Tomcat, восстановление сессии, повторные запросы

Добро пожаловать, Гость! Чтобы использовать все возможности Вход или Регистрация.

Уведомление

Error

Tomcat, восстановление сессии, повторные запросы

Опции

Предыдущая тема Следующая тема

xEdward		#1 Оставлено : 29 марта 2017 г. 16:04:29(UTC)
Статус: Новичок Группы: Участники Зарегистрирован: 15.11.2016(UTC) Сообщений: 2		Добрый день. Возникли сложности с использованием КриптоПро JTLS в процессе интеграции с другими Системами. Наш сервер имеет собственную бизнес-логику, предусматривающую анализ сертификата клиента. Однако, по неизвестной причине, каждый второй запрос не содержит в себе сертификата с точки зрения Tomcat. В логах ru.CryptoPro.ssl.SSLLogger содержится информация о том, что CryptoPro "восстанавливает" предыдущую сессию. Соединение устанавливается, но получить сертификат клиента становится невозможно. Сведения об окружении: java: 1.8.0_20 jcp: 2.0.388030 tomcat: 8.0.21 Лог запроса с сертификатом: Код: 29-Mar-2017 17:17:10.043 INFO [http-nio-0.0.0.0-18181-Acceptor-0] ru.CryptoPro.ssl.SSLEngineImpl.a Using SSLEngineImpl. 29-Mar-2017 17:17:10.044 FINE [http-nio-0.0.0.0-18181-Acceptor-0] ru.CryptoPro.ssl.f.a Allow unsafe renegotiation: true Allow legacy hello messages: true Is initial handshake: true Is secure renegotiation: false 29-Mar-2017 17:17:10.053 FINE [http-nio-0.0.0.0-18181-exec-20] ru.CryptoPro.ssl.O.<init> ClientHello sessionId: {} 29-Mar-2017 17:17:10.054 FINE [http-nio-0.0.0.0-18181-exec-20] ru.CryptoPro.ssl.n.a %% ClientHello, TLSv1; Cipher Suites: [TLS_CIPHER_2001, SSL3_CK_GVO_KB2, SSL3_CK_GVO]; Compression Methods: 0; Extensions: Extension ext_hash_and_mac_alg_select, ext_hash_and_mac_alg_select: [48, 32, 48, 30, 48, 8, 6, 6, 42, -123, 3, 2, 2, 9, 48, 8, 6, 6, 42, -123, 3, 2, 2, 22, 48, 8, 6, 6, 42, -123, 3, 2, 2, 23], Extension renegotiation_info, renegotiated_connection: <empty>, Unsupported extension type_35, data: [], Unsupported extension server_name, [host_name: 192.168.0.16]; 29-Mar-2017 17:17:10.059 FINE [http-nio-0.0.0.0-18181-exec-20] ru.CryptoPro.ssl.n.a create new Session 29-Mar-2017 17:17:10.059 FINE [http-nio-0.0.0.0-18181-exec-20] ru.CryptoPro.ssl.n.b Check cipher suite: TLS_CIPHER_2001 29-Mar-2017 17:17:10.059 FINE [http-nio-0.0.0.0-18181-exec-20] ru.CryptoPro.ssl.n.b Try to set cipher suite: TLS_CIPHER_2001 29-Mar-2017 17:17:10.059 FINE [http-nio-0.0.0.0-18181-exec-20] ru.CryptoPro.ssl.f.a Add certificate algorithm: GOST3410EL [priority: 2] 29-Mar-2017 17:17:10.059 FINE [http-nio-0.0.0.0-18181-exec-20] ru.CryptoPro.ssl.n.b Find server container with type: GOST3410EL 29-Mar-2017 17:17:10.059 FINE [http-nio-0.0.0.0-18181-exec-20] ru.CryptoPro.ssl.r.a %% getting aliases for Server 29-Mar-2017 17:17:10.063 FINE [http-nio-0.0.0.0-18181-exec-20] ru.CryptoPro.ssl.r.a %% matching alias: server.b.pass999 29-Mar-2017 17:17:10.063 FINE [http-nio-0.0.0.0-18181-exec-20] ru.CryptoPro.ssl.n.b Try load 'server.b.pass999'... 29-Mar-2017 17:17:10.064 FINE [http-nio-0.0.0.0-18181-exec-20] ru.CryptoPro.ssl.at.a Public key OID: 1.2.643.2.2.19 [GOST3410EL] 29-Mar-2017 17:17:10.064 FINE [http-nio-0.0.0.0-18181-exec-20] ru.CryptoPro.ssl.n.b Certificate 'server.b.pass999' matches... 29-Mar-2017 17:17:10.064 FINE [http-nio-0.0.0.0-18181-exec-20] ru.CryptoPro.JCP.tools.SelfTester.checkClass [http-nio-0.0.0.0-18181-exec-20] class: ru.CryptoPro.JCP.Sign.c, URL: file:/C:/Program%20Files/Java/jdk1.8.0_20/jre/lib/ext/JCP.jar 29-Mar-2017 17:17:10.064 FINE [http-nio-0.0.0.0-18181-exec-20] ru.CryptoPro.JCP.tools.SelfTester.a [http-nio-0.0.0.0-18181-exec-20] check URL: file:/C:/Program%20Files/Java/jdk1.8.0_20/jre/lib/ext/JCP.jar 29-Mar-2017 17:17:10.064 FINE [http-nio-0.0.0.0-18181-exec-20] ru.CryptoPro.ssl.n.b Private key 'server.b.pass999' is available, key test passed... 29-Mar-2017 17:17:10.064 FINE [http-nio-0.0.0.0-18181-exec-20] ru.CryptoPro.ssl.n.b %% Chosen server alias: server.b.pass999 [algorithm: GOST3410EL] 29-Mar-2017 17:17:10.065 FINE [http-nio-0.0.0.0-18181-exec-20] ru.CryptoPro.ssl.f.a handshakeDigest :421937c5 29-Mar-2017 17:17:10.065 FINE [http-nio-0.0.0.0-18181-exec-20] ru.CryptoPro.ssl.n.a clientHello SessionId:{88, 219, 165, 198, 19, 203, 205, 22, 101, 0, 6, 194, 138, 22, 59, 242, 84, 185, 204, 243, 32, 45, 202, 190, 54, 148, 25, 162, 171, 128, 132, 219} 29-Mar-2017 17:17:10.065 FINE [http-nio-0.0.0.0-18181-exec-20] ru.CryptoPro.ssl.n.a %% ServerHello, TLSv1; Cipher Suite: TLS_CIPHER_2001; Compression Method: 0; Extensions: Extension renegotiation_info, renegotiated_connection: <empty>, Extension ext_hash_and_mac_alg_select, ext_hash_and_mac_alg_select: [48, 30, 48, 8, 6, 6, 42, -123, 3, 2, 2, 9, 48, 8, 6, 6, 42, -123, 3, 2, 2, 22, 48, 8, 6, 6, 42, -123, 3, 2, 2, 23]; 29-Mar-2017 17:17:10.065 FINE [http-nio-0.0.0.0-18181-exec-20] ru.CryptoPro.ssl.n.a Cipher suite: TLS_CIPHER_2001 29-Mar-2017 17:17:10.065 FINE [http-nio-0.0.0.0-18181-exec-20] ru.CryptoPro.ssl.n.a %% Certificate message: ------ Subject: CN=server Valid from Mon Feb 13 03:41:21 GMT+05:00 2017 until Sat May 13 03:51:21 GMT+05:00 2017 ------ 29-Mar-2017 17:17:10.065 FINE [http-nio-0.0.0.0-18181-exec-20] ru.CryptoPro.ssl.ab.<init> Authorities list's size is 569 bytes, it will be send empty: false 29-Mar-2017 17:17:10.066 FINE [http-nio-0.0.0.0-18181-exec-20] ru.CryptoPro.ssl.n.a %% CertificateRequest Cert Authorities: <CN=66.sir.egov.local, O=My Company Ltd, L=Newbury, ST=66, C=ru> <CN=УЦ ЗАО ТаксНет, OU=Удостоверяющий центр, O=ЗАО ТаксНет, L=Казань, ST=16 Республика Татарстан, C=RU, EMAILADDRESS=ca@taxnet.ru, STREET=ул. К. Насыри д. 28, OID.1.2.643.3.131.1.1=#120C303031363535303435343036, OID.1.2.643.100.1=#120D31303231363032383535323632> <CN=CRYPTO-PRO Test Center 2, O=CRYPTO-PRO LLC, L=Moscow, C=RU, EMAILADDRESS=support@cryptopro.ru> 29-Mar-2017 17:17:10.066 FINE [http-nio-0.0.0.0-18181-exec-20] ru.CryptoPro.ssl.n.a %% ServerHelloDone (empty) 29-Mar-2017 17:17:10.079 FINE [http-nio-0.0.0.0-18181-exec-21] ru.CryptoPro.ssl.n.a %% Certificate message: ------ Subject: CN=server Valid from Mon Feb 13 03:41:21 GMT+05:00 2017 until Sat May 13 03:51:21 GMT+05:00 2017 ------ 29-Mar-2017 17:17:10.080 FINE [http-nio-0.0.0.0-18181-exec-21] ru.CryptoPro.ssl.w.a [PKIX] Signature provider: JCP 29-Mar-2017 17:17:10.080 FINE [http-nio-0.0.0.0-18181-exec-21] ru.CryptoPro.ssl.w.a [PKIX] Set some additional (intermediate) certificates 29-Mar-2017 17:17:10.080 FINE [http-nio-0.0.0.0-18181-exec-21] ru.CryptoPro.ssl.w.a [PKIX] parameters: com.sun.security.enableCRLDP=false com.ibm.security.enableCRLDP=false 29-Mar-2017 17:17:10.083 FINE [http-nio-0.0.0.0-18181-exec-21] ru.CryptoPro.ssl.w.a [PKIX] Certificate chain was built (length: 2). 29-Mar-2017 17:17:10.083 CONFIG [http-nio-0.0.0.0-18181-exec-21] ru.CryptoPro.JCP.pref.JCPPref.getBoolean User Preference Node: /ru/CryptoPro/ssl.Enable_revocation_default=false 29-Mar-2017 17:17:10.083 FINE [http-nio-0.0.0.0-18181-exec-21] ru.CryptoPro.ssl.w.a [PKIX] Offline verification is disabled. CRL timer is turned OFF. 29-Mar-2017 17:17:10.083 FINE [http-nio-0.0.0.0-18181-exec-21] ru.CryptoPro.JCP.tools.SelfTester.checkClass [http-nio-0.0.0.0-18181-exec-21] class: ru.CryptoPro.Crypto.Key.KeyAgreement, URL: file:/C:/Program%20Files/Java/jdk1.8.0_20/jre/lib/ext/JCryptoP.jar 29-Mar-2017 17:17:10.084 FINE [http-nio-0.0.0.0-18181-exec-21] ru.CryptoPro.JCP.tools.SelfTester.a [http-nio-0.0.0.0-18181-exec-21] check URL: file:/C:/Program%20Files/Java/jdk1.8.0_20/jre/lib/ext/JCP.jar 29-Mar-2017 17:17:10.084 FINE [http-nio-0.0.0.0-18181-exec-21] ru.CryptoPro.JCP.tools.SelfTester.a [http-nio-0.0.0.0-18181-exec-21] check URL: file:/C:/Program%20Files/Java/jdk1.8.0_20/jre/lib/ext/JCryptoP.jar 29-Mar-2017 17:17:10.089 FINE [http-nio-0.0.0.0-18181-exec-21] ru.CryptoPro.JCP.tools.SelfTester.checkClass [http-nio-0.0.0.0-18181-exec-21] class: ru.CryptoPro.Crypto.Cipher.GostCoreCipher, URL: file:/C:/Program%20Files/Java/jdk1.8.0_20/jre/lib/ext/JCryptoP.jar 29-Mar-2017 17:17:10.089 FINE [http-nio-0.0.0.0-18181-exec-21] ru.CryptoPro.JCP.tools.SelfTester.a [http-nio-0.0.0.0-18181-exec-21] check URL: file:/C:/Program%20Files/Java/jdk1.8.0_20/jre/lib/ext/JCP.jar 29-Mar-2017 17:17:10.089 FINE [http-nio-0.0.0.0-18181-exec-21] ru.CryptoPro.JCP.tools.SelfTester.a [http-nio-0.0.0.0-18181-exec-21] check URL: file:/C:/Program%20Files/Java/jdk1.8.0_20/jre/lib/ext/JCryptoP.jar 29-Mar-2017 17:17:10.101 FINE [http-nio-0.0.0.0-18181-exec-21] ru.CryptoPro.ssl.f.a clntEncIV:55 85 58 71 DB 28 61 4F 29-Mar-2017 17:17:10.104 FINE [http-nio-0.0.0.0-18181-exec-21] ru.CryptoPro.ssl.f.a svrEncIV:85 AE 7C 6C 32 46 1C 26 29-Mar-2017 17:17:10.110 FINE [http-nio-0.0.0.0-18181-exec-21] ru.CryptoPro.JCP.tools.SelfTester.checkClass [http-nio-0.0.0.0-18181-exec-21] class: ru.CryptoPro.Crypto.Cipher.GostCoreCipher, URL: file:/C:/Program%20Files/Java/jdk1.8.0_20/jre/lib/ext/JCryptoP.jar 29-Mar-2017 17:17:10.110 FINE [http-nio-0.0.0.0-18181-exec-21] ru.CryptoPro.JCP.tools.SelfTester.a [http-nio-0.0.0.0-18181-exec-21] check URL: file:/C:/Program%20Files/Java/jdk1.8.0_20/jre/lib/ext/JCP.jar 29-Mar-2017 17:17:10.110 FINE [http-nio-0.0.0.0-18181-exec-21] ru.CryptoPro.JCP.tools.SelfTester.a [http-nio-0.0.0.0-18181-exec-21] check URL: file:/C:/Program%20Files/Java/jdk1.8.0_20/jre/lib/ext/JCryptoP.jar 29-Mar-2017 17:17:10.111 FINE [http-nio-0.0.0.0-18181-exec-21] ru.CryptoPro.JCP.tools.SelfTester.checkClass [http-nio-0.0.0.0-18181-exec-21] class: ru.CryptoPro.Crypto.Cipher.GostMac, URL: file:/C:/Program%20Files/Java/jdk1.8.0_20/jre/lib/ext/JCryptoP.jar 29-Mar-2017 17:17:10.111 FINE [http-nio-0.0.0.0-18181-exec-21] ru.CryptoPro.JCP.tools.SelfTester.a [http-nio-0.0.0.0-18181-exec-21] check URL: file:/C:/Program%20Files/Java/jdk1.8.0_20/jre/lib/ext/JCP.jar 29-Mar-2017 17:17:10.111 FINE [http-nio-0.0.0.0-18181-exec-21] ru.CryptoPro.JCP.tools.SelfTester.a [http-nio-0.0.0.0-18181-exec-21] check URL: file:/C:/Program%20Files/Java/jdk1.8.0_20/jre/lib/ext/JCryptoP.jar 29-Mar-2017 17:17:10.111 FINE [http-nio-0.0.0.0-18181-exec-21] ru.CryptoPro.JCP.tools.SelfTester.checkClass [http-nio-0.0.0.0-18181-exec-21] class: ru.CryptoPro.Crypto.Cipher.GostMac, URL: file:/C:/Program%20Files/Java/jdk1.8.0_20/jre/lib/ext/JCryptoP.jar 29-Mar-2017 17:17:10.111 FINE [http-nio-0.0.0.0-18181-exec-21] ru.CryptoPro.JCP.tools.SelfTester.a [http-nio-0.0.0.0-18181-exec-21] check URL: file:/C:/Program%20Files/Java/jdk1.8.0_20/jre/lib/ext/JCP.jar 29-Mar-2017 17:17:10.111 FINE [http-nio-0.0.0.0-18181-exec-21] ru.CryptoPro.JCP.tools.SelfTester.a [http-nio-0.0.0.0-18181-exec-21] check URL: file:/C:/Program%20Files/Java/jdk1.8.0_20/jre/lib/ext/JCryptoP.jar 29-Mar-2017 17:17:10.111 FINE [http-nio-0.0.0.0-18181-exec-21] ru.CryptoPro.JCP.tools.SelfTester.checkClass [http-nio-0.0.0.0-18181-exec-21] class: ru.CryptoPro.Crypto.Cipher.GostMac, URL: file:/C:/Program%20Files/Java/jdk1.8.0_20/jre/lib/ext/JCryptoP.jar 29-Mar-2017 17:17:10.111 FINE [http-nio-0.0.0.0-18181-exec-21] ru.CryptoPro.JCP.tools.SelfTester.a [http-nio-0.0.0.0-18181-exec-21] check URL: file:/C:/Program%20Files/Java/jdk1.8.0_20/jre/lib/ext/JCP.jar 29-Mar-2017 17:17:10.111 FINE [http-nio-0.0.0.0-18181-exec-21] ru.CryptoPro.JCP.tools.SelfTester.a [http-nio-0.0.0.0-18181-exec-21] check URL: file:/C:/Program%20Files/Java/jdk1.8.0_20/jre/lib/ext/JCryptoP.jar 29-Mar-2017 17:17:10.111 FINE [http-nio-0.0.0.0-18181-exec-21] ru.CryptoPro.ssl.n.a %% Finished. 29-Mar-2017 17:17:10.118 FINE [http-nio-0.0.0.0-18181-exec-21] ru.CryptoPro.ssl.n.b %% Finished. 29-Mar-2017 17:17:10.118 FINE [http-nio-0.0.0.0-18181-exec-21] ru.CryptoPro.JCP.tools.SelfTester.checkClass [http-nio-0.0.0.0-18181-exec-21] class: ru.CryptoPro.Crypto.Cipher.GostCoreCipher, URL: file:/C:/Program%20Files/Java/jdk1.8.0_20/jre/lib/ext/JCryptoP.jar 29-Mar-2017 17:17:10.118 FINE [http-nio-0.0.0.0-18181-exec-21] ru.CryptoPro.JCP.tools.SelfTester.a [http-nio-0.0.0.0-18181-exec-21] check URL: file:/C:/Program%20Files/Java/jdk1.8.0_20/jre/lib/ext/JCP.jar 29-Mar-2017 17:17:10.119 FINE [http-nio-0.0.0.0-18181-exec-21] ru.CryptoPro.JCP.tools.SelfTester.a [http-nio-0.0.0.0-18181-exec-21] check URL: file:/C:/Program%20Files/Java/jdk1.8.0_20/jre/lib/ext/JCryptoP.jar 29-Mar-2017 17:17:10.119 FINE [http-nio-0.0.0.0-18181-exec-21] ru.CryptoPro.JCP.tools.SelfTester.checkClass [http-nio-0.0.0.0-18181-exec-21] class: ru.CryptoPro.Crypto.Cipher.GostMac, URL: file:/C:/Program%20Files/Java/jdk1.8.0_20/jre/lib/ext/JCryptoP.jar 29-Mar-2017 17:17:10.119 FINE [http-nio-0.0.0.0-18181-exec-21] ru.CryptoPro.JCP.tools.SelfTester.a [http-nio-0.0.0.0-18181-exec-21] check URL: file:/C:/Program%20Files/Java/jdk1.8.0_20/jre/lib/ext/JCP.jar 29-Mar-2017 17:17:10.119 FINE [http-nio-0.0.0.0-18181-exec-21] ru.CryptoPro.JCP.tools.SelfTester.a [http-nio-0.0.0.0-18181-exec-21] check URL: file:/C:/Program%20Files/Java/jdk1.8.0_20/jre/lib/ext/JCryptoP.jar 29-Mar-2017 17:17:10.119 FINE [http-nio-0.0.0.0-18181-exec-21] ru.CryptoPro.ssl.f.a %% Finished. 29-Mar-2017 17:17:10.119 FINE [http-nio-0.0.0.0-18181-exec-21] ru.CryptoPro.JCP.tools.SelfTester.checkClass [http-nio-0.0.0.0-18181-exec-21] class: ru.CryptoPro.Crypto.Cipher.GostMac, URL: file:/C:/Program%20Files/Java/jdk1.8.0_20/jre/lib/ext/JCryptoP.jar 29-Mar-2017 17:17:10.119 FINE [http-nio-0.0.0.0-18181-exec-21] ru.CryptoPro.JCP.tools.SelfTester.a [http-nio-0.0.0.0-18181-exec-21] check URL: file:/C:/Program%20Files/Java/jdk1.8.0_20/jre/lib/ext/JCP.jar 29-Mar-2017 17:17:10.120 FINE [http-nio-0.0.0.0-18181-exec-21] ru.CryptoPro.JCP.tools.SelfTester.a [http-nio-0.0.0.0-18181-exec-21] check URL: file:/C:/Program%20Files/Java/jdk1.8.0_20/jre/lib/ext/JCryptoP.jar 29-Mar-2017 17:17:10.120 FINE [http-nio-0.0.0.0-18181-exec-21] ru.CryptoPro.JCP.tools.SelfTester.checkClass [http-nio-0.0.0.0-18181-exec-21] class: ru.CryptoPro.Crypto.Cipher.GostMac, URL: file:/C:/Program%20Files/Java/jdk1.8.0_20/jre/lib/ext/JCryptoP.jar 29-Mar-2017 17:17:10.120 FINE [http-nio-0.0.0.0-18181-exec-21] ru.CryptoPro.JCP.tools.SelfTester.a [http-nio-0.0.0.0-18181-exec-21] check URL: file:/C:/Program%20Files/Java/jdk1.8.0_20/jre/lib/ext/JCP.jar 29-Mar-2017 17:17:10.120 FINE [http-nio-0.0.0.0-18181-exec-21] ru.CryptoPro.JCP.tools.SelfTester.a [http-nio-0.0.0.0-18181-exec-21] check URL: file:/C:/Program%20Files/Java/jdk1.8.0_20/jre/lib/ext/JCryptoP.jar 29-Mar-2017 17:17:10.120 FINE [http-nio-0.0.0.0-18181-exec-21] ru.CryptoPro.ssl.n.a %% Cached server session: [Session-7, TLS_CIPHER_2001] 29-Mar-2017 17:17:10.126 FINE [http-nio-0.0.0.0-18181-exec-24] ru.CryptoPro.JCP.tools.SelfTester.checkClass [http-nio-0.0.0.0-18181-exec-24] class: ru.CryptoPro.Crypto.Cipher.GostMac, URL: file:/C:/Program%20Files/Java/jdk1.8.0_20/jre/lib/ext/JCryptoP.jar 29-Mar-2017 17:17:10.126 FINE [http-nio-0.0.0.0-18181-exec-24] ru.CryptoPro.JCP.tools.SelfTester.a [http-nio-0.0.0.0-18181-exec-24] check URL: file:/C:/Program%20Files/Java/jdk1.8.0_20/jre/lib/ext/JCP.jar 29-Mar-2017 17:17:10.126 FINE [http-nio-0.0.0.0-18181-exec-24] ru.CryptoPro.JCP.tools.SelfTester.a [http-nio-0.0.0.0-18181-exec-24] check URL: file:/C:/Program%20Files/Java/jdk1.8.0_20/jre/lib/ext/JCryptoP.jar 29-Mar-2017 17:17:10.128 FINE [http-nio-0.0.0.0-18181-exec-24] ru.CryptoPro.JCP.tools.SelfTester.checkClass [http-nio-0.0.0.0-18181-exec-24] class: ru.CryptoPro.Crypto.Cipher.GostMac, URL: file:/C:/Program%20Files/Java/jdk1.8.0_20/jre/lib/ext/JCryptoP.jar 29-Mar-2017 17:17:10.128 FINE [http-nio-0.0.0.0-18181-exec-24] ru.CryptoPro.JCP.tools.SelfTester.a [http-nio-0.0.0.0-18181-exec-24] check URL: file:/C:/Program%20Files/Java/jdk1.8.0_20/jre/lib/ext/JCP.jar 29-Mar-2017 17:17:10.128 FINE [http-nio-0.0.0.0-18181-exec-24] ru.CryptoPro.JCP.tools.SelfTester.a [http-nio-0.0.0.0-18181-exec-24] check URL: file:/C:/Program%20Files/Java/jdk1.8.0_20/jre/lib/ext/JCryptoP.jar 29-Mar-2017 17:17:10.129 FINE [http-nio-0.0.0.0-18181-exec-24] ru.CryptoPro.JCP.tools.SelfTester.checkClass [http-nio-0.0.0.0-18181-exec-24] class: ru.CryptoPro.Crypto.Cipher.GostMac, URL: file:/C:/Program%20Files/Java/jdk1.8.0_20/jre/lib/ext/JCryptoP.jar 29-Mar-2017 17:17:10.129 FINE [http-nio-0.0.0.0-18181-exec-24] ru.CryptoPro.JCP.tools.SelfTester.a [http-nio-0.0.0.0-18181-exec-24] check URL: file:/C:/Program%20Files/Java/jdk1.8.0_20/jre/lib/ext/JCP.jar 29-Mar-2017 17:17:10.129 FINE [http-nio-0.0.0.0-18181-exec-24] ru.CryptoPro.JCP.tools.SelfTester.a [http-nio-0.0.0.0-18181-exec-24] check URL: file:/C:/Program%20Files/Java/jdk1.8.0_20/jre/lib/ext/JCryptoP.jar 29-Mar-2017 17:17:10.129 FINE [http-nio-0.0.0.0-18181-exec-24] ru.CryptoPro.JCP.tools.SelfTester.checkClass [http-nio-0.0.0.0-18181-exec-24] class: ru.CryptoPro.Crypto.Cipher.GostMac, URL: file:/C:/Program%20Files/Java/jdk1.8.0_20/jre/lib/ext/JCryptoP.jar 29-Mar-2017 17:17:10.129 FINE [http-nio-0.0.0.0-18181-exec-24] ru.CryptoPro.JCP.tools.SelfTester.a [http-nio-0.0.0.0-18181-exec-24] check URL: file:/C:/Program%20Files/Java/jdk1.8.0_20/jre/lib/ext/JCP.jar 29-Mar-2017 17:17:10.130 FINE [http-nio-0.0.0.0-18181-exec-24] ru.CryptoPro.JCP.tools.SelfTester.a [http-nio-0.0.0.0-18181-exec-24] check URL: file:/C:/Program%20Files/Java/jdk1.8.0_20/jre/lib/ext/JCryptoP.jar Лог последующего запроса - сертификат пропал: Код: 29-Mar-2017 17:17:54.366 INFO [http-nio-0.0.0.0-18181-Acceptor-0] ru.CryptoPro.ssl.SSLEngineImpl.a Using SSLEngineImpl. 29-Mar-2017 17:17:54.367 FINE [http-nio-0.0.0.0-18181-Acceptor-0] ru.CryptoPro.ssl.f.a Allow unsafe renegotiation: true Allow legacy hello messages: true Is initial handshake: true Is secure renegotiation: false 29-Mar-2017 17:17:54.369 FINE [http-nio-0.0.0.0-18181-exec-25] ru.CryptoPro.ssl.O.<init> ClientHello sessionId: {88, 219, 165, 198, 19, 203, 205, 22, 101, 0, 6, 194, 138, 22, 59, 242, 84, 185, 204, 243, 32, 45, 202, 190, 54, 148, 25, 162, 171, 128, 132, 219} 29-Mar-2017 17:17:54.369 FINE [http-nio-0.0.0.0-18181-exec-25] ru.CryptoPro.ssl.n.a %% ClientHello, TLSv1; Cipher Suites: [TLS_CIPHER_2001, SSL3_CK_GVO_KB2, SSL3_CK_GVO]; Compression Methods: 0; Extensions: Extension ext_hash_and_mac_alg_select, ext_hash_and_mac_alg_select: [48, 32, 48, 30, 48, 8, 6, 6, 42, -123, 3, 2, 2, 9, 48, 8, 6, 6, 42, -123, 3, 2, 2, 22, 48, 8, 6, 6, 42, -123, 3, 2, 2, 23], Extension renegotiation_info, renegotiated_connection: <empty>, Unsupported extension type_35, data: [], Unsupported extension server_name, [host_name: 192.168.0.16]; 29-Mar-2017 17:17:54.370 FINE [http-nio-0.0.0.0-18181-exec-25] ru.CryptoPro.ssl.n.a client resumes session:{88, 219, 165, 198, 19, 203, 205, 22, 101, 0, 6, 194, 138, 22, 59, 242, 84, 185, 204, 243, 32, 45, 202, 190, 54, 148, 25, 162, 171, 128, 132, 219} 29-Mar-2017 17:17:54.370 FINE [http-nio-0.0.0.0-18181-exec-25] ru.CryptoPro.ssl.f.a handshakeDigest :7bd6efcc 29-Mar-2017 17:17:54.370 FINE [http-nio-0.0.0.0-18181-exec-25] ru.CryptoPro.ssl.n.a %% Resuming [Session-7, TLS_CIPHER_2001] 29-Mar-2017 17:17:54.370 FINE [http-nio-0.0.0.0-18181-exec-25] ru.CryptoPro.ssl.n.a clientHello SessionId:{88, 219, 165, 198, 19, 203, 205, 22, 101, 0, 6, 194, 138, 22, 59, 242, 84, 185, 204, 243, 32, 45, 202, 190, 54, 148, 25, 162, 171, 128, 132, 219} 29-Mar-2017 17:17:54.370 FINE [http-nio-0.0.0.0-18181-exec-25] ru.CryptoPro.ssl.n.a %% ServerHello, TLSv1; Cipher Suite: TLS_CIPHER_2001; Compression Method: 0; Extensions: Extension renegotiation_info, renegotiated_connection: <empty>, Extension ext_hash_and_mac_alg_select, ext_hash_and_mac_alg_select: [48, 30, 48, 8, 6, 6, 42, -123, 3, 2, 2, 9, 48, 8, 6, 6, 42, -123, 3, 2, 2, 22, 48, 8, 6, 6, 42, -123, 3, 2, 2, 23]; 29-Mar-2017 17:17:54.370 FINE [http-nio-0.0.0.0-18181-exec-25] ru.CryptoPro.ssl.n.a Cipher suite: TLS_CIPHER_2001 29-Mar-2017 17:17:54.376 FINE [http-nio-0.0.0.0-18181-exec-25] ru.CryptoPro.ssl.f.a clntEncIV:BD C1 94 3D DE BD 94 53 29-Mar-2017 17:17:54.379 FINE [http-nio-0.0.0.0-18181-exec-25] ru.CryptoPro.ssl.f.a svrEncIV:53 F4 1F 04 8E 91 7D 9A 29-Mar-2017 17:17:54.388 FINE [http-nio-0.0.0.0-18181-exec-25] ru.CryptoPro.ssl.n.b %% Finished. 29-Mar-2017 17:17:54.389 FINE [http-nio-0.0.0.0-18181-exec-25] ru.CryptoPro.JCP.tools.SelfTester.checkClass [http-nio-0.0.0.0-18181-exec-25] class: ru.CryptoPro.Crypto.Cipher.GostCoreCipher, URL: file:/C:/Program%20Files/Java/jdk1.8.0_20/jre/lib/ext/JCryptoP.jar 29-Mar-2017 17:17:54.389 FINE [http-nio-0.0.0.0-18181-exec-25] ru.CryptoPro.JCP.tools.SelfTester.a [http-nio-0.0.0.0-18181-exec-25] check URL: file:/C:/Program%20Files/Java/jdk1.8.0_20/jre/lib/ext/JCP.jar 29-Mar-2017 17:17:54.389 FINE [http-nio-0.0.0.0-18181-exec-25] ru.CryptoPro.JCP.tools.SelfTester.a [http-nio-0.0.0.0-18181-exec-25] check URL: file:/C:/Program%20Files/Java/jdk1.8.0_20/jre/lib/ext/JCryptoP.jar 29-Mar-2017 17:17:54.390 FINE [http-nio-0.0.0.0-18181-exec-25] ru.CryptoPro.JCP.tools.SelfTester.checkClass [http-nio-0.0.0.0-18181-exec-25] class: ru.CryptoPro.Crypto.Cipher.GostMac, URL: file:/C:/Program%20Files/Java/jdk1.8.0_20/jre/lib/ext/JCryptoP.jar 29-Mar-2017 17:17:54.390 FINE [http-nio-0.0.0.0-18181-exec-25] ru.CryptoPro.JCP.tools.SelfTester.a [http-nio-0.0.0.0-18181-exec-25] check URL: file:/C:/Program%20Files/Java/jdk1.8.0_20/jre/lib/ext/JCP.jar 29-Mar-2017 17:17:54.390 FINE [http-nio-0.0.0.0-18181-exec-25] ru.CryptoPro.JCP.tools.SelfTester.a [http-nio-0.0.0.0-18181-exec-25] check URL: file:/C:/Program%20Files/Java/jdk1.8.0_20/jre/lib/ext/JCryptoP.jar 29-Mar-2017 17:17:54.390 FINE [http-nio-0.0.0.0-18181-exec-25] ru.CryptoPro.ssl.f.a %% Finished. 29-Mar-2017 17:17:54.390 FINE [http-nio-0.0.0.0-18181-exec-25] ru.CryptoPro.JCP.tools.SelfTester.checkClass [http-nio-0.0.0.0-18181-exec-25] class: ru.CryptoPro.Crypto.Cipher.GostMac, URL: file:/C:/Program%20Files/Java/jdk1.8.0_20/jre/lib/ext/JCryptoP.jar 29-Mar-2017 17:17:54.390 FINE [http-nio-0.0.0.0-18181-exec-25] ru.CryptoPro.JCP.tools.SelfTester.a [http-nio-0.0.0.0-18181-exec-25] check URL: file:/C:/Program%20Files/Java/jdk1.8.0_20/jre/lib/ext/JCP.jar 29-Mar-2017 17:17:54.390 FINE [http-nio-0.0.0.0-18181-exec-25] ru.CryptoPro.JCP.tools.SelfTester.a [http-nio-0.0.0.0-18181-exec-25] check URL: file:/C:/Program%20Files/Java/jdk1.8.0_20/jre/lib/ext/JCryptoP.jar 29-Mar-2017 17:17:54.391 FINE [http-nio-0.0.0.0-18181-exec-25] ru.CryptoPro.JCP.tools.SelfTester.checkClass [http-nio-0.0.0.0-18181-exec-25] class: ru.CryptoPro.Crypto.Cipher.GostMac, URL: file:/C:/Program%20Files/Java/jdk1.8.0_20/jre/lib/ext/JCryptoP.jar 29-Mar-2017 17:17:54.391 FINE [http-nio-0.0.0.0-18181-exec-25] ru.CryptoPro.JCP.tools.SelfTester.a [http-nio-0.0.0.0-18181-exec-25] check URL: file:/C:/Program%20Files/Java/jdk1.8.0_20/jre/lib/ext/JCP.jar 29-Mar-2017 17:17:54.391 FINE [http-nio-0.0.0.0-18181-exec-25] ru.CryptoPro.JCP.tools.SelfTester.a [http-nio-0.0.0.0-18181-exec-25] check URL: file:/C:/Program%20Files/Java/jdk1.8.0_20/jre/lib/ext/JCryptoP.jar 29-Mar-2017 17:17:54.404 FINE [http-nio-0.0.0.0-18181-exec-4] ru.CryptoPro.JCP.tools.SelfTester.checkClass [http-nio-0.0.0.0-18181-exec-4] class: ru.CryptoPro.Crypto.Cipher.GostCoreCipher, URL: file:/C:/Program%20Files/Java/jdk1.8.0_20/jre/lib/ext/JCryptoP.jar 29-Mar-2017 17:17:54.404 FINE [http-nio-0.0.0.0-18181-exec-4] ru.CryptoPro.JCP.tools.SelfTester.a [http-nio-0.0.0.0-18181-exec-4] check URL: file:/C:/Program%20Files/Java/jdk1.8.0_20/jre/lib/ext/JCP.jar 29-Mar-2017 17:17:54.404 FINE [http-nio-0.0.0.0-18181-exec-4] ru.CryptoPro.JCP.tools.SelfTester.a [http-nio-0.0.0.0-18181-exec-4] check URL: file:/C:/Program%20Files/Java/jdk1.8.0_20/jre/lib/ext/JCryptoP.jar 29-Mar-2017 17:17:54.405 FINE [http-nio-0.0.0.0-18181-exec-4] ru.CryptoPro.JCP.tools.SelfTester.checkClass [http-nio-0.0.0.0-18181-exec-4] class: ru.CryptoPro.Crypto.Cipher.GostMac, URL: file:/C:/Program%20Files/Java/jdk1.8.0_20/jre/lib/ext/JCryptoP.jar 29-Mar-2017 17:17:54.405 FINE [http-nio-0.0.0.0-18181-exec-4] ru.CryptoPro.JCP.tools.SelfTester.a [http-nio-0.0.0.0-18181-exec-4] check URL: file:/C:/Program%20Files/Java/jdk1.8.0_20/jre/lib/ext/JCP.jar 29-Mar-2017 17:17:54.405 FINE [http-nio-0.0.0.0-18181-exec-4] ru.CryptoPro.JCP.tools.SelfTester.a [http-nio-0.0.0.0-18181-exec-4] check URL: file:/C:/Program%20Files/Java/jdk1.8.0_20/jre/lib/ext/JCryptoP.jar 29-Mar-2017 17:17:54.406 FINE [http-nio-0.0.0.0-18181-exec-4] ru.CryptoPro.JCP.tools.SelfTester.checkClass [http-nio-0.0.0.0-18181-exec-4] class: ru.CryptoPro.Crypto.Cipher.GostMac, URL: file:/C:/Program%20Files/Java/jdk1.8.0_20/jre/lib/ext/JCryptoP.jar 29-Mar-2017 17:17:54.406 FINE [http-nio-0.0.0.0-18181-exec-4] ru.CryptoPro.JCP.tools.SelfTester.a [http-nio-0.0.0.0-18181-exec-4] check URL: file:/C:/Program%20Files/Java/jdk1.8.0_20/jre/lib/ext/JCP.jar 29-Mar-2017 17:17:54.406 FINE [http-nio-0.0.0.0-18181-exec-4] ru.CryptoPro.JCP.tools.SelfTester.a [http-nio-0.0.0.0-18181-exec-4] check URL: file:/C:/Program%20Files/Java/jdk1.8.0_20/jre/lib/ext/JCryptoP.jar 29-Mar-2017 17:17:54.406 FINE [http-nio-0.0.0.0-18181-exec-4] ru.CryptoPro.JCP.tools.SelfTester.checkClass [http-nio-0.0.0.0-18181-exec-4] class: ru.CryptoPro.Crypto.Cipher.GostMac, URL: file:/C:/Program%20Files/Java/jdk1.8.0_20/jre/lib/ext/JCryptoP.jar 29-Mar-2017 17:17:54.406 FINE [http-nio-0.0.0.0-18181-exec-4] ru.CryptoPro.JCP.tools.SelfTester.a [http-nio-0.0.0.0-18181-exec-4] check URL: file:/C:/Program%20Files/Java/jdk1.8.0_20/jre/lib/ext/JCP.jar 29-Mar-2017 17:17:54.406 FINE [http-nio-0.0.0.0-18181-exec-4] ru.CryptoPro.JCP.tools.SelfTester.a [http-nio-0.0.0.0-18181-exec-4] check URL: file:/C:/Program%20Files/Java/jdk1.8.0_20/jre/lib/ext/JCryptoP.jar 29-Mar-2017 17:17:54.406 FINE [http-nio-0.0.0.0-18181-exec-4] ru.CryptoPro.ssl.n.a %% Finished. 29-Mar-2017 17:17:54.410 FINE [http-nio-0.0.0.0-18181-exec-4] ru.CryptoPro.JCP.tools.SelfTester.checkClass [http-nio-0.0.0.0-18181-exec-4] class: ru.CryptoPro.Crypto.Cipher.GostMac, URL: file:/C:/Program%20Files/Java/jdk1.8.0_20/jre/lib/ext/JCryptoP.jar 29-Mar-2017 17:17:54.410 FINE [http-nio-0.0.0.0-18181-exec-4] ru.CryptoPro.JCP.tools.SelfTester.a [http-nio-0.0.0.0-18181-exec-4] check URL: file:/C:/Program%20Files/Java/jdk1.8.0_20/jre/lib/ext/JCP.jar 29-Mar-2017 17:17:54.410 FINE [http-nio-0.0.0.0-18181-exec-4] ru.CryptoPro.JCP.tools.SelfTester.a [http-nio-0.0.0.0-18181-exec-4] check URL: file:/C:/Program%20Files/Java/jdk1.8.0_20/jre/lib/ext/JCryptoP.jar 29-Mar-2017 17:17:54.410 FINE [http-nio-0.0.0.0-18181-exec-4] ru.CryptoPro.JCP.tools.SelfTester.checkClass [http-nio-0.0.0.0-18181-exec-4] class: ru.CryptoPro.Crypto.Cipher.GostMac, URL: file:/C:/Program%20Files/Java/jdk1.8.0_20/jre/lib/ext/JCryptoP.jar 29-Mar-2017 17:17:54.410 FINE [http-nio-0.0.0.0-18181-exec-4] ru.CryptoPro.JCP.tools.SelfTester.a [http-nio-0.0.0.0-18181-exec-4] check URL: file:/C:/Program%20Files/Java/jdk1.8.0_20/jre/lib/ext/JCP.jar 29-Mar-2017 17:17:54.410 FINE [http-nio-0.0.0.0-18181-exec-4] ru.CryptoPro.JCP.tools.SelfTester.a [http-nio-0.0.0.0-18181-exec-4] check URL: file:/C:/Program%20Files/Java/jdk1.8.0_20/jre/lib/ext/JCryptoP.jar 29-Mar-2017 17:17:54.410 FINE [http-nio-0.0.0.0-18181-exec-4] ru.CryptoPro.JCP.tools.SelfTester.checkClass [http-nio-0.0.0.0-18181-exec-4] class: ru.CryptoPro.Crypto.Cipher.GostMac, URL: file:/C:/Program%20Files/Java/jdk1.8.0_20/jre/lib/ext/JCryptoP.jar 29-Mar-2017 17:17:54.411 FINE [http-nio-0.0.0.0-18181-exec-4] ru.CryptoPro.JCP.tools.SelfTester.a [http-nio-0.0.0.0-18181-exec-4] check URL: file:/C:/Program%20Files/Java/jdk1.8.0_20/jre/lib/ext/JCP.jar 29-Mar-2017 17:17:54.411 FINE [http-nio-0.0.0.0-18181-exec-4] ru.CryptoPro.JCP.tools.SelfTester.a [http-nio-0.0.0.0-18181-exec-4] check URL: file:/C:/Program%20Files/Java/jdk1.8.0_20/jre/lib/ext/JCryptoP.jar 29-Mar-2017 17:17:54.412 FINE [http-nio-0.0.0.0-18181-exec-4] ru.CryptoPro.JCP.tools.SelfTester.checkClass [http-nio-0.0.0.0-18181-exec-4] class: ru.CryptoPro.Crypto.Cipher.GostMac, URL: file:/C:/Program%20Files/Java/jdk1.8.0_20/jre/lib/ext/JCryptoP.jar 29-Mar-2017 17:17:54.412 FINE [http-nio-0.0.0.0-18181-exec-4] ru.CryptoPro.JCP.tools.SelfTester.a [http-nio-0.0.0.0-18181-exec-4] check URL: file:/C:/Program%20Files/Java/jdk1.8.0_20/jre/lib/ext/JCP.jar 29-Mar-2017 17:17:54.412 FINE [http-nio-0.0.0.0-18181-exec-4] ru.CryptoPro.JCP.tools.SelfTester.a [http-nio-0.0.0.0-18181-exec-4] check URL: file:/C:/Program%20Files/Java/jdk1.8.0_20/jre/lib/ext/JCryptoP.jar Дополнительное описание: Из логов видно, что CryptoPro восстанавливает сессию Session-7, однако в реальности во втором запросе мне доступна сессия-пустышка Session-1. Для получения информации о сертификате клиента использую соглашения, описанные здесь: https://docs.oracle.com/...vlet/ServletRequest.html Код: `ServletRequest.getAttribute("javax.servlet.request.X509Certificate")` Подскажите пожалуйста, на что следует обратить внимание для устранения этой проблемы?


Профиль пользователя Просмотр всех сообщений пользователя Просмотр «Спасибо»


	Wanna join the discussion?! Login to your Форум КриптоПро forum account, or Register a new forum account.

Евгений Афанасьев		#2 Оставлено : 4 апреля 2017 г. 14:35:11(UTC)
Статус: Сотрудник Группы: Участники Зарегистрирован: 06.12.2008(UTC) Сообщений: 4,003 Откуда: Крипто-Про Сказал(а) «Спасибо»: 21 раз Поблагодарили: 714 раз в 674 постах		Здравствуйте. Наверно, я не совсем понял ваш вопрос. Первый приведенный лог - это лог сервера(?), в нем выведен сертификат сервера (server). При установлении соединения в сессии сохраняется мастер-ключ, и которого получаем сессионные ключи. Соответственно, при возобновлении сессии (извлечении из списка кэшированных) в ней уже есть мастер-ключ, происходит короткий обмен без вывода в лог. С указанным атрибутом JTLS никак не работает, его заполняет, полагаю, сам томкат. Восстановление сессии возможно при определенных условиях: совпадение протокола и сайфер-сюиты, наличие сертификата клиента (если включена аутентификация). Попробуйте, в качестве эксперимента, в панели JCP на закладке JTLS отключить кэширование сессий.
		Тех. поддержка База знаний Логирование JCP Логирование JTLS Тест JCP и сбор диаг. информации Скачать JCP, JCSP и JTLS Скачать Android CSP + SDK


Профиль пользователя Просмотр всех сообщений пользователя Просмотр «Спасибо»

xEdward		#3 Оставлено : 21 апреля 2017 г. 18:31:34(UTC)
Статус: Новичок Группы: Участники Зарегистрирован: 15.11.2016(UTC) Сообщений: 2		Добрый день. Да, приведенные логи - это логи сервера. Опытным путем удалось установить, что при добавлении опции sessionTimeout="0" коннектора tomcat, достигается желаемое поведение: каждый запрос выполняется в отдельной сессии. Это было слегка не очевидным, т.к. в документации к tomcat утверждается, что значение "0" ведет к совершенно обратному результату. Благодарим за содействие!


Профиль пользователя Просмотр всех сообщений пользователя Просмотр «Спасибо»

RSS Лента

Atom Лента

Пользователи, просматривающие эту тему
Guest

Быстрый переход

Вы не можете создавать новые темы в этом форуме.
Вы не можете отвечать в этом форуме.
Вы не можете удалять Ваши сообщения в этом форуме.
Вы не можете редактировать Ваши сообщения в этом форуме.
Вы не можете создавать опросы в этом форуме.
Вы не можете голосовать в этом форуме.

Important Information: The Форум КриптоПро uses cookies. By continuing to browse this site, you are agreeing to our use of cookies. More Details Close