Garmaine Staff asked 1 year ago

I must be close. Any suggestion will be greatly appreciated! I'm trying to connect to the Kraken WebSocket API to fetch the book. The address is ws.kraken.com the scheme is wss. More information here: https://docs.kraken.com/websockets/#overview

Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1.1
%% No cached client session
update handshake state: client_hello[1]
upcoming handshake states: server_hello[2]
*** ClientHello, TLSv1.2
RandomCookie:  GMT: 1569791683 bytes = { 146, 252, 42, 7, 205, 76, 72, 61, 36, 221, 181, 143, 16, 69, 244, 128, 167, 87, 55, 67, 162, 231, 12, 155, 221, 27, 129, 247 }
Session ID:  {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods:  { 0 }
Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA224withECDSA, SHA224withRSA, SHA224withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA
Extension extended_master_secret
***
HttpThread, WRITE: TLSv1.2 Handshake, length = 199
HttpThread, READ: TLSv1.2 Handshake, length = 91
check handshake state: server_hello[2]
*** ServerHello, TLSv1.2
RandomCookie:  GMT: 1569791683 bytes = { 93, 81, 206, 220, 25, 157, 224, 198, 140, 79, 180, 167, 27, 64, 237, 3, 89, 63, 3, 59, 68, 79, 87, 78, 71, 82, 68, 1 }
Session ID:  {195, 218, 59, 129, 241, 53, 139, 119, 159, 147, 207, 137, 83, 118, 222, 160, 199, 92, 213, 167, 59, 132, 102, 252, 229, 80, 203, 125, 188, 206, 65, 119}
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
Compression Method: 0
Extension extended_master_secret
Extension renegotiation_info, renegotiated_connection: <empty>
Extension ec_point_formats, formats: [uncompressed]
***
%% Initialized:  [Session-1, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256]
** TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
update handshake state: server_hello[2]
upcoming handshake states: server certificate[11]
upcoming handshake states: server_key_exchange[12](optional)
upcoming handshake states: certificate_request[13](optional)
upcoming handshake states: server_hello_done[14]
upcoming handshake states: client certificate[11](optional)
upcoming handshake states: client_key_exchange[16]
upcoming handshake states: certificate_verify[15](optional)
upcoming handshake states: client change_cipher_spec[-1]
upcoming handshake states: client finished[20]
upcoming handshake states: server change_cipher_spec[-1]
upcoming handshake states: server finished[20]
HttpThread, READ: TLSv1.2 Handshake, length = 2154
check handshake state: certificate[11]
update handshake state: certificate[11]
upcoming handshake states: server_key_exchange[12](optional)
upcoming handshake states: certificate_request[13](optional)
upcoming handshake states: server_hello_done[14]
upcoming handshake states: client certificate[11](optional)
upcoming handshake states: client_key_exchange[16]
upcoming handshake states: certificate_verify[15](optional)
upcoming handshake states: client change_cipher_spec[-1]
upcoming handshake states: client finished[20]
upcoming handshake states: server change_cipher_spec[-1]
upcoming handshake states: server finished[20]
*** Certificate chain
chain [0] = [
[
  Version: V3
  Subject: CN=kraken.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US
  Signature Algorithm: SHA256withECDSA, OID = 1.2.840.10045.4.3.2

  Key:  Sun EC public key, 256 bits
  public x coord: 48864501635196549963656287605463406591787460957477889020616429880476276089451
  public y coord: 32590247085304321676098654504198660704005340084345916162208835514735174901269
  parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7)
  Validity: [From: Sun Sep 29 19:00:00 CDT 2019,
               To: Tue Sep 29 07:00:00 CDT 2020]
  Issuer: CN=CloudFlare Inc ECC CA-2, O="CloudFlare, Inc.", L=San Francisco, ST=CA, C=US
  SerialNumber: [    01333d30 7d33550a db34d81b e40374dc]

Certificate Extensions: 10
[1]: ObjectId: 1.3.6.1.4.1.11129.2.4.2 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 81 F5 04 81 F2 00 F0   00 75 00 A4 B9 09 90 B4  .........u......
0010: 18 58 14 87 BB 13 A2 CC   67 70 0A 3C 35 98 04 F9  .X......gp.<5...
0020: 1B DF B8 E3 77 CD 0E C8   0D DC 10 00 00 01 6D 83  ....w.........m.
0030: A6 9B 5A 00 00 04 03 00   46 30 44 02 20 03 39 6F  ..Z.....F0D. .9o
0040: EE 48 65 B2 A5 BF 20 49   3F F6 C6 C3 BA 0D C9 3F  .He... I?......?
0050: 88 77 0A 58 ED 2C 82 9D   4F 63 5C 0A 4A 02 20 6F  .w.X.,..Oc\.J. o
0060: 2D B9 FE 12 2E 01 78 39   BA 6B 81 95 C3 F3 34 9D  -.....x9.k....4.
0070: F0 B9 77 C5 90 73 58 87   58 C3 7E 01 6E 45 23 00  ..w..sX.X...nE#.
0080: 77 00 5E A7 73 F9 DF 56   C0 E7 B5 36 48 7D D0 49  w.^.s..V...6H..I
0090: E0 32 7A 91 9A 0C 84 A1   12 12 84 18 75 96 81 71  .2z.........u..q
00A0: 45 58 00 00 01 6D 83 A6   9A D1 00 00 04 03 00 48  EX...m.........H
00B0: 30 46 02 21 00 BD 5B 80   3C C7 23 BB E8 3F D8 1C  0F.!..[.<.#..?..
00C0: 09 DB BB 4E 02 51 94 CB   DD 1A 4C A5 40 A2 23 87  ...N.Q....L.@.#.
00D0: 5D CE C1 5C A7 02 21 00   E4 6B 6B AE 93 A9 5C 2A  ]..\..!..kk...\*
00E0: A0 1A 7B 3D E2 04 C7 FF   29 BB E6 21 A8 B7 C8 0D  ...=....)..!....
00F0: 5C 3D AE 25 F5 DB 0F C1                            \=.%....


[2]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
  [
   accessMethod: ocsp
   accessLocation: URIName: http://ocsp.digicert.com
,
   accessMethod: caIssuers
   accessLocation: URIName: http://cacerts.digicert.com/CloudFlareIncECCCA-2.crt
]
]

[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 3E 74 2D 1F CF 45 75 04   7E 3F C0 A2 87 3E 4C 43  >t-..Eu..?...>LC
0010: 83 51 13 C6                                        .Q..
]
]

[4]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
  CA:false
  PathLen: undefined
]

[5]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
  [DistributionPoint:
     [URIName: http://crl3.digicert.com/CloudFlareIncECCCA2.crl]
, DistributionPoint:
     [URIName: http://crl4.digicert.com/CloudFlareIncECCCA2.crl]
]]

[6]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
  [CertificatePolicyId: [2.16.840.1.114412.1.1]
[PolicyQualifierInfo: [
  qualifierID: 1.3.6.1.5.5.7.2.1
  qualifier: 0000: 16 1C 68 74 74 70 73 3A   2F 2F 77 77 77 2E 64 69  ..https://www.di
0010: 67 69 63 65 72 74 2E 63   6F 6D 2F 43 50 53        gicert.com/CPS

]]  ]
  [CertificatePolicyId: [2.23.140.1.2.2]
[]  ]
]

[7]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
  serverAuth
  clientAuth
]

[8]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
  DigitalSignature
]

[9]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
  DNSName: kraken.com
]

[10]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: C0 DE 22 6C E6 41 EE BB   59 E9 14 27 65 20 3E B6  .."l.A..Y..'e >.
0010: 5B 1F 62 FC                                        [.b.
]
]

]
  Algorithm: [SHA256withECDSA]
  Signature:
0000: 30 45 02 21 00 97 3E A1   28 46 D7 60 F2 51 F1 54  0E.!..>.(F.`.Q.T
0010: F6 2F D6 2D 0E BE E8 C0   CD ED 68 7A 79 83 52 E6  ./.-......hzy.R.
0020: C0 8B 2B 65 EB 02 20 75   41 80 77 6E 8B 92 02 8A  ..+e.. uA.wn....
0030: 2C 84 48 D2 2E 63 30 63   83 12 D8 EB 9F 15 48 27  ,.H..c0c......H'
0040: 45 D0 DC 30 C5 70 78                               E..0.px

]
chain [1] = [
[
  Version: V3
  Subject: CN=CloudFlare Inc ECC CA-2, O="CloudFlare, Inc.", L=San Francisco, ST=CA, C=US
  Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11

  Key:  Sun EC public key, 256 bits
  public x coord: 94687022452594623789201139772274845840918640222797827363368281341603711614293
  public y coord: 70731992715208353547438509908478121535737517664274520473054656860589489617443
  parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7)
  Validity: [From: Wed Oct 14 07:00:00 CDT 2015,
               To: Fri Oct 09 07:00:00 CDT 2020]
  Issuer: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
  SerialNumber: [    0ff3e616 39aa3d1a 1265f41f 8b34e5b6]

Certificate Extensions: 7
[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
  [
   accessMethod: ocsp
   accessLocation: URIName: http://ocsp.digicert.com
]
]

[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: E5 9D 59 30 82 47 58 CC   AC FA 08 54 36 86 7B 3A  ..Y0.GX....T6..:
0010: B5 04 4D F0                                        ..M.
]
]

[3]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
  CA:true
  PathLen:0
]

[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
  [DistributionPoint:
     [URIName: http://crl3.digicert.com/Omniroot2025.crl]
]]

[5]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
  [CertificatePolicyId: [2.5.29.32.0]
[PolicyQualifierInfo: [
  qualifierID: 1.3.6.1.5.5.7.2.1
  qualifier: 0000: 16 1C 68 74 74 70 73 3A   2F 2F 77 77 77 2E 64 69  ..https://www.di
0010: 67 69 63 65 72 74 2E 63   6F 6D 2F 43 50 53        gicert.com/CPS

]]  ]
]

[6]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
  DigitalSignature
  Key_CertSign
  Crl_Sign
]

[7]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 3E 74 2D 1F CF 45 75 04   7E 3F C0 A2 87 3E 4C 43  >t-..Eu..?...>LC
0010: 83 51 13 C6                                        .Q..
]
]

]
  Algorithm: [SHA256withRSA]
  Signature:
0000: 38 5F A7 FF FC 85 F2 73   32 E4 D5 A3 89 99 96 60  8_.....s2......`
0010: AF 32 C1 03 B3 65 DF BE   1E 03 CA A5 ED 85 B2 8F  .2...e..........
0020: AF 4B 8C 73 8F 2A 8C A9   00 0E 01 24 17 F7 EC 52  .K.s.*.....$...R
0030: 85 76 C8 E5 1C 79 CA C3   17 87 50 B6 04 33 36 9E  .v...y....P..36.
0040: 2A 9E 18 17 96 32 12 AF   43 CC 57 18 DE DB C7 D8  *....2..C.W.....
0050: 88 25 83 E5 CA 06 25 31   FD BD 5D 48 3B 51 01 DD  .%....%1..]H;Q..
0060: 2C 14 C7 C1 60 51 E9 95   01 D8 B2 33 56 0E 47 66  ,...`Q.....3V.Gf
0070: 8D 6C CD AF F9 85 D9 EB   1C 47 47 88 34 E8 F0 FA  .l.......GG.4...
0080: C2 AB 4F 69 4E 09 59 D4   57 C6 CC C1 C8 E3 E6 19  ..OiN.Y.W.......
0090: C1 58 38 52 E2 E2 83 85   DE 22 34 DC 3F A6 F7 AF  .X8R....."4.?...
00A0: 24 BC E0 6F C0 AB 68 2D   52 C7 6B 05 57 2C 42 1B  $..o..h-R.k.W,B.
00B0: 2D 48 87 03 0C 90 AB 48   48 A9 28 BE 34 8A FB BA  -H.....HH.(.4...
00C0: ED F4 60 99 1D 15 78 11   AA D9 6D 53 7F 69 28 BC  ..`...x...mS.i(.
00D0: B7 6B 20 76 7F A0 55 03   71 79 F5 67 A7 B0 A0 0A  .k v..U.qy.g....
00E0: 17 57 B2 00 A9 AD CF FF   67 8C 3E 26 E5 A7 24 BC  .W......g.>&..$.
00F0: C2 6F 10 E8 89 C6 70 A5   D2 1F 80 ED 0D 3F 27 13  .o....p......?'.

]
***
Found trusted certificate:
[
[
  Version: V3
  Subject: CN=kraken.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US
  Signature Algorithm: SHA256withECDSA, OID = 1.2.840.10045.4.3.2

  Key:  Sun EC public key, 256 bits
  public x coord: 48864501635196549963656287605463406591787460957477889020616429880476276089451
  public y coord: 32590247085304321676098654504198660704005340084345916162208835514735174901269
  parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7)
  Validity: [From: Sun Sep 29 19:00:00 CDT 2019,
               To: Tue Sep 29 07:00:00 CDT 2020]
  Issuer: CN=CloudFlare Inc ECC CA-2, O="CloudFlare, Inc.", L=San Francisco, ST=CA, C=US
  SerialNumber: [    01333d30 7d33550a db34d81b e40374dc]

Certificate Extensions: 10
[1]: ObjectId: 1.3.6.1.4.1.11129.2.4.2 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 81 F5 04 81 F2 00 F0   00 75 00 A4 B9 09 90 B4  .........u......
0010: 18 58 14 87 BB 13 A2 CC   67 70 0A 3C 35 98 04 F9  .X......gp.<5...
0020: 1B DF B8 E3 77 CD 0E C8   0D DC 10 00 00 01 6D 83  ....w.........m.
0030: A6 9B 5A 00 00 04 03 00   46 30 44 02 20 03 39 6F  ..Z.....F0D. .9o
0040: EE 48 65 B2 A5 BF 20 49   3F F6 C6 C3 BA 0D C9 3F  .He... I?......?
0050: 88 77 0A 58 ED 2C 82 9D   4F 63 5C 0A 4A 02 20 6F  .w.X.,..Oc\.J. o
0060: 2D B9 FE 12 2E 01 78 39   BA 6B 81 95 C3 F3 34 9D  -.....x9.k....4.
0070: F0 B9 77 C5 90 73 58 87   58 C3 7E 01 6E 45 23 00  ..w..sX.X...nE#.
0080: 77 00 5E A7 73 F9 DF 56   C0 E7 B5 36 48 7D D0 49  w.^.s..V...6H..I
0090: E0 32 7A 91 9A 0C 84 A1   12 12 84 18 75 96 81 71  .2z.........u..q
00A0: 45 58 00 00 01 6D 83 A6   9A D1 00 00 04 03 00 48  EX...m.........H
00B0: 30 46 02 21 00 BD 5B 80   3C C7 23 BB E8 3F D8 1C  0F.!..[.<.#..?..
00C0: 09 DB BB 4E 02 51 94 CB   DD 1A 4C A5 40 A2 23 87  ...N.Q....L.@.#.
00D0: 5D CE C1 5C A7 02 21 00   E4 6B 6B AE 93 A9 5C 2A  ]..\..!..kk...\*
00E0: A0 1A 7B 3D E2 04 C7 FF   29 BB E6 21 A8 B7 C8 0D  ...=....)..!....
00F0: 5C 3D AE 25 F5 DB 0F C1                            \=.%....


[2]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
  [
   accessMethod: ocsp
   accessLocation: URIName: http://ocsp.digicert.com
,
   accessMethod: caIssuers
   accessLocation: URIName: http://cacerts.digicert.com/CloudFlareIncECCCA-2.crt
]
]

[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 3E 74 2D 1F CF 45 75 04   7E 3F C0 A2 87 3E 4C 43  >t-..Eu..?...>LC
0010: 83 51 13 C6                                        .Q..
]
]

[4]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
  CA:false
  PathLen: undefined
]

[5]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
  [DistributionPoint:
     [URIName: http://crl3.digicert.com/CloudFlareIncECCCA2.crl]
, DistributionPoint:
     [URIName: http://crl4.digicert.com/CloudFlareIncECCCA2.crl]
]]

[6]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
  [CertificatePolicyId: [2.16.840.1.114412.1.1]
[PolicyQualifierInfo: [
  qualifierID: 1.3.6.1.5.5.7.2.1
  qualifier: 0000: 16 1C 68 74 74 70 73 3A   2F 2F 77 77 77 2E 64 69  ..https://www.di
0010: 67 69 63 65 72 74 2E 63   6F 6D 2F 43 50 53        gicert.com/CPS

]]  ]
  [CertificatePolicyId: [2.23.140.1.2.2]
[]  ]
]

[7]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
  serverAuth
  clientAuth
]

[8]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
  DigitalSignature
]

[9]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
  DNSName: kraken.com
]

[10]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: C0 DE 22 6C E6 41 EE BB   59 E9 14 27 65 20 3E B6  .."l.A..Y..'e >.
0010: 5B 1F 62 FC                                        [.b.
]
]

]
  Algorithm: [SHA256withECDSA]
  Signature:
0000: 30 45 02 21 00 97 3E A1   28 46 D7 60 F2 51 F1 54  0E.!..>.(F.`.Q.T
0010: F6 2F D6 2D 0E BE E8 C0   CD ED 68 7A 79 83 52 E6  ./.-......hzy.R.
0020: C0 8B 2B 65 EB 02 20 75   41 80 77 6E 8B 92 02 8A  ..+e.. uA.wn....
0030: 2C 84 48 D2 2E 63 30 63   83 12 D8 EB 9F 15 48 27  ,.H..c0c......H'
0040: 45 D0 DC 30 C5 70 78                               E..0.px

]
HttpThread, READ: TLSv1.2 Handshake, length = 148
check handshake state: server_key_exchange[12]
update handshake state: server_key_exchange[12]
upcoming handshake states: certificate_request[13](optional)
upcoming handshake states: server_hello_done[14]
upcoming handshake states: client certificate[11](optional)
upcoming handshake states: client_key_exchange[16]
upcoming handshake states: certificate_verify[15](optional)
upcoming handshake states: client change_cipher_spec[-1]
upcoming handshake states: client finished[20]
upcoming handshake states: server change_cipher_spec[-1]
upcoming handshake states: server finished[20]
*** ECDH ServerKeyExchange
Signature Algorithm SHA256withECDSA
Server key: Sun EC public key, 256 bits
  public x coord: 103870299237100647660570408942452308880031945079093596968185564497241125104617
  public y coord: 55386326449786111127312394418436759998039329408129170967111058554506455230335
  parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7)
HttpThread, READ: TLSv1.2 Handshake, length = 4
check handshake state: server_hello_done[14]
update handshake state: server_hello_done[14]
upcoming handshake states: client certificate[11](optional)
upcoming handshake states: client_key_exchange[16]
upcoming handshake states: certificate_verify[15](optional)
upcoming handshake states: client change_cipher_spec[-1]
upcoming handshake states: client finished[20]
upcoming handshake states: server change_cipher_spec[-1]
upcoming handshake states: server finished[20]
*** ServerHelloDone
*** ECDHClientKeyExchange
ECDH Public value:  { 4, 54, 122, 232, 105, 230, 209, 82, 85, 199, 240, 125, 55, 50, 158, 98, 210, 189, 112, 48, 227, 110, 112, 49, 103, 126, 99, 251, 165, 39, 209, 245, 115, 254, 119, 140, 51, 248, 189, 172, 85, 58, 154, 16, 119, 112, 156, 85, 15, 111, 219, 26, 189, 218, 14, 56, 218, 129, 254, 50, 124, 122, 189, 199, 156 }
update handshake state: client_key_exchange[16]
upcoming handshake states: certificate_verify[15](optional)
upcoming handshake states: client change_cipher_spec[-1]
upcoming handshake states: client finished[20]
upcoming handshake states: server change_cipher_spec[-1]
upcoming handshake states: server finished[20]
HttpThread, WRITE: TLSv1.2 Handshake, length = 70
SESSION KEYGEN:
PreMaster Secret:
0000: 23 A3 E5 08 2C 39 9E EF   7E 07 87 05 C8 63 5A 56  #...,9.......cZV
0010: D7 4A 58 0D 2B BE 2F B4   02 7E A6 98 1D C7 72 1C  .JX.+./.......r.
CONNECTION KEYGEN:
Client Nonce:
0000: 5E 91 1F C3 92 FC 2A 07   CD 4C 48 3D 24 DD B5 8F  ^.....*..LH=$...
0010: 10 45 F4 80 A7 57 37 43   A2 E7 0C 9B DD 1B 81 F7  .E...W7C........
Server Nonce:
0000: 5E 91 1F C3 5D 51 CE DC   19 9D E0 C6 8C 4F B4 A7  ^...]Q.......O..
0010: 1B 40 ED 03 59 3F 03 3B   44 4F 57 4E 47 52 44 01  .@..Y?.;DOWNGRD.
Master Secret:
0000: 99 CF 90 F1 56 BB C8 6D   3A E9 D9 70 F4 1D 5A E1  ....V..m:..p..Z.
0010: 54 4A 89 14 45 36 D2 B7   91 46 74 CA FE 6D D2 7A  TJ..E6...Ft..m.z
0020: C3 6A 61 B1 0D 2C 97 B7   C1 9E 99 33 0C 6F F6 27  .ja..,.....3.o.'
... no MAC keys used for this cipher
Client write key:
0000: 5F D8 09 76 93 69 2A 97   1C AF 59 29 57 4F 78 AB  _..v.i*...Y)WOx.
Server write key:
0000: A4 CD 04 B0 C7 E8 82 48   B8 88 36 C8 BB 25 BD 26  .......H..6..%.&
Client write IV:
0000: D1 C6 7B D9                                        ....
Server write IV:
0000: FE F8 A4 7C                                        ....
update handshake state: change_cipher_spec
upcoming handshake states: client finished[20]
upcoming handshake states: server change_cipher_spec[-1]
upcoming handshake states: server finished[20]
HttpThread, WRITE: TLSv1.2 Change Cipher Spec, length = 1
*** Finished
verify_data:  { 113, 3, 238, 228, 11, 150, 230, 211, 129, 37, 199, 167 }
***
update handshake state: finished[20]
upcoming handshake states: server change_cipher_spec[-1]
upcoming handshake states: server finished[20]
HttpThread, WRITE: TLSv1.2 Handshake, length = 40
HttpThread, READ: TLSv1.2 Change Cipher Spec, length = 1
update handshake state: change_cipher_spec
upcoming handshake states: server finished[20]
HttpThread, READ: TLSv1.2 Handshake, length = 40
check handshake state: finished[20]
update handshake state: finished[20]
*** Finished
verify_data:  { 16, 74, 7, 123, 78, 46, 163, 248, 186, 92, 92, 191 }
***
%% Cached client session: [Session-1, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256]
HttpThread, WRITE: TLSv1.2 Application Data, length = 232
20:39:15.686040-WARN KrakenWebSocketClient-ws.kraken.com:443 Could not handshake! httpResponseCode=403
HttpThread, called closeOutbound()
HttpThread, closeOutboundInternal()
HttpThread, SEND TLSv1.2 ALERT:  warning, description = close_notify
HttpThread, WRITE: TLSv1.2 Alert, length = 26
%% Invalidated:  [Session-1, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256]
20:39:15.687190-INFO KrakenWebSocketClient-ws.kraken.com:443 Client was disconnected