I have a simple JDBC program that is connecting to Oracle Database using TLSV1.2 but the database connection is taking around 2 second. After taking SSL dump it was observed TLS handshake is happening twice. Any pointers to overcome SSL Handshake twice.
Code:
package org.example;
import java.sql.*;
public class LocalTLSOracleDBExample {
public static void main(String[] args) throws SQLException {
// Load the Oracle JDBC driver
try {
Class.forName("oracle.jdbc.driver.OracleDriver");
} catch (ClassNotFoundException e) {
System.out.println("Could not load the driver");
}
//Create a connection
long startTime = System.currentTimeMillis();
Connection connection = DriverManager.getConnection(
"jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=localhost)(PORT=2484))(CONNECT_DATA=(SERVICE_NAME=xe)))", "***", "***");
long endTime = System.currentTimeMillis();
System.out.println("Time taken to establish TLS connection: " + (endTime - startTime) + "ms");
// Get the JDBC driver name and version
DatabaseMetaData dbmd = connection.getMetaData();
System.out.println("Driver Name: " + dbmd.getDriverName());
System.out.println("Driver Version: " + dbmd.getDriverVersion());
System.out.println("JDBC Version:" + connection.getMetaData().getJDBCMajorVersion() + "." + connection.getMetaData().getJDBCMinorVersion());
// Create a statement
startTime = System.currentTimeMillis();
Statement statement = connection.createStatement();
endTime = System.currentTimeMillis();
System.out.println("Time taken to create statement: " + (endTime - startTime) + "ms");
// Execute a query
startTime = System.currentTimeMillis();
ResultSet resultSet = statement.executeQuery("select count(SID) as counts from V$SESSION");
endTime = System.currentTimeMillis();
System.out.println("Time taken to execute query: " + (endTime - startTime) + "ms");
// Process the result set
startTime = System.currentTimeMillis();
while (resultSet.next()) {
System.out.println("Data: " + resultSet.getString("counts"));
}
endTime = System.currentTimeMillis();
System.out.println("Time taken to process result set: " + (endTime - startTime) + "ms");
// Close the connection
startTime = System.currentTimeMillis();
connection.close();
endTime = System.currentTimeMillis();
System.out.println("Time taken to close connection: " + (endTime - startTime) + "ms");
}
}
Logs
javax.net.ssl|FINE|01|main|2024-06-06 14:42:28.212 PDT|SSLCipher.java:438|jdk.tls.keyLimits: entry = AES/GCM/NoPadding KeyUpdate 2^37. AES/GCM/NOPADDING:KEYUPDATE = 137438953472
javax.net.ssl|WARNING|01|main|2024-06-06 14:42:28.266 PDT|ServerNameExtension.java:261|Unable to indicate server name
javax.net.ssl|FINE|01|main|2024-06-06 14:42:28.266 PDT|SSLExtensions.java:259|Ignore, context unavailable extension: server_name
javax.net.ssl|FINE|01|main|2024-06-06 14:42:28.266 PDT|SSLExtensions.java:259|Ignore, context unavailable extension: status_request
javax.net.ssl|WARNING|01|main|2024-06-06 14:42:28.274 PDT|SignatureScheme.java:297|Signature algorithm, ed25519, is not supported by the underlying providers
javax.net.ssl|WARNING|01|main|2024-06-06 14:42:28.274 PDT|SignatureScheme.java:297|Signature algorithm, ed448, is not supported by the underlying providers
javax.net.ssl|INFO|01|main|2024-06-06 14:42:28.277 PDT|AlpnExtension.java:178|No available application protocols
javax.net.ssl|FINE|01|main|2024-06-06 14:42:28.277 PDT|SSLExtensions.java:259|Ignore, context unavailable extension: application_layer_protocol_negotiation
javax.net.ssl|FINE|01|main|2024-06-06 14:42:28.277 PDT|SSLExtensions.java:259|Ignore, context unavailable extension: status_request_v2
javax.net.ssl|FINE|01|main|2024-06-06 14:42:28.277 PDT|SSLExtensions.java:259|Ignore, context unavailable extension: cookie`
javax.net.ssl|FINE|01|main|2024-06-06 14:42:28.289 PDT|SSLExtensions.java:259|Ignore, context unavailable extension: renegotiation_info
javax.net.ssl|FINE|01|main|2024-06-06 14:42:28.290 PDT|PreSharedKeyExtension.java:632|No session to resume.
javax.net.ssl|FINE|01|main|2024-06-06 14:42:28.290 PDT|SSLExtensions.java:259|Ignore, context unavailable extension: pre_shared_key
javax.net.ssl|FINE|01|main|2024-06-06 14:42:28.291 PDT|ClientHello.java:556|Produced ClientHello handshake message (
"ClientHello": {
"client version" : "TLSv1.2",
"random" : "04 D2 57 1A 5A F9 6D F0 E3 6A D3 A7 33 E3 99 35 ED 53 82 03 3D 26 E2 75 09 0E 2D 73 C0 95 D4 01",
"session id" : "47 58 D8 82 D5 FE D6 70 C7 00 6D BE B7 1D CE 42 79 50 67 5A B8 F0 E0 51 A9 B8 0F 8B 0C A7 DF 28",
"cipher suites" : "[TLS_AES_256_GCM_SHA384(0x1302), TLS_AES_128_GCM_SHA256(0x1301), TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384(0xC02C), TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(0xC02B), TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(0xC030), TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(0xC02F), TLS_DHE_RSA_WITH_AES_256_GCM_SHA384(0x009F), TLS_DHE_DSS_WITH_AES_256_GCM_SHA384(0x00A3), TLS_DHE_RSA_WITH_AES_128_GCM_SHA256(0x009E), TLS_DHE_DSS_WITH_AES_128_GCM_SHA256(0x00A2), TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384(0xC024), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384(0xC028), TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256(0xC023), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256(0xC027), TLS_DHE_RSA_WITH_AES_256_CBC_SHA256(0x006B), TLS_DHE_DSS_WITH_AES_256_CBC_SHA256(0x006A), TLS_DHE_RSA_WITH_AES_128_CBC_SHA256(0x0067), TLS_DHE_DSS_WITH_AES_128_CBC_SHA256(0x0040), TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384(0xC02E), TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384(0xC032), TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256(0xC02D), TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256(0xC031), TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384(0xC026), TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384(0xC02A), TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256(0xC025), TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256(0xC029), TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA(0xC00A), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(0xC014), TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA(0xC009), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(0xC013), TLS_DHE_RSA_WITH_AES_256_CBC_SHA(0x0039), TLS_DHE_DSS_WITH_AES_256_CBC_SHA(0x0038), TLS_DHE_RSA_WITH_AES_128_CBC_SHA(0x0033), TLS_DHE_DSS_WITH_AES_128_CBC_SHA(0x0032), TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA(0xC005), TLS_ECDH_RSA_WITH_AES_256_CBC_SHA(0xC00F), TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA(0xC004), TLS_ECDH_RSA_WITH_AES_128_CBC_SHA(0xC00E), TLS_RSA_WITH_AES_256_GCM_SHA384(0x009D), TLS_RSA_WITH_AES_128_GCM_SHA256(0x009C), TLS_RSA_WITH_AES_256_CBC_SHA256(0x003D), TLS_RSA_WITH_AES_128_CBC_SHA256(0x003C), TLS_RSA_WITH_AES_256_CBC_SHA(0x0035), TLS_RSA_WITH_AES_128_CBC_SHA(0x002F), TLS_EMPTY_RENEGOTIATION_INFO_SCSV(0x00FF)]",
"compression methods" : "00",
"extensions" : [
"supported_groups (10)": {
"versions": [secp256r1, secp384r1, secp521r1, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192]
},
"ec_point_formats (11)": {
"formats": [uncompressed]
},
"signature_algorithms (13)": {
"signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1]
},
"signature_algorithms_cert (50)": {
"signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1]
},
"extended_master_secret (23)": {
<empty>
},
"supported_versions (43)": {
"versions": [TLSv1.3, TLSv1.2]
},
"psk_key_exchange_modes (45)": {
"ke_modes": [psk_dhe_ke]
},
"key_share (51)": {
"client_shares": [
{
"named group": secp256r1
"key_exchange": {
0000: 04 39 4E 8A 19 4D D1 9D FE A0 D7 B0 F0 C5 9F 57 .9N..M.........W
0010: AD CB B6 68 74 63 56 65 67 AF 93 F0 32 A2 42 E1 ...htcVeg...2.B.
0020: A7 F6 EA 5A 84 F0 36 D4 CA B3 1B FB 47 D6 F8 6E ...Z..6.....G..n
0030: 37 4F A1 F1 08 BD 2E 43 39 CF 88 14 65 1F B0 ED 7O.....C9...e...
0040: 06
}
},
]
}
]
}
)
javax.net.ssl|FINE|01|main|2024-06-06 14:42:28.297 PDT|ServerHello.java:862|Consuming ServerHello handshake message (
"ServerHello": {
"server version" : "TLSv1.2",
"random" : "66 62 2D 44 D8 99 48 5A B3 02 D7 F3 B1 52 13 8D 97 F3 5F 54 9B 3B D3 E7 85 EF 9D 4F D6 43 E9 33",
"session id" : "53 5F BC 4D 6D BD AD 20 7F 93 55 7D 3E F7 6D 5A 1A 00 CD 98 86 C3 86 6F 11 2C 51 1C D5 80 5F 9D",
"cipher suite" : "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(0xC030)",
"compression methods" : "00",
"extensions" : [
"renegotiation_info (65,281)": {
"renegotiated connection": [<no renegotiated connection>]
}
]
}
)
javax.net.ssl|FINE|01|main|2024-06-06 14:42:28.297 PDT|SSLExtensions.java:172|Ignore unavailable extension: supported_versions
javax.net.ssl|FINE|01|main|2024-06-06 14:42:28.297 PDT|ServerHello.java:953|Negotiated protocol version: TLSv1.2
javax.net.ssl|FINE|01|main|2024-06-06 14:42:28.298 PDT|SSLExtensions.java:191|Consumed extension: renegotiation_info
javax.net.ssl|FINE|01|main|2024-06-06 14:42:28.298 PDT|SSLExtensions.java:172|Ignore unavailable extension: server_name
javax.net.ssl|FINE|01|main|2024-06-06 14:42:28.298 PDT|SSLExtensions.java:172|Ignore unavailable extension: max_fragment_length
javax.net.ssl|FINE|01|main|2024-06-06 14:42:28.298 PDT|SSLExtensions.java:172|Ignore unavailable extension: status_request
javax.net.ssl|FINE|01|main|2024-06-06 14:42:28.298 PDT|SSLExtensions.java:172|Ignore unavailable extension: ec_point_formats
javax.net.ssl|FINE|01|main|2024-06-06 14:42:28.298 PDT|SSLExtensions.java:172|Ignore unavailable extension: status_request_v2
javax.net.ssl|FINE|01|main|2024-06-06 14:42:28.298 PDT|SSLExtensions.java:162|Ignore unsupported extension: supported_versions
javax.net.ssl|FINE|01|main|2024-06-06 14:42:28.298 PDT|SSLExtensions.java:162|Ignore unsupported extension: key_share
javax.net.ssl|FINE|01|main|2024-06-06 14:42:28.299 PDT|SSLExtensions.java:191|Consumed extension: renegotiation_info
javax.net.ssl|FINE|01|main|2024-06-06 14:42:28.299 PDT|SSLExtensions.java:162|Ignore unsupported extension: pre_shared_key
javax.net.ssl|FINE|01|main|2024-06-06 14:42:28.299 PDT|SSLExtensions.java:206|Ignore unavailable extension: server_name
javax.net.ssl|FINE|01|main|2024-06-06 14:42:28.299 PDT|SSLExtensions.java:206|Ignore unavailable extension: max_fragment_length
javax.net.ssl|FINE|01|main|2024-06-06 14:42:28.299 PDT|SSLExtensions.java:206|Ignore unavailable extension: status_request
javax.net.ssl|FINE|01|main|2024-06-06 14:42:28.299 PDT|SSLExtensions.java:206|Ignore unavailable extension: ec_point_formats
javax.net.ssl|FINE|01|main|2024-06-06 14:42:28.299 PDT|SSLExtensions.java:206|Ignore unavailable extension: application_layer_protocol_negotiation
javax.net.ssl|FINE|01|main|2024-06-06 14:42:28.299 PDT|SSLExtensions.java:206|Ignore unavailable extension: status_request_v2
javax.net.ssl|FINE|01|main|2024-06-06 14:42:28.299 PDT|SSLExtensions.java:206|Ignore unavailable extension: extended_master_secret
javax.net.ssl|FINE|01|main|2024-06-06 14:42:28.299 PDT|SSLExtensions.java:206|Ignore unavailable extension: supported_versions
javax.net.ssl|FINE|01|main|2024-06-06 14:42:28.299 PDT|SSLExtensions.java:206|Ignore unavailable extension: key_share
javax.net.ssl|WARNING|01|main|2024-06-06 14:42:28.299 PDT|SSLExtensions.java:214|Ignore impact of unsupported extension: renegotiation_info
javax.net.ssl|FINE|01|main|2024-06-06 14:42:28.299 PDT|SSLExtensions.java:206|Ignore unavailable extension: pre_shared_key
javax.net.ssl|FINE|01|main|2024-06-06 14:42:28.300 PDT|CertificateMessage.java:364|Consuming server Certificate handshake message (
"Certificates": [
"certificate" : {
"version" : "v1",
"serial number" : "00 8E E0 2A 96 10 CA 4B 41 50 DC 74 63 0C 99 04 AE",
"signature algorithm": "SHA256withRSA",
"issuer" : "CN=localhost",
"not before" : "2024-06-04 15:36:35.000 PDT",
"not after" : "2025-06-04 15:36:35.000 PDT",
"subject" : "CN=localhost",
"subject public key" : "RSA"}
]
)
javax.net.ssl|FINE|01|main|2024-06-06 14:42:28.306 PDT|ECDHServerKeyExchange.java:531|Consuming ECDH ServerKeyExchange handshake message (
"ECDH ServerKeyExchange": {
"parameters": {
"named group": "secp256r1"
"ecdh public": {
0000: 04 BD DF CB 08 E3 56 D3 66 CB 85 4A 5B 47 53 B1 ......V.f..J[GS.
0010: E5 E4 E8 B2 D4 23 08 72 28 FE 97 88 32 9B 2F AB .....#.r(...2./.
0020: E4 55 0F 5A DB D5 5D 79 BA 24 CD 9F DA C4 1B 20 .U.Z..]y.$.....
0030: 99 47 20 2A A8 0F 43 AC 9B 16 D2 B2 4B 42 36 C9 .G *..C.....KB6.
0040: F9 .
},
},
"digital signature": {
"signature algorithm": "rsa_pkcs1_sha384"
"signature": {
0000: 3B DE 81 BE B7 4F E8 80 29 65 F4 F1 06 AE 1F 90 ;....O..)e......
0010: D6 05 67 12 6F EB 5A F5 53 D0 BF 4B 6A 06 F8 2B ..g.o.Z.S..Kj..+
0020: C0 83 12 4D E0 6D F6 B8 69 B1 77 3B EE 1E F6 FC ...M.m..i.w;....
0030: 95 5E 14 0A 8F ED 11 2E 4A D2 75 FA AA 0C EF E0 .^......J.u.....
0040: B6 06 E8 0A AD 22 76 1E CF 8D 5C 18 5E 40 F6 A0 ....."v....^@..
0050: 58 0B 01 2E 9D 5A EF 1C CD ED 0D 34 24 BF BE FD X....Z.....4$...
0060: 6E 1D 4C 46 FA 6B 68 73 E8 29 D0 5D CA E3 7E 82 n.LF.khs.).]....
0070: 8A D3 50 B0 46 CF DF 88 A9 B8 CB CA 98 58 B0 BA ..P.F........X..
0080: 6C 2F 60 08 B3 9E E5 F3 0E 96 53 64 FC C8 EE ED l/`.......Sd....
0090: D7 CF F6 BC 85 70 49 2A D8 58 0B DC 72 B6 4C 32 .....pI*.X..r.L2
00A0: 6B F3 00 9E 76 F4 85 F7 D0 BC 66 E8 EA 2D 4D 9B k...v.....f..-M.
00B0: D9 CC 24 A4 97 75 D8 85 66 03 2D D5 AA 50 F1 85 ..$..u..f.-..P..
00C0: D6 51 A8 27 4D 77 5C E0 F3 4E 56 51 D2 4A 3B 5E .Q.'Mw..NVQ.J;^
00D0: CE 3A 2F 9E 10 92 4A CF 17 BD 04 69 DE 47 42 2D .:/...J....i.GB-
00E0: 46 38 52 A9 66 B3 B3 74 A0 D1 B6 79 05 B3 19 90 F8R.f..t...y....
00F0: C8 96 B3 86 77 4D DD EC 7A 56 A3 C6 E4 AB A3 58 ....wM..zV.....X
},
}
}
)
javax.net.ssl|FINE|01|main|2024-06-06 14:42:28.307 PDT|ServerHelloDone.java:151|Consuming ServerHelloDone handshake message (
<empty>
)
javax.net.ssl|FINE|01|main|2024-06-06 14:42:28.310 PDT|ECDHClientKeyExchange.java:396|Produced ECDHE ClientKeyExchange handshake message (
"ECDH ClientKeyExchange": {
"ecdh public": {
0000: 04 8D 6F 91 F7 3F 4F 9C 1B 1F 43 49 58 48 E1 EF ..o..?O...CIXH..
0010: 73 43 F4 18 D1 F9 13 C1 AE 1B 14 68 CF 64 57 D9 sC.........h.dW.
0020: 86 A9 BF 6E 01 A1 78 25 D4 08 D1 9B 43 1F 45 20 ...n..x%....C.E
0030: 28 D3 D4 DB E9 A3 DB 21 BB 34 28 3D B2 15 04 1C (......!.4(=....
0040: C1 .
},
}
)
javax.net.ssl|FINE|01|main|2024-06-06 14:42:28.317 PDT|ChangeCipherSpec.java:115|Produced ChangeCipherSpec message
javax.net.ssl|FINE|01|main|2024-06-06 14:42:28.317 PDT|Finished.java:393|Produced client Finished handshake message (
"Finished": {
"verify data": {
0000: E3 67 DC E2 C5 41 76 94 98 5E 40 CB
}'}
)
javax.net.ssl|FINE|01|main|2024-06-06 14:42:28.331 PDT|ChangeCipherSpec.java:149|Consuming ChangeCipherSpec message
javax.net.ssl|FINE|01|main|2024-06-06 14:42:28.333 PDT|Finished.java:521|Consuming server Finished handshake message (
"Finished": {
"verify data": {
0000: 1A 73 B5 C4 20 69 A3 BC 2F E5 85 EB
}'}
)
javax.net.ssl|WARNING|01|main|2024-06-06 14:42:28.357 PDT|ServerNameExtension.java:261|Unable to indicate server name
javax.net.ssl|FINE|01|main|2024-06-06 14:42:28.357 PDT|SSLExtensions.java:259|Ignore, context unavailable extension: server_name
javax.net.ssl|FINE|01|main|2024-06-06 14:42:28.357 PDT|SSLExtensions.java:259|Ignore, context unavailable extension: status_request
javax.net.ssl|INFO|01|main|2024-06-06 14:42:28.358 PDT|AlpnExtension.java:178|No available application protocols
javax.net.ssl|FINE|01|main|2024-06-06 14:42:28.358 PDT|SSLExtensions.java:259|Ignore, context unavailable extension: application_layer_protocol_negotiation
javax.net.ssl|FINE|01|main|2024-06-06 14:42:28.358 PDT|SSLExtensions.java:259|Ignore, context unavailable extension: status_request_v2
javax.net.ssl|FINE|01|main|2024-06-06 14:42:28.358 PDT|SSLExtensions.java:259|Ignore, context unavailable extension: cookie
javax.net.ssl|FINE|01|main|2024-06-06 14:42:28.359 PDT|SSLExtensions.java:259|Ignore, context unavailable extension: renegotiation_info
javax.net.ssl|FINE|01|main|2024-06-06 14:42:28.360 PDT|PreSharedKeyExtension.java:632|No session to resume.
javax.net.ssl|FINE|01|main|2024-06-06 14:42:28.360 PDT|SSLExtensions.java:259|Ignore, context unavailable extension: pre_shared_key
javax.net.ssl|FINE|01|main|2024-06-06 14:42:28.360 PDT|ClientHello.java:556|Produced ClientHello handshake message (
"ClientHello": {
"client version" : "TLSv1.2",
"random" : "5F 1F 4B 28 45 28 F8 7D 72 CB 57 9A 49 1A 92 28 C6 53 43 AD 5C D4 0B 95 07 1B 0B 78 92 A0 07 1D",
"session id" : "84 97 B3 C0 F1 8A 97 3D F7 33 8F 5A 8A EF 68 AE 29 7C 7E F3 F2 07 98 91 DA 81 5E C6 93 8B 42 B0",
"cipher suites" : "[TLS_AES_256_GCM_SHA384(0x1302), TLS_AES_128_GCM_SHA256(0x1301), TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384(0xC02C), TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(0xC02B), TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(0xC030), TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(0xC02F), TLS_DHE_RSA_WITH_AES_256_GCM_SHA384(0x009F), TLS_DHE_DSS_WITH_AES_256_GCM_SHA384(0x00A3), TLS_DHE_RSA_WITH_AES_128_GCM_SHA256(0x009E), TLS_DHE_DSS_WITH_AES_128_GCM_SHA256(0x00A2), TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384(0xC024), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384(0xC028), TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256(0xC023), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256(0xC027), TLS_DHE_RSA_WITH_AES_256_CBC_SHA256(0x006B), TLS_DHE_DSS_WITH_AES_256_CBC_SHA256(0x006A), TLS_DHE_RSA_WITH_AES_128_CBC_SHA256(0x0067), TLS_DHE_DSS_WITH_AES_128_CBC_SHA256(0x0040), TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384(0xC02E), TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384(0xC032), TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256(0xC02D), TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256(0xC031), TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384(0xC026), TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384(0xC02A), TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256(0xC025), TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256(0xC029), TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA(0xC00A), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(0xC014), TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA(0xC009), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(0xC013), TLS_DHE_RSA_WITH_AES_256_CBC_SHA(0x0039), TLS_DHE_DSS_WITH_AES_256_CBC_SHA(0x0038), TLS_DHE_RSA_WITH_AES_128_CBC_SHA(0x0033), TLS_DHE_DSS_WITH_AES_128_CBC_SHA(0x0032), TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA(0xC005), TLS_ECDH_RSA_WITH_AES_256_CBC_SHA(0xC00F), TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA(0xC004), TLS_ECDH_RSA_WITH_AES_128_CBC_SHA(0xC00E), TLS_RSA_WITH_AES_256_GCM_SHA384(0x009D), TLS_RSA_WITH_AES_128_GCM_SHA256(0x009C), TLS_RSA_WITH_AES_256_CBC_SHA256(0x003D), TLS_RSA_WITH_AES_128_CBC_SHA256(0x003C), TLS_RSA_WITH_AES_256_CBC_SHA(0x0035), TLS_RSA_WITH_AES_128_CBC_SHA(0x002F), TLS_EMPTY_RENEGOTIATION_INFO_SCSV(0x00FF)]",
"compression methods" : "00",
"extensions" : [
"supported_groups (10)": {
"versions": [secp256r1, secp384r1, secp521r1, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192]
},
"ec_point_formats (11)": {
"formats": [uncompressed]
},
"signature_algorithms (13)": {
"signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1]
},
"signature_algorithms_cert (50)": {
"signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1]
},
"extended_master_secret (23)": {
<empty>
},
"supported_versions (43)": {
"versions": [TLSv1.3, TLSv1.2]
},
"psk_key_exchange_modes (45)": {
"ke_modes": [psk_dhe_ke]
},
"key_share (51)": {
"client_shares": [
{
"named group": secp256r1
"key_exchange": {
0000: 04 CB 2A AF 7B 69 43 21 83 A4 9C 59 55 E3 7B 1E ..*..iC!...YU...
0010: 55 93 57 61 4E 1A AB 3B 77 9B 9C 71 ED 33 35 C8 U.WaN..;w..q.35.
0020: 40 46 96 99 21 4C 8C 32 3D EA A3 8D 4A 44 0A E9 @F..!L.2=...JD..
0030: 58 52 81 BB 54 A9 BC 38 F1 72 75 4D C9 95 04 66 XR..T..8.ruM...f
0040: 9A
}
},
]
}
]
}
)
javax.net.ssl|FINE|01|main|2024-06-06 14:42:28.362 PDT|ServerHello.java:862|Consuming ServerHello handshake message (
"ServerHello": {
"server version" : "TLSv1.2",
"random" : "66 62 2D 44 2C CD 65 94 04 F9 64 B6 2E 02 43 78 1A 54 58 8F C1 18 D2 CB 68 0E DB A7 2B 47 05 EA",
"session id" : "7C E1 BF E7 7B 30 1F D8 BF A0 B6 D2 DD 19 38 06 09 2C 5E 49 26 ED DD A9 E3 20 21 55 B4 AE FC 12",
"cipher suite" : "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(0xC030)",
"compression methods" : "00",
"extensions" : [
"renegotiation_info (65,281)": {
"renegotiated connection": [<no renegotiated connection>]
}
]
}
)
javax.net.ssl|FINE|01|main|2024-06-06 14:42:28.362 PDT|SSLExtensions.java:172|Ignore unavailable extension: supported_versions
javax.net.ssl|FINE|01|main|2024-06-06 14:42:28.362 PDT|ServerHello.java:953|Negotiated protocol version: TLSv1.2
javax.net.ssl|FINE|01|main|2024-06-06 14:42:28.362 PDT|SSLExtensions.java:191|Consumed extension: renegotiation_info
javax.net.ssl|FINE|01|main|2024-06-06 14:42:28.363 PDT|SSLExtensions.java:172|Ignore unavailable extension: server_name
javax.net.ssl|FINE|01|main|2024-06-06 14:42:28.363 PDT|SSLExtensions.java:172|Ignore unavailable extension: max_fragment_length
javax.net.ssl|FINE|01|main|2024-06-06 14:42:28.363 PDT|SSLExtensions.java:172|Ignore unavailable extension: status_request
javax.net.ssl|FINE|01|main|2024-06-06 14:42:28.363 PDT|SSLExtensions.java:172|Ignore unavailable extension: ec_point_formats
javax.net.ssl|FINE|01|main|2024-06-06 14:42:28.363 PDT|SSLExtensions.java:172|Ignore unavailable extension: status_request_v2
javax.net.ssl|FINE|01|main|2024-06-06 14:42:28.363 PDT|SSLExtensions.java:162|Ignore unsupported extension: supported_versions
javax.net.ssl|FINE|01|main|2024-06-06 14:42:28.363 PDT|SSLExtensions.java:162|Ignore unsupported extension: key_share
javax.net.ssl|FINE|01|main|2024-06-06 14:42:28.363 PDT|SSLExtensions.java:191|Consumed extension: renegotiation_info
javax.net.ssl|FINE|01|main|2024-06-06 14:42:28.363 PDT|SSLExtensions.java:162|Ignore unsupported extension: pre_shared_key
javax.net.ssl|FINE|01|main|2024-06-06 14:42:28.363 PDT|SSLExtensions.java:206|Ignore unavailable extension: server_name
javax.net.ssl|FINE|01|main|2024-06-06 14:42:28.364 PDT|SSLExtensions.java:206|Ignore unavailable extension: max_fragment_length
javax.net.ssl|FINE|01|main|2024-06-06 14:42:28.364 PDT|SSLExtensions.java:206|Ignore unavailable extension: status_request
javax.net.ssl|FINE|01|main|2024-06-06 14:42:28.364 PDT|SSLExtensions.java:206|Ignore unavailable extension: ec_point_formats
javax.net.ssl|FINE|01|main|2024-06-06 14:42:28.364 PDT|SSLExtensions.java:206|Ignore unavailable extension: application_layer_protocol_negotiation
javax.net.ssl|FINE|01|main|2024-06-06 14:42:28.364 PDT|SSLExtensions.java:206|Ignore unavailable extension: status_request_v2
javax.net.ssl|FINE|01|main|2024-06-06 14:42:28.364 PDT|SSLExtensions.java:206|Ignore unavailable extension: extended_master_secret
javax.net.ssl|FINE|01|main|2024-06-06 14:42:28.364 PDT|SSLExtensions.java:206|Ignore unavailable extension: supported_versions
javax.net.ssl|FINE|01|main|2024-06-06 14:42:28.364 PDT|SSLExtensions.java:206|Ignore unavailable extension: key_share
javax.net.ssl|WARNING|01|main|2024-06-06 14:42:28.364 PDT|SSLExtensions.java:214|Ignore impact of unsupported extension: renegotiation_info
javax.net.ssl|FINE|01|main|2024-06-06 14:42:28.364 PDT|SSLExtensions.java:206|Ignore unavailable extension: pre_shared_key
javax.net.ssl|FINE|01|main|2024-06-06 14:42:28.364 PDT|CertificateMessage.java:364|Consuming server Certificate handshake message (
"Certificates": [
"certificate" : {
"version" : "v1",
"serial number" : "00 8E E0 2A 96 10 CA 4B 41 50 DC 74 63 0C 99 04 AE",
"signature algorithm": "SHA256withRSA",
"issuer" : "CN=localhost",
"not before" : "2024-06-04 15:36:35.000 PDT",
"not after" : "2025-06-04 15:36:35.000 PDT",
"subject" : "CN=localhost",
"subject public key" : "RSA"}
]
)
javax.net.ssl|FINE|01|main|2024-06-06 14:42:28.365 PDT|ECDHServerKeyExchange.java:531|Consuming ECDH ServerKeyExchange handshake message (
"ECDH ServerKeyExchange": {
"parameters": {
"named group": "secp256r1"
"ecdh public": {
0000: 04 AC 7F BA 30 7E 65 6E 02 80 61 5E E7 54 42 36 ....0.en..a^.TB6
0010: 0C 52 93 95 D6 BE 49 4E A2 11 4E 86 29 48 4F AD .R....IN..N.)HO.
0020: 64 9B 47 34 E1 B7 D5 79 61 C2 BD 40 6A F3 34 C5 [email protected].
0030: 0E AC 37 55 47 5E 07 B9 BF AD 3C 7A 8A 5E D4 26 ..7UG^....<z.^.&
0040: C8 .
},
},
"digital signature": {
"signature algorithm": "rsa_pkcs1_sha384"
"signature": {
0000: 17 BD 93 EB C2 38 72 8A 82 A9 4D DD 33 DD 64 40 .....8r...M.3.d@
0010: 0E 20 48 39 F1 59 4E AF 39 2C E7 A7 E9 8F 16 96 . H9.YN.9,......
0020: 7E 2E DC AA 98 94 FF 03 6D 14 B8 A2 40 50 42 5D ........m...@PB]
0030: DB FF 44 BC 3F 8B 5E FF CD 3A 36 86 14 63 77 1D ..D.?.^..:6..cw.
0040: 5E 25 A2 7C D0 DA 9E 47 D8 8E E1 96 6C 8D A6 6F ^%.....G....l..o
0050: A1 12 0C B9 17 5A DC A5 5C 29 87 C5 C0 CF 9D 70 .....Z..).....p
0060: 18 17 69 57 6E 6D F5 A2 4F DC 9D 7F 20 83 3A 23 ..iWnm..O... .:#
0070: 4F F5 66 85 C6 58 AF C1 58 CF 5A BF 07 9D C1 1F O.f..X..X.Z.....
0080: 37 C8 B7 5D ED 32 FA 59 8A 70 FE 96 48 9E 6E 4A 7..].2.Y.p..H.nJ
0090: 87 57 F2 1F EC 5A C0 59 F2 E9 1A A8 FB 2C EB 69 .W...Z.Y.....,.i
00A0: 41 60 AB FD C8 20 C6 5B 5B 2E DF 38 84 B8 3F 98 A`... .[[..8..?.
00B0: FB 8C D5 11 F9 BB 9D 61 6B E4 8C C4 EA 1E 50 EF .......ak.....P.
00C0: 74 FD 6C 88 54 38 F2 75 D3 20 BD 10 63 5C 30 CC t.l.T8.u. ..c.
00D0: 7C 86 D2 45 8D 27 63 43 44 6D 91 DE 63 8D 6D 5C ...E.'cCDm..c.m
00E0: FC 8F 71 13 83 35 25 87 E7 63 AD EC 63 BF 1F B8 ..q..5%..c..c...
00F0: 44 AB F6 77 0C FA 07 69 8A 46 D5 A5 B1 16 3E 92 D..w...i.F....>.
},
}
}
)
javax.net.ssl|FINE|01|main|2024-06-06 14:42:28.365 PDT|ServerHelloDone.java:151|Consuming ServerHelloDone handshake message (
<empty>
)
javax.net.ssl|FINE|01|main|2024-06-06 14:42:28.366 PDT|ECDHClientKeyExchange.java:396|Produced ECDHE ClientKeyExchange handshake message (
"ECDH ClientKeyExchange": {
"ecdh public": {
0000: 04 FE 49 1F DE 28 C5 EF 59 72 F5 06 F5 9B 99 C2 ..I..(..Yr......
0010: A0 41 F4 B2 2E F7 06 D7 E6 D0 AC 4C 75 5E 64 CB .A.........Lu^d.
0020: 13 42 8C ED 8B 1C 21 ED CA 58 91 D0 D7 1E A8 DF .B....!..X......
0030: 51 97 70 8E CF F4 D9 97 2C 22 A0 67 EF AA FB 01 Q.p.....,".g....
0040: 79 y
},
}
)
javax.net.ssl|FINE|01|main|2024-06-06 14:42:28.369 PDT|ChangeCipherSpec.java:115|Produced ChangeCipherSpec message
javax.net.ssl|FINE|01|main|2024-06-06 14:42:28.369 PDT|Finished.java:393|Produced client Finished handshake message (
"Finished": {
"verify data": {
0000: 7B BE FC 8E 43 F7 04 FD 42 D2 19 B3
}'}
)
javax.net.ssl|FINE|01|main|2024-06-06 14:42:28.370 PDT|ChangeCipherSpec.java:149|Consuming ChangeCipherSpec message
javax.net.ssl|FINE|01|main|2024-06-06 14:42:28.371 PDT|Finished.java:521|Consuming server Finished handshake message (
"Finished": {
"verify data": {
0000: 9D 2E 62 CB 03 CB B1 2A 47 84 39 9E
}'}
)
Time taken to establish TLS connection: 1846ms
Driver Name: Oracle JDBC driver
Driver Version: 23.4.0.24.05
JDBC Version:4.2
Time taken to create statement: 75ms
Time taken to execute query: 41ms
Data: 88
Time taken to process result set: 3ms
Time taken to close connection: 5ms
TLS connection is taking 2 seconds. Trying to find options to reduce connection time.