Client start up, to send clientHello


You get the entries in this colour when specifying -Djavax.net.debug=all"  
The following certificates were found in the trust store 
adding as trusted certificates (
  "certificate" : {
"subject"            : "CN=TEMP4Certification Authority, OU=TEST, O=TEMP",
  "certificate" : {
    "version"            : "v3",
    "serial number"      : "00",
    "signature algorithm": "SHA256withRSA",
    "issuer"             : "CN=TEMP4Certification Authority, OU=TEST, O=TEMP",
    "not before"         : "2020-07-14 24:00:00.000 BST",
    "not  after"         : "2021-07-02 23:59:59.000 BST",
    "subject"            : "CN=TEMP4Certification Authority, OU=TEST, O=TEMP",
    "subject public key" : "RSA",
    "extensions"         : [
      {
        ObjectId: 2.16.840.1.113730.1.13 Criticality=false
      },
      {
        ObjectId: 2.5.29.19 Criticality=true
        BasicConstraints:[
          CA:true
          PathLen:2147483647
        ]
      },
      {
        ObjectId: 2.5.29.15 Criticality=true
        KeyUsage [
          Key_CertSign
          Crl_Sign
        ]
      },
      {
        ObjectId: 2.5.29.14 Criticality=false
        SubjectKeyIdentifier [
        KeyIdentifier [
        0000: 4E 84 B6 96 07 27 AE 17   BB F6 D9 14 53 10 45 77  N....'......S.Ew
        0010: 1E 0E 9B 43                                        ...C
        ]
        ]
      }
    ]},

  "certificate" : {
"subject"            : "CN=DANCA1, OU=DAN, O=DAN",
  "certificate" : {
    "version"            : "v3",
    "serial number"      : "00",
    "signature algorithm": "SHA256withRSA",
    "issuer"             : "CN=DANCA1, OU=DAN, O=DAN",
    "not before"         : "2021-01-15 24:00:00.000 GMT",
    "not  after"         : "2021-07-03 24:59:59.000 BST",
    "subject"            : "CN=DANCA1, OU=DAN, O=DAN",
    "subject public key" : "RSA",
    "extensions"         : [
      {
        ObjectId: 2.16.840.1.113730.1.13 Criticality=false
      },
      {
        ObjectId: 2.5.29.19 Criticality=true
        BasicConstraints:[
          CA:true
          PathLen:2147483647
        ]
      },
      {
        ObjectId: 2.5.29.15 Criticality=true
        KeyUsage [
          DigitalSignature
          Non_repudiation
          Key_Encipherment
          Data_Encipherment
          Key_CertSign
          Crl_Sign
        ]
      },
      {
        ObjectId: 2.5.29.14 Criticality=false
        SubjectKeyIdentifier [
        KeyIdentifier [
        0000: 88 CD 60 90 08 A4 F7 B1   12 35 33 81 8B 60 DE 34  ..`......53..`.4
        0010: 71 34 D1 DF                                        q4..
        ]
        ]
      }
    ]},

  "certificate" : {
"subject"            : "CN=TEMP4Certification Authorit2, OU=TEST, O=TEMP",
  "certificate" : {
    "version"            : "v3",
    "serial number"      : "00",
    "signature algorithm": "SHA256withRSA",
    "issuer"             : "CN=TEMP4Certification Authorit2, OU=TEST, O=TEMP",
    "not before"         : "2020-12-14 24:00:00.000 GMT",
    "not  after"         : "2021-07-03 24:59:59.000 BST",
    "subject"            : "CN=TEMP4Certification Authorit2, OU=TEST, O=TEMP",
    "subject public key" : "RSA",
    "extensions"         : [
      {
        ObjectId: 2.16.840.1.113730.1.13 Criticality=false
      },
      {
        ObjectId: 2.5.29.19 Criticality=true
        BasicConstraints:[
          CA:true
          PathLen:2147483647
        ]
      },
      {
        ObjectId: 2.5.29.15 Criticality=true
        KeyUsage [
          DigitalSignature
          Non_repudiation
          Key_Encipherment
          Key_CertSign
          Crl_Sign
        ]
      },
      {
        ObjectId: 2.5.29.14 Criticality=false
        SubjectKeyIdentifier [
        KeyIdentifier [
        0000: 3E D0 DC C0 38 AA 9F B6   8C 15 01 73 3A 78 2B F3  >...8......s:x+.
        0010: F4 29 50 EC                                        .)P.
        ]
        ]
      }
    ]}

Display information about parameters being used 
System property jdk.tls.client.cipherSuites is set to 'null'
System property jdk.tls.server.cipherSuites is set to 'null'
jdk.tls.keyLimits:  entry = AES/GCM/NoPadding KeyUpdate 2^37. AES/GCM/NOPADDING:KEYUPDATE = 137438953472
List of disabled and ignored cipher suites eg TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
Ignore disabled cipher suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
Ignore disabled cipher suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
Ignore disabled cipher suite: SSL_RSA_WITH_3DES_EDE_CBC_SHA
Ignore unsupported cipher suite: SSL_RSA_WITH_3DES_EDE_CBC_SHA
Ignore disabled cipher suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
Ignore disabled cipher suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
Ignore disabled cipher suite: SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
Ignore unsupported cipher suite: SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
Ignore disabled cipher suite: SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
Ignore unsupported cipher suite: SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
Ignore disabled cipher suite: TLS_DH_anon_WITH_AES_256_GCM_SHA384
Ignore unsupported cipher suite: TLS_DH_anon_WITH_AES_256_GCM_SHA384
Ignore disabled cipher suite: TLS_DH_anon_WITH_AES_128_GCM_SHA256
Ignore unsupported cipher suite: TLS_DH_anon_WITH_AES_128_GCM_SHA256
Ignore disabled cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA256
Ignore unsupported cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA256
Ignore disabled cipher suite: TLS_ECDH_anon_WITH_AES_256_CBC_SHA
Ignore unsupported cipher suite: TLS_ECDH_anon_WITH_AES_256_CBC_SHA
Ignore disabled cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA
Ignore unsupported cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA
Ignore disabled cipher suite: TLS_DH_anon_WITH_AES_128_CBC_SHA256
Ignore unsupported cipher suite: TLS_DH_anon_WITH_AES_128_CBC_SHA256
Ignore disabled cipher suite: TLS_ECDH_anon_WITH_AES_128_CBC_SHA
Ignore unsupported cipher suite: TLS_ECDH_anon_WITH_AES_128_CBC_SHA
Ignore disabled cipher suite: TLS_DH_anon_WITH_AES_128_CBC_SHA
Ignore unsupported cipher suite: TLS_DH_anon_WITH_AES_128_CBC_SHA
Ignore disabled cipher suite: TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA
Ignore unsupported cipher suite: TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA
Ignore disabled cipher suite: SSL_DH_anon_WITH_3DES_EDE_CBC_SHA
Ignore unsupported cipher suite: SSL_DH_anon_WITH_3DES_EDE_CBC_SHA
Ignore disabled cipher suite: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
Ignore disabled cipher suite: TLS_ECDHE_RSA_WITH_RC4_128_SHA
Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_RC4_128_SHA
Ignore disabled cipher suite: SSL_RSA_WITH_RC4_128_SHA
Ignore unsupported cipher suite: SSL_RSA_WITH_RC4_128_SHA
Ignore disabled cipher suite: TLS_ECDH_ECDSA_WITH_RC4_128_SHA
Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_RC4_128_SHA
Ignore disabled cipher suite: TLS_ECDH_RSA_WITH_RC4_128_SHA
Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_RC4_128_SHA
Ignore disabled cipher suite: SSL_RSA_WITH_RC4_128_MD5
Ignore unsupported cipher suite: SSL_RSA_WITH_RC4_128_MD5
Ignore disabled cipher suite: TLS_ECDH_anon_WITH_RC4_128_SHA
Ignore unsupported cipher suite: TLS_ECDH_anon_WITH_RC4_128_SHA
Ignore disabled cipher suite: SSL_DH_anon_WITH_RC4_128_MD5
Ignore unsupported cipher suite: SSL_DH_anon_WITH_RC4_128_MD5
Ignore disabled cipher suite: SSL_RSA_WITH_DES_CBC_SHA
Ignore unsupported cipher suite: SSL_RSA_WITH_DES_CBC_SHA
Ignore disabled cipher suite: SSL_DHE_RSA_WITH_DES_CBC_SHA
Ignore unsupported cipher suite: SSL_DHE_RSA_WITH_DES_CBC_SHA
Ignore disabled cipher suite: SSL_DHE_DSS_WITH_DES_CBC_SHA
Ignore unsupported cipher suite: SSL_DHE_DSS_WITH_DES_CBC_SHA
Ignore disabled cipher suite: SSL_DH_anon_WITH_DES_CBC_SHA
Ignore unsupported cipher suite: SSL_DH_anon_WITH_DES_CBC_SHA
Ignore disabled cipher suite: SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
Ignore unsupported cipher suite: SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
Ignore disabled cipher suite: SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
Ignore unsupported cipher suite: SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
Ignore disabled cipher suite: SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
Ignore unsupported cipher suite: SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
Ignore disabled cipher suite: SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA
Ignore unsupported cipher suite: SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA
Ignore disabled cipher suite: SSL_RSA_EXPORT_WITH_RC4_40_MD5
Ignore unsupported cipher suite: SSL_RSA_EXPORT_WITH_RC4_40_MD5
Ignore disabled cipher suite: SSL_DH_anon_EXPORT_WITH_RC4_40_MD5
Ignore unsupported cipher suite: SSL_DH_anon_EXPORT_WITH_RC4_40_MD5
Ignore disabled cipher suite: TLS_RSA_WITH_NULL_SHA256
Ignore unsupported cipher suite: TLS_RSA_WITH_NULL_SHA256
Ignore disabled cipher suite: TLS_ECDHE_ECDSA_WITH_NULL_SHA
Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_NULL_SHA
Ignore disabled cipher suite: TLS_ECDHE_RSA_WITH_NULL_SHA
Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_NULL_SHA
Ignore disabled cipher suite: SSL_RSA_WITH_NULL_SHA
Ignore unsupported cipher suite: SSL_RSA_WITH_NULL_SHA
Ignore disabled cipher suite: TLS_ECDH_ECDSA_WITH_NULL_SHA
Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_NULL_SHA
Ignore disabled cipher suite: TLS_ECDH_RSA_WITH_NULL_SHA
Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_NULL_SHA
Ignore disabled cipher suite: TLS_ECDH_anon_WITH_NULL_SHA
Ignore unsupported cipher suite: TLS_ECDH_anon_WITH_NULL_SHA
Ignore disabled cipher suite: SSL_RSA_WITH_NULL_MD5
Ignore unsupported cipher suite: SSL_RSA_WITH_NULL_MD5
Ignore disabled cipher suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
Ignore disabled cipher suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
Ignore disabled cipher suite: SSL_RSA_WITH_3DES_EDE_CBC_SHA
Ignore unsupported cipher suite: SSL_RSA_WITH_3DES_EDE_CBC_SHA
Ignore disabled cipher suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
Ignore disabled cipher suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
Ignore disabled cipher suite: SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
Ignore unsupported cipher suite: SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
Ignore disabled cipher suite: SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
Ignore unsupported cipher suite: SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
Ignore unsupported cipher suite: TLS_AES_128_GCM_SHA256
Ignore unsupported cipher suite: TLS_AES_256_GCM_SHA384
Ignore disabled cipher suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
Ignore disabled cipher suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
Ignore disabled cipher suite: SSL_RSA_WITH_3DES_EDE_CBC_SHA
Ignore unsupported cipher suite: SSL_RSA_WITH_3DES_EDE_CBC_SHA
Ignore disabled cipher suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
Ignore disabled cipher suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
Ignore disabled cipher suite: SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
Ignore unsupported cipher suite: SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
Ignore disabled cipher suite: SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
Ignore unsupported cipher suite: SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA

)
trigger seeding of SecureRandom
done seeding of SecureRandom
System property jdk.tls.client.SignatureSchemes is set to 'null'
Unable to indicate server name
Ignore, context unavailable extension: server_name
ed25529 and ed448 are elliptic ciphers
Signature algorithm, ed25519, is not supported by the underlying providers
Signature algorithm, ed448, is not supported by the underlying providers
Ignore unsupported signature scheme: ed25519
Ignore unsupported signature scheme: ed448
Ignore disabled signature scheme: rsa_md5
ALN
No available application protocols
Ignore, context unavailable extension: application_layer_protocol_negotiation
Ignore, context unavailable extension: renegotiation_info

You get entries below here when using -Djavax.net.debug=ssl:handshake or
-Djavax.net.debug=all    


This gets sent to the server
Produced ClientHello handshake message (
"ClientHello": {
  "client version"      : "TLSv1.2",
  "random"              : "60 A8 ...",
  "session id"          : "",
  "cipher suites"       : "[TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384(0xC02C), TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(0xC02B), TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(0xC030), TLS_RSA_WITH_AES_256_GCM_SHA384(0x009D), TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384(0xC02E), TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384(0xC032), TLS_DHE_RSA_WITH_AES_256_GCM_SHA384(0x009F), TLS_DHE_DSS_WITH_AES_256_GCM_SHA384(0x00A3), TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(0xC02F), TLS_RSA_WITH_AES_128_GCM_SHA256(0x009C), TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256(0xC02D), TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256(0xC031), TLS_DHE_RSA_WITH_AES_128_GCM_SHA256(0x009E), TLS_DHE_DSS_WITH_AES_128_GCM_SHA256(0x00A2), TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384(0xC024), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384(0xC028), TLS_RSA_WITH_AES_256_CBC_SHA256(0x003D), TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384(0xC026), TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384(0xC02A), TLS_DHE_RSA_WITH_AES_256_CBC_SHA256(0x006B), TLS_DHE_DSS_WITH_AES_256_CBC_SHA256(0x006A), TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA(0xC00A), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(0xC014), TLS_RSA_WITH_AES_256_CBC_SHA(0x0035), TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA(0xC005), TLS_ECDH_RSA_WITH_AES_256_CBC_SHA(0xC00F), TLS_DHE_RSA_WITH_AES_256_CBC_SHA(0x0039), TLS_DHE_DSS_WITH_AES_256_CBC_SHA(0x0038), TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256(0xC023), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256(0xC027), TLS_RSA_WITH_AES_128_CBC_SHA256(0x003C), TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256(0xC025), TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256(0xC029), TLS_DHE_RSA_WITH_AES_128_CBC_SHA256(0x0067), TLS_DHE_DSS_WITH_AES_128_CBC_SHA256(0x0040), TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA(0xC009), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(0xC013), TLS_RSA_WITH_AES_128_CBC_SHA(0x002F), TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA(0xC004), TLS_ECDH_RSA_WITH_AES_128_CBC_SHA(0xC00E), TLS_DHE_RSA_WITH_AES_128_CBC_SHA(0x0033), TLS_DHE_DSS_WITH_AES_128_CBC_SHA(0x0032), TLS_EMPTY_RENEGOTIATION_INFO_SCSV(0x00FF)]",
  "compression methods" : "00",
extensions
  "extensions"          : [
    "status_request (5)": {
      "certificate status type": ocsp
      "OCSP status request": {
        "responder_id": <empty>
        "request extensions": {
          <empty>
        }
      }
    },
    "supported_groups (10)": {
      "versions": [secp256r1, secp384r1, secp521r1, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192]
    },
    "ec_point_formats (11)": {
      "formats": [uncompressed]
    },
    "signature_algorithms (13)": {
      "signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha224, rsa_sha224, dsa_sha224, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1]
    },
    "signature_algorithms_cert (50)": {
      "signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha224, rsa_sha224, dsa_sha224, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1]
    },
    "status_request_v2 (17)": {
      "cert status request": {
        "certificate status type": ocsp_multi
        "OCSP status request": {
          "responder_id": <empty>
          "request extensions": {
            <empty>
          }
        }
      }
    },
    "extended_master_secret (23)": {
      <empty>
    },

    "supported_versions (43)": {
      "versions": [TLSv1.2]
    }
}
Send it to the server
WRITE: TLS12 handshake, length = 280

Share this:

Like this: