javasslgrpctls1.2

How to know which TLS version is being used by gRPC?


How can I know which TLS version is currently being used by gRPC

I want to make it to use TLSv1.2 by passing the below argument to java "-Djdk.tls.client.protocols=TLSv1.2"

But I was not able to find which TLS version was being used by gRPC when I ran the application.

Can someone help me on how to find out the version which is being used by gRPC.

I want know, which TLS version is being used by gRPC


Solution

  • If you add the VM argument below, the application will tell you.

    -Djavax.net.debug=SSL,keymanager,trustmanager,ssl:handshake
    

    Just run a request and the output will be:

    javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.621 CEST|ClientHello.java:796|Consuming ClientHello handshake message (
    "ClientHello": {
      "client version"      : "TLSv1.2",
      "random"              : "81A7CE7656F219CE45AAE61551E6019C2C1A3E3471C6A829F877A1501A259888",
      "session id"          : "B42020E339E65569D0F583AA828A1BD814186106C64049DEE1AB814EAE516C04",
      "cipher suites"       : "[TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(0xC02B), TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(0xC02F), TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384(0xC02C), TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(0xC030), TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256(0xCCA9), TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256(0xCCA8), TLS_AES_128_GCM_SHA256(0x1301), TLS_AES_256_GCM_SHA384(0x1302), TLS_CHACHA20_POLY1305_SHA256(0x1303)]",
      "compression methods" : "00",
      "extensions"          : [
        "status_request (5)": {
          "certificate status type": ocsp
          "OCSP status request": {
            "responder_id": <empty>
            "request extensions": {
              <empty>
            }
          }
        },
        "supported_groups (10)": {
          "named groups": [x25519, secp256r1, secp384r1, secp521r1, x448, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192]
        },
        "ec_point_formats (11)": {
          "formats": [uncompressed]
        },
        "application_layer_protocol_negotiation (16)": {
          [h2]
        },
        "status_request_v2 (17)": {
          "cert status request": {
            "certificate status type": ocsp_multi
            "OCSP status request": {
              "responder_id": <empty>
              "request extensions": {
                <empty>
              }
            }
          }
        },
        "extended_master_secret (23)": {
          <empty>
        },
        "session_ticket (35)": {
          <empty>
        },
        "signature_algorithms (13)": {
          "signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, ed25519, ed448, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha224, rsa_sha224, dsa_sha224, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1]
        },
        "supported_versions (43)": {
          "versions": [TLSv1.3, TLSv1.2]
        },
        "psk_key_exchange_modes (45)": {
          "ke_modes": [psk_dhe_ke]
        },
        "signature_algorithms_cert (50)": {
          "signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, ed25519, ed448, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha224, rsa_sha224, dsa_sha224, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1]
        },
        "key_share (51)": {
          "client_shares": [  
            {
              "named group": x25519
              "key_exchange": {
                0000: 16 E2 53 CC F2 A0 6F 5E   51 A2 36 48 E0 E2 34 98  ..S...o^Q.6H..4.
                0010: D7 31 B6 A7 CF B3 1E A1   4D 34 C3 07 BF 8B E3 02  .1......M4......
              }
            },
            {
              "named group": secp256r1
              "key_exchange": {
                0000: 04 A6 D9 2E CC DA D0 59   12 E8 18 76 AA A4 03 F7  .......Y...v....
                0010: 7A EE 03 56 45 FB DB E1   A5 C4 B0 3F C9 30 BF C9  z..VE......?.0..
                0020: DD CB B6 65 44 FF 2A 20   27 CE 07 2E C7 84 F1 95  ...eD.* '.......
                0030: 47 1A 2A 26 75 F6 E1 69   F4 8E D2 B4 A7 C5 43 14  G.*&u..i......C.
                0040: 97 
              }
            },
          ]
        },
        "renegotiation_info (65,281)": {
          "renegotiated connection": [<no renegotiated connection>]
        }
      ]
    }
    )
    javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.621 CEST|SSLExtensions.java:204|Consumed extension: supported_versions
    javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.622 CEST|ClientHello.java:826|Negotiated protocol version: TLSv1.3
    javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.622 CEST|SSLExtensions.java:204|Consumed extension: psk_key_exchange_modes
    javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.622 CEST|PreSharedKeyExtension.java:833|Handling pre_shared_key absence.
    javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.622 CEST|SSLExtensions.java:185|Ignore unavailable extension: server_name
    javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.622 CEST|SSLExtensions.java:185|Ignore unavailable extension: max_fragment_length
    javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.622 CEST|SSLExtensions.java:204|Consumed extension: status_request
    javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.623 CEST|SSLExtensions.java:204|Consumed extension: supported_groups
    javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.623 CEST|SSLExtensions.java:175|Ignore unsupported extension: ec_point_formats
    javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.623 CEST|SSLExtensions.java:204|Consumed extension: application_layer_protocol_negotiation
    javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.623 CEST|SSLExtensions.java:175|Ignore unsupported extension: status_request_v2
    javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.623 CEST|SSLExtensions.java:175|Ignore unsupported extension: extended_master_secret
    javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.623 CEST|SSLExtensions.java:175|Ignore unsupported extension: session_ticket
    javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.623 CEST|SSLExtensions.java:204|Consumed extension: signature_algorithms
    javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.623 CEST|SSLExtensions.java:185|Ignore unavailable extension: cookie
    javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.623 CEST|SSLExtensions.java:185|Ignore unavailable extension: certificate_authorities
    javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.624 CEST|SSLExtensions.java:204|Consumed extension: signature_algorithms_cert
    javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.627 CEST|SSLExtensions.java:204|Consumed extension: key_share
    javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.627 CEST|SSLExtensions.java:175|Ignore unsupported extension: renegotiation_info
    javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.628 CEST|SSLExtensions.java:219|Ignore unavailable extension: server_name
    javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.628 CEST|SSLExtensions.java:219|Ignore unavailable extension: max_fragment_length
    javax.net.ssl|WARNING|22|grpc-default-executor-0|2024-09-16 13:56:08.629 CEST|SSLExtensions.java:227|Ignore impact of unsupported extension: status_request
    javax.net.ssl|WARNING|22|grpc-default-executor-0|2024-09-16 13:56:08.629 CEST|SSLExtensions.java:227|Ignore impact of unsupported extension: supported_groups
    javax.net.ssl|WARNING|22|grpc-default-executor-0|2024-09-16 13:56:08.629 CEST|SSLExtensions.java:227|Ignore impact of unsupported extension: application_layer_protocol_negotiation
    javax.net.ssl|WARNING|22|grpc-default-executor-0|2024-09-16 13:56:08.629 CEST|SignatureScheme.java:440|Unsupported signature scheme: dsa_sha256
    javax.net.ssl|WARNING|22|grpc-default-executor-0|2024-09-16 13:56:08.629 CEST|SignatureScheme.java:440|Unsupported signature scheme: ecdsa_sha224
    javax.net.ssl|WARNING|22|grpc-default-executor-0|2024-09-16 13:56:08.629 CEST|SignatureScheme.java:440|Unsupported signature scheme: rsa_sha224
    javax.net.ssl|WARNING|22|grpc-default-executor-0|2024-09-16 13:56:08.629 CEST|SignatureScheme.java:440|Unsupported signature scheme: dsa_sha224
    javax.net.ssl|WARNING|22|grpc-default-executor-0|2024-09-16 13:56:08.629 CEST|SignatureScheme.java:440|Unsupported signature scheme: dsa_sha1
    javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.629 CEST|SSLExtensions.java:236|Populated with extension: signature_algorithms
    javax.net.ssl|WARNING|22|grpc-default-executor-0|2024-09-16 13:56:08.629 CEST|SSLExtensions.java:227|Ignore impact of unsupported extension: supported_versions
    javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.629 CEST|SSLExtensions.java:219|Ignore unavailable extension: cookie
    javax.net.ssl|WARNING|22|grpc-default-executor-0|2024-09-16 13:56:08.629 CEST|SSLExtensions.java:227|Ignore impact of unsupported extension: psk_key_exchange_modes
    javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.630 CEST|SSLExtensions.java:219|Ignore unavailable extension: certificate_authorities
    javax.net.ssl|WARNING|22|grpc-default-executor-0|2024-09-16 13:56:08.630 CEST|SignatureScheme.java:440|Unsupported signature scheme: dsa_sha256
    javax.net.ssl|WARNING|22|grpc-default-executor-0|2024-09-16 13:56:08.630 CEST|SignatureScheme.java:440|Unsupported signature scheme: ecdsa_sha224
    javax.net.ssl|WARNING|22|grpc-default-executor-0|2024-09-16 13:56:08.630 CEST|SignatureScheme.java:440|Unsupported signature scheme: rsa_sha224
    javax.net.ssl|WARNING|22|grpc-default-executor-0|2024-09-16 13:56:08.630 CEST|SignatureScheme.java:440|Unsupported signature scheme: dsa_sha224
    javax.net.ssl|WARNING|22|grpc-default-executor-0|2024-09-16 13:56:08.630 CEST|SignatureScheme.java:440|Unsupported signature scheme: dsa_sha1
    javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.630 CEST|SSLExtensions.java:236|Populated with extension: signature_algorithms_cert
    javax.net.ssl|WARNING|22|grpc-default-executor-0|2024-09-16 13:56:08.630 CEST|SSLExtensions.java:227|Ignore impact of unsupported extension: key_share
    javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.630 CEST|ServerHello.java:729|use cipher suite TLS_AES_128_GCM_SHA256
    javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.640 CEST|SSLExtensions.java:272|Ignore, context unavailable extension: pre_shared_key
    javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.641 CEST|ServerHello.java:581|Produced ServerHello handshake message (
    "ServerHello": {
      "server version"      : "TLSv1.2",
      "random"              : "57DE2ADB325A86B79EF8563244FC15AF2B673A1099E7266EC4929F0D4E6E1B56",
      "session id"          : "B42020E339E65569D0F583AA828A1BD814186106C64049DEE1AB814EAE516C04",
      "cipher suite"        : "TLS_AES_128_GCM_SHA256(0x1301)",
      "compression methods" : "00",
      "extensions"          : [
        "supported_versions (43)": {
          "selected version": [TLSv1.3]
        },
        "key_share (51)": {
          "server_share": {
            "named group": x25519
            "key_exchange": {
              0000: 23 9B DD 89 B7 66 A0 B4   77 AF FF 18 46 C2 41 75  #....f..w...F.Au
              0010: A8 72 63 C4 7E A9 33 00   42 31 B3 0E E1 84 C3 60  .rc...3.B1.....`
            }
          },
        }
      ]
    }
    )
    javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.646 CEST|SSLCipher.java:1836|KeyLimit read side: algorithm = AES/GCM/NoPadding:KEYUPDATE
    countdown value = 137438953472
    javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.647 CEST|SSLCipher.java:1987|KeyLimit write side: algorithm = AES/GCM/NoPadding:KEYUPDATE
    countdown value = 137438953472
    javax.net.ssl|ALL|22|grpc-default-executor-0|2024-09-16 13:56:08.647 CEST|ServerNameExtension.java:527|Ignore unavailable extension: server_name
    javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.647 CEST|SSLExtensions.java:272|Ignore, context unavailable extension: server_name
    javax.net.ssl|ALL|22|grpc-default-executor-0|2024-09-16 13:56:08.647 CEST|MaxFragExtension.java:459|Ignore unavailable max_fragment_length extension
    javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.647 CEST|SSLExtensions.java:272|Ignore, context unavailable extension: max_fragment_length
    javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.648 CEST|EncryptedExtensions.java:138|Produced EncryptedExtensions message (
    "EncryptedExtensions": [
      "supported_groups (10)": {
        "named groups": [x25519, secp256r1, secp384r1, secp521r1, x448, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192]
      },
      "application_layer_protocol_negotiation (16)": {
        [h2]
      }
    ]
    )
    javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.650 CEST|CertificateRequest.java:891|Produced CertificateRequest message (
    "CertificateRequest": {
      "certificate_request_context": "",
      "extensions": [
        "signature_algorithms (13)": {
          "signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, ed25519, ed448, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, ecdsa_sha1, rsa_pkcs1_sha1]
        },
        "certificate_authorities (47)": {
          "certificate authorities": [
            CN=java-tutorials, OU=Altindag, O=Altindag, C=NL]
        },
        "signature_algorithms_cert (50)": {
          "signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, ed25519, ed448, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, ecdsa_sha1, rsa_pkcs1_sha1]
        }
      ]
    }
    )
    javax.net.ssl|ALL|22|grpc-default-executor-0|2024-09-16 13:56:08.652 CEST|X509Authentication.java:289|No X.509 cert selected for EC
    javax.net.ssl|ALL|22|grpc-default-executor-0|2024-09-16 13:56:08.652 CEST|X509Authentication.java:289|No X.509 cert selected for EdDSA
    javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.652 CEST|SunX509KeyManagerImpl.java:388|matching alias: server
    javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.653 CEST|StatusResponseManager.java:737|Staping disabled or is a resumed session
    javax.net.ssl|ALL|22|grpc-default-executor-0|2024-09-16 13:56:08.653 CEST|CertStatusExtension.java:1116|Stapling is disabled for this connection
    javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.653 CEST|SSLExtensions.java:272|Ignore, context unavailable extension: status_request
    javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.654 CEST|CertificateMessage.java:1016|Produced server Certificate message (
    "Certificate": {
      "certificate_request_context": "",
      "certificate_list": [  
      {
        "certificate" : {
          "version"            : "v3",
          "serial number"      : "0096F7244042545685",
          "signature algorithm": "SHA384withRSA",
          "issuer"             : "CN=Hakan, OU=Amsterdam, O=Thunderberry, C=NL",
          "not before"         : "2024-09-16 13:55:16.000 CEST",
          "not  after"         : "2034-09-14 13:55:16.000 CEST",
          "subject"            : "CN=Hakan, OU=Amsterdam, O=Thunderberry, C=NL",
          "subject public key" : "RSA",
          "extensions"         : [
            {
              ObjectId: 2.5.29.37 Criticality=false
              ExtendedKeyUsages [
                serverAuth
                clientAuth
              ]
            },
            {
              ObjectId: 2.5.29.15 Criticality=false
              KeyUsage [
                DigitalSignature
                Key_Encipherment
                Data_Encipherment
                Key_Agreement
              ]
            },
            {
              ObjectId: 2.5.29.17 Criticality=true
              SubjectAlternativeName [
                DNSName: localhost
                DNSName: raspberrypi.local
                IPAddress: 127.0.0.1
              ]
            },
            {
              ObjectId: 2.5.29.14 Criticality=false
              SubjectKeyIdentifier [
              KeyIdentifier [
              0000: 53 8C 4E 49 B4 91 68 AD   03 61 49 03 D8 CA F3 66  S.NI..h..aI....f
              0010: AD 1E 7F 3E                                        ...>
              ]
              ]
            }
          ]}
        "extensions": {
          <no extension>
        }
      },
    ]
    }
    )
    javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.682 CEST|CertificateVerify.java:1117|Produced server CertificateVerify handshake message (
    "CertificateVerify": {
      "signature algorithm": rsa_pss_rsae_sha256
      "signature": {
        0000: 56 2A 1A 96 C0 93 61 D0   89 CC B7 53 D6 C0 04 13  V*....a....S....
        0010: 53 E6 6C 0C 70 4B 04 93   C4 D6 EB BF D9 01 EF 20  S.l.pK......... 
        0020: 6D E1 5A E1 B1 19 B0 58   D8 CE 0A ED 09 46 D5 6A  m.Z....X.....F.j
        0030: BC 75 CA 1F 2A 3C 2B 98   87 81 96 2C 88 58 23 50  .u..*<+....,.X#P
        0040: AA C2 56 9B F1 9E CB B3   80 13 B9 80 09 07 F6 B4  ..V.............
        0050: 1F C4 B8 FF 9F 54 B6 96   30 11 97 64 B3 95 58 07  .....T..0..d..X.
        0060: C7 D5 7E 14 E6 6A 6A A2   7D 7E B7 DD F2 C6 96 81  .....jj.........
        0070: A2 0D FE E7 61 A8 C7 04   0D 34 0A 9E 34 53 F5 FC  ....a....4..4S..
        0080: 83 4F C6 81 FE 62 3F 15   1A 1E 87 93 79 A0 64 19  .O...b?.....y.d.
        0090: 73 E9 80 46 F5 CC 07 58   D8 FB 7F E5 52 7F 91 89  s..F...X....R...
        00A0: 9F 12 25 3F DE 75 F6 2D   3A 67 BB B2 7D C6 93 22  ..%?.u.-:g....."
        00B0: D9 12 35 A6 81 40 15 2E   49 03 83 95 D6 0B B3 BB  ..5..@..I.......
        00C0: 71 E8 22 08 06 18 30 53   64 0B 45 5F 8D A3 E4 D9  q."...0Sd.E_....
        00D0: D2 D9 BD 82 25 0E 20 20   B9 AF 01 F9 B9 29 2C 4D  ....%.  .....),M
        00E0: 20 96 AC 67 1A F6 59 EA   04 80 11 CA BA 7C DA 3B   ..g..Y........;
        00F0: 0C C7 B6 89 A4 B0 BA 2E   E8 FD FF 7E 53 6B 2F 2E  ............Sk/.
      }
    }
    )
    javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.684 CEST|Finished.java:781|Produced server Finished handshake message (
    "Finished": {
      "verify data": {
        0000: 77 B6 79 42 29 2C 94 34   BD D0 28 B0 28 7B 16 54  w.yB),.4..(.(..T
        0010: F2 33 DB 1B 22 6B 71 48   1F 92 79 24 1D 7F A9 AF  .3.."kqH..y$....
      }
    }
    )
    javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.684 CEST|SSLCipher.java:1987|KeyLimit write side: algorithm = AES/GCM/NoPadding:KEYUPDATE
    countdown value = 137438953472
    javax.net.ssl|DEBUG|12|grpc-nio-worker-ELG-3-1|2024-09-16 13:56:08.711 CEST|ChangeCipherSpec.java:244|Consuming ChangeCipherSpec message
    javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.797 CEST|CertificateMessage.java:1141|Consuming client Certificate handshake message (
    "Certificate": {
      "certificate_request_context": "",
      "certificate_list": [  
      {
        "certificate" : {
          "version"            : "v3",
          "serial number"      : "19AF1029D5ACFCF4",
          "signature algorithm": "SHA384withRSA",
          "issuer"             : "CN=java-tutorials, OU=Altindag, O=Altindag, C=NL",
          "not before"         : "2024-09-16 13:55:17.000 CEST",
          "not  after"         : "2034-09-14 13:55:17.000 CEST",
          "subject"            : "CN=java-tutorials, OU=Altindag, O=Altindag, C=NL",
          "subject public key" : "RSA",
          "extensions"         : [
            {
              ObjectId: 2.5.29.37 Criticality=false
              ExtendedKeyUsages [
                serverAuth
                clientAuth
              ]
            },
            {
              ObjectId: 2.5.29.15 Criticality=false
              KeyUsage [
                DigitalSignature
                Key_Encipherment
                Data_Encipherment
                Key_Agreement
              ]
            },
            {
              ObjectId: 2.5.29.14 Criticality=false
              SubjectKeyIdentifier [
              KeyIdentifier [
              0000: 87 88 06 82 DA BB 87 CF   48 AD 27 70 0F 52 18 5B  ........H.'p.R.[
              0010: A0 C7 E6 78                                        ...x
              ]
              ]
            }
          ]}
        "extensions": {
          <no extension>
        }
      },
    ]
    }
    )
    javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.799 CEST|X509TrustManagerImpl.java:300|Found trusted certificate (
      "certificate" : {
        "version"            : "v3",
        "serial number"      : "19AF1029D5ACFCF4",
        "signature algorithm": "SHA384withRSA",
        "issuer"             : "CN=java-tutorials, OU=Altindag, O=Altindag, C=NL",
        "not before"         : "2024-09-16 13:55:17.000 CEST",
        "not  after"         : "2034-09-14 13:55:17.000 CEST",
        "subject"            : "CN=java-tutorials, OU=Altindag, O=Altindag, C=NL",
        "subject public key" : "RSA",
        "extensions"         : [
          {
            ObjectId: 2.5.29.37 Criticality=false
            ExtendedKeyUsages [
              serverAuth
              clientAuth
            ]
          },
          {
            ObjectId: 2.5.29.15 Criticality=false
            KeyUsage [
              DigitalSignature
              Key_Encipherment
              Data_Encipherment
              Key_Agreement
            ]
          },
          {
            ObjectId: 2.5.29.14 Criticality=false
            SubjectKeyIdentifier [
            KeyIdentifier [
            0000: 87 88 06 82 DA BB 87 CF   48 AD 27 70 0F 52 18 5B  ........H.'p.R.[
            0010: A0 C7 E6 78                                        ...x
            ]
            ]
          }
        ]}
    )
    javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.800 CEST|CertificateVerify.java:1169|Consuming CertificateVerify handshake message (
    "CertificateVerify": {
      "signature algorithm": rsa_pss_rsae_sha256
      "signature": {
        0000: 76 67 D2 5A 6E FF 4F 6D   70 DE A5 9F 54 29 2F F6  vg.Zn.Omp...T)/.
        0010: DD 88 CB D3 20 1E 3A 65   D7 DA 41 5A E8 D5 28 7F  .... .:e..AZ..(.
        0020: 58 65 24 28 6A FC C1 D6   1E 84 6D 4B 3B 56 2C FC  Xe$(j.....mK;V,.
        0030: 56 AA E4 C7 E8 A4 64 77   04 18 7B EB BF A6 8D B1  V.....dw........
        0040: F0 3E 77 DF 2C 6D 44 19   C0 9F D8 15 D6 94 0B D5  .>w.,mD.........
        0050: B2 B9 73 59 7F 27 28 32   C9 7B CA B7 71 26 F2 FF  ..sY.'(2....q&..
        0060: 2A 39 A2 41 48 0E D4 95   F9 07 19 0B FE 58 4D 51  *9.AH........XMQ
        0070: 44 8E 6D 8C 7A 01 1B 56   E2 14 B0 75 78 9B 61 F7  D.m.z..V...ux.a.
        0080: E7 B0 08 65 13 5E E8 55   97 37 C2 C6 72 DA CC B7  ...e.^.U.7..r...
        0090: BA 09 F5 AD 2D 06 A4 FF   F3 C7 9F 70 AC 85 57 87  ....-......p..W.
        00A0: C2 84 6A 5B 7B 3A 78 61   CF 45 64 FD 5D 7F 3E 38  ..j[.:xa.Ed.].>8
        00B0: 62 76 72 F5 96 0E 24 2C   A9 27 E1 F3 EC D5 F2 35  bvr...$,.'.....5
        00C0: 0B 95 96 26 D3 99 3D B4   97 3D 83 CF C9 7E B5 93  ...&..=..=......
        00D0: C5 EC D0 8C 15 C8 B8 A7   F5 94 1E F0 7F 82 BB 83  ................
        00E0: 86 2D 6D CE A4 CC C8 0F   E2 69 42 58 B3 E5 34 D7  .-m......iBX..4.
        00F0: 68 BC 87 32 5B 9A F7 47   3D CC C2 2E 1A D4 F7 BB  h..2[..G=.......
      }
    }
    )
    javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.801 CEST|Finished.java:1051|Consuming client Finished handshake message (
    "Finished": {
      "verify data": {
        0000: 15 18 4F EE C4 B2 88 F5   96 F5 6A 7B 84 C7 81 0D  ..O.......j.....
        0010: 3D DA 02 11 DA EB 0F BE   47 60 16 A5 8C E9 CB DF  =.......G`......
      }
    }
    )
    javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.801 CEST|SSLCipher.java:1836|KeyLimit read side: algorithm = AES/GCM/NoPadding:KEYUPDATE
    countdown value = 137438953472
    

    Search for the line similar to the below one in the full output and you will find the SSL/TLS version:

    javax.net.ssl|DEBUG|22|grpc-default-executor-0|2024-09-16 13:56:08.622 CEST|ClientHello.java:826|Negotiated protocol version: TLSv1.3