannelOption.SO_REUSEADDR, true);
        b.option(ChannelOption.CONNECT_TIMEOUT_MILLIS, 5000);
        TrustManagerFactory tf = null; 
        try {
            KeyStore keyStore = KeyStore.getInstance("JKS");
            keyStore.load(new FileInputStream("D:\\security\\client\\cChat.jks"), "cNetty".toCharArray());
            tf = TrustManagerFactory.getInstance("SunX509");
            tf.init(keyStore);
            SslContext sslContext = SslContextBuilder.forClient().trustManager(tf).build();
            b.handler(new SslChannelInitializer(sslContext));
            return b;
        } catch(Exception e) {
            e.printStackTrace();
        }
        return null;
    }
}
package com.ld.net.spider.channel;

import java.net.InetSocketAddress;
import java.nio.channels.ClosedChannelException;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import io.netty.buffer.ByteBuf;
import io.netty.channel.Channel;
import io.netty.channel.ChannelFuture;

public class SocketHelper {
    static final Logger logger = LoggerFactory.getLogger(SocketHelper.class);
    
    //仅用于内部通信,不供业务直接使用
    public static ChannelFuture writeMessage(Channel channel,String msg) {  
        if(channel!=null){  
            try {
                System.out.println("send: " + msg);
                return channel.writeAndFlush(msg).sync();
            } catch (Exception e) {
                String otherInfo = "";
                
                if(channel.remoteAddress() != null) {
                    otherInfo = "remote address [" + ((InetSocketAddress)channel.remoteAddress()).toString() + "]";
                } else {
                    otherInfo = "channel is null.";
                }
                
                if(e instanceof ClosedChannelException) {
                    logger.error("channel to " + otherInfo + " is closed",e);
                } else {
                    logger.error("timeout occured during channel send msg, " + otherInfo,e);
                }
            }
        }else{
            logger.error("send msg failed, channel is disconnected or not connect. channel is null, please see caller log.");
        }
        return null;
    }
    
    public static ChannelFuture writeMessage(Channel channel,ByteBuf msg) {  
        if(channel!=null){  
            try {
                return channel.writeAndFlush(msg).sync();
            } catch (Exception e) {
                logger.error("timeout occured during channel send msg. remote address is:" + ((InetSocketAddress)channel.remoteAddress()).toString(),e);
            }
        }else{
            logger.error("send msg failed, channel is disconnected or not connect, channel is null, please see caller log.");
        }
        return null;
    }
}

服务端日志如下:

2017-03-01 16:58:51,130 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:71) Using SLF4J as the default logging framework 
2017-03-01 16:58:51,149 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:71) java.nio.Buffer.address: available 
2017-03-01 16:58:51,152 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:71) sun.misc.Unsafe.theUnsafe: available 
2017-03-01 16:58:51,153 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:71) sun.misc.Unsafe.copyMemory: available 
2017-03-01 16:58:51,153 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:71) direct buffer constructor: available 
2017-03-01 16:58:51,156 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) java.nio.Bits.unaligned: available, true 
2017-03-01 16:58:51,156 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) java.nio.DirectByteBuffer.<init>(long, int): available 
2017-03-01 16:58:51,157 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) java.nio.ByteBuffer.cleaner(): available 
2017-03-01 16:58:51,158 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:71) Platform: Windows 
2017-03-01 16:58:51,159 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) Java version: 8 
2017-03-01 16:58:51,159 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.noUnsafe: false 
2017-03-01 16:58:51,159 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) sun.misc.Unsafe: available 
2017-03-01 16:58:51,160 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.noJavassist: false 
2017-03-01 16:58:51,263 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:71) Javassist: available 
2017-03-01 16:58:51,264 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.tmpdir: C:\Users\dell\AppData\Local\Temp (java.io.tmpdir) 
2017-03-01 16:58:51,264 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.bitMode: 32 (sun.arch.data.model) 
2017-03-01 16:58:51,266 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.noPreferDirect: false 
2017-03-01 16:58:51,266 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) io.netty.maxDirectMemory: 259522560 bytes 
2017-03-01 16:58:51,278 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.allocator.numHeapArenas: 2 
2017-03-01 16:58:51,278 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.allocator.numDirectArenas: 2 
2017-03-01 16:58:51,278 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.allocator.pageSize: 8192 
2017-03-01 16:58:51,278 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.allocator.maxOrder: 11 
2017-03-01 16:58:51,279 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.allocator.chunkSize: 16777216 
2017-03-01 16:58:51,279 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.allocator.tinyCacheSize: 512 
2017-03-01 16:58:51,279 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.allocator.smallCacheSize: 256 
2017-03-01 16:58:51,279 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.allocator.normalCacheSize: 64 
2017-03-01 16:58:51,279 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.allocator.maxCachedBufferCapacity: 32768 
2017-03-01 16:58:51,279 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.allocator.cacheTrimInterval: 8192 
2017-03-01 16:58:51,294 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.eventLoopThreads: 16 
2017-03-01 16:58:51,317 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.noKeySetOptimization: false 
2017-03-01 16:58:51,317 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.selectorAutoRebuildThreshold: 512 
2017-03-01 16:58:51,321 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:71) org.jctools-core.MpscChunkedArrayQueue: available 
2017-03-01 16:58:51,570 INFO main com.ld.net.spider.channel.SocketServerHelper.startSpiderServer(SocketServerHelper.java:87) workerGroup size:16 
2017-03-01 16:58:51,571 INFO main com.ld.net.spider.channel.SocketServerHelper.startSpiderServer(SocketServerHelper.java:88) preparing to start spider server... 
***
found key for : securechat
chain [0] = [
[
  Version: V3
  Subject: CN=localhost
  Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11

  Key:  Sun RSA public key, 2048 bits
  modulus: 16749831635845125300898772810786851962757363576072630669848767625637449355190291171636880157484930405557737101798725595100430512588580403204298548884735410384206917161679097599345159927427558542606064509105209846308030792251873943022902050593801106402817832005445069333234562380602120679753904732125823381819786751986001753681225980680975385070899047009745899018543699824244522514977436255058760370815937546831611107298564630598608071740306664876690231081590657266029010190622338287792826180634476290558945799344550265622949291069523942227675708770661630527667572593691572695780386271863506537334127274891842041316241
  public exponent: 65537
  Validity: [From: Wed Mar 01 12:48:48 CST 2017,
               To: Thu Mar 01 12:48:48 CST 2018]
  Issuer: CN=localhost
  SerialNumber: [    78384348]

Certificate Extensions: 1
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 9B 96 0D 50 4A 5E AF 3D   56 25 9C A5 69 C1 3E CC  ...PJ^.=V%..i.>.
0010: 32 85 0D A8                                        2...
]
]

]
  Algorithm: [SHA256withRSA]
  Signature:
0000: 06 75 9F E1 A1 60 22 F9   2A 62 A7 71 42 D5 05 B7  .u...`".*b.qB...
0010: FF CB 2C C9 2D 03 D9 34   37 04 61 F0 C3 5D DF 23  ..,.-..47.a..].#
0020: B8 6C 72 3D 8E 60 CC 13   6E 66 C2 3A 81 E9 82 A4  .lr=.`..nf.:....
0030: FD BD 05 B7 73 B2 6D 15   09 29 D2 9C 1E C1 C2 95  ....s.m..)......
0040: 8A CA DC C7 E7 0A 64 C6   6E 6A 49 B9 29 77 30 84  ......d.njI.)w0.
0050: 4C 76 01 ED 48 AF 69 06   57 95 D5 AD 0D A9 06 7C  Lv..H.i.W.......
0060: 3C 92 34 C0 DF 6D 12 B0   61 BA 9D 34 E1 60 58 37  <.4..m..a..4.`X7
0070: 26 54 AB C4 83 00 C7 9D   A4 AE 50 2D A5 0F 9C B8  &T........P-....
0080: A3 A7 70 AE 7A FF AE 96   32 EA F0 CB 31 46 96 8C  ..p.z...2...1F..
0090: 68 B5 68 4F 6D 7D 63 8D   02 2D 96 75 12 E7 76 01  h.hOm.c..-.u..v.
00A0: 3F 61 46 E3 B9 7B CE E1   77 EC 87 BE B1 ED 3A 9E  ?aF.....w.....:.
00B0: B9 86 5E 77 EF 95 9B 17   16 EA 65 A9 59 E2 81 79  ..^w......e.Y..y
00C0: 0E BF B0 E5 18 CE 7A 0B   4A A6 19 1F 60 36 74 32  ......z.J...`6t2
00D0: E3 87 57 8A E0 98 87 DE   94 B0 BA A1 17 0F F2 16  ..W.............
00E0: D2 59 76 08 2F 6D 29 63   DA B9 E2 51 80 E9 85 22  .Yv./m)c...Q..."
00F0: B6 02 FD 8A 9B 44 98 57   44 44 65 B4 CC 42 B3 38  .....D.WDDe..B.8

]
***
2017-03-01 16:58:51,633 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:71) netty-tcnative not in the classpath; OpenSslEngine will be unavailable. 
trustStore is: C:\Java\jdk1.8.0_102\jre\lib\security\cacerts
trustStore type is : jks
trustStore provider is : 
init truststore
adding as trusted cert:
  Subject: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US
  Issuer:  CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US
  Algorithm: RSA; Serial number: 0xc3517
  Valid from Mon Jun 21 12:00:00 CST 1999 until Mon Jun 22 12:00:00 CST 2020

adding as trusted cert:
  Subject: CN=SecureTrust CA, O=SecureTrust Corporation, C=US
  Issuer:  CN=SecureTrust CA, O=SecureTrust Corporation, C=US
  Algorithm: RSA; Serial number: 0xcf08e5c0816a5ad427ff0eb271859d0
  Valid from Wed Nov 08 03:31:18 CST 2006 until Tue Jan 01 03:40:55 CST 2030

adding as trusted cert:
  Subject: CN=Entrust Root Certification Authority - EC1, OU="(c) 2012 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US
  Issuer:  CN=Entrust Root Certification Authority - EC1, OU="(c) 2012 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US
  Algorithm: EC; Serial number: 0xa68b79290000000050d091f9
  Valid from Tue Dec 18 23:25:36 CST 2012 until Fri Dec 18 23:55:36 CST 2037

adding as trusted cert:
  Subject: OU=Security Communication RootCA1, O=SECOM Trust.net, C=JP
  Issuer:  OU=Security Communication RootCA1, O=SECOM Trust.net, C=JP
  Algorithm: RSA; Serial number: 0x0
  Valid from Tue Sep 30 12:20:49 CST 2003 until Sat Sep 30 12:20:49 CST 2023

adding as trusted cert:
  Subject: CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
  Issuer:  CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
  Algorithm: RSA; Serial number: 0x83be056904246b1a1756ac95991c74a
  Valid from Fri Nov 10 08:00:00 CST 2006 until Mon Nov 10 08:00:00 CST 2031

adding as trusted cert:
  Subject: CN=QuoVadis Root CA 2 G3, O=QuoVadis Limited, C=BM
  Issuer:  CN=QuoVadis Root CA 2 G3, O=QuoVadis Limited, C=BM
  Algorithm: RSA; Serial number: 0x445734245b81899b35f2ceb82b3b5ba726f07528
  Valid from Fri Jan 13 02:59:32 CST 2012 until Mon Jan 13 02:59:32 CST 2042

adding as trusted cert:
  Subject: CN=DigiCert Trusted Root G4, OU=www.digicert.com, O=DigiCert Inc, C=US
  Issuer:  CN=DigiCert Trusted Root G4, OU=www.digicert.com, O=DigiCert Inc, C=US
  Algorithm: RSA; Serial number: 0x59b1b579e8e2132e23907bda777755c
  Valid from Thu Aug 01 20:00:00 CST 2013 until Fri Jan 15 20:00:00 CST 2038

adding as trusted cert:
  Subject: CN=GeoTrust Primary Certification Authority, O=GeoTrust Inc., C=US
  Issuer:  CN=GeoTrust Primary Certification Authority, O=GeoTrust Inc., C=US
  Algorithm: RSA; Serial number: 0x18acb56afd69b6153a636cafdafac4a1
  Valid from Mon Nov 27 08:00:00 CST 2006 until Thu Jul 17 07:59:59 CST 2036

adding as trusted cert:
  Subject: OU=Security Communication RootCA2, O="SECOM Trust Systems CO.,LTD.", C=JP
  Issuer:  OU=Security Communication RootCA2, O="SECOM Trust Systems CO.,LTD.", C=JP
  Algorithm: RSA; Serial number: 0x0
  Valid from Fri May 29 13:00:39 CST 2009 until Tue May 29 13:00:39 CST 2029

adding as trusted cert:
  Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
  Issuer:  OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
  Algorithm: RSA; Serial number: 0x7dd9fe07cfa81eb7107967fba78934c6
  Valid from Mon May 18 08:00:00 CST 1998 until Wed Aug 02 07:59:59 CST 2028

adding as trusted cert:
  Subject: OU=ePKI Root Certification Authority, O="Chunghwa Telecom Co., Ltd.", C=TW
  Issuer:  OU=ePKI Root Certification Authority, O="Chunghwa Telecom Co., Ltd.", C=TW
  Algorithm: RSA; Serial number: 0x15c8bd65475cafb897005ee406d2bc9d
  Valid from Mon Dec 20 10:31:27 CST 2004 until Wed Dec 20 10:31:27 CST 2034

adding as trusted cert:
  Subject: CN=AffirmTrust Commercial, O=AffirmTrust, C=US
  Issuer:  CN=AffirmTrust Commercial, O=AffirmTrust, C=US
  Algorithm: RSA; Serial number: 0x7777062726a9b17c
  Valid from Fri Jan 29 22:06:06 CST 2010 until Tue Dec 31 22:06:06 CST 2030

adding as trusted cert:
  Subject: CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL
  Issuer:  CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL
  Algorithm: RSA; Serial number: 0x444c0
  Valid from Wed Oct 22 20:07:37 CST 2008 until Mon Dec 31 20:07:37 CST 2029

adding as trusted cert:
  Subject: CN=XRamp Global Certification Authority, O=XRamp Security Services Inc, OU=www.xrampsecurity.com, C=US
  Issuer:  CN=XRamp Global Certification Authority, O=XRamp Security Services Inc, OU=www.xrampsecurity.com, C=US
  Algorithm: RSA; Serial number: 0x50946cec18ead59c4dd597ef758fa0ad
  Valid from Tue Nov 02 01:14:04 CST 2004 until Mon Jan 01 13:37:19 CST 2035

adding as trusted cert:
  Subject: CN=Sonera Class2 CA, O=Sonera, C=FI
  Issuer:  CN=Sonera Class2 CA, O=Sonera, C=FI
  Algorithm: RSA; Serial number: 0x1d
  Valid from Fri Apr 06 15:29:40 CST 2001 until Tue Apr 06 15:29:40 CST 2021

adding as trusted cert:
  Subject: CN=America Online Root Certification Authority 1, O=America Online Inc., C=US
  Issuer:  CN=America Online Root Certification Authority 1, O=America Online Inc., C=US
  Algorithm: RSA; Serial number: 0x1
  Valid from Tue May 28 14:00:00 CST 2002 until Fri Nov 20 04:43:00 CST 2037

adding as trusted cert:
  Subject: CN=GeoTrust Primary Certification Authority - G2, OU=(c) 2007 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US
  Issuer:  CN=GeoTrust Primary Certification Authority - G2, OU=(c) 2007 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US
  Algorithm: EC; Serial number: 0x3cb2f4480a00e2feeb243b5e603ec36b
  Valid from Mon Nov 05 08:00:00 CST 2007 until Tue Jan 19 07:59:59 CST 2038

adding as trusted cert:
  Subject: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
  Issuer:  OU=Equifax Secure Certificate Authority, O=Equifax, C=US
  Algorithm: RSA; Serial number: 0x35def4cf
  Valid from Sun Aug 23 00:41:51 CST 1998 until Thu Aug 23 00:41:51 CST 2018

adding as trusted cert:
  Subject: CN=COMODO ECC Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
  Issuer:  CN=COMODO ECC Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
  Algorithm: EC; Serial number: 0x1f47afaa62007050544c019e9b63992a
  Valid from Thu Mar 06 08:00:00 CST 2008 until Tue Jan 19 07:59:59 CST 2038

adding as trusted cert:
  Subject: CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
  Issuer:  CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
  Algorithm: RSA; Serial number: 0x2ac5c266a0b409b8f0b79f2ae462577
  Valid from Fri Nov 10 08:00:00 CST 2006 until Mon Nov 10 08:00:00 CST 2031

adding as trusted cert:
  Subject: CN=GeoTrust Universal CA, O=GeoTrust Inc., C=US
  Issuer:  CN=GeoTrust Universal CA, O=GeoTrust Inc., C=US
  Algorithm: RSA; Serial number: 0x1
  Valid from Thu Mar 04 13:00:00 CST 2004 until Sun Mar 04 13:00:00 CST 2029

adding as trusted cert:
  Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3
  Issuer:  CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3
  Algorithm: RSA; Serial number: 0x4000000000121585308a2
  Valid from Wed Mar 18 18:00:00 CST 2009 until Sun Mar 18 18:00:00 CST 2029

adding as trusted cert:
  Subject: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
  Issuer:  CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
  Algorithm: RSA; Serial number: 0x20000b9
  Valid from Sat May 13 02:46:00 CST 2000 until Tue May 13 07:59:00 CST 2025

adding as trusted cert:
  Subject: OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
  Issuer:  OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
  Algorithm: RSA; Serial number: 0x0
  Valid from Wed Jun 30 01:39:16 CST 2004 until Fri Jun 30 01:39:16 CST 2034

adding as trusted cert:
  Subject: CN=Thawte Timestamping CA, OU=Thawte Certification, O=Thawte, L=Durbanville, ST=Western Cape, C=ZA
  Issuer:  CN=Thawte Timestamping CA, OU=Thawte Certification, O=Thawte, L=Durbanville, ST=Western Cape, C=ZA
  Algorithm: RSA; Serial number: 0x67c8e1e8e3be1cbdfc913b8ea6238749
  Valid from Wed Jan 01 08:00:00 CST 1997 until Sat Jan 02 07:59:59 CST 2021

adding as trusted cert:
  Subject: CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB
  Issuer:  CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB
  Algorithm: RSA; Serial number: 0x1
  Valid from Thu Jan 01 08:00:00 CST 2004 until Mon Jan 01 07:59:59 CST 2029

adding as trusted cert:
  Subject: CN=UTN-USERFirst-Hardware, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
  Issuer:  CN=UTN-USERFirst-Hardware, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
  Algorithm: RSA; Serial number: 0x44be0c8b500024b411d3362afe650afd
  Valid from Sat Jul 10 02:10:42 CST 1999 until Wed Jul 10 02:19:22 CST 2019

adding as trusted cert:
  Subject: CN=Chambers of Commerce Root, OU=http://www.chambersign.org, O=AC Camerfirma SA CIF A82743287, C=EU
  Issuer:  CN=Chambers of Commerce Root, OU=http://www.chambersign.org, O=AC Camerfirma SA CIF A82743287, C=EU
  Algorithm: RSA; Serial number: 0x0
  Valid from Wed Oct 01 00:13:43 CST 2003 until Thu Oct 01 00:13:44 CST 2037

adding as trusted cert:
  Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
  Issuer:  CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
  Algorithm: RSA; Serial number: 0x9b7e0649a33e62b9d5ee90487129ef57
  Valid from Fri Oct 01 08:00:00 CST 1999 until Thu Jul 17 07:59:59 CST 2036

adding as trusted cert:
  Subject: CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE
  Issuer:  CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE
  Algorithm: RSA; Serial number: 0x40000000001154b5ac394
  Valid from Tue Sep 01 20:00:00 CST 1998 until Fri Jan 28 20:00:00 CST 2028

adding as trusted cert:
  Subject: CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
  Issuer:  CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
  Algorithm: RSA; Serial number: 0x44be0c8b500024b411d3362de0b35f1b
  Valid from Sat Jul 10 02:31:20 CST 1999 until Wed Jul 10 02:40:36 CST 2019

adding as trusted cert:
  Subject: CN=AffirmTrust Networking, O=AffirmTrust, C=US
  Issuer:  CN=AffirmTrust Networking, O=AffirmTrust, C=US
  Algorithm: RSA; Serial number: 0x7c4f04391cd4992d
  Valid from Fri Jan 29 22:08:24 CST 2010 until Tue Dec 31 22:08:24 CST 2030

adding as trusted cert:
  Subject: CN=AffirmTrust Premium, O=AffirmTrust, C=US
  Issuer:  CN=AffirmTrust Premium, O=AffirmTrust, C=US
  Algorithm: RSA; Serial number: 0x6d8c1446b1a60aee
  Valid from Fri Jan 29 22:10:36 CST 2010 until Mon Dec 31 22:10:36 CST 2040

adding as trusted cert:
  Subject: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust, O=Baltimore, C=IE
  Issuer:  CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust, O=Baltimore, C=IE
  Algorithm: RSA; Serial number: 0x20000bf
  Valid from Wed May 17 22:01:00 CST 2000 until Sun May 18 07:59:00 CST 2025

adding as trusted cert:
  Subject: CN=America Online Root Certification Authority 2, O=America Online Inc., C=US
  Issuer:  CN=America Online Root Certification Authority 2, O=America Online Inc., C=US
  Algorithm: RSA; Serial number: 0x1
  Valid from Tue May 28 14:00:00 CST 2002 until Tue Sep 29 22:08:00 CST 2037

adding as trusted cert:
  Subject: CN=LuxTrust Global Root, O=LuxTrust s.a., C=LU
  Issuer:  CN=LuxTrust Global Root, O=LuxTrust s.a., C=LU
  Algorithm: RSA; Serial number: 0xbb8
  Valid from Thu Mar 17 17:51:37 CST 2011 until Wed Mar 17 17:51:37 CST 2021

adding as trusted cert:
  Subject: CN=GeoTrust Primary Certification Authority - G3, OU=(c) 2008 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US
  Issuer:  CN=GeoTrust Primary Certification Authority - G3, OU=(c) 2008 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US
  Algorithm: RSA; Serial number: 0x15ac6e9419b2794b41f627a9c3180f1f
  Valid from Wed Apr 02 08:00:00 CST 2008 until Wed Dec 02 07:59:59 CST 2037

adding as trusted cert:
  Subject: CN=Chambers of Commerce Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU
  Issuer:  CN=Chambers of Commerce Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU
  Algorithm: RSA; Serial number: 0xa3da427ea4b1aeda
  Valid from Fri Aug 01 20:29:50 CST 2008 until Sat Jul 31 20:29:50 CST 2038

adding as trusted cert:
  Subject: CN=SwissSign Silver CA - G2, O=SwissSign AG, C=CH
  Issuer:  CN=SwissSign Silver CA - G2, O=SwissSign AG, C=CH
  Algorithm: RSA; Serial number: 0x4f1bd42f54bb2f4b
  Valid from Wed Oct 25 16:32:46 CST 2006 until Sat Oct 25 16:32:46 CST 2036

adding as trusted cert:
  Subject: CN=Entrust Root Certification Authority - G2, OU="(c) 2009 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US
  Issuer:  CN=Entrust Root Certification Authority - G2, OU="(c) 2009 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US
  Algorithm: RSA; Serial number: 0x4a538c28
  Valid from Wed Jul 08 01:25:54 CST 2009 until Sun Dec 08 01:55:54 CST 2030

adding as trusted cert:
  Subject: CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
  Issuer:  CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
  Algorithm: RSA; Serial number: 0xce7e0e517d846fe8fe560fc1bf03039
  Valid from Fri Nov 10 08:00:00 CST 2006 until Mon Nov 10 08:00:00 CST 2031

adding as trusted cert:
  Subject: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US
  Issuer:  OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US
  Algorithm: RSA; Serial number: 0x0
  Valid from Wed Jun 30 01:06:20 CST 2004 until Fri Jun 30 01:06:20 CST 2034

adding as trusted cert:
  Subject: CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE
  Issuer:  CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE
  Algorithm: RSA; Serial number: 0x1
  Valid from Tue May 30 18:48:38 CST 2000 until Sat May 30 18:48:38 CST 2020

adding as trusted cert:
  Subject: CN=T-TeleSec GlobalRoot Class 3, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE
  Issuer:  CN=T-TeleSec GlobalRoot Class 3, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE
  Algorithm: RSA; Serial number: 0x1
  Valid from Wed Oct 01 18:29:56 CST 2008 until Sun Oct 02 07:59:59 CST 2033

adding as trusted cert:
  Subject: CN=DigiCert Global Root G3, OU=www.digicert.com, O=DigiCert Inc, C=US
  Issuer:  CN=DigiCert Global Root G3, OU=www.digicert.com, O=DigiCert Inc, C=US
  Algorithm: EC; Serial number: 0x55556bcf25ea43535c3a40fd5ab4572
  Valid from Thu Aug 01 20:00:00 CST 2013 until Fri Jan 15 20:00:00 CST 2038

adding as trusted cert:
  Subject: CN=UTN-USERFirst-Client Authentication and Email, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
  Issuer:  CN=UTN-USERFirst-Client Authentication and Email, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
  Algorithm: RSA; Serial number: 0x44be0c8b500024b411d336252567c989
  Valid from Sat Jul 10 01:28:50 CST 1999 until Wed Jul 10 01:36:58 CST 2019

adding as trusted cert:
  Subject: CN=Class 2 Primary CA, O=Certplus, C=FR
  Issuer:  CN=Class 2 Primary CA, O=Certplus, C=FR
  Algorithm: RSA; Serial number: 0x85bd4bf3d8dae369f694d75fc3a54423
  Valid from Thu Jul 08 01:05:00 CST 1999 until Sun Jul 07 07:59:59 CST 2019

adding as trusted cert:
  Subject: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
  Issuer:  CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
  Algorithm: RSA; Serial number: 0x23456
  Valid from Tue May 21 12:00:00 CST 2002 until Sat May 21 12:00:00 CST 2022

adding as trusted cert:
  Subject: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH
  Issuer:  CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH
  Algorithm: RSA; Serial number: 0x4eb200670c035d4f
  Valid from Wed Oct 25 16:36:00 CST 2006 until Sat Oct 25 16:36:00 CST 2036

adding as trusted cert:
  Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R5
  Issuer:  CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R5
  Algorithm: EC; Serial number: 0x605949e0262ebb55f90a778a71f94ad86c
  Valid from Tue Nov 13 08:00:00 CST 2012 until Tue Jan 19 11:14:07 CST 2038

adding as trusted cert:
  Subject: CN=Starfield Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
  Issuer:  CN=Starfield Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
  Algorithm: RSA; Serial number: 0x0
  Valid from Tue Sep 01 08:00:00 CST 2009 until Fri Jan 01 07:59:59 CST 2038

adding as trusted cert:
  Subject: CN=VeriSign Class 2 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
  Issuer:  CN=VeriSign Class 2 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
  Algorithm: RSA; Serial number: 0x6170cb498c5f984529e7b0a6d9505b7a
  Valid from Fri Oct 01 08:00:00 CST 1999 until Thu Jul 17 07:59:59 CST 2036

adding as trusted cert:
  Subject: CN=IdenTrust Public Sector Root CA 1, O=IdenTrust, C=US
  Issuer:  CN=IdenTrust Public Sector Root CA 1, O=IdenTrust, C=US
  Algorithm: RSA; Serial number: 0xa0142800000014523cf467c00000002
  Valid from Fri Jan 17 01:53:32 CST 2014 until Tue Jan 17 01:53:32 CST 2034

adding as trusted cert:
  Subject: CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net
  Issuer:  CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net
  Algorithm: RSA; Serial number: 0x3863def8
  Valid from Sat Dec 25 01:50:51 CST 1999 until Tue Jul 24 22:15:12 CST 2029

adding as trusted cert:
  Subject: CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US
  Issuer:  CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US
  Algorithm: RSA; Serial number: 0x344ed55720d5edec49f42fce37db2b6d
  Valid from Fri Nov 17 08:00:00 CST 2006 until Thu Jul 17 07:59:59 CST 2036

adding as trusted cert:
  Subject: CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US
  Issuer:  CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US
  Algorithm: RSA; Serial number: 0x0
  Valid from Tue Sep 01 08:00:00 CST 2009 until Fri Jan 01 07:59:59 CST 2038

adding as trusted cert:
  Subject: CN=VeriSign Class 1 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
  Issuer:  CN=VeriSign Class 1 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
  Algorithm: RSA; Serial number: 0x8b5b75568454850b00cfaf3848ceb1a4
  Valid from Fri Oct 01 08:00:00 CST 1999 until Thu Jul 17 07:59:59 CST 2036

adding as trusted cert:
  Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G4, OU="(c) 2007 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
  Issuer:  CN=VeriSign Class 3 Public Primary Certification Authority - G4, OU="(c) 2007 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
  Algorithm: EC; Serial number: 0x2f80fe238c0e220f486712289187acb3
  Valid from Mon Nov 05 08:00:00 CST 2007 until Tue Jan 19 07:59:59 CST 2038

adding as trusted cert:
  Subject: CN=Entrust Root Certification Authority, OU="(c) 2006 Entrust, Inc.", OU=www.entrust.net/CPS is incorporated by reference, O="Entrust, Inc.", C=US
  Issuer:  CN=Entrust Root Certification Authority, OU="(c) 2006 Entrust, Inc.", OU=www.entrust.net/CPS is incorporated by reference, O="Entrust, Inc.", C=US
  Algorithm: RSA; Serial number: 0x456b5054
  Valid from Tue Nov 28 04:23:42 CST 2006 until Sat Nov 28 04:53:42 CST 2026

adding as trusted cert:
  Subject: CN=DigiCert Assured ID Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US
  Issuer:  CN=DigiCert Assured ID Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US
  Algorithm: RSA; Serial number: 0xb931c3ad63967ea6723bfc3af9af44b
  Valid from Thu Aug 01 20:00:00 CST 2013 until Fri Jan 15 20:00:00 CST 2038

adding as trusted cert:
  Subject: CN=Certum CA, O=Unizeto Sp. z o.o., C=PL
  Issuer:  CN=Certum CA, O=Unizeto Sp. z o.o., C=PL
  Algorithm: RSA; Serial number: 0x10020
  Valid from Tue Jun 11 18:46:39 CST 2002 until Fri Jun 11 18:46:39 CST 2027

adding as trusted cert:
  Subject: CN=AddTrust Qualified CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE
  Issuer:  CN=AddTrust Qualified CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE
  Algorithm: RSA; Serial number: 0x1
  Valid from Tue May 30 18:44:50 CST 2000 until Sat May 30 18:44:50 CST 2020

adding as trusted cert:
  Subject: CN=DST Root CA X3, O=Digital Signature Trust Co.
  Issuer:  CN=DST Root CA X3, O=Digital Signature Trust Co.
  Algorithm: RSA; Serial number: 0x44afb080d6a327ba893039862ef8406b
  Valid from Sun Oct 01 05:12:19 CST 2000 until Thu Sep 30 22:01:15 CST 2021

adding as trusted cert:
  Subject: CN=Buypass Class 2 Root CA, O=Buypass AS-983163327, C=NO
  Issuer:  CN=Buypass Class 2 Root CA, O=Buypass AS-983163327, C=NO
  Algorithm: RSA; Serial number: 0x2
  Valid from Tue Oct 26 16:38:03 CST 2010 until Fri Oct 26 16:38:03 CST 2040

adding as trusted cert:
  Subject: CN=D-TRUST Root Class 3 CA 2 EV 2009, O=D-Trust GmbH, C=DE
  Issuer:  CN=D-TRUST Root Class 3 CA 2 EV 2009, O=D-Trust GmbH, C=DE
  Algorithm: RSA; Serial number: 0x983f4
  Valid from Thu Nov 05 16:50:46 CST 2009 until Mon Nov 05 16:50:46 CST 2029

adding as trusted cert:
  Subject: CN=DigiCert Assured ID Root G3, OU=www.digicert.com, O=DigiCert Inc, C=US
  Issuer:  CN=DigiCert Assured ID Root G3, OU=www.digicert.com, O=DigiCert Inc, C=US
  Algorithm: EC; Serial number: 0xba15afa1ddfa0b54944afcd24a06cec
  Valid from Thu Aug 01 20:00:00 CST 2013 until Fri Jan 15 20:00:00 CST 2038

adding as trusted cert:
  Subject: CN=SwissSign Gold CA - G2, O=SwissSign AG, C=CH
  Issuer:  CN=SwissSign Gold CA - G2, O=SwissSign AG, C=CH
  Algorithm: RSA; Serial number: 0xbb401c43f55e4fb0
  Valid from Wed Oct 25 16:30:35 CST 2006 until Sat Oct 25 16:30:35 CST 2036

adding as trusted cert:
  Subject: CN=USERTrust ECC Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US
  Issuer:  CN=USERTrust ECC Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US
  Algorithm: EC; Serial number: 0x5c8b99c55a94c5d27156decd8980cc26
  Valid from Mon Feb 01 08:00:00 CST 2010 until Tue Jan 19 07:59:59 CST 2038

adding as trusted cert:
  Subject: CN=QuoVadis Root CA 2, O=QuoVadis Limited, C=BM
  Issuer:  CN=QuoVadis Root CA 2, O=QuoVadis Limited, C=BM
  Algorithm: RSA; Serial number: 0x509
  Valid from Sat Nov 25 02:27:00 CST 2006 until Tue Nov 25 02:23:33 CST 2031

adding as trusted cert:
  Subject: CN=IdenTrust Commercial Root CA 1, O=IdenTrust, C=US
  Issuer:  CN=IdenTrust Commercial Root CA 1, O=IdenTrust, C=US
  Algorithm: RSA; Serial number: 0xa0142800000014523c844b500000002
  Valid from Fri Jan 17 02:12:23 CST 2014 until Tue Jan 17 02:12:23 CST 2034

adding as trusted cert:
  Subject: CN=Deutsche Telekom Root CA 2, OU=T-TeleSec Trust Center, O=Deutsche Telekom AG, C=DE
  Issuer:  CN=Deutsche Telekom Root CA 2, OU=T-TeleSec Trust Center, O=Deutsche Telekom AG, C=DE
  Algorithm: RSA; Serial number: 0x26
  Valid from Fri Jul 09 20:11:00 CST 1999 until Wed Jul 10 07:59:00 CST 2019

adding as trusted cert:
  Subject: CN=D-TRUST Root Class 3 CA 2 2009, O=D-Trust GmbH, C=DE
  Issuer:  CN=D-TRUST Root Class 3 CA 2 2009, O=D-Trust GmbH, C=DE
  Algorithm: RSA; Serial number: 0x983f3
  Valid from Thu Nov 05 16:35:58 CST 2009 until Mon Nov 05 16:35:58 CST 2029

adding as trusted cert:
  Subject: CN=QuoVadis Root CA 1 G3, O=QuoVadis Limited, C=BM
  Issuer:  CN=QuoVadis Root CA 1 G3, O=QuoVadis Limited, C=BM
  Algorithm: RSA; Serial number: 0x78585f2ead2c194be3370735341328b596d46593
  Valid from Fri Jan 13 01:27:44 CST 2012 until Mon Jan 13 01:27:44 CST 2042

adding as trusted cert:
  Subject: OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
  Issuer:  OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
  Algorithm: RSA; Serial number: 0x3f691e819cf09a4af373ffb948a2e4dd
  Valid from Mon Jan 29 08:00:00 CST 1996 until Thu Aug 03 07:59:59 CST 2028

adding as trusted cert:
  Subject: CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US
  Issuer:  CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US
  Algorithm: RSA; Serial number: 0x1fd6d30fca3ca51a81bbc640e35032d
  Valid from Mon Feb 01 08:00:00 CST 2010 until Tue Jan 19 07:59:59 CST 2038

adding as trusted cert:
  Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
  Issuer:  OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
  Algorithm: RSA; Serial number: 0xb92f60cc889fa17a4609b85b706c8aaf
  Valid from Mon May 18 08:00:00 CST 1998 until Wed Aug 02 07:59:59 CST 2028

adding as trusted cert:
  Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
  Issuer:  CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
  Algorithm: RSA; Serial number: 0x18dad19e267de8bb4a2158cdcc6b3b4a
  Valid from Wed Nov 08 08:00:00 CST 2006 until Thu Jul 17 07:59:59 CST 2036

adding as trusted cert:
  Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
  Issuer:  CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
  Algorithm: RSA; Serial number: 0x400000000010f8626e60d
  Valid from Fri Dec 15 16:00:00 CST 2006 until Wed Dec 15 16:00:00 CST 2021

adding as trusted cert:
  Subject: CN=QuoVadis Root CA 3, O=QuoVadis Limited, C=BM
  Issuer:  CN=QuoVadis Root CA 3, O=QuoVadis Limited, C=BM
  Algorithm: RSA; Serial number: 0x5c6
  Valid from Sat Nov 25 03:11:23 CST 2006 until Tue Nov 25 03:06:44 CST 2031

adding as trusted cert:
  Subject: CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
  Issuer:  CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
  Algorithm: RSA; Serial number: 0x0
  Valid from Tue Sep 01 08:00:00 CST 2009 until Fri Jan 01 07:59:59 CST 2038

adding as trusted cert:
  Subject: CN=Swisscom Root CA 2, OU=Digital Certificate Services, O=Swisscom, C=ch
  Issuer:  CN=Swisscom Root CA 2, OU=Digital Certificate Services, O=Swisscom, C=ch
  Algorithm: RSA; Serial number: 0x1e9e28e848f2e5efc37c4a1e5a1867b6
  Valid from Fri Jun 24 16:38:14 CST 2011 until Wed Jun 25 15:38:14 CST 2031

adding as trusted cert:
  Subject: CN=QuoVadis Root CA 3 G3, O=QuoVadis Limited, C=BM
  Issuer:  CN=QuoVadis Root CA 3 G3, O=QuoVadis Limited, C=BM
  Algorithm: RSA; Serial number: 0x2ef59b0228a7db7affd5a3a9eebd03a0cf126a1d
  Valid from Fri Jan 13 04:26:32 CST 2012 until Mon Jan 13 04:26:32 CST 2042

adding as trusted cert:
  Subject: CN=Actalis Authentication Root CA, O=Actalis S.p.A./03358520967, L=Milan, C=IT
  Issuer:  CN=Actalis Authentication Root CA, O=Actalis S.p.A./03358520967, L=Milan, C=IT
  Algorithm: RSA; Serial number: 0x570a119742c4e3cc
  Valid from Thu Sep 22 19:22:02 CST 2011 until Sun Sep 22 19:22:02 CST 2030

adding as trusted cert:
  Subject: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
  Issuer:  OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
  Algorithm: RSA; Serial number: 0x3c9131cb1ff6d01b0e9ab8d044bf12be
  Valid from Mon Jan 29 08:00:00 CST 1996 until Thu Aug 03 07:59:59 CST 2028

adding as trusted cert:
  Subject: CN=QuoVadis Root Certification Authority, OU=Root Certification Authority, O=QuoVadis Limited, C=BM
  Issuer:  CN=QuoVadis Root Certification Authority, OU=Root Certification Authority, O=QuoVadis Limited, C=BM
  Algorithm: RSA; Serial number: 0x3ab6508b
  Valid from Tue Mar 20 02:33:33 CST 2001 until Thu Mar 18 02:33:33 CST 2021

adding as trusted cert:
  Subject: CN=Class 3P Primary CA, O=Certplus, C=FR
  Issuer:  CN=Class 3P Primary CA, O=Certplus, C=FR
  Algorithm: RSA; Serial number: 0xbf5cdbb6f21c6ec04deb7a023b36e879
  Valid from Thu Jul 08 01:10:00 CST 1999 until Sun Jul 07 07:59:59 CST 2019

adding as trusted cert:
  Subject: CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US
  Issuer:  CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US
  Algorithm: RSA; Serial number: 0x59e3
  Valid from Mon Jun 21 12:00:00 CST 1999 until Mon Jun 22 12:00:00 CST 2020

adding as trusted cert:
  Subject: CN=Buypass Class 3 Root CA, O=Buypass AS-983163327, C=NO
  Issuer:  CN=Buypass Class 3 Root CA, O=Buypass AS-983163327, C=NO
  Algorithm: RSA; Serial number: 0x2
  Valid from Tue Oct 26 16:28:58 CST 2010 until Fri Oct 26 16:28:58 CST 2040

adding as trusted cert:
  Subject: OU=Security Communication EV RootCA1, O="SECOM Trust Systems CO.,LTD.", C=JP
  Issuer:  OU=Security Communication EV RootCA1, O="SECOM Trust Systems CO.,LTD.", C=JP
  Algorithm: RSA; Serial number: 0x0
  Valid from Wed Jun 06 10:12:32 CST 2007 until Sat Jun 06 10:12:32 CST 2037

adding as trusted cert:
  Subject: CN=thawte Primary Root CA - G2, OU="(c) 2007 thawte, Inc. - For authorized use only", O="thawte, Inc.", C=US
  Issuer:  CN=thawte Primary Root CA - G2, OU="(c) 2007 thawte, Inc. - For authorized use only", O="thawte, Inc.", C=US
  Algorithm: EC; Serial number: 0x35fc265cd9844fc93d263d579baed756
  Valid from Mon Nov 05 08:00:00 CST 2007 until Tue Jan 19 07:59:59 CST 2038

adding as trusted cert:
  Subject: CN=Swisscom Root EV CA 2, OU=Digital Certificate Services, O=Swisscom, C=ch
  Issuer:  CN=Swisscom Root EV CA 2, OU=Digital Certificate Services, O=Swisscom, C=ch
  Algorithm: RSA; Serial number: 0xf2fa64e27463d38dfd101d041f76ca58
  Valid from Fri Jun 24 17:45:08 CST 2011 until Wed Jun 25 16:45:08 CST 2031

adding as trusted cert:
  Subject: CN=VeriSign Universal Root Certification Authority, OU="(c) 2008 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
  Issuer:  CN=VeriSign Universal Root Certification Authority, OU="(c) 2008 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
  Algorithm: RSA; Serial number: 0x401ac46421b31321030ebbe4121ac51d
  Valid from Wed Apr 02 08:00:00 CST 2008 until Wed Dec 02 07:59:59 CST 2037

adding as trusted cert:
  Subject: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE
  Issuer:  CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE
  Algorithm: RSA; Serial number: 0x1
  Valid from Tue May 30 18:38:31 CST 2000 until Sat May 30 18:38:31 CST 2020

adding as trusted cert:
  Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R4
  Issuer:  CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R4
  Algorithm: EC; Serial number: 0x2a38a41c960a04de42b228a50be8349802
  Valid from Tue Nov 13 08:00:00 CST 2012 until Tue Jan 19 11:14:07 CST 2038

adding as trusted cert:
  Subject: CN=Global Chambersign Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU
  Issuer:  CN=Global Chambersign Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU
  Algorithm: RSA; Serial number: 0xc9cdd3e9d57d23ce
  Valid from Fri Aug 01 20:31:40 CST 2008 until Sat Jul 31 20:31:40 CST 2038

adding as trusted cert:
  Subject: CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
  Issuer:  CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
  Algorithm: RSA; Serial number: 0x4caaf9cadb636fe01ff74ed85b03869d
  Valid from Tue Jan 19 08:00:00 CST 2010 until Tue Jan 19 07:59:59 CST 2038

adding as trusted cert:
  Subject: CN=thawte Primary Root CA - G3, OU="(c) 2008 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US
  Issuer:  CN=thawte Primary Root CA - G3, OU="(c) 2008 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US
  Algorithm: RSA; Serial number: 0x600197b746a7eab4b49ad64b2ff790fb
  Valid from Wed Apr 02 08:00:00 CST 2008 until Wed Dec 02 07:59:59 CST 2037

adding as trusted cert:
  Subject: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
  Issuer:  EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
  Algorithm: RSA; Serial number: 0x36122296c5e338a520a1d25f4cd70954
  Valid from Thu Aug 01 08:00:00 CST 1996 until Sat Jan 02 07:59:59 CST 2021

adding as trusted cert:
  Subject: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US
  Issuer:  CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US
  Algorithm: RSA; Serial number: 0x1a5
  Valid from Thu Aug 13 08:29:00 CST 1998 until Tue Aug 14 07:59:00 CST 2018

adding as trusted cert:
  Subject: CN=AffirmTrust Premium ECC, O=AffirmTrust, C=US
  Issuer:  CN=AffirmTrust Premium ECC, O=AffirmTrust, C=US
  Algorithm: EC; Serial number: 0x7497258ac73f7a54
  Valid from Fri Jan 29 22:20:24 CST 2010 until Mon Dec 31 22:20:24 CST 2040

adding as trusted cert:
  Subject: CN=T-TeleSec GlobalRoot Class 2, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE
  Issuer:  CN=T-TeleSec GlobalRoot Class 2, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE
  Algorithm: RSA; Serial number: 0x1
  Valid from Wed Oct 01 18:40:14 CST 2008 until Sun Oct 02 07:59:59 CST 2033

adding as trusted cert:
  Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 1 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
  Issuer:  OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 1 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
  Algorithm: RSA; Serial number: 0x4cc7eaaa983e71d39310f83d3a899192
  Valid from Mon May 18 08:00:00 CST 1998 until Wed Aug 02 07:59:59 CST 2028

adding as trusted cert:
  Subject: CN=KEYNECTIS ROOT CA, OU=ROOT, O=KEYNECTIS, C=FR
  Issuer:  CN=KEYNECTIS ROOT CA, OU=ROOT, O=KEYNECTIS, C=FR
  Algorithm: RSA; Serial number: 0x1121bc276c5547af584eefd4ced629b2a285
  Valid from Tue May 26 08:00:00 CST 2009 until Tue May 26 08:00:00 CST 2020

adding as trusted cert:
  Subject: CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US
  Issuer:  CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US
  Algorithm: RSA; Serial number: 0x33af1e6a711a9a0bb2864b11d09fae5
  Valid from Thu Aug 01 20:00:00 CST 2013 until Fri Jan 15 20:00:00 CST 2038

trigger seeding of SecureRandom
done seeding SecureRandom
Using SSLEngineImpl.
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_anon_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_DH_anon_WITH_AES_256_GCM_SHA384
2017-03-01 16:58:51,994 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) Default protocols (JDK): [TLSv1.2, TLSv1.1, TLSv1]  
2017-03-01 16:58:51,994 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) Default cipher suites (JDK): [TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA] 
trustStore is: C:\Java\jdk1.8.0_102\jre\lib\security\cacerts
trustStore type is : jks
trustStore provider is : 
init truststore
adding as trusted cert:
  Subject: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US
  Issuer:  CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US
  Algorithm: RSA; Serial number: 0xc3517
  Valid from Mon Jun 21 12:00:00 CST 1999 until Mon Jun 22 12:00:00 CST 2020

adding as trusted cert:
  Subject: CN=SecureTrust CA, O=SecureTrust Corporation, C=US
  Issuer:  CN=SecureTrust CA, O=SecureTrust Corporation, C=US
  Algorithm: RSA; Serial number: 0xcf08e5c0816a5ad427ff0eb271859d0
  Valid from Wed Nov 08 03:31:18 CST 2006 until Tue Jan 01 03:40:55 CST 2030

adding as trusted cert:
  Subject: CN=Entrust Root Certification Authority - EC1, OU="(c) 2012 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US
  Issuer:  CN=Entrust Root Certification Authority - EC1, OU="(c) 2012 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US
  Algorithm: EC; Serial number: 0xa68b79290000000050d091f9
  Valid from Tue Dec 18 23:25:36 CST 2012 until Fri Dec 18 23:55:36 CST 2037

adding as trusted cert:
  Subject: OU=Security Communication RootCA1, O=SECOM Trust.net, C=JP
  Issuer:  OU=Security Communication RootCA1, O=SECOM Trust.net, C=JP
  Algorithm: RSA; Serial number: 0x0
  Valid from Tue Sep 30 12:20:49 CST 2003 until Sat Sep 30 12:20:49 CST 2023

adding as trusted cert:
  Subject: CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
  Issuer:  CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
  Algorithm: RSA; Serial number: 0x83be056904246b1a1756ac95991c74a
  Valid from Fri Nov 10 08:00:00 CST 2006 until Mon Nov 10 08:00:00 CST 2031

adding as trusted cert:
  Subject: CN=QuoVadis Root CA 2 G3, O=QuoVadis Limited, C=BM
  Issuer:  CN=QuoVadis Root CA 2 G3, O=QuoVadis Limited, C=BM
  Algorithm: RSA; Serial number: 0x445734245b81899b35f2ceb82b3b5ba726f07528
  Valid from Fri Jan 13 02:59:32 CST 2012 until Mon Jan 13 02:59:32 CST 2042

adding as trusted cert:
  Subject: CN=DigiCert Trusted Root G4, OU=www.digicert.com, O=DigiCert Inc, C=US
  Issuer:  CN=DigiCert Trusted Root G4, OU=www.digicert.com, O=DigiCert Inc, C=US
  Algorithm: RSA; Serial number: 0x59b1b579e8e2132e23907bda777755c
  Valid from Thu Aug 01 20:00:00 CST 2013 until Fri Jan 15 20:00:00 CST 2038

adding as trusted cert:
  Subject: CN=GeoTrust Primary Certification Authority, O=GeoTrust Inc., C=US
  Issuer:  CN=GeoTrust Primary Certification Authority, O=GeoTrust Inc., C=US
  Algorithm: RSA; Serial number: 0x18acb56afd69b6153a636cafdafac4a1
  Valid from Mon Nov 27 08:00:00 CST 2006 until Thu Jul 17 07:59:59 CST 2036

adding as trusted cert:
  Subject: OU=Security Communication RootCA2, O="SECOM Trust Systems CO.,LTD.", C=JP
  Issuer:  OU=Security Communication RootCA2, O="SECOM Trust Systems CO.,LTD.", C=JP
  Algorithm: RSA; Serial number: 0x0
  Valid from Fri May 29 13:00:39 CST 2009 until Tue May 29 13:00:39 CST 2029

adding as trusted cert:
  Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
  Issuer:  OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
  Algorithm: RSA; Serial number: 0x7dd9fe07cfa81eb7107967fba78934c6
  Valid from Mon May 18 08:00:00 CST 1998 until Wed Aug 02 07:59:59 CST 2028

adding as trusted cert:
  Subject: OU=ePKI Root Certification Authority, O="Chunghwa Telecom Co., Ltd.", C=TW
  Issuer:  OU=ePKI Root Certification Authority, O="Chunghwa Telecom Co., Ltd.", C=TW
  Algorithm: RSA; Serial number: 0x15c8bd65475cafb897005ee406d2bc9d
  Valid from Mon Dec 20 10:31:27 CST 2004 until Wed Dec 20 10:31:27 CST 2034

adding as trusted cert:
  Subject: CN=AffirmTrust Commercial, O=AffirmTrust, C=US
  Issuer:  CN=AffirmTrust Commercial, O=AffirmTrust, C=US
  Algorithm: RSA; Serial number: 0x7777062726a9b17c
  Valid from Fri Jan 29 22:06:06 CST 2010 until Tue Dec 31 22:06:06 CST 2030

adding as trusted cert:
  Subject: CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL
  Issuer:  CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL
  Algorithm: RSA; Serial number: 0x444c0
  Valid from Wed Oct 22 20:07:37 CST 2008 until Mon Dec 31 20:07:37 CST 2029

adding as trusted cert:
  Subject: CN=XRamp Global Certification Authority, O=XRamp Security Services Inc, OU=www.xrampsecurity.com, C=US
  Issuer:  CN=XRamp Global Certification Authority, O=XRamp Security Services Inc, OU=www.xrampsecurity.com, C=US
  Algorithm: RSA; Serial number: 0x50946cec18ead59c4dd597ef758fa0ad
  Valid from Tue Nov 02 01:14:04 CST 2004 until Mon Jan 01 13:37:19 CST 2035

adding as trusted cert:
  Subject: CN=Sonera Class2 CA, O=Sonera, C=FI
  Issuer:  CN=Sonera Class2 CA, O=Sonera, C=FI
  Algorithm: RSA; Serial number: 0x1d
  Valid from Fri Apr 06 15:29:40 CST 2001 until Tue Apr 06 15:29:40 CST 2021

adding as trusted cert:
  Subject: CN=America Online Root Certification Authority 1, O=America Online Inc., C=US
  Issuer:  CN=America Online Root Certification Authority 1, O=America Online Inc., C=US
  Algorithm: RSA; Serial number: 0x1
  Valid from Tue May 28 14:00:00 CST 2002 until Fri Nov 20 04:43:00 CST 2037

adding as trusted cert:
  Subject: CN=GeoTrust Primary Certification Authority - G2, OU=(c) 2007 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US
  Issuer:  CN=GeoTrust Primary Certification Authority - G2, OU=(c) 2007 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US
  Algorithm: EC; Serial number: 0x3cb2f4480a00e2feeb243b5e603ec36b
  Valid from Mon Nov 05 08:00:00 CST 2007 until Tue Jan 19 07:59:59 CST 2038

adding as trusted cert:
  Subject: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
  Issuer:  OU=Equifax Secure Certificate Authority, O=Equifax, C=US
  Algorithm: RSA; Serial number: 0x35def4cf
  Valid from Sun Aug 23 00:41:51 CST 1998 until Thu Aug 23 00:41:51 CST 2018

adding as trusted cert:
  Subject: CN=COMODO ECC Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
  Issuer:  CN=COMODO ECC Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
  Algorithm: EC; Serial number: 0x1f47afaa62007050544c019e9b63992a
  Valid from Thu Mar 06 08:00:00 CST 2008 until Tue Jan 19 07:59:59 CST 2038

adding as trusted cert:
  Subject: CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
  Issuer:  CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
  Algorithm: RSA; Serial number: 0x2ac5c266a0b409b8f0b79f2ae462577
  Valid from Fri Nov 10 08:00:00 CST 2006 until Mon Nov 10 08:00:00 CST 2031

adding as trusted cert:
  Subject: CN=GeoTrust Universal CA, O=GeoTrust Inc., C=US
  Issuer:  CN=GeoTrust Universal CA, O=GeoTrust Inc., C=US
  Algorithm: RSA; Serial number: 0x1
  Valid from Thu Mar 04 13:00:00 CST 2004 until Sun Mar 04 13:00:00 CST 2029

adding as trusted cert:
  Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3
  Issuer:  CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3
  Algorithm: RSA; Serial number: 0x4000000000121585308a2
  Valid from Wed Mar 18 18:00:00 CST 2009 until Sun Mar 18 18:00:00 CST 2029

adding as trusted cert:
  Subject: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
  Issuer:  CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
  Algorithm: RSA; Serial number: 0x20000b9
  Valid from Sat May 13 02:46:00 CST 2000 until Tue May 13 07:59:00 CST 2025

adding as trusted cert:
  Subject: OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
  Issuer:  OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
  Algorithm: RSA; Serial number: 0x0
  Valid from Wed Jun 30 01:39:16 CST 2004 until Fri Jun 30 01:39:16 CST 2034

adding as trusted cert:
  Subject: CN=Thawte Timestamping CA, OU=Thawte Certification, O=Thawte, L=Durbanville, ST=Western Cape, C=ZA
  Issuer:  CN=Thawte Timestamping CA, OU=Thawte Certification, O=Thawte, L=Durbanville, ST=Western Cape, C=ZA
  Algorithm: RSA; Serial number: 0x67c8e1e8e3be1cbdfc913b8ea6238749
  Valid from Wed Jan 01 08:00:00 CST 1997 until Sat Jan 02 07:59:59 CST 2021

adding as trusted cert:
  Subject: CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB
  Issuer:  CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB
  Algorithm: RSA; Serial number: 0x1
  Valid from Thu Jan 01 08:00:00 CST 2004 until Mon Jan 01 07:59:59 CST 2029

adding as trusted cert:
  Subject: CN=UTN-USERFirst-Hardware, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
  Issuer:  CN=UTN-USERFirst-Hardware, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
  Algorithm: RSA; Serial number: 0x44be0c8b500024b411d3362afe650afd
  Valid from Sat Jul 10 02:10:42 CST 1999 until Wed Jul 10 02:19:22 CST 2019

adding as trusted cert:
  Subject: CN=Chambers of Commerce Root, OU=http://www.chambersign.org, O=AC Camerfirma SA CIF A82743287, C=EU
  Issuer:  CN=Chambers of Commerce Root, OU=http://www.chambersign.org, O=AC Camerfirma SA CIF A82743287, C=EU
  Algorithm: RSA; Serial number: 0x0
  Valid from Wed Oct 01 00:13:43 CST 2003 until Thu Oct 01 00:13:44 CST 2037

adding as trusted cert:
  Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
  Issuer:  CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
  Algorithm: RSA; Serial number: 0x9b7e0649a33e62b9d5ee90487129ef57
  Valid from Fri Oct 01 08:00:00 CST 1999 until Thu Jul 17 07:59:59 CST 2036

adding as trusted cert:
  Subject: CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE
  Issuer:  CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE
  Algorithm: RSA; Serial number: 0x40000000001154b5ac394
  Valid from Tue Sep 01 20:00:00 CST 1998 until Fri Jan 28 20:00:00 CST 2028

adding as trusted cert:
  Subject: CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
  Issuer:  CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
  Algorithm: RSA; Serial number: 0x44be0c8b500024b411d3362de0b35f1b
  Valid from Sat Jul 10 02:31:20 CST 1999 until Wed Jul 10 02:40:36 CST 2019

adding as trusted cert:
  Subject: CN=AffirmTrust Networking, O=AffirmTrust, C=US
  Issuer:  CN=AffirmTrust Networking, O=AffirmTrust, C=US
  Algorithm: RSA; Serial number: 0x7c4f04391cd4992d
  Valid from Fri Jan 29 22:08:24 CST 2010 until Tue Dec 31 22:08:24 CST 2030

adding as trusted cert:
  Subject: CN=AffirmTrust Premium, O=AffirmTrust, C=US
  Issuer:  CN=AffirmTrust Premium, O=AffirmTrust, C=US
  Algorithm: RSA; Serial number: 0x6d8c1446b1a60aee
  Valid from Fri Jan 29 22:10:36 CST 2010 until Mon Dec 31 22:10:36 CST 2040

adding as trusted cert:
  Subject: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust, O=Baltimore, C=IE
  Issuer:  CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust, O=Baltimore, C=IE
  Algorithm: RSA; Serial number: 0x20000bf
  Valid from Wed May 17 22:01:00 CST 2000 until Sun May 18 07:59:00 CST 2025

adding as trusted cert:
  Subject: CN=America Online Root Certification Authority 2, O=America Online Inc., C=US
  Issuer:  CN=America Online Root Certification Authority 2, O=America Online Inc., C=US
  Algorithm: RSA; Serial number: 0x1
  Valid from Tue May 28 14:00:00 CST 2002 until Tue Sep 29 22:08:00 CST 2037

adding as trusted cert:
  Subject: CN=LuxTrust Global Root, O=LuxTrust s.a., C=LU
  Issuer:  CN=LuxTrust Global Root, O=LuxTrust s.a., C=LU
  Algorithm: RSA; Serial number: 0xbb8
  Valid from Thu Mar 17 17:51:37 CST 2011 until Wed Mar 17 17:51:37 CST 2021

adding as trusted cert:
  Subject: CN=GeoTrust Primary Certification Authority - G3, OU=(c) 2008 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US
  Issuer:  CN=GeoTrust Primary Certification Authority - G3, OU=(c) 2008 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US
  Algorithm: RSA; Serial number: 0x15ac6e9419b2794b41f627a9c3180f1f
  Valid from Wed Apr 02 08:00:00 CST 2008 until Wed Dec 02 07:59:59 CST 2037

adding as trusted cert:
  Subject: CN=Chambers of Commerce Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU
  Issuer:  CN=Chambers of Commerce Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU
  Algorithm: RSA; Serial number: 0xa3da427ea4b1aeda
  Valid from Fri Aug 01 20:29:50 CST 2008 until Sat Jul 31 20:29:50 CST 2038

adding as trusted cert:
  Subject: CN=SwissSign Silver CA - G2, O=SwissSign AG, C=CH
  Issuer:  CN=SwissSign Silver CA - G2, O=SwissSign AG, C=CH
  Algorithm: RSA; Serial number: 0x4f1bd42f54bb2f4b
  Valid from Wed Oct 25 16:32:46 CST 2006 until Sat Oct 25 16:32:46 CST 2036

adding as trusted cert:
  Subject: CN=Entrust Root Certification Authority - G2, OU="(c) 2009 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US
  Issuer:  CN=Entrust Root Certification Authority - G2, OU="(c) 2009 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US
  Algorithm: RSA; Serial number: 0x4a538c28
  Valid from Wed Jul 08 01:25:54 CST 2009 until Sun Dec 08 01:55:54 CST 2030

adding as trusted cert:
  Subject: CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
  Issuer:  CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
  Algorithm: RSA; Serial number: 0xce7e0e517d846fe8fe560fc1bf03039
  Valid from Fri Nov 10 08:00:00 CST 2006 until Mon Nov 10 08:00:00 CST 2031

adding as trusted cert:
  Subject: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US
  Issuer:  OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US
  Algorithm: RSA; Serial number: 0x0
  Valid from Wed Jun 30 01:06:20 CST 2004 until Fri Jun 30 01:06:20 CST 2034

adding as trusted cert:
  Subject: CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE
  Issuer:  CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE
  Algorithm: RSA; Serial number: 0x1
  Valid from Tue May 30 18:48:38 CST 2000 until Sat May 30 18:48:38 CST 2020

adding as trusted cert:
  Subject: CN=T-TeleSec GlobalRoot Class 3, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE
  Issuer:  CN=T-TeleSec GlobalRoot Class 3, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE
  Algorithm: RSA; Serial number: 0x1
  Valid from Wed Oct 01 18:29:56 CST 2008 until Sun Oct 02 07:59:59 CST 2033

adding as trusted cert:
  Subject: CN=DigiCert Global Root G3, OU=www.digicert.com, O=DigiCert Inc, C=US
  Issuer:  CN=DigiCert Global Root G3, OU=www.digicert.com, O=DigiCert Inc, C=US
  Algorithm: EC; Serial number: 0x55556bcf25ea43535c3a40fd5ab4572
  Valid from Thu Aug 01 20:00:00 CST 2013 until Fri Jan 15 20:00:00 CST 2038

adding as trusted cert:
  Subject: CN=UTN-USERFirst-Client Authentication and Email, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
  Issuer:  CN=UTN-USERFirst-Client Authentication and Email, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
  Algorithm: RSA; Serial number: 0x44be0c8b500024b411d336252567c989
  Valid from Sat Jul 10 01:28:50 CST 1999 until Wed Jul 10 01:36:58 CST 2019

adding as trusted cert:
  Subject: CN=Class 2 Primary CA, O=Certplus, C=FR
  Issuer:  CN=Class 2 Primary CA, O=Certplus, C=FR
  Algorithm: RSA; Serial number: 0x85bd4bf3d8dae369f694d75fc3a54423
  Valid from Thu Jul 08 01:05:00 CST 1999 until Sun Jul 07 07:59:59 CST 2019

adding as trusted cert:
  Subject: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
  Issuer:  CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
  Algorithm: RSA; Serial number: 0x23456
  Valid from Tue May 21 12:00:00 CST 2002 until Sat May 21 12:00:00 CST 2022

adding as trusted cert:
  Subject: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH
  Issuer:  CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH
  Algorithm: RSA; Serial number: 0x4eb200670c035d4f
  Valid from Wed Oct 25 16:36:00 CST 2006 until Sat Oct 25 16:36:00 CST 2036

adding as trusted cert:
  Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R5
  Issuer:  CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R5
  Algorithm: EC; Serial number: 0x605949e0262ebb55f90a778a71f94ad86c
  Valid from Tue Nov 13 08:00:00 CST 2012 until Tue Jan 19 11:14:07 CST 2038

adding as trusted cert:
  Subject: CN=Starfield Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
  Issuer:  CN=Starfield Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
  Algorithm: RSA; Serial number: 0x0
  Valid from Tue Sep 01 08:00:00 CST 2009 until Fri Jan 01 07:59:59 CST 2038

adding as trusted cert:
  Subject: CN=VeriSign Class 2 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
  Issuer:  CN=VeriSign Class 2 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
  Algorithm: RSA; Serial number: 0x6170cb498c5f984529e7b0a6d9505b7a
  Valid from Fri Oct 01 08:00:00 CST 1999 until Thu Jul 17 07:59:59 CST 2036

adding as trusted cert:
  Subject: CN=IdenTrust Public Sector Root CA 1, O=IdenTrust, C=US
  Issuer:  CN=IdenTrust Public Sector Root CA 1, O=IdenTrust, C=US
  Algorithm: RSA; Serial number: 0xa0142800000014523cf467c00000002
  Valid from Fri Jan 17 01:53:32 CST 2014 until Tue Jan 17 01:53:32 CST 2034

adding as trusted cert:
  Subject: CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net
  Issuer:  CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net
  Algorithm: RSA; Serial number: 0x3863def8
  Valid from Sat Dec 25 01:50:51 CST 1999 until Tue Jul 24 22:15:12 CST 2029

adding as trusted cert:
  Subject: CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US
  Issuer:  CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US
  Algorithm: RSA; Serial number: 0x344ed55720d5edec49f42fce37db2b6d
  Valid from Fri Nov 17 08:00:00 CST 2006 until Thu Jul 17 07:59:59 CST 2036

adding as trusted cert:
  Subject: CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US
  Issuer:  CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US
  Algorithm: RSA; Serial number: 0x0
  Valid from Tue Sep 01 08:00:00 CST 2009 until Fri Jan 01 07:59:59 CST 2038

adding as trusted cert:
  Subject: CN=VeriSign Class 1 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
  Issuer:  CN=VeriSign Class 1 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
  Algorithm: RSA; Serial number: 0x8b5b75568454850b00cfaf3848ceb1a4
  Valid from Fri Oct 01 08:00:00 CST 1999 until Thu Jul 17 07:59:59 CST 2036

adding as trusted cert:
  Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G4, OU="(c) 2007 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
  Issuer:  CN=VeriSign Class 3 Public Primary Certification Authority - G4, OU="(c) 2007 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
  Algorithm: EC; Serial number: 0x2f80fe238c0e220f486712289187acb3
  Valid from Mon Nov 05 08:00:00 CST 2007 until Tue Jan 19 07:59:59 CST 2038

adding as trusted cert:
  Subject: CN=Entrust Root Certification Authority, OU="(c) 2006 Entrust, Inc.", OU=www.entrust.net/CPS is incorporated by reference, O="Entrust, Inc.", C=US
  Issuer:  CN=Entrust Root Certification Authority, OU="(c) 2006 Entrust, Inc.", OU=www.entrust.net/CPS is incorporated by reference, O="Entrust, Inc.", C=US
  Algorithm: RSA; Serial number: 0x456b5054
  Valid from Tue Nov 28 04:23:42 CST 2006 until Sat Nov 28 04:53:42 CST 2026

adding as trusted cert:
  Subject: CN=DigiCert Assured ID Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US
  Issuer:  CN=DigiCert Assured ID Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US
  Algorithm: RSA; Serial number: 0xb931c3ad63967ea6723bfc3af9af44b
  Valid from Thu Aug 01 20:00:00 CST 2013 until Fri Jan 15 20:00:00 CST 2038

adding as trusted cert:
  Subject: CN=Certum CA, O=Unizeto Sp. z o.o., C=PL
  Issuer:  CN=Certum CA, O=Unizeto Sp. z o.o., C=PL
  Algorithm: RSA; Serial number: 0x10020
  Valid from Tue Jun 11 18:46:39 CST 2002 until Fri Jun 11 18:46:39 CST 2027

adding as trusted cert:
  Subject: CN=AddTrust Qualified CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE
  Issuer:  CN=AddTrust Qualified CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE
  Algorithm: RSA; Serial number: 0x1
  Valid from Tue May 30 18:44:50 CST 2000 until Sat May 30 18:44:50 CST 2020

adding as trusted cert:
  Subject: CN=DST Root CA X3, O=Digital Signature Trust Co.
  Issuer:  CN=DST Root CA X3, O=Digital Signature Trust Co.
  Algorithm: RSA; Serial number: 0x44afb080d6a327ba893039862ef8406b
  Valid from Sun Oct 01 05:12:19 CST 2000 until Thu Sep 30 22:01:15 CST 2021

adding as trusted cert:
  Subject: CN=Buypass Class 2 Root CA, O=Buypass AS-983163327, C=NO
  Issuer:  CN=Buypass Class 2 Root CA, O=Buypass AS-983163327, C=NO
  Algorithm: RSA; Serial number: 0x2
  Valid from Tue Oct 26 16:38:03 CST 2010 until Fri Oct 26 16:38:03 CST 2040

adding as trusted cert:
  Subject: CN=D-TRUST Root Class 3 CA 2 EV 2009, O=D-Trust GmbH, C=DE
  Issuer:  CN=D-TRUST Root Class 3 CA 2 EV 2009, O=D-Trust GmbH, C=DE
  Algorithm: RSA; Serial number: 0x983f4
  Valid from Thu Nov 05 16:50:46 CST 2009 until Mon Nov 05 16:50:46 CST 2029

adding as trusted cert:
  Subject: CN=DigiCert Assured ID Root G3, OU=www.digicert.com, O=DigiCert Inc, C=US
  Issuer:  CN=DigiCert Assured ID Root G3, OU=www.digicert.com, O=DigiCert Inc, C=US
  Algorithm: EC; Serial number: 0xba15afa1ddfa0b54944afcd24a06cec
  Valid from Thu Aug 01 20:00:00 CST 2013 until Fri Jan 15 20:00:00 CST 2038

adding as trusted cert:
  Subject: CN=SwissSign Gold CA - G2, O=SwissSign AG, C=CH
  Issuer:  CN=SwissSign Gold CA - G2, O=SwissSign AG, C=CH
  Algorithm: RSA; Serial number: 0xbb401c43f55e4fb0
  Valid from Wed Oct 25 16:30:35 CST 2006 until Sat Oct 25 16:30:35 CST 2036

adding as trusted cert:
  Subject: CN=USERTrust ECC Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US
  Issuer:  CN=USERTrust ECC Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US
  Algorithm: EC; Serial number: 0x5c8b99c55a94c5d27156decd8980cc26
  Valid from Mon Feb 01 08:00:00 CST 2010 until Tue Jan 19 07:59:59 CST 2038

adding as trusted cert:
  Subject: CN=QuoVadis Root CA 2, O=QuoVadis Limited, C=BM
  Issuer:  CN=QuoVadis Root CA 2, O=QuoVadis Limited, C=BM
  Algorithm: RSA; Serial number: 0x509
  Valid from Sat Nov 25 02:27:00 CST 2006 until Tue Nov 25 02:23:33 CST 2031

adding as trusted cert:
  Subject: CN=IdenTrust Commercial Root CA 1, O=IdenTrust, C=US
  Issuer:  CN=IdenTrust Commercial Root CA 1, O=IdenTrust, C=US
  Algorithm: RSA; Serial number: 0xa0142800000014523c844b500000002
  Valid from Fri Jan 17 02:12:23 CST 2014 until Tue Jan 17 02:12:23 CST 2034

adding as trusted cert:
  Subject: CN=Deutsche Telekom Root CA 2, OU=T-TeleSec Trust Center, O=Deutsche Telekom AG, C=DE
  Issuer:  CN=Deutsche Telekom Root CA 2, OU=T-TeleSec Trust Center, O=Deutsche Telekom AG, C=DE
  Algorithm: RSA; Serial number: 0x26
  Valid from Fri Jul 09 20:11:00 CST 1999 until Wed Jul 10 07:59:00 CST 2019

adding as trusted cert:
  Subject: CN=D-TRUST Root Class 3 CA 2 2009, O=D-Trust GmbH, C=DE
  Issuer:  CN=D-TRUST Root Class 3 CA 2 2009, O=D-Trust GmbH, C=DE
  Algorithm: RSA; Serial number: 0x983f3
  Valid from Thu Nov 05 16:35:58 CST 2009 until Mon Nov 05 16:35:58 CST 2029

adding as trusted cert:
  Subject: CN=QuoVadis Root CA 1 G3, O=QuoVadis Limited, C=BM
  Issuer:  CN=QuoVadis Root CA 1 G3, O=QuoVadis Limited, C=BM
  Algorithm: RSA; Serial number: 0x78585f2ead2c194be3370735341328b596d46593
  Valid from Fri Jan 13 01:27:44 CST 2012 until Mon Jan 13 01:27:44 CST 2042

adding as trusted cert:
  Subject: OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
  Issuer:  OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
  Algorithm: RSA; Serial number: 0x3f691e819cf09a4af373ffb948a2e4dd
  Valid from Mon Jan 29 08:00:00 CST 1996 until Thu Aug 03 07:59:59 CST 2028

adding as trusted cert:
  Subject: CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US
  Issuer:  CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US
  Algorithm: RSA; Serial number: 0x1fd6d30fca3ca51a81bbc640e35032d
  Valid from Mon Feb 01 08:00:00 CST 2010 until Tue Jan 19 07:59:59 CST 2038

adding as trusted cert:
  Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
  Issuer:  OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
  Algorithm: RSA; Serial number: 0xb92f60cc889fa17a4609b85b706c8aaf
  Valid from Mon May 18 08:00:00 CST 1998 until Wed Aug 02 07:59:59 CST 2028

adding as trusted cert:
  Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
  Issuer:  CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
  Algorithm: RSA; Serial number: 0x18dad19e267de8bb4a2158cdcc6b3b4a
  Valid from Wed Nov 08 08:00:00 CST 2006 until Thu Jul 17 07:59:59 CST 2036

adding as trusted cert:
  Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
  Issuer:  CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
  Algorithm: RSA; Serial number: 0x400000000010f8626e60d
  Valid from Fri Dec 15 16:00:00 CST 2006 until Wed Dec 15 16:00:00 CST 2021

adding as trusted cert:
  Subject: CN=QuoVadis Root CA 3, O=QuoVadis Limited, C=BM
  Issuer:  CN=QuoVadis Root CA 3, O=QuoVadis Limited, C=BM
  Algorithm: RSA; Serial number: 0x5c6
  Valid from Sat Nov 25 03:11:23 CST 2006 until Tue Nov 25 03:06:44 CST 2031

adding as trusted cert:
  Subject: CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
  Issuer:  CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
  Algorithm: RSA; Serial number: 0x0
  Valid from Tue Sep 01 08:00:00 CST 2009 until Fri Jan 01 07:59:59 CST 2038

adding as trusted cert:
  Subject: CN=Swisscom Root CA 2, OU=Digital Certificate Services, O=Swisscom, C=ch
  Issuer:  CN=Swisscom Root CA 2, OU=Digital Certificate Services, O=Swisscom, C=ch
  Algorithm: RSA; Serial number: 0x1e9e28e848f2e5efc37c4a1e5a1867b6
  Valid from Fri Jun 24 16:38:14 CST 2011 until Wed Jun 25 15:38:14 CST 2031

adding as trusted cert:
  Subject: CN=QuoVadis Root CA 3 G3, O=QuoVadis Limited, C=BM
  Issuer:  CN=QuoVadis Root CA 3 G3, O=QuoVadis Limited, C=BM
  Algorithm: RSA; Serial number: 0x2ef59b0228a7db7affd5a3a9eebd03a0cf126a1d
  Valid from Fri Jan 13 04:26:32 CST 2012 until Mon Jan 13 04:26:32 CST 2042

adding as trusted cert:
  Subject: CN=Actalis Authentication Root CA, O=Actalis S.p.A./03358520967, L=Milan, C=IT
  Issuer:  CN=Actalis Authentication Root CA, O=Actalis S.p.A./03358520967, L=Milan, C=IT
  Algorithm: RSA; Serial number: 0x570a119742c4e3cc
  Valid from Thu Sep 22 19:22:02 CST 2011 until Sun Sep 22 19:22:02 CST 2030

adding as trusted cert:
  Subject: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
  Issuer:  OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
  Algorithm: RSA; Serial number: 0x3c9131cb1ff6d01b0e9ab8d044bf12be
  Valid from Mon Jan 29 08:00:00 CST 1996 until Thu Aug 03 07:59:59 CST 2028

adding as trusted cert:
  Subject: CN=QuoVadis Root Certification Authority, OU=Root Certification Authority, O=QuoVadis Limited, C=BM
  Issuer:  CN=QuoVadis Root Certification Authority, OU=Root Certification Authority, O=QuoVadis Limited, C=BM
  Algorithm: RSA; Serial number: 0x3ab6508b
  Valid from Tue Mar 20 02:33:33 CST 2001 until Thu Mar 18 02:33:33 CST 2021

adding as trusted cert:
  Subject: CN=Class 3P Primary CA, O=Certplus, C=FR
  Issuer:  CN=Class 3P Primary CA, O=Certplus, C=FR
  Algorithm: RSA; Serial number: 0xbf5cdbb6f21c6ec04deb7a023b36e879
  Valid from Thu Jul 08 01:10:00 CST 1999 until Sun Jul 07 07:59:59 CST 2019

adding as trusted cert:
  Subject: CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US
  Issuer:  CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US
  Algorithm: RSA; Serial number: 0x59e3
  Valid from Mon Jun 21 12:00:00 CST 1999 until Mon Jun 22 12:00:00 CST 2020

adding as trusted cert:
  Subject: CN=Buypass Class 3 Root CA, O=Buypass AS-983163327, C=NO
  Issuer:  CN=Buypass Class 3 Root CA, O=Buypass AS-983163327, C=NO
  Algorithm: RSA; Serial number: 0x2
  Valid from Tue Oct 26 16:28:58 CST 2010 until Fri Oct 26 16:28:58 CST 2040

adding as trusted cert:
  Subject: OU=Security Communication EV RootCA1, O="SECOM Trust Systems CO.,LTD.", C=JP
  Issuer:  OU=Security Communication EV RootCA1, O="SECOM Trust Systems CO.,LTD.", C=JP
  Algorithm: RSA; Serial number: 0x0
  Valid from Wed Jun 06 10:12:32 CST 2007 until Sat Jun 06 10:12:32 CST 2037

adding as trusted cert:
  Subject: CN=thawte Primary Root CA - G2, OU="(c) 2007 thawte, Inc. - For authorized use only", O="thawte, Inc.", C=US
  Issuer:  CN=thawte Primary Root CA - G2, OU="(c) 2007 thawte, Inc. - For authorized use only", O="thawte, Inc.", C=US
  Algorithm: EC; Serial number: 0x35fc265cd9844fc93d263d579baed756
  Valid from Mon Nov 05 08:00:00 CST 2007 until Tue Jan 19 07:59:59 CST 2038

adding as trusted cert:
  Subject: CN=Swisscom Root EV CA 2, OU=Digital Certificate Services, O=Swisscom, C=ch
  Issuer:  CN=Swisscom Root EV CA 2, OU=Digital Certificate Services, O=Swisscom, C=ch
  Algorithm: RSA; Serial number: 0xf2fa64e27463d38dfd101d041f76ca58
  Valid from Fri Jun 24 17:45:08 CST 2011 until Wed Jun 25 16:45:08 CST 2031

adding as trusted cert:
  Subject: CN=VeriSign Universal Root Certification Authority, OU="(c) 2008 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
  Issuer:  CN=VeriSign Universal Root Certification Authority, OU="(c) 2008 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
  Algorithm: RSA; Serial number: 0x401ac46421b31321030ebbe4121ac51d
  Valid from Wed Apr 02 08:00:00 CST 2008 until Wed Dec 02 07:59:59 CST 2037

adding as trusted cert:
  Subject: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE
  Issuer:  CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE
  Algorithm: RSA; Serial number: 0x1
  Valid from Tue May 30 18:38:31 CST 2000 until Sat May 30 18:38:31 CST 2020

adding as trusted cert:
  Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R4
  Issuer:  CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R4
  Algorithm: EC; Serial number: 0x2a38a41c960a04de42b228a50be8349802
  Valid from Tue Nov 13 08:00:00 CST 2012 until Tue Jan 19 11:14:07 CST 2038

adding as trusted cert:
  Subject: CN=Global Chambersign Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU
  Issuer:  CN=Global Chambersign Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU
  Algorithm: RSA; Serial number: 0xc9cdd3e9d57d23ce
  Valid from Fri Aug 01 20:31:40 CST 2008 until Sat Jul 31 20:31:40 CST 2038

adding as trusted cert:
  Subject: CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
  Issuer:  CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
  Algorithm: RSA; Serial number: 0x4caaf9cadb636fe01ff74ed85b03869d
  Valid from Tue Jan 19 08:00:00 CST 2010 until Tue Jan 19 07:59:59 CST 2038

adding as trusted cert:
  Subject: CN=thawte Primary Root CA - G3, OU="(c) 2008 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US
  Issuer:  CN=thawte Primary Root CA - G3, OU="(c) 2008 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US
  Algorithm: RSA; Serial number: 0x600197b746a7eab4b49ad64b2ff790fb
  Valid from Wed Apr 02 08:00:00 CST 2008 until Wed Dec 02 07:59:59 CST 2037

adding as trusted cert:
  Subject: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
  Issuer:  EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
  Algorithm: RSA; Serial number: 0x36122296c5e338a520a1d25f4cd70954
  Valid from Thu Aug 01 08:00:00 CST 1996 until Sat Jan 02 07:59:59 CST 2021

adding as trusted cert:
  Subject: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US
  Issuer:  CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US
  Algorithm: RSA; Serial number: 0x1a5
  Valid from Thu Aug 13 08:29:00 CST 1998 until Tue Aug 14 07:59:00 CST 2018

adding as trusted cert:
  Subject: CN=AffirmTrust Premium ECC, O=AffirmTrust, C=US
  Issuer:  CN=AffirmTrust Premium ECC, O=AffirmTrust, C=US
  Algorithm: EC; Serial number: 0x7497258ac73f7a54
  Valid from Fri Jan 29 22:20:24 CST 2010 until Mon Dec 31 22:20:24 CST 2040

adding as trusted cert:
  Subject: CN=T-TeleSec GlobalRoot Class 2, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE
  Issuer:  CN=T-TeleSec GlobalRoot Class 2, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE
  Algorithm: RSA; Serial number: 0x1
  Valid from Wed Oct 01 18:40:14 CST 2008 until Sun Oct 02 07:59:59 CST 2033

adding as trusted cert:
  Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 1 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
  Issuer:  OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 1 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
  Algorithm: RSA; Serial number: 0x4cc7eaaa983e71d39310f83d3a899192
  Valid from Mon May 18 08:00:00 CST 1998 until Wed Aug 02 07:59:59 CST 2028

adding as trusted cert:
  Subject: CN=KEYNECTIS ROOT CA, OU=ROOT, O=KEYNECTIS, C=FR
  Issuer:  CN=KEYNECTIS ROOT CA, OU=ROOT, O=KEYNECTIS, C=FR
  Algorithm: RSA; Serial number: 0x1121bc276c5547af584eefd4ced629b2a285
  Valid from Tue May 26 08:00:00 CST 2009 until Tue May 26 08:00:00 CST 2020

adding as trusted cert:
  Subject: CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US
  Issuer:  CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US
  Algorithm: RSA; Serial number: 0x33af1e6a711a9a0bb2864b11d09fae5
  Valid from Thu Aug 01 20:00:00 CST 2013 until Fri Jan 15 20:00:00 CST 2038

trigger seeding of SecureRandom
done seeding SecureRandom
2017-03-01 16:58:52,024 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:71) -Dio.netty.initialSeedUniquifier: 0xbddc65b5f4c56201 (took 0 ms) 
2017-03-01 16:58:52,048 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.allocator.type: unpooled 
2017-03-01 16:58:52,048 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.threadLocalDirectBufferSize: 65536 
2017-03-01 16:58:52,048 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.maxThreadLocalCharBufferSize: 16384 
2017-03-01 16:58:52,159 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:86) Loopback interface: lo (Software Loopback Interface 1, 127.0.0.1) 
2017-03-01 16:58:52,159 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:81) \proc\sys\net\core\somaxconn: 200 (non-existent) 
2017-03-01 16:58:52,170 INFO main com.ld.net.spider.channel.SocketServerHelper.startSpiderServer(SocketServerHelper.java:100) spider server start sucess, listening on port 9912. 
Using SSLEngineImpl.
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
2017-03-01 16:59:12,485 DEBUG nioEventLoopGroup-3-1 io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) Generated: io.netty.util.internal.__matchers__.io.netty.buffer.ByteBufMatcher 
2017-03-01 16:59:12,488 DEBUG nioEventLoopGroup-3-1 io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) Generated: io.netty.util.internal.__matchers__.java.lang.CharSequenceMatcher 
2017-03-01 16:59:12,499 DEBUG nioEventLoopGroup-3-1 io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.recycler.maxCapacity.default: 32768 
2017-03-01 16:59:12,499 DEBUG nioEventLoopGroup-3-1 io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.recycler.maxSharedCapacityFactor: 2 
2017-03-01 16:59:12,499 DEBUG nioEventLoopGroup-3-1 io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.recycler.linkCapacity: 16 
2017-03-01 16:59:12,499 DEBUG nioEventLoopGroup-3-1 io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.recycler.ratio: 8 
2017-03-01 16:59:12,508 DEBUG nioEventLoopGroup-3-1 io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:81) -Dio.netty.buffer.bytebuf.checkAccessible: true 
2017-03-01 16:59:12,511 DEBUG nioEventLoopGroup-3-1 io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:81) -Dio.netty.leakDetection.level: simple 
2017-03-01 16:59:12,511 DEBUG nioEventLoopGroup-3-1 io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:81) -Dio.netty.leakDetection.maxRecords: 4 
2017-03-01 16:59:12,512 DEBUG nioEventLoopGroup-3-1 io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) Loaded default ResourceLeakDetector: io.netty.util.ResourceLeakDetector@126fb57 
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 for TLSv1.1
nioEventLoopGroup-3-1, READ: TLSv1.2 Handshake, length = 148
*** ClientHello, TLSv1.2
RandomCookie:  GMT: 1471516000 bytes = { 32, 55, 190, 89, 9, 233, 246, 225, 255, 239, 170, 88, 191, 7, 37, 181, 189, 144, 28, 119, 104, 54, 108, 221, 201, 125, 0, 240 }
Session ID:  {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA]
Compression Methods:  { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA
Extension renegotiation_info, renegotiated_connection: <empty>
***
%% Initialized:  [Session-1, SSL_NULL_WITH_NULL_NULL]
matching alias: securechat
%% Negotiating:  [Session-1, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]
*** ServerHello, TLSv1.2
RandomCookie:  GMT: 1471516000 bytes = { 147, 0, 63, 42, 231, 63, 161, 134, 104, 126, 153, 154, 147, 158, 67, 10, 113, 145, 53, 170, 165, 215, 245, 106, 10, 77, 25, 220 }
Session ID:  {88, 182, 141, 96, 61, 18, 149, 189, 209, 109, 4, 54, 134, 200, 176, 55, 72, 246, 251, 155, 123, 130, 69, 249, 113, 96, 255, 242, 113, 68, 131, 37}
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
***
Cipher suite:  TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
*** Certificate chain
chain [0] = [
[
  Version: V3
  Subject: CN=localhost
  Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11

  Key:  Sun RSA public key, 2048 bits
  modulus: 16749831635845125300898772810786851962757363576072630669848767625637449355190291171636880157484930405557737101798725595100430512588580403204298548884735410384206917161679097599345159927427558542606064509105209846308030792251873943022902050593801106402817832005445069333234562380602120679753904732125823381819786751986001753681225980680975385070899047009745899018543699824244522514977436255058760370815937546831611107298564630598608071740306664876690231081590657266029010190622338287792826180634476290558945799344550265622949291069523942227675708770661630527667572593691572695780386271863506537334127274891842041316241
  public exponent: 65537
  Validity: [From: Wed Mar 01 12:48:48 CST 2017,
               To: Thu Mar 01 12:48:48 CST 2018]
  Issuer: CN=localhost
  SerialNumber: [    78384348]

Certificate Extensions: 1
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 9B 96 0D 50 4A 5E AF 3D   56 25 9C A5 69 C1 3E CC  ...PJ^.=V%..i.>.
0010: 32 85 0D A8                                        2...
]
]

]
  Algorithm: [SHA256withRSA]
  Signature:
0000: 06 75 9F E1 A1 60 22 F9   2A 62 A7 71 42 D5 05 B7  .u...`".*b.qB...
0010: FF CB 2C C9 2D 03 D9 34   37 04 61 F0 C3 5D DF 23  ..,.-..47.a..].#
0020: B8 6C 72 3D 8E 60 CC 13   6E 66 C2 3A 81 E9 82 A4  .lr=.`..nf.:....
0030: FD BD 05 B7 73 B2 6D 15   09 29 D2 9C 1E C1 C2 95  ....s.m..)......
0040: 8A CA DC C7 E7 0A 64 C6   6E 6A 49 B9 29 77 30 84  ......d.njI.)w0.
0050: 4C 76 01 ED 48 AF 69 06   57 95 D5 AD 0D A9 06 7C  Lv..H.i.W.......
0060: 3C 92 34 C0 DF 6D 12 B0   61 BA 9D 34 E1 60 58 37  <.4..m..a..4.`X7
0070: 26 54 AB C4 83 00 C7 9D   A4 AE 50 2D A5 0F 9C B8  &T........P-....
0080: A3 A7 70 AE 7A FF AE 96   32 EA F0 CB 31 46 96 8C  ..p.z...2...1F..
0090: 68 B5 68 4F 6D 7D 63 8D   02 2D 96 75 12 E7 76 01  h.hOm.c..-.u..v.
00A0: 3F 61 46 E3 B9 7B CE E1   77 EC 87 BE B1 ED 3A 9E  ?aF.....w.....:.
00B0: B9 86 5E 77 EF 95 9B 17   16 EA 65 A9 59 E2 81 79  ..^w......e.Y..y
00C0: 0E BF B0 E5 18 CE 7A 0B   4A A6 19 1F 60 36 74 32  ......z.J...`6t2
00D0: E3 87 57 8A E0 98 87 DE   94 B0 BA A1 17 0F F2 16  ..W.............
00E0: D2 59 76 08 2F 6D 29 63   DA B9 E2 51 80 E9 85 22  .Yv./m)c...Q..."
00F0: B6 02 FD 8A 9B 44 98 57   44 44 65 B4 CC 42 B3 38  .....D.WDDe..B.8

]
***
*** ECDH ServerKeyExchange
Signature Algorithm SHA512withRSA
Server key: Sun EC public key, 256 bits
  public x coord: 45783309125782196590097401233642983782548080213817267914313804415213652148552
  public y coord: 65526260642319495465608974625182597202813481141931905711227094488688262267917
  parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7)
*** ServerHelloDone
nioEventLoopGroup-3-1, WRITE: TLSv1.2 Handshake, length = 1143
nioEventLoopGroup-3-1, called closeOutbound()
nioEventLoopGroup-3-1, closeOutboundInternal()
nioEventLoopGroup-3-1, SEND TLSv1.2 ALERT:  warning, description = close_notify
nioEventLoopGroup-3-1, WRITE: TLSv1.2 Alert, length = 2
nioEventLoopGroup-3-1, called closeInbound()
nioEventLoopGroup-3-1, fatal error: 80: Inbound closed before receiving peer's close_notify: possible truncation attack?
javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?
%% Invalidated:  [Session-1, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]
nioEventLoopGroup-3-1, SEND TLSv1.2 ALERT:  fatal, description = internal_error
nioEventLoopGroup-3-1, Exception sending alert: java.io.IOException: writer side was already closed.
Using SSLEngineImpl.
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 for TLSv1.1
nioEventLoopGroup-3-2, READ: TLSv1.2 Handshake, length = 148
*** ClientHello, TLSv1.2
RandomCookie:  GMT: 1471516158 bytes = { 167, 193, 171, 47, 42, 194, 255, 246, 58, 202, 31, 31, 150, 41, 112, 19, 56, 230, 43, 26, 198, 72, 239, 85, 51, 202, 56, 87 }
Session ID:  {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA]
Compression Methods:  { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA
Extension renegotiation_info, renegotiated_connection: <empty>
***
%% Initialized:  [Session-2, SSL_NULL_WITH_NULL_NULL]
%% Negotiating:  [Session-2, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]
*** ServerHello, TLSv1.2
RandomCookie:  GMT: 1471516158 bytes = { 225, 28, 98, 64, 232, 67, 45, 65, 94, 10, 83, 229, 159, 109, 169, 98, 91, 229, 47, 135, 236, 43, 144, 219, 107, 17, 204, 141 }
Session ID:  {88, 182, 142, 254, 219, 50, 242, 66, 120, 184, 172, 80, 42, 188, 35, 44, 78, 215, 118, 41, 86, 137, 230, 128, 236, 208, 37, 109, 175, 216, 55, 116}
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
***
Cipher suite:  TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
*** Certificate chain
chain [0] = [
[
  Version: V3
  Subject: CN=localhost
  Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11

  Key:  Sun RSA public key, 2048 bits
  modulus: 16749831635845125300898772810786851962757363576072630669848767625637449355190291171636880157484930405557737101798725595100430512588580403204298548884735410384206917161679097599345159927427558542606064509105209846308030792251873943022902050593801106402817832005445069333234562380602120679753904732125823381819786751986001753681225980680975385070899047009745899018543699824244522514977436255058760370815937546831611107298564630598608071740306664876690231081590657266029010190622338287792826180634476290558945799344550265622949291069523942227675708770661630527667572593691572695780386271863506537334127274891842041316241
  public exponent: 65537
  Validity: [From: Wed Mar 01 12:48:48 CST 2017,
               To: Thu Mar 01 12:48:48 CST 2018]
  Issuer: CN=localhost
  SerialNumber: [    78384348]

Certificate Extensions: 1
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 9B 96 0D 50 4A 5E AF 3D   56 25 9C A5 69 C1 3E CC  ...PJ^.=V%..i.>.
0010: 32 85 0D A8                                        2...
]
]

]
  Algorithm: [SHA256withRSA]
  Signature:
0000: 06 75 9F E1 A1 60 22 F9   2A 62 A7 71 42 D5 05 B7  .u...`".*b.qB...
0010: FF CB 2C C9 2D 03 D9 34   37 04 61 F0 C3 5D DF 23  ..,.-..47.a..].#
0020: B8 6C 72 3D 8E 60 CC 13   6E 66 C2 3A 81 E9 82 A4  .lr=.`..nf.:....
0030: FD BD 05 B7 73 B2 6D 15   09 29 D2 9C 1E C1 C2 95  ....s.m..)......
0040: 8A CA DC C7 E7 0A 64 C6   6E 6A 49 B9 29 77 30 84  ......d.njI.)w0.
0050: 4C 76 01 ED 48 AF 69 06   57 95 D5 AD 0D A9 06 7C  Lv..H.i.W.......
0060: 3C 92 34 C0 DF 6D 12 B0   61 BA 9D 34 E1 60 58 37  <.4..m..a..4.`X7
0070: 26 54 AB C4 83 00 C7 9D   A4 AE 50 2D A5 0F 9C B8  &T........P-....
0080: A3 A7 70 AE 7A FF AE 96   32 EA F0 CB 31 46 96 8C  ..p.z...2...1F..
0090: 68 B5 68 4F 6D 7D 63 8D   02 2D 96 75 12 E7 76 01  h.hOm.c..-.u..v.
00A0: 3F 61 46 E3 B9 7B CE E1   77 EC 87 BE B1 ED 3A 9E  ?aF.....w.....:.
00B0: B9 86 5E 77 EF 95 9B 17   16 EA 65 A9 59 E2 81 79  ..^w......e.Y..y
00C0: 0E BF B0 E5 18 CE 7A 0B   4A A6 19 1F 60 36 74 32  ......z.J...`6t2
00D0: E3 87 57 8A E0 98 87 DE   94 B0 BA A1 17 0F F2 16  ..W.............
00E0: D2 59 76 08 2F 6D 29 63   DA B9 E2 51 80 E9 85 22  .Yv./m)c...Q..."
00F0: B6 02 FD 8A 9B 44 98 57   44 44 65 B4 CC 42 B3 38  .....D.WDDe..B.8

]
***
*** ECDH ServerKeyExchange
Signature Algorithm SHA512withRSA
Server key: Sun EC public key, 256 bits
  public x coord: 114233216280638678797234809004396039380030438791388296040602616024637536719620
  public y coord: 110080291266543170097998121713571486190642596218532893835681542649150412914178
  parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7)
*** ServerHelloDone
nioEventLoopGroup-3-2, WRITE: TLSv1.2 Handshake, length = 1143
nioEventLoopGroup-3-2, called closeOutbound()
nioEventLoopGroup-3-2, closeOutboundInternal()
nioEventLoopGroup-3-2, SEND TLSv1.2 ALERT:  warning, description = close_notify
nioEventLoopGroup-3-2, WRITE: TLSv1.2 Alert, length = 2
nioEventLoopGroup-3-2, called closeInbound()
nioEventLoopGroup-3-2, fatal error: 80: Inbound closed before receiving peer's close_notify: possible truncation attack?
javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?
%% Invalidated:  [Session-2, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]
nioEventLoopGroup-3-2, SEND TLSv1.2 ALERT:  fatal, description = internal_error
nioEventLoopGroup-3-2, Exception sending alert: java.io.IOException: writer side was already closed.
Using SSLEngineImpl.
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 for TLSv1.1
nioEventLoopGroup-3-3, READ: TLSv1.2 Handshake, length = 148
*** ClientHello, TLSv1.2
RandomCookie:  GMT: 1471516452 bytes = { 237, 187, 82, 91, 200, 7, 61, 71, 82, 178, 205, 207, 108, 250, 33, 173, 184, 223, 3, 82, 252, 218, 141, 48, 2, 71, 188, 102 }
Session ID:  {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA]
Compression Methods:  { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA
Extension renegotiation_info, renegotiated_connection: <empty>
***
%% Initialized:  [Session-3, SSL_NULL_WITH_NULL_NULL]
%% Negotiating:  [Session-3, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]
*** ServerHello, TLSv1.2
RandomCookie:  GMT: 1471516452 bytes = { 14, 55, 87, 5, 89, 3, 195, 149, 250, 180, 66, 198, 7, 172, 218, 170, 175, 155, 44, 194, 60, 137, 241, 117, 88, 247, 255, 235 }
Session ID:  {88, 182, 143, 36, 96, 33, 152, 86, 72, 24, 163, 107, 195, 146, 90, 73, 187, 97, 199, 129, 86, 151, 226, 63, 230, 119, 127, 245, 55, 56, 96, 156}
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
***
Cipher suite:  TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
*** Certificate chain
chain [0] = [
[
  Version: V3
  Subject: CN=localhost
  Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11

  Key:  Sun RSA public key, 2048 bits
  modulus: 16749831635845125300898772810786851962757363576072630669848767625637449355190291171636880157484930405557737101798725595100430512588580403204298548884735410384206917161679097599345159927427558542606064509105209846308030792251873943022902050593801106402817832005445069333234562380602120679753904732125823381819786751986001753681225980680975385070899047009745899018543699824244522514977436255058760370815937546831611107298564630598608071740306664876690231081590657266029010190622338287792826180634476290558945799344550265622949291069523942227675708770661630527667572593691572695780386271863506537334127274891842041316241
  public exponent: 65537
  Validity: [From: Wed Mar 01 12:48:48 CST 2017,
               To: Thu Mar 01 12:48:48 CST 2018]
  Issuer: CN=localhost
  SerialNumber: [    78384348]

Certificate Extensions: 1
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 9B 96 0D 50 4A 5E AF 3D   56 25 9C A5 69 C1 3E CC  ...PJ^.=V%..i.>.
0010: 32 85 0D A8                                        2...
]
]

]
  Algorithm: [SHA256withRSA]
  Signature:
0000: 06 75 9F E1 A1 60 22 F9   2A 62 A7 71 42 D5 05 B7  .u...`".*b.qB...
0010: FF CB 2C C9 2D 03 D9 34   37 04 61 F0 C3 5D DF 23  ..,.-..47.a..].#
0020: B8 6C 72 3D 8E 60 CC 13   6E 66 C2 3A 81 E9 82 A4  .lr=.`..nf.:....
0030: FD BD 05 B7 73 B2 6D 15   09 29 D2 9C 1E C1 C2 95  ....s.m..)......
0040: 8A CA DC C7 E7 0A 64 C6   6E 6A 49 B9 29 77 30 84  ......d.njI.)w0.
0050: 4C 76 01 ED 48 AF 69 06   57 95 D5 AD 0D A9 06 7C  Lv..H.i.W.......
0060: 3C 92 34 C0 DF 6D 12 B0   61 BA 9D 34 E1 60 58 37  <.4..m..a..4.`X7
0070: 26 54 AB C4 83 00 C7 9D   A4 AE 50 2D A5 0F 9C B8  &T........P-....
0080: A3 A7 70 AE 7A FF AE 96   32 EA F0 CB 31 46 96 8C  ..p.z...2...1F..
0090: 68 B5 68 4F 6D 7D 63 8D   02 2D 96 75 12 E7 76 01  h.hOm.c..-.u..v.
00A0: 3F 61 46 E3 B9 7B CE E1   77 EC 87 BE B1 ED 3A 9E  ?aF.....w.....:.
00B0: B9 86 5E 77 EF 95 9B 17   16 EA 65 A9 59 E2 81 79  ..^w......e.Y..y
00C0: 0E BF B0 E5 18 CE 7A 0B   4A A6 19 1F 60 36 74 32  ......z.J...`6t2
00D0: E3 87 57 8A E0 98 87 DE   94 B0 BA A1 17 0F F2 16  ..W.............
00E0: D2 59 76 08 2F 6D 29 63   DA B9 E2 51 80 E9 85 22  .Yv./m)c...Q..."
00F0: B6 02 FD 8A 9B 44 98 57   44 44 65 B4 CC 42 B3 38  .....D.WDDe..B.8

]
***
*** ECDH ServerKeyExchange
Signature Algorithm SHA512withRSA
Server key: Sun EC public key, 256 bits
  public x coord: 109645440307038020256653425962553169171738745287384973361922939472718475813848
  public y coord: 105760912478839375803890461571035182727525828359059575720370074390248840995205
  parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7)
*** ServerHelloDone
nioEventLoopGroup-3-3, WRITE: TLSv1.2 Handshake, length = 1143
nioEventLoopGroup-3-3, called closeOutbound()
nioEventLoopGroup-3-3, closeOutboundInternal()
nioEventLoopGroup-3-3, SEND TLSv1.2 ALERT:  warning, description = close_notify
nioEventLoopGroup-3-3, WRITE: TLSv1.2 Alert, length = 2
nioEventLoopGroup-3-3, called closeInbound()
nioEventLoopGroup-3-3, fatal error: 80: Inbound closed before receiving peer's close_notify: possible truncation attack?
javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?
%% Invalidated:  [Session-3, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]
nioEventLoopGroup-3-3, SEND TLSv1.2 ALERT:  fatal, description = internal_error
nioEventLoopGroup-3-3, Exception sending alert: java.io.IOException: writer side was already closed.
Using SSLEngineImpl.
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 for TLSv1.1
nioEventLoopGroup-3-4, READ: TLSv1.2 Handshake, length = 148
*** ClientHello, TLSv1.2
RandomCookie:  GMT: 1471516476 bytes = { 63, 165, 71, 40, 13, 242, 29, 41, 222, 89, 149, 77, 209, 129, 61, 188, 141, 85, 80, 89, 245, 122, 98, 214, 223, 92, 114, 175 }
Session ID:  {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA]
Compression Methods:  { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA
Extension renegotiation_info, renegotiated_connection: <empty>
***
%% Initialized:  [Session-4, SSL_NULL_WITH_NULL_NULL]
%% Negotiating:  [Session-4, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]
*** ServerHello, TLSv1.2
RandomCookie:  GMT: 1471516476 bytes = { 255, 101, 93, 2, 236, 207, 206, 10, 197, 98, 160, 47, 253, 171, 67, 186, 251, 145, 57, 135, 38, 26, 30, 65, 208, 21, 11, 124 }
Session ID:  {88, 182, 143, 60, 129, 146, 156, 29, 192, 93, 106, 135, 136, 153, 195, 98, 236, 81, 194, 11, 182, 9, 130, 112, 177, 196, 196, 85, 7, 254, 113, 7}
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
***
Cipher suite:  TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
*** Certificate chain
chain [0] = [
[
  Version: V3
  Subject: CN=localhost
  Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11

  Key:  Sun RSA public key, 2048 bits
  modulus: 16749831635845125300898772810786851962757363576072630669848767625637449355190291171636880157484930405557737101798725595100430512588580403204298548884735410384206917161679097599345159927427558542606064509105209846308030792251873943022902050593801106402817832005445069333234562380602120679753904732125823381819786751986001753681225980680975385070899047009745899018543699824244522514977436255058760370815937546831611107298564630598608071740306664876690231081590657266029010190622338287792826180634476290558945799344550265622949291069523942227675708770661630527667572593691572695780386271863506537334127274891842041316241
  public exponent: 65537
  Validity: [From: Wed Mar 01 12:48:48 CST 2017,
               To: Thu Mar 01 12:48:48 CST 2018]
  Issuer: CN=localhost
  SerialNumber: [    78384348]

Certificate Extensions: 1
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 9B 96 0D 50 4A 5E AF 3D   56 25 9C A5 69 C1 3E CC  ...PJ^.=V%..i.>.
0010: 32 85 0D A8                                        2...
]
]

]
  Algorithm: [SHA256withRSA]
  Signature:
0000: 06 75 9F E1 A1 60 22 F9   2A 62 A7 71 42 D5 05 B7  .u...`".*b.qB...
0010: FF CB 2C C9 2D 03 D9 34   37 04 61 F0 C3 5D DF 23  ..,.-..47.a..].#
0020: B8 6C 72 3D 8E 60 CC 13   6E 66 C2 3A 81 E9 82 A4  .lr=.`..nf.:....
0030: FD BD 05 B7 73 B2 6D 15   09 29 D2 9C 1E C1 C2 95  ....s.m..)......
0040: 8A CA DC C7 E7 0A 64 C6   6E 6A 49 B9 29 77 30 84  ......d.njI.)w0.
0050: 4C 76 01 ED 48 AF 69 06   57 95 D5 AD 0D A9 06 7C  Lv..H.i.W.......
0060: 3C 92 34 C0 DF 6D 12 B0   61 BA 9D 34 E1 60 58 37  <.4..m..a..4.`X7
0070: 26 54 AB C4 83 00 C7 9D   A4 AE 50 2D A5 0F 9C B8  &T........P-....
0080: A3 A7 70 AE 7A FF AE 96   32 EA F0 CB 31 46 96 8C  ..p.z...2...1F..
0090: 68 B5 68 4F 6D 7D 63 8D   02 2D 96 75 12 E7 76 01  h.hOm.c..-.u..v.
00A0: 3F 61 46 E3 B9 7B CE E1   77 EC 87 BE B1 ED 3A 9E  ?aF.....w.....:.
00B0: B9 86 5E 77 EF 95 9B 17   16 EA 65 A9 59 E2 81 79  ..^w......e.Y..y
00C0: 0E BF B0 E5 18 CE 7A 0B   4A A6 19 1F 60 36 74 32  ......z.J...`6t2
00D0: E3 87 57 8A E0 98 87 DE   94 B0 BA A1 17 0F F2 16  ..W.............
00E0: D2 59 76 08 2F 6D 29 63   DA B9 E2 51 80 E9 85 22  .Yv./m)c...Q..."
00F0: B6 02 FD 8A 9B 44 98 57   44 44 65 B4 CC 42 B3 38  .....D.WDDe..B.8

]
***
*** ECDH ServerKeyExchange
Signature Algorithm SHA512withRSA
Server key: Sun EC public key, 256 bits
  public x coord: 92694630830997912533451060743025525319716847165257493278914158902912199372558
  public y coord: 20695720232376677011482059963801818244638973623500456869553215867954790837495
  parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7)
*** ServerHelloDone
nioEventLoopGroup-3-4, WRITE: TLSv1.2 Handshake, length = 1143
nioEventLoopGroup-3-4, READ: TLSv1.2 Handshake, length = 70
*** ECDHClientKeyExchange
ECDH Public value:  { 4, 254, 138, 252, 110, 122, 74, 139, 200, 247, 79, 194, 24, 120, 32, 240, 118, 233, 118, 75, 51, 240, 4, 62, 236, 58, 17, 254, 145, 35, 30, 202, 160, 145, 144, 15, 61, 239, 24, 189, 68, 89, 62, 8, 54, 207, 165, 41, 8, 181, 48, 83, 8, 136, 43, 132, 148, 99, 11, 111, 57, 19, 146, 200, 69 }
SESSION KEYGEN:
PreMaster Secret:
0000: 9C B2 1A 57 E3 20 3F 36   66 74 F3 5F 78 D5 D7 83  ...W. ?6ft._x...
0010: A8 83 70 67 1D 34 97 48   DC B2 AD E0 C4 13 B4 09  ..pg.4.H........
CONNECTION KEYGEN:
Client Nonce:
0000: 58 B6 8F 3C 3F A5 47 28   0D F2 1D 29 DE 59 95 4D  X..<?.G(...).Y.M
0010: D1 81 3D BC 8D 55 50 59   F5 7A 62 D6 DF 5C 72 AF  ..=..UPY.zb..\r.
Server Nonce:
0000: 58 B6 8F 3C FF 65 5D 02   EC CF CE 0A C5 62 A0 2F  X..<.e]......b./
0010: FD AB 43 BA FB 91 39 87   26 1A 1E 41 D0 15 0B 7C  ..C...9.&..A....
Master Secret:
0000: 05 94 34 F6 F8 11 EA 3C   BC 2C 42 1B 01 18 BB A5  ..4....<.,B.....
0010: F8 B2 20 3A 0E 6A F3 2B   44 3B A2 7E 69 75 29 EB  .. :.j.+D;..iu).
0020: 9B 79 4C 47 84 3F DB 98   E6 9E 1C 93 61 28 4B D9  .yLG.?......a(K.
... no MAC keys used for this cipher
Client write key:
0000: 33 05 30 AE 87 47 F1 7B   6D 65 A4 F3 B4 3A F6 8E  3.0..G..me...:..
Server write key:
0000: 09 D2 14 BF 20 A6 7E F5   4F 7E 84 7E AA D6 C8 C2  .... ...O.......
Client write IV:
0000: DA 19 3D 10                                        ..=.
Server write IV:
0000: 44 F8 F9 29                                        D..)
nioEventLoopGroup-3-4, READ: TLSv1.2 Change Cipher Spec, length = 1
nioEventLoopGroup-3-4, READ: TLSv1.2 Handshake, length = 40
*** Finished
verify_data:  { 226, 7, 226, 20, 207, 227, 210, 82, 103, 19, 86, 220 }
***
nioEventLoopGroup-3-4, WRITE: TLSv1.2 Change Cipher Spec, length = 1
*** Finished
verify_data:  { 205, 104, 14, 189, 189, 114, 27, 59, 81, 95, 17, 0 }
***
nioEventLoopGroup-3-4, WRITE: TLSv1.2 Handshake, length = 40
%% Cached server session: [Session-4, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]
2017-03-01 17:07:08,561 DEBUG nioEventLoopGroup-3-4 io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:81) [id: 0xb4a93c68, L:/127.0.0.1:9912 - R:/127.0.0.1:30704] HANDSHAKEN: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 
ssh over tcp test
2017-03-01 17:07:27,211 ERROR nioEventLoopGroup-3-4 com.ld.net.spider.server.SpiderServerBusiHandler.exceptionCaught(SpiderServerBusiHandler.java:38) channel /127.0.0.1:30704 exception: 
java.io.IOException: Զ������ǿ�ȹر���һ�����е����ӡ�
	at sun.nio.ch.SocketDispatcher.read0(Native Method)
	at sun.nio.ch.SocketDispatcher.read(SocketDispatcher.java:43)
	at sun.nio.ch.IOUtil.readIntoNativeBuffer(IOUtil.java:223)
	at sun.nio.ch.IOUtil.read(IOUtil.java:192)
	at sun.nio.ch.SocketChannelImpl.read(SocketChannelImpl.java:380)
	at io.netty.buffer.PooledUnsafeDirectByteBuf.setBytes(PooledUnsafeDirectByteBuf.java:221)
	at io.netty.buffer.AbstractByteBuf.writeBytes(AbstractByteBuf.java:899)
	at io.netty.channel.socket.nio.NioSocketChannel.doReadBytes(NioSocketChannel.java:275)
	at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:119)
	at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:652)
	at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:575)
	at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:489)
	at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:451)
	at io.netty.util.concurrent.SingleThreadEventExecutor$2.run(SingleThreadEventExecutor.java:140)
	at io.netty.util.concurrent.DefaultThreadFactory$DefaultRunnableDecorator.run(DefaultThreadFactory.java:144)
	at java.lang.Thread.run(Thread.java:745)
nioEventLoopGroup-3-4, called closeOutbound()
nioEventLoopGroup-3-4, closeOutboundInternal()
nioEventLoopGroup-3-4, SEND TLSv1.2 ALERT:  warning, description = close_notify
nioEventLoopGroup-3-4, WRITE: TLSv1.2 Alert, length = 26
nioEventLoopGroup-3-4, called closeOutbound()
nioEventLoopGroup-3-4, closeOutboundInternal()
Using SSLEngineImpl.
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 for TLSv1.1
nioEventLoopGroup-3-5, READ: TLSv1.2 Handshake, length = 148
*** ClientHello, TLSv1.2
RandomCookie:  GMT: 1471516504 bytes = { 174, 125, 52, 145, 247, 71, 23, 3, 4, 3, 213, 123, 250, 134, 8, 166, 179, 114, 170, 160, 175, 48, 222, 242, 143, 119, 195, 201 }
Session ID:  {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA]
Compression Methods:  { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA
Extension renegotiation_info, renegotiated_connection: <empty>
***
%% Initialized:  [Session-5, SSL_NULL_WITH_NULL_NULL]
%% Negotiating:  [Session-5, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]
*** ServerHello, TLSv1.2
RandomCookie:  GMT: 1471516504 bytes = { 41, 134, 164, 168, 204, 30, 159, 147, 192, 42, 191, 140, 191, 206, 1, 255, 214, 212, 5, 9, 109, 157, 235, 29, 198, 198, 7, 159 }
Session ID:  {88, 182, 143, 88, 250, 213, 187, 121, 114, 188, 118, 213, 99, 83, 219, 241, 240, 134, 184, 211, 15, 18, 198, 254, 90, 144, 112, 27, 199, 87, 241, 197}
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
***
Cipher suite:  TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
*** Certificate chain
chain [0] = [
[
  Version: V3
  Subject: CN=localhost
  Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11

  Key:  Sun RSA public key, 2048 bits
  modulus: 16749831635845125300898772810786851962757363576072630669848767625637449355190291171636880157484930405557737101798725595100430512588580403204298548884735410384206917161679097599345159927427558542606064509105209846308030792251873943022902050593801106402817832005445069333234562380602120679753904732125823381819786751986001753681225980680975385070899047009745899018543699824244522514977436255058760370815937546831611107298564630598608071740306664876690231081590657266029010190622338287792826180634476290558945799344550265622949291069523942227675708770661630527667572593691572695780386271863506537334127274891842041316241
  public exponent: 65537
  Validity: [From: Wed Mar 01 12:48:48 CST 2017,
               To: Thu Mar 01 12:48:48 CST 2018]
  Issuer: CN=localhost
  SerialNumber: [    78384348]

Certificate Extensions: 1
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 9B 96 0D 50 4A 5E AF 3D   56 25 9C A5 69 C1 3E CC  ...PJ^.=V%..i.>.
0010: 32 85 0D A8                                        2...
]
]

]
  Algorithm: [SHA256withRSA]
  Signature:
0000: 06 75 9F E1 A1 60 22 F9   2A 62 A7 71 42 D5 05 B7  .u...`".*b.qB...
0010: FF CB 2C C9 2D 03 D9 34   37 04 61 F0 C3 5D DF 23  ..,.-..47.a..].#
0020: B8 6C 72 3D 8E 60 CC 13   6E 66 C2 3A 81 E9 82 A4  .lr=.`..nf.:....
0030: FD BD 05 B7 73 B2 6D 15   09 29 D2 9C 1E C1 C2 95  ....s.m..)......
0040: 8A CA DC C7 E7 0A 64 C6   6E 6A 49 B9 29 77 30 84  ......d.njI.)w0.
0050: 4C 76 01 ED 48 AF 69 06   57 95 D5 AD 0D A9 06 7C  Lv..H.i.W.......
0060: 3C 92 34 C0 DF 6D 12 B0   61 BA 9D 34 E1 60 58 37  <.4..m..a..4.`X7
0070: 26 54 AB C4 83 00 C7 9D   A4 AE 50 2D A5 0F 9C B8  &T........P-....
0080: A3 A7 70 AE 7A FF AE 96   32 EA F0 CB 31 46 96 8C  ..p.z...2...1F..
0090: 68 B5 68 4F 6D 7D 63 8D   02 2D 96 75 12 E7 76 01  h.hOm.c..-.u..v.
00A0: 3F 61 46 E3 B9 7B CE E1   77 EC 87 BE B1 ED 3A 9E  ?aF.....w.....:.
00B0: B9 86 5E 77 EF 95 9B 17   16 EA 65 A9 59 E2 81 79  ..^w......e.Y..y
00C0: 0E BF B0 E5 18 CE 7A 0B   4A A6 19 1F 60 36 74 32  ......z.J...`6t2
00D0: E3 87 57 8A E0 98 87 DE   94 B0 BA A1 17 0F F2 16  ..W.............
00E0: D2 59 76 08 2F 6D 29 63   DA B9 E2 51 80 E9 85 22  .Yv./m)c...Q..."
00F0: B6 02 FD 8A 9B 44 98 57   44 44 65 B4 CC 42 B3 38  .....D.WDDe..B.8

]
***
*** ECDH ServerKeyExchange
Signature Algorithm SHA512withRSA
Server key: Sun EC public key, 256 bits
  public x coord: 44848125480595565086468434811987008038751117904620875939380476192930647570684
  public y coord: 91928601943159748898641362622238630449355378548862176004876836507039857054799
  parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7)
*** ServerHelloDone
nioEventLoopGroup-3-5, WRITE: TLSv1.2 Handshake, length = 1143
nioEventLoopGroup-3-5, READ: TLSv1.2 Handshake, length = 70
*** ECDHClientKeyExchange
ECDH Public value:  { 4, 34, 157, 214, 211, 201, 139, 82, 242, 150, 73, 110, 74, 164, 137, 194, 40, 40, 166, 7, 43, 126, 202, 127, 42, 82, 110, 241, 239, 122, 242, 77, 162, 78, 118, 103, 193, 142, 21, 162, 76, 4, 10, 232, 219, 251, 149, 182, 163, 18, 114, 23, 105, 22, 217, 206, 248, 83, 75, 114, 119, 11, 30, 30, 176 }
SESSION KEYGEN:
PreMaster Secret:
0000: 4E 10 4A 8A 74 53 55 E3   35 9F 13 95 0E 1D 5B 66  N.J.tSU.5.....[f
0010: 77 42 07 47 5F 7F 8B DF   29 A1 8B B0 02 02 26 E7  wB.G_...).....&.
CONNECTION KEYGEN:
Client Nonce:
0000: 58 B6 8F 58 AE 7D 34 91   F7 47 17 03 04 03 D5 7B  X..X..4..G......
0010: FA 86 08 A6 B3 72 AA A0   AF 30 DE F2 8F 77 C3 C9  .....r...0...w..
Server Nonce:
0000: 58 B6 8F 58 29 86 A4 A8   CC 1E 9F 93 C0 2A BF 8C  X..X)........*..
0010: BF CE 01 FF D6 D4 05 09   6D 9D EB 1D C6 C6 07 9F  ........m.......
Master Secret:
0000: 92 EC 71 CE 2A 74 16 07   E3 4A A9 77 F3 B9 90 D2  ..q.*t...J.w....
0010: 4F A1 32 EA 0C E5 C2 BF   5E 2D 8E 8B CB 7D BB E6  O.2.....^-......
0020: 81 13 A1 0C 32 EA B4 D1   AE 40 D4 8A 8D 8A C1 E8  ....2....@......
... no MAC keys used for this cipher
Client write key:
0000: B6 55 2C A4 6F 19 50 F9   A6 20 79 C5 7A 00 10 08  .U,.o.P.. y.z...
Server write key:
0000: A3 D5 C0 BB E2 CA F5 06   E8 58 BA DF 9E 08 7B 47  .........X.....G
Client write IV:
0000: 88 69 60 A6                                        .i`.
Server write IV:
0000: 5D 7B A0 13                                        ]...
nioEventLoopGroup-3-5, READ: TLSv1.2 Change Cipher Spec, length = 1
nioEventLoopGroup-3-5, READ: TLSv1.2 Handshake, length = 40
*** Finished
verify_data:  { 97, 80, 202, 95, 247, 61, 122, 118, 62, 254, 85, 29 }
***
nioEventLoopGroup-3-5, WRITE: TLSv1.2 Change Cipher Spec, length = 1
*** Finished
verify_data:  { 40, 58, 134, 125, 120, 238, 232, 133, 170, 46, 145, 211 }
***
nioEventLoopGroup-3-5, WRITE: TLSv1.2 Handshake, length = 40
%% Cached server session: [Session-5, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]
2017-03-01 17:07:36,493 DEBUG nioEventLoopGroup-3-5 io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:81) [id: 0x6db757fe, L:/127.0.0.1:9912 - R:/127.0.0.1:30749] HANDSHAKEN: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 
ssh over tcp test
2017-03-01 17:10:39,545 ERROR nioEventLoopGroup-3-5 com.ld.net.spider.server.SpiderServerBusiHandler.exceptionCaught(SpiderServerBusiHandler.java:38) channel /127.0.0.1:30749 exception: 
java.io.IOException: Զ������ǿ�ȹر���һ�����е����ӡ�
	at sun.nio.ch.SocketDispatcher.read0(Native Method)
	at sun.nio.ch.SocketDispatcher.read(SocketDispatcher.java:43)
	at sun.nio.ch.IOUtil.readIntoNativeBuffer(IOUtil.java:223)
	at sun.nio.ch.IOUtil.read(IOUtil.java:192)
	at sun.nio.ch.SocketChannelImpl.read(SocketChannelImpl.java:380)
	at io.netty.buffer.PooledUnsafeDirectByteBuf.setBytes(PooledUnsafeDirectByteBuf.java:221)
	at io.netty.buffer.AbstractByteBuf.writeBytes(AbstractByteBuf.java:899)
	at io.netty.channel.socket.nio.NioSocketChannel.doReadBytes(NioSocketChannel.java:275)
	at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:119)
	at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:652)
	at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:575)
	at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:489)
	at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:451)
	at io.netty.util.concurrent.SingleThreadEventExecutor$2.run(SingleThreadEventExecutor.java:140)
	at io.netty.util.concurrent.DefaultThreadFactory$DefaultRunnableDecorator.run(DefaultThreadFactory.java:144)
	at java.lang.Thread.run(Thread.java:745)
nioEventLoopGroup-3-5, called closeOutbound()
nioEventLoopGroup-3-5, closeOutboundInternal()
nioEventLoopGroup-3-5, SEND TLSv1.2 ALERT:  warning, description = close_notify
nioEventLoopGroup-3-5, WRITE: TLSv1.2 Alert, length = 26
nioEventLoopGroup-3-5, called closeOutbound()
nioEventLoopGroup-3-5, closeOutboundInternal()
Using SSLEngineImpl.
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 for TLSv1.1
nioEventLoopGroup-3-6, READ: TLSv1.2 Handshake, length = 148
*** ClientHello, TLSv1.2
RandomCookie:  GMT: 1471516695 bytes = { 24, 187, 217, 214, 140, 214, 114, 66, 240, 143, 250, 47, 51, 163, 181, 87, 218, 240, 112, 132, 18, 214, 172, 223, 186, 16, 79, 53 }
Session ID:  {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA]
Compression Methods:  { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA
Extension renegotiation_info, renegotiated_connection: <empty>
***
%% Initialized:  [Session-6, SSL_NULL_WITH_NULL_NULL]
%% Negotiating:  [Session-6, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]
*** ServerHello, TLSv1.2
RandomCookie:  GMT: 1471516695 bytes = { 222, 75, 242, 116, 63, 236, 213, 10, 170, 72, 227, 166, 210, 107, 119, 123, 192, 138, 77, 244, 44, 108, 180, 115, 67, 55, 73, 153 }
Session ID:  {88, 182, 144, 23, 48, 147, 150, 107, 2, 43, 100, 77, 218, 52, 13, 108, 73, 114, 159, 168, 67, 166, 136, 157, 87, 142, 140, 130, 7, 80, 12, 219}
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
***
Cipher suite:  TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
*** Certificate chain
chain [0] = [
[
  Version: V3
  Subject: CN=localhost
  Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11

  Key:  Sun RSA public key, 2048 bits
  modulus: 16749831635845125300898772810786851962757363576072630669848767625637449355190291171636880157484930405557737101798725595100430512588580403204298548884735410384206917161679097599345159927427558542606064509105209846308030792251873943022902050593801106402817832005445069333234562380602120679753904732125823381819786751986001753681225980680975385070899047009745899018543699824244522514977436255058760370815937546831611107298564630598608071740306664876690231081590657266029010190622338287792826180634476290558945799344550265622949291069523942227675708770661630527667572593691572695780386271863506537334127274891842041316241
  public exponent: 65537
  Validity: [From: Wed Mar 01 12:48:48 CST 2017,
               To: Thu Mar 01 12:48:48 CST 2018]
  Issuer: CN=localhost
  SerialNumber: [    78384348]

Certificate Extensions: 1
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 9B 96 0D 50 4A 5E AF 3D   56 25 9C A5 69 C1 3E CC  ...PJ^.=V%..i.>.
0010: 32 85 0D A8                                        2...
]
]

]
  Algorithm: [SHA256withRSA]
  Signature:
0000: 06 75 9F E1 A1 60 22 F9   2A 62 A7 71 42 D5 05 B7  .u...`".*b.qB...
0010: FF CB 2C C9 2D 03 D9 34   37 04 61 F0 C3 5D DF 23  ..,.-..47.a..].#
0020: B8 6C 72 3D 8E 60 CC 13   6E 66 C2 3A 81 E9 82 A4  .lr=.`..nf.:....
0030: FD BD 05 B7 73 B2 6D 15   09 29 D2 9C 1E C1 C2 95  ....s.m..)......
0040: 8A CA DC C7 E7 0A 64 C6   6E 6A 49 B9 29 77 30 84  ......d.njI.)w0.
0050: 4C 76 01 ED 48 AF 69 06   57 95 D5 AD 0D A9 06 7C  Lv..H.i.W.......
0060: 3C 92 34 C0 DF 6D 12 B0   61 BA 9D 34 E1 60 58 37  <.4..m..a..4.`X7
0070: 26 54 AB C4 83 00 C7 9D   A4 AE 50 2D A5 0F 9C B8  &T........P-....
0080: A3 A7 70 AE 7A FF AE 96   32 EA F0 CB 31 46 96 8C  ..p.z...2...1F..
0090: 68 B5 68 4F 6D 7D 63 8D   02 2D 96 75 12 E7 76 01  h.hOm.c..-.u..v.
00A0: 3F 61 46 E3 B9 7B CE E1   77 EC 87 BE B1 ED 3A 9E  ?aF.....w.....:.
00B0: B9 86 5E 77 EF 95 9B 17   16 EA 65 A9 59 E2 81 79  ..^w......e.Y..y
00C0: 0E BF B0 E5 18 CE 7A 0B   4A A6 19 1F 60 36 74 32  ......z.J...`6t2
00D0: E3 87 57 8A E0 98 87 DE   94 B0 BA A1 17 0F F2 16  ..W.............
00E0: D2 59 76 08 2F 6D 29 63   DA B9 E2 51 80 E9 85 22  .Yv./m)c...Q..."
00F0: B6 02 FD 8A 9B 44 98 57   44 44 65 B4 CC 42 B3 38  .....D.WDDe..B.8

]
***
*** ECDH ServerKeyExchange
Signature Algorithm SHA512withRSA
Server key: Sun EC public key, 256 bits
  public x coord: 10331457858785828482875741504897765623739531218694853663080345496025520877996
  public y coord: 87072985023296105834621900228689461936233240867656310759620109797868298186758
  parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7)
*** ServerHelloDone
nioEventLoopGroup-3-6, WRITE: TLSv1.2 Handshake, length = 1143
nioEventLoopGroup-3-6, READ: TLSv1.2 Handshake, length = 70
*** ECDHClientKeyExchange
ECDH Public value:  { 4, 242, 42, 217, 216, 163, 173, 6, 29, 45, 128, 126, 105, 4, 135, 9, 225, 39, 129, 40, 33, 177, 214, 234, 245, 46, 166, 160, 118, 7, 90, 165, 153, 248, 45, 131, 243, 77, 24, 122, 167, 69, 231, 196, 59, 232, 168, 74, 66, 173, 16, 90, 66, 137, 99, 154, 218, 178, 52, 18, 97, 246, 8, 165, 222 }
SESSION KEYGEN:
PreMaster Secret:
0000: 64 2E 66 20 EB 04 53 3A   F1 70 90 BE EC 0D BC A8  d.f ..S:.p......
0010: 88 44 07 D4 A8 69 44 D5   17 3E 9F 36 12 3D FB 68  .D...iD..>.6.=.h
CONNECTION KEYGEN:
Client Nonce:
0000: 58 B6 90 17 18 BB D9 D6   8C D6 72 42 F0 8F FA 2F  X.........rB.../
0010: 33 A3 B5 57 DA F0 70 84   12 D6 AC DF BA 10 4F 35  3..W..p.......O5
Server Nonce:
0000: 58 B6 90 17 DE 4B F2 74   3F EC D5 0A AA 48 E3 A6  X....K.t?....H..
0010: D2 6B 77 7B C0 8A 4D F4   2C 6C B4 73 43 37 49 99  .kw...M.,l.sC7I.
Master Secret:
0000: 99 59 39 A6 38 D9 10 FB   B3 02 DD 82 CC 22 24 02  .Y9.8........"$.
0010: 1A 45 E9 6A 28 23 3B FC   6F 6C DC E1 84 EA DE 71  .E.j(#;.ol.....q
0020: 6D AC 42 48 76 06 07 20   AD F3 7E 59 FA F6 30 5E  m.BHv.. ...Y..0^
... no MAC keys used for this cipher
Client write key:
0000: E9 4C D9 C0 D5 D1 4A 0A   E4 82 C9 B6 D3 93 19 B0  .L....J.........
Server write key:
0000: 1D 1A 6B 10 52 EF C3 FC   06 8C A2 5E 35 B8 34 76  ..k.R......^5.4v
Client write IV:
0000: F1 D2 36 BD                                        ..6.
Server write IV:
0000: A0 05 91 3A                                        ...:
nioEventLoopGroup-3-6, READ: TLSv1.2 Change Cipher Spec, length = 1
nioEventLoopGroup-3-6, READ: TLSv1.2 Handshake, length = 40
*** Finished
verify_data:  { 188, 100, 155, 18, 18, 132, 204, 180, 111, 0, 116, 167 }
***
nioEventLoopGroup-3-6, WRITE: TLSv1.2 Change Cipher Spec, length = 1
*** Finished
verify_data:  { 49, 222, 223, 97, 94, 74, 95, 196, 241, 38, 54, 38 }
***
nioEventLoopGroup-3-6, WRITE: TLSv1.2 Handshake, length = 40
%% Cached server session: [Session-6, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]
2017-03-01 17:10:47,926 DEBUG nioEventLoopGroup-3-6 io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:81) [id: 0x1b619bff, L:/127.0.0.1:9912 - R:/127.0.0.1:30866] HANDSHAKEN: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 
ssh over tcp test 1
ssh over tcp test 2
ssh over tcp test 3
ssh over tcp test 4
ssh over tcp test 5

客户端日志:2017-03-01 17:10:46,811 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:71) Using SLF4J as the default logging framework 2017-03-01 17:10:46,818 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.eventLoopThreads: 16 

Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA3842017-03-01 17:10:46,841 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:71) java.nio.Buffer.address: available 
2017-03-01 17:10:46,843 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:71) sun.misc.Unsafe.theUnsafe: available 
2017-03-01 17:10:46,844 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:71) sun.misc.Unsafe.copyMemory: available 
2017-03-01 17:10:46,845 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:71) direct buffer constructor: available 
2017-03-01 17:10:46,845 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) java.nio.Bits.unaligned: available, true 
2017-03-01 17:10:46,845 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) java.nio.DirectByteBuffer.<init>(long, int): available 
2017-03-01 17:10:46,846 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) java.nio.ByteBuffer.cleaner(): available 
2017-03-01 17:10:46,847 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:71) Platform: Windows 
2017-03-01 17:10:46,849 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) Java version: 8 
2017-03-01 17:10:46,849 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.noUnsafe: false 
2017-03-01 17:10:46,849 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) sun.misc.Unsafe: available 
2017-03-01 17:10:46,849 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.noJavassist: false 
2017-03-01 17:10:46,951 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:71) Javassist: available 
2017-03-01 17:10:46,952 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.tmpdir: C:\Users\dell\AppData\Local\Temp (java.io.tmpdir) 
2017-03-01 17:10:46,954 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.bitMode: 32 (sun.arch.data.model) 
2017-03-01 17:10:46,954 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.noPreferDirect: false 
2017-03-01 17:10:46,954 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) io.netty.maxDirectMemory: 259522560 bytes 
2017-03-01 17:10:46,976 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.noKeySetOptimization: false 
2017-03-01 17:10:46,976 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.selectorAutoRebuildThreshold: 512 
2017-03-01 17:10:46,980 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:71) org.jctools-core.MpscChunkedArrayQueue: available 
adding as trusted cert:
  Subject: CN=localhost
  Issuer:  CN=localhost
  Algorithm: RSA; Serial number: 0x23c861f
  Valid from Wed Mar 01 12:52:17 CST 2017 until Thu Mar 01 12:52:17 CST 2018

adding as trusted cert:
  Subject: CN=localhost
  Issuer:  CN=localhost
  Algorithm: RSA; Serial number: 0x78384348
  Valid from Wed Mar 01 12:48:48 CST 2017 until Thu Mar 01 12:48:48 CST 2018

2017-03-01 17:10:47,275 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:71) netty-tcnative not in the classpath; OpenSslEngine will be unavailable. 
trustStore is: C:\Java\jdk1.8.0_102\jre\lib\security\cacerts
trustStore type is : jks
trustStore provider is : 
init truststore
adding as trusted cert:
  Subject: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US
  Issuer:  CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US
  Algorithm: RSA; Serial number: 0xc3517
  Valid from Mon Jun 21 12:00:00 CST 1999 until Mon Jun 22 12:00:00 CST 2020

adding as trusted cert:
  Subject: CN=SecureTrust CA, O=SecureTrust Corporation, C=US
  Issuer:  CN=SecureTrust CA, O=SecureTrust Corporation, C=US
  Algorithm: RSA; Serial number: 0xcf08e5c0816a5ad427ff0eb271859d0
  Valid from Wed Nov 08 03:31:18 CST 2006 until Tue Jan 01 03:40:55 CST 2030

adding as trusted cert:
  Subject: CN=Entrust Root Certification Authority - EC1, OU="(c) 2012 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US
  Issuer:  CN=Entrust Root Certification Authority - EC1, OU="(c) 2012 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US
  Algorithm: EC; Serial number: 0xa68b79290000000050d091f9
  Valid from Tue Dec 18 23:25:36 CST 2012 until Fri Dec 18 23:55:36 CST 2037

adding as trusted cert:
  Subject: OU=Security Communication RootCA1, O=SECOM Trust.net, C=JP
  Issuer:  OU=Security Communication RootCA1, O=SECOM Trust.net, C=JP
  Algorithm: RSA; Serial number: 0x0
  Valid from Tue Sep 30 12:20:49 CST 2003 until Sat Sep 30 12:20:49 CST 2023

adding as trusted cert:
  Subject: CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
  Issuer:  CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
  Algorithm: RSA; Serial number: 0x83be056904246b1a1756ac95991c74a
  Valid from Fri Nov 10 08:00:00 CST 2006 until Mon Nov 10 08:00:00 CST 2031

adding as trusted cert:
  Subject: CN=QuoVadis Root CA 2 G3, O=QuoVadis Limited, C=BM
  Issuer:  CN=QuoVadis Root CA 2 G3, O=QuoVadis Limited, C=BM
  Algorithm: RSA; Serial number: 0x445734245b81899b35f2ceb82b3b5ba726f07528
  Valid from Fri Jan 13 02:59:32 CST 2012 until Mon Jan 13 02:59:32 CST 2042

adding as trusted cert:
  Subject: CN=DigiCert Trusted Root G4, OU=www.digicert.com, O=DigiCert Inc, C=US
  Issuer:  CN=DigiCert Trusted Root G4, OU=www.digicert.com, O=DigiCert Inc, C=US
  Algorithm: RSA; Serial number: 0x59b1b579e8e2132e23907bda777755c
  Valid from Thu Aug 01 20:00:00 CST 2013 until Fri Jan 15 20:00:00 CST 2038

adding as trusted cert:
  Subject: CN=GeoTrust Primary Certification Authority, O=GeoTrust Inc., C=US
  Issuer:  CN=GeoTrust Primary Certification Authority, O=GeoTrust Inc., C=US
  Algorithm: RSA; Serial number: 0x18acb56afd69b6153a636cafdafac4a1
  Valid from Mon Nov 27 08:00:00 CST 2006 until Thu Jul 17 07:59:59 CST 2036

adding as trusted cert:
  Subject: OU=Security Communication RootCA2, O="SECOM Trust Systems CO.,LTD.", C=JP
  Issuer:  OU=Security Communication RootCA2, O="SECOM Trust Systems CO.,LTD.", C=JP
  Algorithm: RSA; Serial number: 0x0
  Valid from Fri May 29 13:00:39 CST 2009 until Tue May 29 13:00:39 CST 2029

adding as trusted cert:
  Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
  Issuer:  OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
  Algorithm: RSA; Serial number: 0x7dd9fe07cfa81eb7107967fba78934c6
  Valid from Mon May 18 08:00:00 CST 1998 until Wed Aug 02 07:59:59 CST 2028

adding as trusted cert:
  Subject: OU=ePKI Root Certification Authority, O="Chunghwa Telecom Co., Ltd.", C=TW
  Issuer:  OU=ePKI Root Certification Authority, O="Chunghwa Telecom Co., Ltd.", C=TW
  Algorithm: RSA; Serial number: 0x15c8bd65475cafb897005ee406d2bc9d
  Valid from Mon Dec 20 10:31:27 CST 2004 until Wed Dec 20 10:31:27 CST 2034

adding as trusted cert:
  Subject: CN=AffirmTrust Commercial, O=AffirmTrust, C=US
  Issuer:  CN=AffirmTrust Commercial, O=AffirmTrust, C=US
  Algorithm: RSA; Serial number: 0x7777062726a9b17c
  Valid from Fri Jan 29 22:06:06 CST 2010 until Tue Dec 31 22:06:06 CST 2030

adding as trusted cert:
  Subject: CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL
  Issuer:  CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL
  Algorithm: RSA; Serial number: 0x444c0
  Valid from Wed Oct 22 20:07:37 CST 2008 until Mon Dec 31 20:07:37 CST 2029

adding as trusted cert:
  Subject: CN=XRamp Global Certification Authority, O=XRamp Security Services Inc, OU=www.xrampsecurity.com, C=US
  Issuer:  CN=XRamp Global Certification Authority, O=XRamp Security Services Inc, OU=www.xrampsecurity.com, C=US
  Algorithm: RSA; Serial number: 0x50946cec18ead59c4dd597ef758fa0ad
  Valid from Tue Nov 02 01:14:04 CST 2004 until Mon Jan 01 13:37:19 CST 2035

adding as trusted cert:
  Subject: CN=Sonera Class2 CA, O=Sonera, C=FI
  Issuer:  CN=Sonera Class2 CA, O=Sonera, C=FI
  Algorithm: RSA; Serial number: 0x1d
  Valid from Fri Apr 06 15:29:40 CST 2001 until Tue Apr 06 15:29:40 CST 2021

adding as trusted cert:
  Subject: CN=America Online Root Certification Authority 1, O=America Online Inc., C=US
  Issuer:  CN=America Online Root Certification Authority 1, O=America Online Inc., C=US
  Algorithm: RSA; Serial number: 0x1
  Valid from Tue May 28 14:00:00 CST 2002 until Fri Nov 20 04:43:00 CST 2037

adding as trusted cert:
  Subject: CN=GeoTrust Primary Certification Authority - G2, OU=(c) 2007 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US
  Issuer:  CN=GeoTrust Primary Certification Authority - G2, OU=(c) 2007 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US
  Algorithm: EC; Serial number: 0x3cb2f4480a00e2feeb243b5e603ec36b
  Valid from Mon Nov 05 08:00:00 CST 2007 until Tue Jan 19 07:59:59 CST 2038

adding as trusted cert:
  Subject: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
  Issuer:  OU=Equifax Secure Certificate Authority, O=Equifax, C=US
  Algorithm: RSA; Serial number: 0x35def4cf
  Valid from Sun Aug 23 00:41:51 CST 1998 until Thu Aug 23 00:41:51 CST 2018

adding as trusted cert:
  Subject: CN=COMODO ECC Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
  Issuer:  CN=COMODO ECC Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
  Algorithm: EC; Serial number: 0x1f47afaa62007050544c019e9b63992a
  Valid from Thu Mar 06 08:00:00 CST 2008 until Tue Jan 19 07:59:59 CST 2038

adding as trusted cert:
  Subject: CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
  Issuer:  CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
  Algorithm: RSA; Serial number: 0x2ac5c266a0b409b8f0b79f2ae462577
  Valid from Fri Nov 10 08:00:00 CST 2006 until Mon Nov 10 08:00:00 CST 2031

adding as trusted cert:
  Subject: CN=GeoTrust Universal CA, O=GeoTrust Inc., C=US
  Issuer:  CN=GeoTrust Universal CA, O=GeoTrust Inc., C=US
  Algorithm: RSA; Serial number: 0x1
  Valid from Thu Mar 04 13:00:00 CST 2004 until Sun Mar 04 13:00:00 CST 2029

adding as trusted cert:
  Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3
  Issuer:  CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3
  Algorithm: RSA; Serial number: 0x4000000000121585308a2
  Valid from Wed Mar 18 18:00:00 CST 2009 until Sun Mar 18 18:00:00 CST 2029

adding as trusted cert:
  Subject: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
  Issuer:  CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
  Algorithm: RSA; Serial number: 0x20000b9
  Valid from Sat May 13 02:46:00 CST 2000 until Tue May 13 07:59:00 CST 2025

adding as trusted cert:
  Subject: OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
  Issuer:  OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
  Algorithm: RSA; Serial number: 0x0
  Valid from Wed Jun 30 01:39:16 CST 2004 until Fri Jun 30 01:39:16 CST 2034

adding as trusted cert:
  Subject: CN=Thawte Timestamping CA, OU=Thawte Certification, O=Thawte, L=Durbanville, ST=Western Cape, C=ZA
  Issuer:  CN=Thawte Timestamping CA, OU=Thawte Certification, O=Thawte, L=Durbanville, ST=Western Cape, C=ZA
  Algorithm: RSA; Serial number: 0x67c8e1e8e3be1cbdfc913b8ea6238749
  Valid from Wed Jan 01 08:00:00 CST 1997 until Sat Jan 02 07:59:59 CST 2021

adding as trusted cert:
  Subject: CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB
  Issuer:  CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB
  Algorithm: RSA; Serial number: 0x1
  Valid from Thu Jan 01 08:00:00 CST 2004 until Mon Jan 01 07:59:59 CST 2029

adding as trusted cert:
  Subject: CN=UTN-USERFirst-Hardware, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
  Issuer:  CN=UTN-USERFirst-Hardware, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
  Algorithm: RSA; Serial number: 0x44be0c8b500024b411d3362afe650afd
  Valid from Sat Jul 10 02:10:42 CST 1999 until Wed Jul 10 02:19:22 CST 2019

adding as trusted cert:
  Subject: CN=Chambers of Commerce Root, OU=http://www.chambersign.org, O=AC Camerfirma SA CIF A82743287, C=EU
  Issuer:  CN=Chambers of Commerce Root, OU=http://www.chambersign.org, O=AC Camerfirma SA CIF A82743287, C=EU
  Algorithm: RSA; Serial number: 0x0
  Valid from Wed Oct 01 00:13:43 CST 2003 until Thu Oct 01 00:13:44 CST 2037

adding as trusted cert:
  Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
  Issuer:  CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
  Algorithm: RSA; Serial number: 0x9b7e0649a33e62b9d5ee90487129ef57
  Valid from Fri Oct 01 08:00:00 CST 1999 until Thu Jul 17 07:59:59 CST 2036

adding as trusted cert:
  Subject: CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE
  Issuer:  CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE
  Algorithm: RSA; Serial number: 0x40000000001154b5ac394
  Valid from Tue Sep 01 20:00:00 CST 1998 until Fri Jan 28 20:00:00 CST 2028

adding as trusted cert:
  Subject: CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
  Issuer:  CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
  Algorithm: RSA; Serial number: 0x44be0c8b500024b411d3362de0b35f1b
  Valid from Sat Jul 10 02:31:20 CST 1999 until Wed Jul 10 02:40:36 CST 2019

adding as trusted cert:
  Subject: CN=AffirmTrust Networking, O=AffirmTrust, C=US
  Issuer:  CN=AffirmTrust Networking, O=AffirmTrust, C=US
  Algorithm: RSA; Serial number: 0x7c4f04391cd4992d
  Valid from Fri Jan 29 22:08:24 CST 2010 until Tue Dec 31 22:08:24 CST 2030

adding as trusted cert:
  Subject: CN=AffirmTrust Premium, O=AffirmTrust, C=US
  Issuer:  CN=AffirmTrust Premium, O=AffirmTrust, C=US
  Algorithm: RSA; Serial number: 0x6d8c1446b1a60aee
  Valid from Fri Jan 29 22:10:36 CST 2010 until Mon Dec 31 22:10:36 CST 2040

adding as trusted cert:
  Subject: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust, O=Baltimore, C=IE
  Issuer:  CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust, O=Baltimore, C=IE
  Algorithm: RSA; Serial number: 0x20000bf
  Valid from Wed May 17 22:01:00 CST 2000 until Sun May 18 07:59:00 CST 2025

adding as trusted cert:
  Subject: CN=America Online Root Certification Authority 2, O=America Online Inc., C=US
  Issuer:  CN=America Online Root Certification Authority 2, O=America Online Inc., C=US
  Algorithm: RSA; Serial number: 0x1
  Valid from Tue May 28 14:00:00 CST 2002 until Tue Sep 29 22:08:00 CST 2037

adding as trusted cert:
  Subject: CN=LuxTrust Global Root, O=LuxTrust s.a., C=LU
  Issuer:  CN=LuxTrust Global Root, O=LuxTrust s.a., C=LU
  Algorithm: RSA; Serial number: 0xbb8
  Valid from Thu Mar 17 17:51:37 CST 2011 until Wed Mar 17 17:51:37 CST 2021

adding as trusted cert:
  Subject: CN=GeoTrust Primary Certification Authority - G3, OU=(c) 2008 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US
  Issuer:  CN=GeoTrust Primary Certification Authority - G3, OU=(c) 2008 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US
  Algorithm: RSA; Serial number: 0x15ac6e9419b2794b41f627a9c3180f1f
  Valid from Wed Apr 02 08:00:00 CST 2008 until Wed Dec 02 07:59:59 CST 2037

adding as trusted cert:
  Subject: CN=Chambers of Commerce Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU
  Issuer:  CN=Chambers of Commerce Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU
  Algorithm: RSA; Serial number: 0xa3da427ea4b1aeda
  Valid from Fri Aug 01 20:29:50 CST 2008 until Sat Jul 31 20:29:50 CST 2038

adding as trusted cert:
  Subject: CN=SwissSign Silver CA - G2, O=SwissSign AG, C=CH
  Issuer:  CN=SwissSign Silver CA - G2, O=SwissSign AG, C=CH
  Algorithm: RSA; Serial number: 0x4f1bd42f54bb2f4b
  Valid from Wed Oct 25 16:32:46 CST 2006 until Sat Oct 25 16:32:46 CST 2036

adding as trusted cert:
  Subject: CN=Entrust Root Certification Authority - G2, OU="(c) 2009 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US
  Issuer:  CN=Entrust Root Certification Authority - G2, OU="(c) 2009 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US
  Algorithm: RSA; Serial number: 0x4a538c28
  Valid from Wed Jul 08 01:25:54 CST 2009 until Sun Dec 08 01:55:54 CST 2030

adding as trusted cert:
  Subject: CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
  Issuer:  CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
  Algorithm: RSA; Serial number: 0xce7e0e517d846fe8fe560fc1bf03039
  Valid from Fri Nov 10 08:00:00 CST 2006 until Mon Nov 10 08:00:00 CST 2031

adding as trusted cert:
  Subject: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US
  Issuer:  OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US
  Algorithm: RSA; Serial number: 0x0
  Valid from Wed Jun 30 01:06:20 CST 2004 until Fri Jun 30 01:06:20 CST 2034

adding as trusted cert:
  Subject: CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE
  Issuer:  CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE
  Algorithm: RSA; Serial number: 0x1
  Valid from Tue May 30 18:48:38 CST 2000 until Sat May 30 18:48:38 CST 2020

adding as trusted cert:
  Subject: CN=T-TeleSec GlobalRoot Class 3, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE
  Issuer:  CN=T-TeleSec GlobalRoot Class 3, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE
  Algorithm: RSA; Serial number: 0x1
  Valid from Wed Oct 01 18:29:56 CST 2008 until Sun Oct 02 07:59:59 CST 2033

adding as trusted cert:
  Subject: CN=DigiCert Global Root G3, OU=www.digicert.com, O=DigiCert Inc, C=US
  Issuer:  CN=DigiCert Global Root G3, OU=www.digicert.com, O=DigiCert Inc, C=US
  Algorithm: EC; Serial number: 0x55556bcf25ea43535c3a40fd5ab4572
  Valid from Thu Aug 01 20:00:00 CST 2013 until Fri Jan 15 20:00:00 CST 2038

adding as trusted cert:
  Subject: CN=UTN-USERFirst-Client Authentication and Email, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
  Issuer:  CN=UTN-USERFirst-Client Authentication and Email, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
  Algorithm: RSA; Serial number: 0x44be0c8b500024b411d336252567c989
  Valid from Sat Jul 10 01:28:50 CST 1999 until Wed Jul 10 01:36:58 CST 2019

adding as trusted cert:
  Subject: CN=Class 2 Primary CA, O=Certplus, C=FR
  Issuer:  CN=Class 2 Primary CA, O=Certplus, C=FR
  Algorithm: RSA; Serial number: 0x85bd4bf3d8dae369f694d75fc3a54423
  Valid from Thu Jul 08 01:05:00 CST 1999 until Sun Jul 07 07:59:59 CST 2019

adding as trusted cert:
  Subject: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
  Issuer:  CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
  Algorithm: RSA; Serial number: 0x23456
  Valid from Tue May 21 12:00:00 CST 2002 until Sat May 21 12:00:00 CST 2022

adding as trusted cert:
  Subject: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH
  Issuer:  CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH
  Algorithm: RSA; Serial number: 0x4eb200670c035d4f
  Valid from Wed Oct 25 16:36:00 CST 2006 until Sat Oct 25 16:36:00 CST 2036

adding as trusted cert:
  Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R5
  Issuer:  CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R5
  Algorithm: EC; Serial number: 0x605949e0262ebb55f90a778a71f94ad86c
  Valid from Tue Nov 13 08:00:00 CST 2012 until Tue Jan 19 11:14:07 CST 2038

adding as trusted cert:
  Subject: CN=Starfield Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
  Issuer:  CN=Starfield Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
  Algorithm: RSA; Serial number: 0x0
  Valid from Tue Sep 01 08:00:00 CST 2009 until Fri Jan 01 07:59:59 CST 2038

adding as trusted cert:
  Subject: CN=VeriSign Class 2 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
  Issuer:  CN=VeriSign Class 2 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
  Algorithm: RSA; Serial number: 0x6170cb498c5f984529e7b0a6d9505b7a
  Valid from Fri Oct 01 08:00:00 CST 1999 until Thu Jul 17 07:59:59 CST 2036

adding as trusted cert:
  Subject: CN=IdenTrust Public Sector Root CA 1, O=IdenTrust, C=US
  Issuer:  CN=IdenTrust Public Sector Root CA 1, O=IdenTrust, C=US
  Algorithm: RSA; Serial number: 0xa0142800000014523cf467c00000002
  Valid from Fri Jan 17 01:53:32 CST 2014 until Tue Jan 17 01:53:32 CST 2034

adding as trusted cert:
  Subject: CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net
  Issuer:  CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net
  Algorithm: RSA; Serial number: 0x3863def8
  Valid from Sat Dec 25 01:50:51 CST 1999 until Tue Jul 24 22:15:12 CST 2029

adding as trusted cert:
  Subject: CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US
  Issuer:  CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US
  Algorithm: RSA; Serial number: 0x344ed55720d5edec49f42fce37db2b6d
  Valid from Fri Nov 17 08:00:00 CST 2006 until Thu Jul 17 07:59:59 CST 2036

adding as trusted cert:
  Subject: CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US
  Issuer:  CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US
  Algorithm: RSA; Serial number: 0x0
  Valid from Tue Sep 01 08:00:00 CST 2009 until Fri Jan 01 07:59:59 CST 2038

adding as trusted cert:
  Subject: CN=VeriSign Class 1 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
  Issuer:  CN=VeriSign Class 1 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
  Algorithm: RSA; Serial number: 0x8b5b75568454850b00cfaf3848ceb1a4
  Valid from Fri Oct 01 08:00:00 CST 1999 until Thu Jul 17 07:59:59 CST 2036

adding as trusted cert:
  Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G4, OU="(c) 2007 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
  Issuer:  CN=VeriSign Class 3 Public Primary Certification Authority - G4, OU="(c) 2007 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
  Algorithm: EC; Serial number: 0x2f80fe238c0e220f486712289187acb3
  Valid from Mon Nov 05 08:00:00 CST 2007 until Tue Jan 19 07:59:59 CST 2038

adding as trusted cert:
  Subject: CN=Entrust Root Certification Authority, OU="(c) 2006 Entrust, Inc.", OU=www.entrust.net/CPS is incorporated by reference, O="Entrust, Inc.", C=US
  Issuer:  CN=Entrust Root Certification Authority, OU="(c) 2006 Entrust, Inc.", OU=www.entrust.net/CPS is incorporated by reference, O="Entrust, Inc.", C=US
  Algorithm: RSA; Serial number: 0x456b5054
  Valid from Tue Nov 28 04:23:42 CST 2006 until Sat Nov 28 04:53:42 CST 2026

adding as trusted cert:
  Subject: CN=DigiCert Assured ID Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US
  Issuer:  CN=DigiCert Assured ID Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US
  Algorithm: RSA; Serial number: 0xb931c3ad63967ea6723bfc3af9af44b
  Valid from Thu Aug 01 20:00:00 CST 2013 until Fri Jan 15 20:00:00 CST 2038

adding as trusted cert:
  Subject: CN=Certum CA, O=Unizeto Sp. z o.o., C=PL
  Issuer:  CN=Certum CA, O=Unizeto Sp. z o.o., C=PL
  Algorithm: RSA; Serial number: 0x10020
  Valid from Tue Jun 11 18:46:39 CST 2002 until Fri Jun 11 18:46:39 CST 2027

adding as trusted cert:
  Subject: CN=AddTrust Qualified CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE
  Issuer:  CN=AddTrust Qualified CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE
  Algorithm: RSA; Serial number: 0x1
  Valid from Tue May 30 18:44:50 CST 2000 until Sat May 30 18:44:50 CST 2020

adding as trusted cert:
  Subject: CN=DST Root CA X3, O=Digital Signature Trust Co.
  Issuer:  CN=DST Root CA X3, O=Digital Signature Trust Co.
  Algorithm: RSA; Serial number: 0x44afb080d6a327ba893039862ef8406b
  Valid from Sun Oct 01 05:12:19 CST 2000 until Thu Sep 30 22:01:15 CST 2021

adding as trusted cert:
  Subject: CN=Buypass Class 2 Root CA, O=Buypass AS-983163327, C=NO
  Issuer:  CN=Buypass Class 2 Root CA, O=Buypass AS-983163327, C=NO
  Algorithm: RSA; Serial number: 0x2
  Valid from Tue Oct 26 16:38:03 CST 2010 until Fri Oct 26 16:38:03 CST 2040

adding as trusted cert:
  Subject: CN=D-TRUST Root Class 3 CA 2 EV 2009, O=D-Trust GmbH, C=DE
  Issuer:  CN=D-TRUST Root Class 3 CA 2 EV 2009, O=D-Trust GmbH, C=DE
  Algorithm: RSA; Serial number: 0x983f4
  Valid from Thu Nov 05 16:50:46 CST 2009 until Mon Nov 05 16:50:46 CST 2029

adding as trusted cert:
  Subject: CN=DigiCert Assured ID Root G3, OU=www.digicert.com, O=DigiCert Inc, C=US
  Issuer:  CN=DigiCert Assured ID Root G3, OU=www.digicert.com, O=DigiCert Inc, C=US
  Algorithm: EC; Serial number: 0xba15afa1ddfa0b54944afcd24a06cec
  Valid from Thu Aug 01 20:00:00 CST 2013 until Fri Jan 15 20:00:00 CST 2038

adding as trusted cert:
  Subject: CN=SwissSign Gold CA - G2, O=SwissSign AG, C=CH
  Issuer:  CN=SwissSign Gold CA - G2, O=SwissSign AG, C=CH
  Algorithm: RSA; Serial number: 0xbb401c43f55e4fb0
  Valid from Wed Oct 25 16:30:35 CST 2006 until Sat Oct 25 16:30:35 CST 2036

adding as trusted cert:
  Subject: CN=USERTrust ECC Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US
  Issuer:  CN=USERTrust ECC Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US
  Algorithm: EC; Serial number: 0x5c8b99c55a94c5d27156decd8980cc26
  Valid from Mon Feb 01 08:00:00 CST 2010 until Tue Jan 19 07:59:59 CST 2038

adding as trusted cert:
  Subject: CN=QuoVadis Root CA 2, O=QuoVadis Limited, C=BM
  Issuer:  CN=QuoVadis Root CA 2, O=QuoVadis Limited, C=BM
  Algorithm: RSA; Serial number: 0x509
  Valid from Sat Nov 25 02:27:00 CST 2006 until Tue Nov 25 02:23:33 CST 2031

adding as trusted cert:
  Subject: CN=IdenTrust Commercial Root CA 1, O=IdenTrust, C=US
  Issuer:  CN=IdenTrust Commercial Root CA 1, O=IdenTrust, C=US
  Algorithm: RSA; Serial number: 0xa0142800000014523c844b500000002
  Valid from Fri Jan 17 02:12:23 CST 2014 until Tue Jan 17 02:12:23 CST 2034

adding as trusted cert:
  Subject: CN=Deutsche Telekom Root CA 2, OU=T-TeleSec Trust Center, O=Deutsche Telekom AG, C=DE
  Issuer:  CN=Deutsche Telekom Root CA 2, OU=T-TeleSec Trust Center, O=Deutsche Telekom AG, C=DE
  Algorithm: RSA; Serial number: 0x26
  Valid from Fri Jul 09 20:11:00 CST 1999 until Wed Jul 10 07:59:00 CST 2019

adding as trusted cert:
  Subject: CN=D-TRUST Root Class 3 CA 2 2009, O=D-Trust GmbH, C=DE
  Issuer:  CN=D-TRUST Root Class 3 CA 2 2009, O=D-Trust GmbH, C=DE
  Algorithm: RSA; Serial number: 0x983f3
  Valid from Thu Nov 05 16:35:58 CST 2009 until Mon Nov 05 16:35:58 CST 2029

adding as trusted cert:
  Subject: CN=QuoVadis Root CA 1 G3, O=QuoVadis Limited, C=BM
  Issuer:  CN=QuoVadis Root CA 1 G3, O=QuoVadis Limited, C=BM
  Algorithm: RSA; Serial number: 0x78585f2ead2c194be3370735341328b596d46593
  Valid from Fri Jan 13 01:27:44 CST 2012 until Mon Jan 13 01:27:44 CST 2042

adding as trusted cert:
  Subject: OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
  Issuer:  OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
  Algorithm: RSA; Serial number: 0x3f691e819cf09a4af373ffb948a2e4dd
  Valid from Mon Jan 29 08:00:00 CST 1996 until Thu Aug 03 07:59:59 CST 2028

adding as trusted cert:
  Subject: CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US
  Issuer:  CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US
  Algorithm: RSA; Serial number: 0x1fd6d30fca3ca51a81bbc640e35032d
  Valid from Mon Feb 01 08:00:00 CST 2010 until Tue Jan 19 07:59:59 CST 2038

adding as trusted cert:
  Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
  Issuer:  OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
  Algorithm: RSA; Serial number: 0xb92f60cc889fa17a4609b85b706c8aaf
  Valid from Mon May 18 08:00:00 CST 1998 until Wed Aug 02 07:59:59 CST 2028

adding as trusted cert:
  Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
  Issuer:  CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
  Algorithm: RSA; Serial number: 0x18dad19e267de8bb4a2158cdcc6b3b4a
  Valid from Wed Nov 08 08:00:00 CST 2006 until Thu Jul 17 07:59:59 CST 2036

adding as trusted cert:
  Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
  Issuer:  CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
  Algorithm: RSA; Serial number: 0x400000000010f8626e60d
  Valid from Fri Dec 15 16:00:00 CST 2006 until Wed Dec 15 16:00:00 CST 2021

adding as trusted cert:
  Subject: CN=QuoVadis Root CA 3, O=QuoVadis Limited, C=BM
  Issuer:  CN=QuoVadis Root CA 3, O=QuoVadis Limited, C=BM
  Algorithm: RSA; Serial number: 0x5c6
  Valid from Sat Nov 25 03:11:23 CST 2006 until Tue Nov 25 03:06:44 CST 2031

adding as trusted cert:
  Subject: CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
  Issuer:  CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
  Algorithm: RSA; Serial number: 0x0
  Valid from Tue Sep 01 08:00:00 CST 2009 until Fri Jan 01 07:59:59 CST 2038

adding as trusted cert:
  Subject: CN=Swisscom Root CA 2, OU=Digital Certificate Services, O=Swisscom, C=ch
  Issuer:  CN=Swisscom Root CA 2, OU=Digital Certificate Services, O=Swisscom, C=ch
  Algorithm: RSA; Serial number: 0x1e9e28e848f2e5efc37c4a1e5a1867b6
  Valid from Fri Jun 24 16:38:14 CST 2011 until Wed Jun 25 15:38:14 CST 2031

adding as trusted cert:
  Subject: CN=QuoVadis Root CA 3 G3, O=QuoVadis Limited, C=BM
  Issuer:  CN=QuoVadis Root CA 3 G3, O=QuoVadis Limited, C=BM
  Algorithm: RSA; Serial number: 0x2ef59b0228a7db7affd5a3a9eebd03a0cf126a1d
  Valid from Fri Jan 13 04:26:32 CST 2012 until Mon Jan 13 04:26:32 CST 2042

adding as trusted cert:
  Subject: CN=Actalis Authentication Root CA, O=Actalis S.p.A./03358520967, L=Milan, C=IT
  Issuer:  CN=Actalis Authentication Root CA, O=Actalis S.p.A./03358520967, L=Milan, C=IT
  Algorithm: RSA; Serial number: 0x570a119742c4e3cc
  Valid from Thu Sep 22 19:22:02 CST 2011 until Sun Sep 22 19:22:02 CST 2030

adding as trusted cert:
  Subject: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
  Issuer:  OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
  Algorithm: RSA; Serial number: 0x3c9131cb1ff6d01b0e9ab8d044bf12be
  Valid from Mon Jan 29 08:00:00 CST 1996 until Thu Aug 03 07:59:59 CST 2028

adding as trusted cert:
  Subject: CN=QuoVadis Root Certification Authority, OU=Root Certification Authority, O=QuoVadis Limited, C=BM
  Issuer:  CN=QuoVadis Root Certification Authority, OU=Root Certification Authority, O=QuoVadis Limited, C=BM
  Algorithm: RSA; Serial number: 0x3ab6508b
  Valid from Tue Mar 20 02:33:33 CST 2001 until Thu Mar 18 02:33:33 CST 2021

adding as trusted cert:
  Subject: CN=Class 3P Primary CA, O=Certplus, C=FR
  Issuer:  CN=Class 3P Primary CA, O=Certplus, C=FR
  Algorithm: RSA; Serial number: 0xbf5cdbb6f21c6ec04deb7a023b36e879
  Valid from Thu Jul 08 01:10:00 CST 1999 until Sun Jul 07 07:59:59 CST 2019

adding as trusted cert:
  Subject: CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US
  Issuer:  CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US
  Algorithm: RSA; Serial number: 0x59e3
  Valid from Mon Jun 21 12:00:00 CST 1999 until Mon Jun 22 12:00:00 CST 2020

adding as trusted cert:
  Subject: CN=Buypass Class 3 Root CA, O=Buypass AS-983163327, C=NO
  Issuer:  CN=Buypass Class 3 Root CA, O=Buypass AS-983163327, C=NO
  Algorithm: RSA; Serial number: 0x2
  Valid from Tue Oct 26 16:28:58 CST 2010 until Fri Oct 26 16:28:58 CST 2040

adding as trusted cert:
  Subject: OU=Security Communication EV RootCA1, O="SECOM Trust Systems CO.,LTD.", C=JP
  Issuer:  OU=Security Communication EV RootCA1, O="SECOM Trust Systems CO.,LTD.", C=JP
  Algorithm: RSA; Serial number: 0x0
  Valid from Wed Jun 06 10:12:32 CST 2007 until Sat Jun 06 10:12:32 CST 2037

adding as trusted cert:
  Subject: CN=thawte Primary Root CA - G2, OU="(c) 2007 thawte, Inc. - For authorized use only", O="thawte, Inc.", C=US
  Issuer:  CN=thawte Primary Root CA - G2, OU="(c) 2007 thawte, Inc. - For authorized use only", O="thawte, Inc.", C=US
  Algorithm: EC; Serial number: 0x35fc265cd9844fc93d263d579baed756
  Valid from Mon Nov 05 08:00:00 CST 2007 until Tue Jan 19 07:59:59 CST 2038

adding as trusted cert:
  Subject: CN=Swisscom Root EV CA 2, OU=Digital Certificate Services, O=Swisscom, C=ch
  Issuer:  CN=Swisscom Root EV CA 2, OU=Digital Certificate Services, O=Swisscom, C=ch
  Algorithm: RSA; Serial number: 0xf2fa64e27463d38dfd101d041f76ca58
  Valid from Fri Jun 24 17:45:08 CST 2011 until Wed Jun 25 16:45:08 CST 2031

adding as trusted cert:
  Subject: CN=VeriSign Universal Root Certification Authority, OU="(c) 2008 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
  Issuer:  CN=VeriSign Universal Root Certification Authority, OU="(c) 2008 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
  Algorithm: RSA; Serial number: 0x401ac46421b31321030ebbe4121ac51d
  Valid from Wed Apr 02 08:00:00 CST 2008 until Wed Dec 02 07:59:59 CST 2037

adding as trusted cert:
  Subject: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE
  Issuer:  CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE
  Algorithm: RSA; Serial number: 0x1
  Valid from Tue May 30 18:38:31 CST 2000 until Sat May 30 18:38:31 CST 2020

adding as trusted cert:
  Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R4
  Issuer:  CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R4
  Algorithm: EC; Serial number: 0x2a38a41c960a04de42b228a50be8349802
  Valid from Tue Nov 13 08:00:00 CST 2012 until Tue Jan 19 11:14:07 CST 2038

adding as trusted cert:
  Subject: CN=Global Chambersign Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU
  Issuer:  CN=Global Chambersign Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU
  Algorithm: RSA; Serial number: 0xc9cdd3e9d57d23ce
  Valid from Fri Aug 01 20:31:40 CST 2008 until Sat Jul 31 20:31:40 CST 2038

adding as trusted cert:
  Subject: CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
  Issuer:  CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
  Algorithm: RSA; Serial number: 0x4caaf9cadb636fe01ff74ed85b03869d
  Valid from Tue Jan 19 08:00:00 CST 2010 until Tue Jan 19 07:59:59 CST 2038

adding as trusted cert:
  Subject: CN=thawte Primary Root CA - G3, OU="(c) 2008 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US
  Issuer:  CN=thawte Primary Root CA - G3, OU="(c) 2008 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US
  Algorithm: RSA; Serial number: 0x600197b746a7eab4b49ad64b2ff790fb
  Valid from Wed Apr 02 08:00:00 CST 2008 until Wed Dec 02 07:59:59 CST 2037

adding as trusted cert:
  Subject: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
  Issuer:  EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
  Algorithm: RSA; Serial number: 0x36122296c5e338a520a1d25f4cd70954
  Valid from Thu Aug 01 08:00:00 CST 1996 until Sat Jan 02 07:59:59 CST 2021

adding as trusted cert:
  Subject: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US
  Issuer:  CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US
  Algorithm: RSA; Serial number: 0x1a5
  Valid from Thu Aug 13 08:29:00 CST 1998 until Tue Aug 14 07:59:00 CST 2018

adding as trusted cert:
  Subject: CN=AffirmTrust Premium ECC, O=AffirmTrust, C=US
  Issuer:  CN=AffirmTrust Premium ECC, O=AffirmTrust, C=US
  Algorithm: EC; Serial number: 0x7497258ac73f7a54
  Valid from Fri Jan 29 22:20:24 CST 2010 until Mon Dec 31 22:20:24 CST 2040

adding as trusted cert:
  Subject: CN=T-TeleSec GlobalRoot Class 2, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE
  Issuer:  CN=T-TeleSec GlobalRoot Class 2, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE
  Algorithm: RSA; Serial number: 0x1
  Valid from Wed Oct 01 18:40:14 CST 2008 until Sun Oct 02 07:59:59 CST 2033

adding as trusted cert:
  Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 1 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
  Issuer:  OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 1 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
  Algorithm: RSA; Serial number: 0x4cc7eaaa983e71d39310f83d3a899192
  Valid from Mon May 18 08:00:00 CST 1998 until Wed Aug 02 07:59:59 CST 2028

adding as trusted cert:
  Subject: CN=KEYNECTIS ROOT CA, OU=ROOT, O=KEYNECTIS, C=FR
  Issuer:  CN=KEYNECTIS ROOT CA, OU=ROOT, O=KEYNECTIS, C=FR
  Algorithm: RSA; Serial number: 0x1121bc276c5547af584eefd4ced629b2a285
  Valid from Tue May 26 08:00:00 CST 2009 until Tue May 26 08:00:00 CST 2020

adding as trusted cert:
  Subject: CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US
  Issuer:  CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US
  Algorithm: RSA; Serial number: 0x33af1e6a711a9a0bb2864b11d09fae5
  Valid from Thu Aug 01 20:00:00 CST 2013 until Fri Jan 15 20:00:00 CST 2038

trigger seeding of SecureRandom
done seeding SecureRandom
Using SSLEngineImpl.
密码套件的命名结构如下:

Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_anon_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_DH_anon_WITH_AES_256_GCM_SHA384
2017-03-01 17:10:47,651 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) Default protocols (JDK): [TLSv1.2, TLSv1.1, TLSv1]  
2017-03-01 17:10:47,651 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) Default cipher suites (JDK): [TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA] 
trigger seeding of SecureRandom
done seeding SecureRandom
2017-03-01 17:10:47,685 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:71) -Dio.netty.initialSeedUniquifier: 0xc1c11256f75ab57b (took 2 ms) 
2017-03-01 17:10:47,732 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.allocator.type: unpooled 
2017-03-01 17:10:47,732 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.threadLocalDirectBufferSize: 65536 
2017-03-01 17:10:47,732 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.maxThreadLocalCharBufferSize: 16384 
Using SSLEngineImpl.
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
2017-03-01 17:10:47,769 DEBUG nioEventLoopGroup-2-1 io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) Generated: io.netty.util.internal.__matchers__.io.netty.buffer.ByteBufMatcher 
2017-03-01 17:10:47,779 DEBUG nioEventLoopGroup-2-1 io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) Generated: io.netty.util.internal.__matchers__.java.lang.CharSequenceMatcher 
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
2017-03-01 17:10:47,788 INFO main com.ld.net.spider.channel.SocketClientHelper.createChannel(SocketClientHelper.java:63) connect to spider server (localhost:9912) success for thread [main]. 
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 for TLSv1.1
%% No cached client session
*** ClientHello, TLSv1.2
RandomCookie:  GMT: 1471516695 bytes = { 24, 187, 217, 214, 140, 214, 114, 66, 240, 143, 250, 47, 51, 163, 181, 87, 218, 240, 112, 132, 18, 214, 172, 223, 186, 16, 79, 53 }
Session ID:  {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA]
Compression Methods:  { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA
Extension renegotiation_info, renegotiated_connection: <empty>
***
nioEventLoopGroup-2-1, WRITE: TLSv1.2 Handshake, length = 148
2017-03-01 17:10:47,802 DEBUG nioEventLoopGroup-2-1 io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:81) -Dio.netty.buffer.bytebuf.checkAccessible: true 
2017-03-01 17:10:47,805 DEBUG nioEventLoopGroup-2-1 io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:81) -Dio.netty.leakDetection.level: simple 
2017-03-01 17:10:47,805 DEBUG nioEventLoopGroup-2-1 io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:81) -Dio.netty.leakDetection.maxRecords: 4 
2017-03-01 17:10:47,806 DEBUG nioEventLoopGroup-2-1 io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) Loaded default ResourceLeakDetector: io.netty.util.ResourceLeakDetector@cf6bc9 
2017-03-01 17:10:47,818 DEBUG nioEventLoopGroup-2-1 io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.recycler.maxCapacity.default: 32768 
2017-03-01 17:10:47,818 DEBUG nioEventLoopGroup-2-1 io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.recycler.maxSharedCapacityFactor: 2 
2017-03-01 17:10:47,818 DEBUG nioEventLoopGroup-2-1 io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.recycler.linkCapacity: 16 
2017-03-01 17:10:47,818 DEBUG nioEventLoopGroup-2-1 io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.recycler.ratio: 8 
nioEventLoopGroup-2-1, READ: TLSv1.2 Handshake, length = 1143
*** ServerHello, TLSv1.2
RandomCookie:  GMT: 1471516695 bytes = { 222, 75, 242, 116, 63, 236, 213, 10, 170, 72, 227, 166, 210, 107, 119, 123, 192, 138, 77, 244, 44, 108, 180, 115, 67, 55, 73, 153 }
Session ID:  {88, 182, 144, 23, 48, 147, 150, 107, 2, 43, 100, 77, 218, 52, 13, 108, 73, 114, 159, 168, 67, 166, 136, 157, 87, 142, 140, 130, 7, 80, 12, 219}
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
***
%% Initialized:  [Session-1, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]
** TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
*** Certificate chain
chain [0] = [
[
  Version: V3
  Subject: CN=localhost
  Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11

  Key:  Sun RSA public key, 2048 bits
  modulus: 16749831635845125300898772810786851962757363576072630669848767625637449355190291171636880157484930405557737101798725595100430512588580403204298548884735410384206917161679097599345159927427558542606064509105209846308030792251873943022902050593801106402817832005445069333234562380602120679753904732125823381819786751986001753681225980680975385070899047009745899018543699824244522514977436255058760370815937546831611107298564630598608071740306664876690231081590657266029010190622338287792826180634476290558945799344550265622949291069523942227675708770661630527667572593691572695780386271863506537334127274891842041316241
  public exponent: 65537
  Validity: [From: Wed Mar 01 12:48:48 CST 2017,
               To: Thu Mar 01 12:48:48 CST 2018]
  Issuer: CN=localhost
  SerialNumber: [    78384348]

Certificate Extensions: 1
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 9B 96 0D 50 4A 5E AF 3D   56 25 9C A5 69 C1 3E CC  ...PJ^.=V%..i.>.
0010: 32 85 0D A8                                        2...
]
]

]
  Algorithm: [SHA256withRSA]
  Signature:
0000: 06 75 9F E1 A1 60 22 F9   2A 62 A7 71 42 D5 05 B7  .u...`".*b.qB...
0010: FF CB 2C C9 2D 03 D9 34   37 04 61 F0 C3 5D DF 23  ..,.-..47.a..].#
0020: B8 6C 72 3D 8E 60 CC 13   6E 66 C2 3A 81 E9 82 A4  .lr=.`..nf.:....
0030: FD BD 05 B7 73 B2 6D 15   09 29 D2 9C 1E C1 C2 95  ....s.m..)......
0040: 8A CA DC C7 E7 0A 64 C6   6E 6A 49 B9 29 77 30 84  ......d.njI.)w0.
0050: 4C 76 01 ED 48 AF 69 06   57 95 D5 AD 0D A9 06 7C  Lv..H.i.W.......
0060: 3C 92 34 C0 DF 6D 12 B0   61 BA 9D 34 E1 60 58 37  <.4..m..a..4.`X7
0070: 26 54 AB C4 83 00 C7 9D   A4 AE 50 2D A5 0F 9C B8  &T........P-....
0080: A3 A7 70 AE 7A FF AE 96   32 EA F0 CB 31 46 96 8C  ..p.z...2...1F..
0090: 68 B5 68 4F 6D 7D 63 8D   02 2D 96 75 12 E7 76 01  h.hOm.c..-.u..v.
00A0: 3F 61 46 E3 B9 7B CE E1   77 EC 87 BE B1 ED 3A 9E  ?aF.....w.....:.
00B0: B9 86 5E 77 EF 95 9B 17   16 EA 65 A9 59 E2 81 79  ..^w......e.Y..y
00C0: 0E BF B0 E5 18 CE 7A 0B   4A A6 19 1F 60 36 74 32  ......z.J...`6t2
00D0: E3 87 57 8A E0 98 87 DE   94 B0 BA A1 17 0F F2 16  ..W.............
00E0: D2 59 76 08 2F 6D 29 63   DA B9 E2 51 80 E9 85 22  .Yv./m)c...Q..."
00F0: B6 02 FD 8A 9B 44 98 57   44 44 65 B4 CC 42 B3 38  .....D.WDDe..B.8

]
***
Found trusted certificate:
[
[
  Version: V3
  Subject: CN=localhost
  Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11

  Key:  Sun RSA public key, 2048 bits
  modulus: 16749831635845125300898772810786851962757363576072630669848767625637449355190291171636880157484930405557737101798725595100430512588580403204298548884735410384206917161679097599345159927427558542606064509105209846308030792251873943022902050593801106402817832005445069333234562380602120679753904732125823381819786751986001753681225980680975385070899047009745899018543699824244522514977436255058760370815937546831611107298564630598608071740306664876690231081590657266029010190622338287792826180634476290558945799344550265622949291069523942227675708770661630527667572593691572695780386271863506537334127274891842041316241
  public exponent: 65537
  Validity: [From: Wed Mar 01 12:48:48 CST 2017,
               To: Thu Mar 01 12:48:48 CST 2018]
  Issuer: CN=localhost
  SerialNumber: [    78384348]

Certificate Extensions: 1
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 9B 96 0D 50 4A 5E AF 3D   56 25 9C A5 69 C1 3E CC  ...PJ^.=V%..i.>.
0010: 32 85 0D A8                                        2...
]
]

]
  Algorithm: [SHA256withRSA]
  Signature:
0000: 06 75 9F E1 A1 60 22 F9   2A 62 A7 71 42 D5 05 B7  .u...`".*b.qB...
0010: FF CB 2C C9 2D 03 D9 34   37 04 61 F0 C3 5D DF 23  ..,.-..47.a..].#
0020: B8 6C 72 3D 8E 60 CC 13   6E 66 C2 3A 81 E9 82 A4  .lr=.`..nf.:....
0030: FD BD 05 B7 73 B2 6D 15   09 29 D2 9C 1E C1 C2 95  ....s.m..)......
0040: 8A CA DC C7 E7 0A 64 C6   6E 6A 49 B9 29 77 30 84  ......d.njI.)w0.
0050: 4C 76 01 ED 48 AF 69 06   57 95 D5 AD 0D A9 06 7C  Lv..H.i.W.......
0060: 3C 92 34 C0 DF 6D 12 B0   61 BA 9D 34 E1 60 58 37  <.4..m..a..4.`X7
0070: 26 54 AB C4 83 00 C7 9D   A4 AE 50 2D A5 0F 9C B8  &T........P-....
0080: A3 A7 70 AE 7A FF AE 96   32 EA F0 CB 31 46 96 8C  ..p.z...2...1F..
0090: 68 B5 68 4F 6D 7D 63 8D   02 2D 96 75 12 E7 76 01  h.hOm.c..-.u..v.
00A0: 3F 61 46 E3 B9 7B CE E1   77 EC 87 BE B1 ED 3A 9E  ?aF.....w.....:.
00B0: B9 86 5E 77 EF 95 9B 17   16 EA 65 A9 59 E2 81 79  ..^w......e.Y..y
00C0: 0E BF B0 E5 18 CE 7A 0B   4A A6 19 1F 60 36 74 32  ......z.J...`6t2
00D0: E3 87 57 8A E0 98 87 DE   94 B0 BA A1 17 0F F2 16  ..W.............
00E0: D2 59 76 08 2F 6D 29 63   DA B9 E2 51 80 E9 85 22  .Yv./m)c...Q..."
00F0: B6 02 FD 8A 9B 44 98 57   44 44 65 B4 CC 42 B3 38  .....D.WDDe..B.8

]
*** ECDH ServerKeyExchange
Signature Algorithm SHA512withRSA
Server key: Sun EC public key, 256 bits
  public x coord: 10331457858785828482875741504897765623739531218694853663080345496025520877996
  public y coord: 87072985023296105834621900228689461936233240867656310759620109797868298186758
  parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7)
send: ssh over tcp test 1
*** ServerHelloDone
*** ECDHClientKeyExchange
ECDH Public value:  { 4, 242, 42, 217, 216, 163, 173, 6, 29, 45, 128, 126, 105, 4, 135, 9, 225, 39, 129, 40, 33, 177, 214, 234, 245, 46, 166, 160, 118, 7, 90, 165, 153, 248, 45, 131, 243, 77, 24, 122, 167, 69, 231, 196, 59, 232, 168, 74, 66, 173, 16, 90, 66, 137, 99, 154, 218, 178, 52, 18, 97, 246, 8, 165, 222 }
nioEventLoopGroup-2-1, WRITE: TLSv1.2 Handshake, length = 70
SESSION KEYGEN:
PreMaster Secret:
0000: 64 2E 66 20 EB 04 53 3A   F1 70 90 BE EC 0D BC A8  d.f ..S:.p......
0010: 88 44 07 D4 A8 69 44 D5   17 3E 9F 36 12 3D FB 68  .D...iD..>.6.=.h
CONNECTION KEYGEN:
Client Nonce:
0000: 58 B6 90 17 18 BB D9 D6   8C D6 72 42 F0 8F FA 2F  X.........rB.../
0010: 33 A3 B5 57 DA F0 70 84   12 D6 AC DF BA 10 4F 35  3..W..p.......O5
Server Nonce:
0000: 58 B6 90 17 DE 4B F2 74   3F EC D5 0A AA 48 E3 A6  X....K.t?....H..
0010: D2 6B 77 7B C0 8A 4D F4   2C 6C B4 73 43 37 49 99  .kw...M.,l.sC7I.
Master Secret:
0000: 99 59 39 A6 38 D9 10 FB   B3 02 DD 82 CC 22 24 02  .Y9.8........"$.
0010: 1A 45 E9 6A 28 23 3B FC   6F 6C DC E1 84 EA DE 71  .E.j(#;.ol.....q
0020: 6D AC 42 48 76 06 07 20   AD F3 7E 59 FA F6 30 5E  m.BHv.. ...Y..0^
... no MAC keys used for this cipher
Client write key:
0000: E9 4C D9 C0 D5 D1 4A 0A   E4 82 C9 B6 D3 93 19 B0  .L....J.........
Server write key:
0000: 1D 1A 6B 10 52 EF C3 FC   06 8C A2 5E 35 B8 34 76  ..k.R......^5.4v
Client write IV:
0000: F1 D2 36 BD                                        ..6.
Server write IV:
0000: A0 05 91 3A                                        ...:
nioEventLoopGroup-2-1, WRITE: TLSv1.2 Change Cipher Spec, length = 1
*** Finished
verify_data:  { 188, 100, 155, 18, 18, 132, 204, 180, 111, 0, 116, 167 }
***
nioEventLoopGroup-2-1, WRITE: TLSv1.2 Handshake, length = 40
nioEventLoopGroup-2-1, READ: TLSv1.2 Change Cipher Spec, length = 1
nioEventLoopGroup-2-1, READ: TLSv1.2 Handshake, length = 40
*** Finished
verify_data:  { 49, 222, 223, 97, 94, 74, 95, 196, 241, 38, 54, 38 }
***
%% Cached client session: [Session-1, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]
2017-03-01 17:10:47,930 DEBUG nioEventLoopGroup-2-1 io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:81) [id: 0xe5a7dedb, L:/127.0.0.1:30866 - R:localhost/127.0.0.1:9912] HANDSHAKEN: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 
nioEventLoopGroup-2-1, WRITE: TLSv1.2 Application Data, length = 23
send: ssh over tcp test 2
nioEventLoopGroup-2-1, WRITE: TLSv1.2 Application Data, length = 23
send: ssh over tcp test 3
nioEventLoopGroup-2-1, WRITE: TLSv1.2 Application Data, length = 23
send: ssh over tcp test 4
nioEventLoopGroup-2-1, WRITE: TLSv1.2 Application Data, length = 23
send: ssh over tcp test 5
nioEventLoopGroup-2-1, WRITE: TLSv1.2 Application Data, length = 23

 

posted on 2017-03-02 07:51 zhjh256 阅读(...) 评论(...) 编辑 收藏