WLS8.1 SSL JMS > handshake failure
Paul Gibson
I'm trying to set up a one-way SSL connection on Weblogic 8.1. The
connection will be from my weblogic instance (as client) to another.
I have created a keystore which contains the server CA as a trusted
cert. I have configured the Weblogic console to use the keystore. I
have disabled the SSL Listener for the client server as instructed
previously. However, I continue to get the below output from
weblogic. If anyone has any advice I would really appreciate it.
Cheers,
Paul
<05-Apr-2004 11:38:45 o'clock IST> <Debug> <TLS> <000000> <SSLManager:
loaded 1 trusted CAs from
/software/weblogic81/server/lib/RISKeyStore.jks>
<05-Apr-2004 11:38:45 o'clock IST> <Debug> <TLS> <000000> <clientInfo
settings applied>
<05-Apr-2004 11:38:45 o'clock IST> <Debug> <TLS> <000000> <Filtering
JSSE SSLSocket>
<05-Apr-2004 11:38:45 o'clock IST> <Debug> <TLS> <000000>
<SSLIOContextTable.addContext(ctx): 4467737>
<05-Apr-2004 11:38:45 o'clock IST> <Debug> <TLS> <000000> <SSLSocket
will be Muxing>
<05-Apr-2004 11:38:45 o'clock IST> <Debug> <TLS> <000000>
<SSLIOContextTable.findContext(is): 27995611>
<05-Apr-2004 11:38:45 o'clock IST> <Debug> <TLS> <000000> <write
SSL_20_RECORD>
<05-Apr-2004 11:38:45 o'clock IST> <Debug> <TLS> <000000>
<SSLFilter.isActivated: false>
<05-Apr-2004 11:38:45 o'clock IST> <Debug> <TLS> <000000>
<isMuxerActivated: false>
<05-Apr-2004 11:38:45 o'clock IST> <Debug> <TLS> <000000>
<SSLFilter.isActivated: false>
<05-Apr-2004 11:38:45 o'clock IST> <Debug> <TLS> <000000> <5539609
readRecord()>
<05-Apr-2004 11:38:45 o'clock IST> <Debug> <TLS> <000000> <5539609
SSL3/TLS MAC>
<05-Apr-2004 11:38:45 o'clock IST> <Debug> <TLS> <000000> <5539609
received HANDSHAKE>
<05-Apr-2004 11:38:45 o'clock IST> <Debug> <TLS> <000000>
<HANDSHAKEMESSAGE: ServerHello>
<05-Apr-2004 11:38:45 o'clock IST> <Debug> <TLS> <000000>
<SSLFilter.isActivated: false>
<05-Apr-2004 11:38:45 o'clock IST> <Debug> <TLS> <000000>
<isMuxerActivated: false>
<05-Apr-2004 11:38:45 o'clock IST> <Debug> <TLS> <000000>
<SSLFilter.isActivated: false>
<05-Apr-2004 11:38:45 o'clock IST> <Debug> <TLS> <000000> <5539609
readRecord()>
<05-Apr-2004 11:38:45 o'clock IST> <Debug> <TLS> <000000> <5539609
SSL3/TLS MAC>
<05-Apr-2004 11:38:45 o'clock IST> <Debug> <TLS> <000000> <5539609
received HANDSHAKE>
<05-Apr-2004 11:38:45 o'clock IST> <Debug> <TLS> <000000>
<HANDSHAKEMESSAGE: Certificate>
<05-Apr-2004 11:38:45 o'clock IST> <Debug> <TLS> <000000> <Performing
hostname validation checks: 25.10.1.221>
<05-Apr-2004 11:38:45 o'clock IST> <Debug> <TLS> <000000> <Converting
principal: CN=Revenue Certificate Authority, OU=Revenue Certifacate
Authority, O=Office Of The Revenue Commissioners, L=Dublin, ST=Dublin,
C=IE>
<05-Apr-2004 11:38:45 o'clock IST> <Debug> <TLS> <000000>
<validationCallback: validateErr = 0>
...cert info...
<05-Apr-2004 11:38:45 o'clock IST> <Debug> <TLS> <000000>
<SSLTrustValidator returns: 0>
<05-Apr-2004 11:38:45 o'clock IST> <Debug> <TLS> <000000> <Trust
status (0): NONE>
<05-Apr-2004 11:38:45 o'clock IST> <Debug> <TLS> <000000>
<SSLFilter.isActivated: false>
<05-Apr-2004 11:38:45 o'clock IST> <Debug> <TLS> <000000>
<isMuxerActivated: false>
<05-Apr-2004 11:38:45 o'clock IST> <Debug> <TLS> <000000>
<SSLFilter.isActivated: false>
<05-Apr-2004 11:38:45 o'clock IST> <Debug> <TLS> <000000> <5539609
readRecord()>
<05-Apr-2004 11:38:45 o'clock IST> <Debug> <TLS> <000000> <5539609
SSL3/TLS MAC>
<05-Apr-2004 11:38:45 o'clock IST> <Debug> <TLS> <000000> <5539609
received HANDSHAKE>
<05-Apr-2004 11:38:45 o'clock IST> <Debug> <TLS> <000000>
<HANDSHAKEMESSAGE: ServerKeyExchange>
<05-Apr-2004 11:38:45 o'clock IST> <Debug> <TLS> <000000>
<HANDSHAKEMESSAGE: ServerKeyExchangeDH>
<05-Apr-2004 11:38:47 o'clock IST> <Debug> <TLS> <000000> <Exception
during handshake, stack trace follows
java.lang.IllegalArgumentException: Empty key
at javax.crypto.spec.SecretKeySpec.<init>(DashoA6275)
at com.certicom.tls.provider.Mac.init(Unknown Source)
at com.certicom.tls.ciphersuite.SecurityParameters.TLS_PRF(Unknown
Source)
at com.certicom.tls.ciphersuite.SecurityParameters.TLS_PRF(Unknown
Source)
....
Tony
doesn't support.
Check your certs/keys to make sure you are using RSA certificates.
Tony
"Paul Gibson" <paul....@accenture.com> wrote in message
news:4072...@newsgroups.bea.com...
Pavel
Looks like your ssl configuration is fine, and the certficate received by the ssl
client passed the validation check. Check if you have any non-default jce providers
installed in java.security or dynamically (specifically KeyAgreement), and if
you do try to run without them and see if this makes a difference. Also, could
you post the rest of the IllegalArgumentException error stack?
Pavel.
Paul Gibson
java.lang.IllegalArgumentException: Empty key
at javax.crypto.spec.SecretKeySpec.<init>(DashoA6275)
at com.certicom.tls.provider.Mac.init(Unknown Source)
at com.certicom.tls.ciphersuite.SecurityParameters.TLS_PRF(Unknown Source)
at com.certicom.tls.ciphersuite.SecurityParameters.TLS_PRF(Unknown Source)
at
com.certicom.tls.ciphersuite.SecurityParameters.makeKeysExportable(Unknown
Source)
at com.certicom.tls.ciphersuite.SecurityParameters.deriveKeys(Unknown
Source)
at com.certicom.tls.ciphersuite.SecurityParameters.<init>(Unknown Source)
at
com.certicom.tls.record.handshake.HandshakeHandler.generateSecurityParameter
s(Unknown Source)
at
com.certicom.tls.record.handshake.ClientStateReceivedCertificate.handle(Unkn
own Source)
at
com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Un
known Source)
at
com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(U
nknown Source)
at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown
Source)
at
com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown
Source)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:69)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:127)
at java.io.DataOutputStream.flush(DataOutputStream.java:101)
at weblogic.rjvm.t3.T3JVMConnection.connect(T3JVMConnection.java:281)
at
weblogic.rjvm.t3.T3SJVMConnection.createConnection(T3SJVMConnection.java:77)
at
weblogic.rjvm.ConnectionManager.createConnection(ConnectionManager.java:1769
)
at
weblogic.rjvm.ConnectionManager.findOrCreateConnection(ConnectionManager.jav
a:1293)
at weblogic.rjvm.ConnectionManager.bootstrap(ConnectionManager.java:430)
at weblogic.rjvm.ConnectionManager.bootstrap(ConnectionManager.java:312)
at
weblogic.rjvm.RJVMManager.findOrCreateRemoteInternal(RJVMManager.java:223)
at weblogic.rjvm.RJVMManager.findOrCreate(RJVMManager.java:181)
at weblogic.rjvm.RJVMFinder.findOrCreateRemoteServer(RJVMFinder.java:222)
at weblogic.rjvm.RJVMFinder.findOrCreate(RJVMFinder.java:188)
at weblogic.rjvm.ServerURL.findOrCreateRJVM(ServerURL.java:125)
at
weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialCon
textFactoryDelegate.java:296)
at
weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialCon
textFactoryDelegate.java:239)
at
weblogic.jndi.WLInitialContextFactory.getInitialContext(WLInitialContextFact
ory.java:135)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:662)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:243)
at javax.naming.InitialContext.init(InitialContext.java:219)
at javax.naming.InitialContext.<init>(InitialContext.java:195)
at ros.services.jms.RISJMSConnection.<init>(RISJMSConnection.java:42)
at ros.services.jms.JMSFactory.getRISJMSMessage(JMSFactory.java:70)
at ros.services.jms.TestJMS.connect(TestJMS.java:15)
at ros.utils.LogStartup.startup(LogStartup.java:98)
at ros.utils.LogStartup.main(LogStartup.java:119)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39
)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl
.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at
weblogic.j2ee.AppLifecycleListenerInternal.invokeMain(AppLifecycleListenerIn
ternal.java:61)
at
weblogic.j2ee.AppLifecycleListenerInternal.preStart(AppLifecycleListenerInte
rnal.java:34)
at
weblogic.j2ee.ListenerInvocationAction.run(ListenerInvocationAction.java:50)
at
weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubjec
t.java:317)
at
weblogic.security.service.SecurityManager.runAs(SecurityManager.java:118)
at
weblogic.j2ee.J2EEApplicationContainer.notifySecureListener(J2EEApplicationC
ontainer.java:4721)
at
weblogic.j2ee.J2EEApplicationContainer.notify(J2EEApplicationContainer.java:
4683)
at
weblogic.j2ee.J2EEApplicationContainer.prepare(J2EEApplicationContainer.java
:985)
at
weblogic.j2ee.J2EEApplicationContainer.prepare(J2EEApplicationContainer.java
:822)
at
weblogic.management.deploy.slave.SlaveDeployer$Application.prepare(SlaveDepl
oyer.java:3057)
at
weblogic.management.deploy.slave.SlaveDeployer.prepareAllApplications(SlaveD
eployer.java:895)
at
weblogic.management.deploy.slave.SlaveDeployer.resume(SlaveDeployer.java:363
)
at
weblogic.management.deploy.DeploymentManagerServerLifeCycleImpl.resume(Deplo
ymentManagerServerLifeCycleImpl.java:229)
at weblogic.t3.srvr.SubsystemManager.resume(SubsystemManager.java:131)
at weblogic.t3.srvr.T3Srvr.resume(T3Srvr.java:964)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:359)
at weblogic.Server.main(Server.java:32)
"Paul Gibson" <paul....@accenture.com> wrote in message
news:4072...@newsgroups.bea.com...
Paul Gibson
this seemed to be causing problems. Once I disabled them the handshake
could be completed successfully.
Now I'm planning to enable 2-way SSL. Expect more postings!!!
Thanks for your help.
Paul
"Pavel" <Pav...@no.spam> wrote in message
news:4072...@newsgroups.bea.com...
>