Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Weblogic 8.1 SSL Client Communication Problem

343 views
Skip to first unread message

Jacky Chau

unread,
Oct 27, 2004, 8:24:49 PM10/27/04
to
I've written the simple java program which used to communicate to the weblogic 8.1 server, there are no problem for me to communicate to the weblogic 8.1 server via the non-ssl communication (e.g. t3://localhost:7001), but when I try to communicate to the weblogic 8.1 via the SSL (Either One-Way, or Two-Way), I'm always getting following problem:

***********************************************************
<2004/10/28 上午10時19分18秒 EST> <Debug> <TLS> <000000> <SSLTrustValidator returns: 0>

<2004/10/28 上午10時19分18秒 EST> <Debug> <TLS> <000000> <Trust status (0): NONE>

<2004/10/28 上午10時19分18秒 EST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>

<2004/10/28 上午10時19分18秒 EST> <Debug> <TLS> <000000> <isMuxerActivated: false>

<2004/10/28 上午10時19分18秒 EST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>

<2004/10/28 上午10時19分18秒 EST> <Debug> <TLS> <000000> <10038190 readRecord()>

<2004/10/28 上午10時19分18秒 EST> <Debug> <TLS> <000000> <10038190 SSL3/TLS MAC>

<2004/10/28 上午10時19分18秒 EST> <Debug> <TLS> <000000> <10038190 received HANDSHAKE>

<2004/10/28 上午10時19分18秒 EST> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: ServerHelloDone>

<2004/10/28 上午10時19分19秒 EST> <Debug> <TLS> <000000> <write HANDSHAKE offset = 0 length = 70>

<2004/10/28 上午10時19分19秒 EST> <Debug> <TLS> <000000> <write CHANGE_CIPHER_SPEC offset = 0 length = 1>

<2004/10/28 上午10時19分19秒 EST> <Debug> <TLS> <000000> <write HANDSHAKE offset = 0 length = 16>

<2004/10/28 上午10時19分19秒 EST> <Debug> <TLS> <000000> <Exception during handshake, stack trace follows

java.lang.IllegalStateException: Cipher not initialized

at javax.crypto.Cipher.update(DashoA6275)

at com.certicom.tls.provider.Cipher.update(Unknown Source)

at com.certicom.tls.record.WriteHandler.compressEncryptSend(Unknown Source)

at com.certicom.tls.record.WriteHandler.compressEncryptSend(Unknown Source)

at com.certicom.tls.record.MessageFragmentor.write(Unknown Source)

at com.certicom.tls.record.WriteHandler.write(Unknown Source)

at com.certicom.tls.record.handshake.HandshakeHandler.write(Unknown Source)

at com.certicom.tls.record.handshake.ClientStateReceivedCertificate.handle(Unknown Source)

at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)

at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)

at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)

at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)

at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)

at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)

at com.certicom.tls.record.WriteHandler.write(Unknown Source)

at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:66)

at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:124)

at java.io.DataOutputStream.flush(DataOutputStream.java:101)

at weblogic.rjvm.t3.T3JVMConnection.connect(T3JVMConnection.java:453)

at weblogic.rjvm.t3.T3SJVMConnection.createConnection(T3SJVMConnection.java:78)

at weblogic.rjvm.ConnectionManager.createConnection(ConnectionManager.java:1769)

at weblogic.rjvm.ConnectionManager.findOrCreateConnection(ConnectionManager.java:1293)

at weblogic.rjvm.ConnectionManager.bootstrap(ConnectionManager.java:430)

at weblogic.rjvm.ConnectionManager.bootstrap(ConnectionManager.java:312)

at weblogic.rjvm.RJVMManager.findOrCreateRemoteInternal(RJVMManager.java:223)

at weblogic.rjvm.RJVMManager.findOrCreate(RJVMManager.java:181)

at weblogic.rjvm.RJVMFinder.findOrCreateRemoteServer(RJVMFinder.java:222)

at weblogic.rjvm.RJVMFinder.findOrCreate(RJVMFinder.java:188)

at weblogic.rjvm.ServerURL.findOrCreateRJVM(ServerURL.java:125)

at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:296)

at weblogic.jndi.Environment.getContext(Environment.java:166)

at weblogic.jndi.Environment.getInitialContext(Environment.java:145)

at com.proxima.centauri.connection.impl.weblogic.weblogicConnectionTest.connectToWeblogic(weblogicConnectionTest.java:66)

at com.proxima.centauri.connection.impl.weblogic.weblogicConnectionTest.main(weblogicConnectionTest.java:199)

>

<2004/10/28 上午10時19分19秒 EST> <Debug> <TLS> <000000> <NEW ALERT: com.certicom.tls.record.alert.Alert@995a79 Severity: 2 Type: 40

java.lang.Throwable: Stack trace

at weblogic.security.utils.SSLSetup.debug(SSLSetup.java:265)

at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)

at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)

at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)

at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)

at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)

at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)

at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)

at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)

at com.certicom.tls.record.WriteHandler.write(Unknown Source)

at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:66)

at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:124)

at java.io.DataOutputStream.flush(DataOutputStream.java:101)

at weblogic.rjvm.t3.T3JVMConnection.connect(T3JVMConnection.java:453)

at weblogic.rjvm.t3.T3SJVMConnection.createConnection(T3SJVMConnection.java:78)

at weblogic.rjvm.ConnectionManager.createConnection(ConnectionManager.java:1769)

at weblogic.rjvm.ConnectionManager.findOrCreateConnection(ConnectionManager.java:1293)

at weblogic.rjvm.ConnectionManager.bootstrap(ConnectionManager.java:430)

at weblogic.rjvm.ConnectionManager.bootstrap(ConnectionManager.java:312)

at weblogic.rjvm.RJVMManager.findOrCreateRemoteInternal(RJVMManager.java:223)

at weblogic.rjvm.RJVMManager.findOrCreate(RJVMManager.java:181)

at weblogic.rjvm.RJVMFinder.findOrCreateRemoteServer(RJVMFinder.java:222)

at weblogic.rjvm.RJVMFinder.findOrCreate(RJVMFinder.java:188)

at weblogic.rjvm.ServerURL.findOrCreateRJVM(ServerURL.java:125)

at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:296)

at weblogic.jndi.Environment.getContext(Environment.java:166)

at weblogic.jndi.Environment.getInitialContext(Environment.java:145)

at com.proxima.centauri.connection.impl.weblogic.weblogicConnectionTest.connectToWeblogic(weblogicConnectionTest.java:66)

at com.proxima.centauri.connection.impl.weblogic.weblogicConnectionTest.main(weblogicConnectionTest.java:199)

>

<2004/10/28 上午10時19分19秒 EST> <Debug> <TLS> <000000> <write ALERT offset = 0 length = 2>
***********************************************************

I was running the client with the same JRE as the Weblogic 8.1 server, But If I run this client program with the 1.4.1 JRE, then there will be no problem for communicate to the Weblogic 8.1 server. But I really need to use the JRE 1.4.2_05 for the client program to communicate to the Weblogic 8.1 server.

Is there are anyone which come across the same problem, and have a solution for this?

psmelkov

unread,
Oct 29, 2004, 5:59:26 PM10/29/04
to
Does this work with the demo keys?
Try commenting out com.sun.crypto.provider.SunJCE from java.security file. See if this helps.

Pavel.

Jacky Chau

unread,
Oct 31, 2004, 6:22:25 PM10/31/04
to
Thanks for your suggestion! But I've already try with the demo keys, and certificates provided by the weblogic, It does not work for me at all, except the web browser.

By the way, I also tried to comment out 'com.sun.crypto.provider.SunJCE' from the java.security file. But it does not help too.

The following shows the result after the 'SunJCE' have be comment out from the java.security file:

JDK Protocol Handlers and Security Providers:
java.protocol.handler.pkgs - weblogic.net
provider[0] - SUN - SUN (DSA key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom; X.509 certificates; JKS keystore; PKIX CertPathValidator; PKIX CertPathBuilder; LDAP, Collection CertStores)
provider[1] - Certicom_SSL - Certicom SSL Provider: For X509 Implementation, X.509 - X509Certificate
provider[2] - SunRsaSign - SUN's provider for RSA signatures
provider[3] - SunJGSS - Sun (Kerberos v5)

Trying a new HTTP connection using WLS client classes -
http://adams.proxima-tech.com.au:7001/console
200 -- OK
weblogic.net.http.HttpURLConnection$1
Trying a new HTTPS connection using WLS client classes -
https://adams.proxima-tech.com.au:7002/console
<2004&#24180;11&#26376;1&#26085; &#19978;&#21320;10&#26178;21&#20998;01&#31186; EST> <Debug> <TLS> <000000> <No JCE support for algorithm ECDSA, class java.security.Signature>
<2004&#24180;11&#26376;1&#26085; &#19978;&#21320;10&#26178;21&#20998;01&#31186; EST> <Debug> <TLS> <000000> <JCE support for algorithm SHA1withDSA, class sun.security.provider.DSA using provider SUN version 1.42>
<2004&#24180;11&#26376;1&#26085; &#19978;&#21320;10&#26178;21&#20998;01&#31186; EST> <Debug> <TLS> <000000> <JCE support for algorithm MD5withRSA, class java.security.Signature$Delegate using provider SunRsaSign version 1.42>
<2004&#24180;11&#26376;1&#26085; &#19978;&#21320;10&#26178;21&#20998;01&#31186; EST> <Debug> <TLS> <000000> <JCE support for algorithm SHA1withRSA, class java.security.Signature$Delegate using provider SunRsaSign version 1.42>
<2004&#24180;11&#26376;1&#26085; &#19978;&#21320;10&#26178;21&#20998;01&#31186; EST> <Debug> <TLS> <000000> <JCE support for algorithm MD2withRSA, class java.security.Signature$Delegate using provider SunRsaSign version 1.42>
<2004&#24180;11&#26376;1&#26085; &#19978;&#21320;10&#26178;21&#20998;01&#31186; EST> <Debug> <TLS> <000000> <JCE support for algorithm SHA, class java.security.MessageDigest$Delegate using provider SUN version 1.42>
<2004&#24180;11&#26376;1&#26085; &#19978;&#21320;10&#26178;21&#20998;01&#31186; EST> <Debug> <TLS> <000000> <JCE support for algorithm MD5, class java.security.MessageDigest$Delegate using provider SUN version 1.42>
<2004&#24180;11&#26376;1&#26085; &#19978;&#21320;10&#26178;21&#20998;02&#31186; EST> <Debug> <TLS> <000000> <No JCE support for algorithm NullMac, class javax.crypto.Mac>
<2004&#24180;11&#26376;1&#26085; &#19978;&#21320;10&#26178;21&#20998;02&#31186; EST> <Debug> <TLS> <000000> <No JCE support for algorithm HmacSHA1, class javax.crypto.Mac>
<2004&#24180;11&#26376;1&#26085; &#19978;&#21320;10&#26178;21&#20998;02&#31186; EST> <Debug> <TLS> <000000> <No JCE support for algorithm HmacMD5, class javax.crypto.Mac>
<2004&#24180;11&#26376;1&#26085; &#19978;&#21320;10&#26178;21&#20998;02&#31186; EST> <Debug> <TLS> <000000> <No JCE support for algorithm DES/CBC/NoPadding, class javax.crypto.Cipher>
<2004&#24180;11&#26376;1&#26085; &#19978;&#21320;10&#26178;21&#20998;02&#31186; EST> <Debug> <TLS> <000000> <No JCE support for algorithm DESede/CBC/NoPadding, class javax.crypto.Cipher>
<2004&#24180;11&#26376;1&#26085; &#19978;&#21320;10&#26178;21&#20998;02&#31186; EST> <Debug> <TLS> <000000> <No JCE support for algorithm DESede/ECB/NoPadding, class javax.crypto.Cipher>
<2004&#24180;11&#26376;1&#26085; &#19978;&#21320;10&#26178;21&#20998;02&#31186; EST> <Debug> <TLS> <000000> <No JCE support for algorithm RC4, class javax.crypto.Cipher>
<2004&#24180;11&#26376;1&#26085; &#19978;&#21320;10&#26178;21&#20998;02&#31186; EST> <Debug> <TLS> <000000> <No JCE support for algorithm RSA/ECB/PKCS1Padding, class javax.crypto.Cipher>
<2004&#24180;11&#26376;1&#26085; &#19978;&#21320;10&#26178;21&#20998;02&#31186; EST> <Debug> <TLS> <000000> <No JCE support for algorithm RSA/ECB/NoPadding, class javax.crypto.Cipher>
<2004&#24180;11&#26376;1&#26085; &#19978;&#21320;10&#26178;21&#20998;02&#31186; EST> <Debug> <TLS> <000000> <No JCE support for algorithm Anonymous, class javax.crypto.KeyAgreement>
<2004&#24180;11&#26376;1&#26085; &#19978;&#21320;10&#26178;21&#20998;02&#31186; EST> <Debug> <TLS> <000000> <No JCE support for algorithm ECDH, class javax.crypto.KeyAgreement>
<2004&#24180;11&#26376;1&#26085; &#19978;&#21320;10&#26178;21&#20998;02&#31186; EST> <Debug> <TLS> <000000> <No JCE support for algorithm DiffieHellman, class javax.crypto.KeyAgreement>
<2004&#24180;11&#26376;1&#26085; &#19978;&#21320;10&#26178;21&#20998;02&#31186; EST> <Debug> <TLS> <000000> <No JCE support for algorithm RSA, class javax.crypto.KeyAgreement>
<2004&#24180;11&#26376;1&#26085; &#19978;&#21320;10&#26178;21&#20998;02&#31186; EST> <Debug> <TLS> <000000> <ECDSA | java.security.Signature | USEHARDWIRED>
<2004&#24180;11&#26376;1&#26085; &#19978;&#21320;10&#26178;21&#20998;02&#31186; EST> <Debug> <TLS> <000000> <SHA1withDSA | java.security.Signature | USEJCE | SUN version 1.42>
<2004&#24180;11&#26376;1&#26085; &#19978;&#21320;10&#26178;21&#20998;02&#31186; EST> <Debug> <TLS> <000000> <MD5withRSA | java.security.Signature | USEJCE | SunRsaSign version 1.42>
<2004&#24180;11&#26376;1&#26085; &#19978;&#21320;10&#26178;21&#20998;02&#31186; EST> <Debug> <TLS> <000000> <SHA1withRSA | java.security.Signature | USEJCE | SunRsaSign version 1.42>
<2004&#24180;11&#26376;1&#26085; &#19978;&#21320;10&#26178;21&#20998;02&#31186; EST> <Debug> <TLS> <000000> <MD2withRSA | java.security.Signature | USEJCE | SunRsaSign version 1.42>
<2004&#24180;11&#26376;1&#26085; &#19978;&#21320;10&#26178;21&#20998;02&#31186; EST> <Debug> <TLS> <000000> <SHA | java.security.MessageDigest | USEJCE | SUN version 1.42>
<2004&#24180;11&#26376;1&#26085; &#19978;&#21320;10&#26178;21&#20998;02&#31186; EST> <Debug> <TLS> <000000> <MD5 | java.security.MessageDigest | USEJCE | SUN version 1.42>
<2004&#24180;11&#26376;1&#26085; &#19978;&#21320;10&#26178;21&#20998;02&#31186; EST> <Debug> <TLS> <000000> <NullMac | javax.crypto.Mac | USEHARDWIRED>
<2004&#24180;11&#26376;1&#26085; &#19978;&#21320;10&#26178;21&#20998;02&#31186; EST> <Debug> <TLS> <000000> <HmacSHA1 | javax.crypto.Mac | USEHARDWIRED>
<2004&#24180;11&#26376;1&#26085; &#19978;&#21320;10&#26178;21&#20998;02&#31186; EST> <Debug> <TLS> <000000> <HmacMD5 | javax.crypto.Mac | USEHARDWIRED>
<2004&#24180;11&#26376;1&#26085; &#19978;&#21320;10&#26178;21&#20998;02&#31186; EST> <Debug> <TLS> <000000> <DES/CBC/NoPadding | javax.crypto.Cipher | USEHARDWIRED>
<2004&#24180;11&#26376;1&#26085; &#19978;&#21320;10&#26178;21&#20998;02&#31186; EST> <Debug> <TLS> <000000> <DESede/CBC/NoPadding | javax.crypto.Cipher | USEHARDWIRED>
<2004&#24180;11&#26376;1&#26085; &#19978;&#21320;10&#26178;21&#20998;02&#31186; EST> <Debug> <TLS> <000000> <DESede/ECB/NoPadding | javax.crypto.Cipher | USEHARDWIRED>
<2004&#24180;11&#26376;1&#26085; &#19978;&#21320;10&#26178;21&#20998;02&#31186; EST> <Debug> <TLS> <000000> <RC4 | javax.crypto.Cipher | USEHARDWIRED>
<2004&#24180;11&#26376;1&#26085; &#19978;&#21320;10&#26178;21&#20998;02&#31186; EST> <Debug> <TLS> <000000> <RSA/ECB/PKCS1Padding | javax.crypto.Cipher | USEHARDWIRED>
<2004&#24180;11&#26376;1&#26085; &#19978;&#21320;10&#26178;21&#20998;02&#31186; EST> <Debug> <TLS> <000000> <RSA/ECB/NoPadding | javax.crypto.Cipher | USEHARDWIRED>
<2004&#24180;11&#26376;1&#26085; &#19978;&#21320;10&#26178;21&#20998;02&#31186; EST> <Debug> <TLS> <000000> <Anonymous | javax.crypto.KeyAgreement | USEHARDWIRED>
<2004&#24180;11&#26376;1&#26085; &#19978;&#21320;10&#26178;21&#20998;02&#31186; EST> <Debug> <TLS> <000000> <ECDH | javax.crypto.KeyAgreement | USEHARDWIRED>
<2004&#24180;11&#26376;1&#26085; &#19978;&#21320;10&#26178;21&#20998;02&#31186; EST> <Debug> <TLS> <000000> <DiffieHellman | javax.crypto.KeyAgreement | USEHARDWIRED>
<2004&#24180;11&#26376;1&#26085; &#19978;&#21320;10&#26178;21&#20998;02&#31186; EST> <Debug> <TLS> <000000> <RSA | javax.crypto.KeyAgreement | USEHARDWIRED>
<2004&#24180;11&#26376;1&#26085; &#19978;&#21320;10&#26178;21&#20998;02&#31186; EST> <Debug> <TLS> <000000> <JCE used for some SSL = false>
<2004&#24180;11&#26376;1&#26085; &#19978;&#21320;10&#26178;21&#20998;02&#31186; EST> <Debug> <TLS> <000000> <jsafeJCE used for some SSL = false>
<2004&#24180;11&#26376;1&#26085; &#19978;&#21320;10&#26178;21&#20998;02&#31186; EST> <Debug> <TLS> <000000> < provider[0] - SUN>
<2004&#24180;11&#26376;1&#26085; &#19978;&#21320;10&#26178;21&#20998;02&#31186; EST> <Debug> <TLS> <000000> < SUN (DSA key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom; X.509 certificates; JKS keystore; PKIX CertPathValidator; PKIX CertPathBuilder; LDAP, Collection CertStores)>
<2004&#24180;11&#26376;1&#26085; &#19978;&#21320;10&#26178;21&#20998;02&#31186; EST> <Debug> <TLS> <000000> < provider[1] - Certicom_SSL>
<2004&#24180;11&#26376;1&#26085; &#19978;&#21320;10&#26178;21&#20998;02&#31186; EST> <Debug> <TLS> <000000> < Certicom SSL Provider: For X509 Implementation, X.509 - X509Certificate>
<2004&#24180;11&#26376;1&#26085; &#19978;&#21320;10&#26178;21&#20998;02&#31186; EST> <Debug> <TLS> <000000> < provider[2] - SunRsaSign>
<2004&#24180;11&#26376;1&#26085; &#19978;&#21320;10&#26178;21&#20998;02&#31186; EST> <Debug> <TLS> <000000> < SUN's provider for RSA signatures>
<2004&#24180;11&#26376;1&#26085; &#19978;&#21320;10&#26178;21&#20998;02&#31186; EST> <Debug> <TLS> <000000> < provider[3] - SunJGSS>
<2004&#24180;11&#26376;1&#26085; &#19978;&#21320;10&#26178;21&#20998;02&#31186; EST> <Debug> <TLS> <000000> < Sun (Kerberos v5)>
<2004&#24180;11&#26376;1&#26085; &#19978;&#21320;10&#26178;21&#20998;02&#31186; EST> <Debug> <TLS> <000000> <Crypto to use for RSA is USEHARDWIRED>
<2004&#24180;11&#26376;1&#26085; &#19978;&#21320;10&#26178;21&#20998;02&#31186; EST> <Debug> <TLS> <000000> <usingJCE = false>
<2004&#24180;11&#26376;1&#26085; &#19978;&#21320;10&#26178;21&#20998;02&#31186; EST> <Debug> <TLS> <000000> <usingJsafeJCE = false>
<2004&#24180;11&#26376;1&#26085; &#19978;&#21320;10&#26178;21&#20998;03&#31186; EST> <Debug> <TLS> <000000> <SSL/Domestic license found>
<2004&#24180;11&#26376;1&#26085; &#19978;&#21320;10&#26178;21&#20998;03&#31186; EST> <Debug> <TLS> <000000> <Not in server, Certicom SSL license found>
<2004&#24180;11&#26376;1&#26085; &#19978;&#21320;10&#26178;21&#20998;03&#31186; EST> <Debug> <TLS> <000000> <SSL Session TTL :90000>
Not enough cryptography available to enable a cipher suite!
java.lang.IllegalStateException: Not enough cryptography available to enable a cipher suite!
at com.certicom.tls.interfaceimpl.TLSSystem.resetCipherSuiteSupport(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSSystem.setCertificateSupport(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSSystem.<init>(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSSystem.<init>(Unknown Source)
at com.certicom.net.ssl.SSLContext.<init>(Unknown Source)
at com.certicom.net.ssl.CerticomContextWrapper.<init>(Unknown Source)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:274)
at java.lang.Class.newInstance0(Class.java:308)
at java.lang.Class.newInstance(Class.java:261)
at weblogic.security.utils.SSLContextWrapper.getInstance(SSLContextWrapper.java:25)
at weblogic.security.utils.SSLSetup.getSSLContext(SSLSetup.java:537)
at weblogic.security.SSL.SSLSocketFactory.<init>(SSLSocketFactory.java:71)
at weblogic.security.SSL.SSLSocketFactory.getJSSE(SSLSocketFactory.java:101)
at weblogic.net.http.HttpClient.New(HttpClient.java:209)
at weblogic.net.http.HttpsURLConnection.getHttpClient(HttpsURLConnection.java:246)
at weblogic.net.http.HttpsURLConnection.connect(HttpsURLConnection.java:217)
at com.proxima.centauri.connection.impl.weblogic.SSLClient.tryConnection(SSLClient.java:76)
at com.proxima.centauri.connection.impl.weblogic.SSLClient.wlsURLConnect(SSLClient.java:213)
at com.proxima.centauri.connection.impl.weblogic.SSLClient.main(SSLClient.java:34)
----

psmelkov

unread,
Oct 31, 2004, 9:39:12 PM10/31/04
to
From the log it appears you have Certicom provider installed. WLS is using Certicom SSLPlus for SSL so if you have Certicom classes in the classpath, they might conflict with the classes that come with WebLogic.
Try running only with the JDK default providers, and make sure you are not replacing WebLogic classes with classes in the JRE extension folder. See what providers you have installed on 141.
I've tried running an SSL test on 142_05 with the demo certs, and did not see any problems.

Pavel.

Denis Baudin

unread,
Nov 2, 2004, 5:32:37 PM11/2/04
to
Hello.

I've run into the same sort of issue. My configuration might be a bit different. I am trying to establish an SSL over IIOP connection between a jboss and weblogic server. Jboss is trying to establish an SSL connection as a client to the weblogic server using the java.naming.provider.url iiops://localhost:7002 and java.naming.factory.initial=weblogic.jndi.WLInitialContextFactory.

Here are the SSL logs and the top of the traceback from the jboss side:

16:57:16,543 INFO [STDOUT] <Nov 2, 2004 4:57:16 PM EST> <Debug> <TLS> <000000> <SSL Session TTL :90000>
16:57:16,778 INFO [STDOUT] <Nov 2, 2004 4:57:16 PM EST> <Debug> <TLS> <000000> <SSL Session TTL :90000>
16:57:16,793 INFO [STDOUT] <Nov 2, 2004 4:57:16 PM EST> <Debug> <TLS> <000000> <Weblogic license allows domestic>
16:57:17,246 INFO [STDOUT] <Nov 2, 2004 4:57:17 PM EST> <Debug> <TLS> <000000> <clientInfo settings applied>
16:57:17,262 INFO [STDOUT] <Nov 2, 2004 4:57:17 PM EST> <Debug> <TLS> <000000> <Filtering JSSE SSLSocket>
16:57:17,309 INFO [STDOUT] <Nov 2, 2004 4:57:17 PM EST> <Debug> <TLS> <000000> <SSLIOContextTable.addContext(ctx): 17972319>
16:57:17,309 INFO [STDOUT] <Nov 2, 2004 4:57:17 PM EST> <Debug> <TLS> <000000> <SSLSocket will NOT be Muxing>
16:57:17,309 INFO [STDOUT] <Nov 2, 2004 4:57:17 PM EST> <Debug> <TLS> <000000> <SSLIOContextTable.findContext(is): 3784466>
16:57:17,309 INFO [STDOUT] <Nov 2, 2004 4:57:17 PM EST> <Debug> <TLS> <000000> <SSLIOContextTable.findContext(sock): 19875128>
16:57:17,309 INFO [STDOUT] <Nov 2, 2004 4:57:17 PM EST> <Debug> <TLS> <000000> <SSL Session TTL :90000>
16:57:17,324 INFO [STDOUT] <Nov 2, 2004 4:57:17 PM EST> <Debug> <TLS> <000000> <SSL Session TTL :90000>
16:57:17,340 INFO [STDOUT] <Nov 2, 2004 4:57:17 PM EST> <Debug> <TLS> <000000> <Weblogic license allows domestic>
16:57:17,887 INFO [STDOUT] <Nov 2, 2004 4:57:17 PM EST> <Debug> <TLS> <000000> <write SSL_20_RECORD>
16:57:17,902 INFO [STDOUT] <Nov 2, 2004 4:57:17 PM EST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
16:57:17,902 INFO [STDOUT] <Nov 2, 2004 4:57:17 PM EST> <Debug> <TLS> <000000> <isMuxerActivated: false>
16:57:17,902 INFO [STDOUT] <Nov 2, 2004 4:57:17 PM EST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
16:57:17,902 INFO [STDOUT] <Nov 2, 2004 4:57:17 PM EST> <Debug> <TLS> <000000> <58130 readRecord()>
16:57:17,902 INFO [STDOUT] <Nov 2, 2004 4:57:17 PM EST> <Debug> <TLS> <000000> <58130 SSL3/TLS MAC>
16:57:17,902 INFO [STDOUT] <Nov 2, 2004 4:57:17 PM EST> <Debug> <TLS> <000000> <58130 received HANDSHAKE>
16:57:17,902 INFO [STDOUT] <Nov 2, 2004 4:57:17 PM EST> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: ServerHello>
16:57:17,902 INFO [STDOUT] <Nov 2, 2004 4:57:17 PM EST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
16:57:17,902 INFO [STDOUT] <Nov 2, 2004 4:57:17 PM EST> <Debug> <TLS> <000000> <isMuxerActivated: false>
16:57:17,902 INFO [STDOUT] <Nov 2, 2004 4:57:17 PM EST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
16:57:17,902 INFO [STDOUT] <Nov 2, 2004 4:57:17 PM EST> <Debug> <TLS> <000000> <58130 readRecord()>
16:57:17,902 INFO [STDOUT] <Nov 2, 2004 4:57:17 PM EST> <Debug> <TLS> <000000> <58130 SSL3/TLS MAC>
16:57:17,902 INFO [STDOUT] <Nov 2, 2004 4:57:17 PM EST> <Debug> <TLS> <000000> <58130 received HANDSHAKE>
16:57:17,902 INFO [STDOUT] <Nov 2, 2004 4:57:17 PM EST> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: Certificate>
16:57:17,918 INFO [STDOUT] <Nov 2, 2004 4:57:17 PM EST> <Debug> <TLS> <000000> <Performing hostname validation checks: localhost>
16:57:17,918 INFO [STDOUT] <Nov 2, 2004 4:57:17 PM EST> <Debug> <TLS> <000000> <Converting principal: CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US>
16:57:17,918 INFO [STDOUT] <Nov 2, 2004 4:57:17 PM EST> <Debug> <TLS> <000000> <Converting principal: OU=Class 4 Public Primary Certification Authority, O="VeriSign, Inc.", C=US>
16:57:17,918 INFO [STDOUT] <Nov 2, 2004 4:57:17 PM EST> <Debug> <TLS> <000000> <Converting principal: CN=Entrust.net Client Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/GCCA_CPS incorp. by ref. (limits liab.), O=Entrust.net>
16:57:17,918 INFO [STDOUT] <Nov 2, 2004 4:57:17 PM EST> <Debug> <TLS> <000000> <Converting principal: CN=nakina-132, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US>
16:57:17,918 INFO [STDOUT] <Nov 2, 2004 4:57:17 PM EST> <Debug> <TLS> <000000> <Converting principal: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US>
16:57:17,918 INFO [STDOUT] <Nov 2, 2004 4:57:17 PM EST> <Debug> <TLS> <000000> <Converting principal: CN=Entrust.net Secure Server Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/SSL_CPS incorp. by ref. (limits liab.), O=Entrust.net>
16:57:17,918 INFO [STDOUT] <Nov 2, 2004 4:57:17 PM EST> <Debug> <TLS> <000000> <Converting principal: OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US>
16:57:17,918 INFO [STDOUT] <Nov 2, 2004 4:57:17 PM EST> <Debug> <TLS> <000000> <Converting principal: EMAILADDRESS=persona...@thawte.com, CN=Thawte Personal Basic CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA>
16:57:17,918 INFO [STDOUT] <Nov 2, 2004 4:57:17 PM EST> <Debug> <TLS> <000000> <Converting principal: CN=Entrust.net Secure Server Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), O=Entrust.net, C=US>
16:57:17,918 INFO [STDOUT] <Nov 2, 2004 4:57:17 PM EST> <Debug> <TLS> <000000> <Converting principal: EMAILADDRESS=personal...@thawte.com, CN=Thawte Personal Freemail CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA>
16:57:17,918 INFO [STDOUT] <Nov 2, 2004 4:57:17 PM EST> <Debug> <TLS> <000000> <Converting principal: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US>
16:57:17,918 INFO [STDOUT] <Nov 2, 2004 4:57:17 PM EST> <Debug> <TLS> <000000> <Converting principal: CN=GTE CyberTrust Root, O=GTE Corporation, C=US>
16:57:17,918 INFO [STDOUT] <Nov 2, 2004 4:57:17 PM EST> <Debug> <TLS> <000000> <Converting principal: EMAILADDRESS=server...@thawte.com, CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA>
16:57:17,918 INFO [STDOUT] <Nov 2, 2004 4:57:17 PM EST> <Debug> <TLS> <000000> <Converting principal: EMAILADDRESS=personal...@thawte.com, CN=Thawte Personal Premium CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA>
16:57:17,918 INFO [STDOUT] <Nov 2, 2004 4:57:17 PM EST> <Debug> <TLS> <000000> <Converting principal: OU=Equifax Secure Certificate Authority, O=Equifax, C=US>
16:57:17,918 INFO [STDOUT] <Nov 2, 2004 4:57:17 PM EST> <Debug> <TLS> <000000> <Converting principal: EMAILADDRESS=premium...@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA>
16:57:18,106 INFO [STDOUT] <Nov 2, 2004 4:57:18 PM EST> <Debug> <TLS> <000000> <Converting principal: CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net>
16:57:18,106 INFO [STDOUT] <Nov 2, 2004 4:57:18 PM EST> <Debug> <TLS> <000000> <Converting principal: OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US>
16:57:18,106 INFO [STDOUT] <Nov 2, 2004 4:57:18 PM EST> <Debug> <TLS> <000000> <Converting principal: CN=Entrust.net Client Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/Client_CA_Info/CPS incorp. by ref. limits liab., O=Entrust.net, C=US>
16:57:18,106 INFO [STDOUT] <Nov 2, 2004 4:57:18 PM EST> <Debug> <TLS> <000000> <Converting principal: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE>
16:57:18,106 INFO [STDOUT] <Nov 2, 2004 4:57:18 PM EST> <Debug> <TLS> <000000> <Converting principal: CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US>
16:57:18,106 INFO [STDOUT] <Nov 2, 2004 4:57:18 PM EST> <Debug> <TLS> <000000> <Converting principal: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US>
16:57:18,199 INFO [STDOUT] <Nov 2, 2004 4:57:18 PM EST> <Debug> <TLS> <000000> <Converting principal: CN=GTE CyberTrust Root 5, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US>
16:57:18,199 INFO [STDOUT] <Nov 2, 2004 4:57:18 PM EST> <Debug> <TLS> <000000> <Converting principal: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US>
16:57:18,199 INFO [STDOUT] <Nov 2, 2004 4:57:18 PM EST> <Debug> <TLS> <000000> <Converting principal: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust, O=Baltimore, C=IE>
16:57:18,199 INFO [STDOUT] <Nov 2, 2004 4:57:18 PM EST> <Debug> <TLS> <000000> <Converting principal: OU=Equifax Secure eBusiness CA-2, O=Equifax Secure, C=US>
16:57:18,199 INFO [STDOUT] <Nov 2, 2004 4:57:18 PM EST> <Debug> <TLS> <000000> <Converting principal: OU=Class 2 Public Primary Certification Authority, O="VeriSign, Inc.", C=US>
16:57:18,231 INFO [STDOUT] <Nov 2, 2004 4:57:18 PM EST> <Debug> <TLS> <000000> <validationCallback: validateErr = 0>
16:57:18,231 INFO [STDOUT] <Nov 2, 2004 4:57:18 PM EST> <Debug> <TLS> <000000> < cert[0] = [
[
Version: V1
Subject: CN=nakina-132, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4

Key: SunJSSE RSA public key:
public exponent:
010001
modulus:
d7dd280a 98b30710 a2450c60 49e593cb 3cf05a38 007535eb 5e8eb724 c61b1eaf
f3b5439f 8d2300f0 6566dff8 37bb43ac 33386bef 34c58b79 78c9c166 fcdd7d91
101804c6 041f9ab9 7d77d29c 99313838 ff60a452 7d9ec903 702a4328 dd8ffe6f
fcb35479 b8eff7ae d3d32f74 abef1867 7b09c8cd 73b1a323 9d9d3415 372d0455
Validity: [From: Mon Nov 01 15:40:56 EST 2004,
To: Sat Nov 02 15:40:56 EST 2019]
Issuer: CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US
SerialNumber: [ -26aad692 817b0133 e4f3c299 934ebc4a]

]
Algorithm: [MD5withRSA]
Signature:
0000: 02 2F 56 A7 14 0D AE EB BC BA 1B 02 B4 58 E6 16 ./V..........X..
0010: 06 12 35 47 5D FD 61 6C B2 6C 14 43 35 9C 3F 64 ..5G].al.l.C5.?d
0020: 47 83 18 0A CB DF 35 14 2B AF A2 66 28 3D 4E 42 G.....5.+..f(=NB
0030: 30 8C A5 A5 34 AA 86 6B C8 3E 32 8B 5C 64 4E 3F 0...4..k.>2.\dN?

]>
16:57:18,231 INFO [STDOUT] <Nov 2, 2004 4:57:18 PM EST> <Debug> <TLS> <000000> < cert[1] = [
[
Version: V3
Subject: CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4

Key: SunJSSE RSA public key:
public exponent:
010001
modulus:
afa4814a 734e0209 9c2f2b92 d8d442c6 14cb75fd 2493fc39 9a248743 e6d8a1f7
6ce2b8f4 2348fc49 8216cd6f d86cb6b0 e7d654fd 873d8eee 4c423562 58b7b25b
Validity: [From: Thu Oct 24 11:54:45 EDT 2002,
To: Tue Oct 25 11:54:45 EDT 2022]
Issuer: CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US
SerialNumber: [ 234b5559 d1fa0f3f f5c82bdf ed032a87]

Certificate Extensions: 2
[1]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
]

[2]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:1
]

]
Algorithm: [MD5withRSA]
Signature:
0000: 42 38 2B 10 F5 05 AF 1A F0 22 92 30 41 3A 3A D3 B8+......".0A::.
0010: 16 A6 41 34 96 09 B2 FE 7E 99 56 7D D2 95 70 9B ..A4......V...p.
0020: 31 03 8A 1C 3C 75 B2 37 B9 B3 18 CF 9B 1A 5E 42 1...<u.7......^B
0030: 92 CB 7A DC 4A F2 4A F6 76 49 90 7B DB F3 C8 59 ..z.J.J.vI.....Y

]>
16:57:18,231 INFO [STDOUT] <Nov 2, 2004 4:57:18 PM EST> <Debug> <TLS> <000000> <SSLTrustValidator returns: 0>
16:57:18,231 INFO [STDOUT] <Nov 2, 2004 4:57:18 PM EST> <Debug> <TLS> <000000> <Trust status (0): NONE>
16:57:18,231 INFO [STDOUT] <Nov 2, 2004 4:57:18 PM EST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
16:57:18,231 INFO [STDOUT] <Nov 2, 2004 4:57:18 PM EST> <Debug> <TLS> <000000> <isMuxerActivated: false>
16:57:18,231 INFO [STDOUT] <Nov 2, 2004 4:57:18 PM EST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
16:57:18,231 INFO [STDOUT] <Nov 2, 2004 4:57:18 PM EST> <Debug> <TLS> <000000> <58130 readRecord()>
16:57:18,231 INFO [STDOUT] <Nov 2, 2004 4:57:18 PM EST> <Debug> <TLS> <000000> <58130 SSL3/TLS MAC>
16:57:18,231 INFO [STDOUT] <Nov 2, 2004 4:57:18 PM EST> <Debug> <TLS> <000000> <58130 received HANDSHAKE>
16:57:18,231 INFO [STDOUT] <Nov 2, 2004 4:57:18 PM EST> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: ServerHelloDone>
16:57:18,262 INFO [STDOUT] <Nov 2, 2004 4:57:18 PM EST> <Debug> <TLS> <000000> <write HANDSHAKE offset = 0 length = 134>
16:57:18,262 INFO [STDOUT] <Nov 2, 2004 4:57:18 PM EST> <Debug> <TLS> <000000> <write CHANGE_CIPHER_SPEC offset = 0 length = 1>
16:57:18,262 INFO [STDOUT] <Nov 2, 2004 4:57:18 PM EST> <Debug> <TLS> <000000> <write HANDSHAKE offset = 0 length = 16>
16:57:18,262 INFO [STDOUT] <Nov 2, 2004 4:57:18 PM EST> <Debug> <TLS> <000000> <Exception during handshake, stack trace follows


java.lang.IllegalStateException: Cipher not initialized
at javax.crypto.Cipher.update(DashoA6275)
at com.certicom.tls.provider.Cipher.update(Unknown Source)
at com.certicom.tls.record.WriteHandler.compressEncryptSend(Unknown Source)
at com.certicom.tls.record.WriteHandler.compressEncryptSend(Unknown Source)
at com.certicom.tls.record.MessageFragmentor.write(Unknown Source)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.write(Unknown Source)
at com.certicom.tls.record.handshake.ClientStateReceivedCertificate.handle(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)

at com.certicom.net.ssl.CerticomContextWrapper.forceHandshakeOnAcceptedSocket(Unknown Source)
at weblogic.iiop.MuxableSocketIIOPS.register(MuxableSocketIIOPS.java:106)
at weblogic.iiop.MuxableSocketIIOPS.createConnection(MuxableSocketIIOPS.java:88)
at weblogic.iiop.EndPointManager.createEndPoint(EndPointManager.java:381)
at weblogic.iiop.EndPointManager.findOrCreateEndPoint(EndPointManager.java:234)
at weblogic.iiop.EndPointManager.findOrCreateEndPoint(EndPointManager.java:251)
at weblogic.iiop.IORManager.locateNameService(IORManager.java:161)

On the weblogic side everything seems okay until the problem on the client side:

####<Nov 2, 2004 3:47:35 PM EST> <Debug> <TLS> <nakina-132> <NakinaMain> <SSLListenThread.Default> <<WLS Kernel>> <> <000000> <Filtering JSSE SSLSocket>
####<Nov 2, 2004 3:47:35 PM EST> <Debug> <TLS> <nakina-132> <NakinaMain> <SSLListenThread.Default> <<WLS Kernel>> <> <000000> <SSLIOContextTable.addContext(ctx): 24952861>
####<Nov 2, 2004 3:47:35 PM EST> <Debug> <TLS> <nakina-132> <NakinaMain> <SSLListenThread.Default> <<WLS Kernel>> <> <000000> <SSLSocket will be Muxing>
####<Nov 2, 2004 3:47:35 PM EST> <Debug> <TLS> <nakina-132> <NakinaMain> <SSLListenThread.Default> <<WLS Kernel>> <> <000000> <SSLIOContextTable.findContext(is): 19449663>
####<Nov 2, 2004 3:47:35 PM EST> <Debug> <TLS> <nakina-132> <NakinaMain> <ExecuteThread: '14' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <SSLFilter.isActivated: false>
####<Nov 2, 2004 3:47:35 PM EST> <Debug> <TLS> <nakina-132> <NakinaMain> <ExecuteThread: '14' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <isMuxerActivated: false>
####<Nov 2, 2004 3:47:35 PM EST> <Debug> <TLS> <nakina-132> <NakinaMain> <ExecuteThread: '14' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <SSLFilter.isActivated: false>
####<Nov 2, 2004 3:47:35 PM EST> <Debug> <TLS> <nakina-132> <NakinaMain> <ExecuteThread: '14' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <15477362 readRecord()>
####<Nov 2, 2004 3:47:35 PM EST> <Debug> <TLS> <nakina-132> <NakinaMain> <ExecuteThread: '14' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <15477362 SSL Version 2 with no padding>
####<Nov 2, 2004 3:47:35 PM EST> <Debug> <TLS> <nakina-132> <NakinaMain> <ExecuteThread: '14' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <15477362 SSL3/TLS MAC>
####<Nov 2, 2004 3:47:35 PM EST> <Debug> <TLS> <nakina-132> <NakinaMain> <ExecuteThread: '14' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <15477362 received SSL_20_RECORD>
####<Nov 2, 2004 3:47:35 PM EST> <Debug> <TLS> <nakina-132> <NakinaMain> <ExecuteThread: '14' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <HANDSHAKEMESSAGE: ClientHelloV2>
####<Nov 2, 2004 3:47:35 PM EST> <Debug> <TLS> <nakina-132> <NakinaMain> <ExecuteThread: '14' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <write HANDSHAKE offset = 0 length = 58>
####<Nov 2, 2004 3:47:35 PM EST> <Debug> <TLS> <nakina-132> <NakinaMain> <ExecuteThread: '14' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <write HANDSHAKE offset = 0 length = 1116>
####<Nov 2, 2004 3:47:35 PM EST> <Debug> <TLS> <nakina-132> <NakinaMain> <ExecuteThread: '14' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <write HANDSHAKE offset = 0 length = 4>
####<Nov 2, 2004 3:47:35 PM EST> <Debug> <TLS> <nakina-132> <NakinaMain> <ExecuteThread: '14' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <SSLFilter.isActivated: false>
####<Nov 2, 2004 3:47:35 PM EST> <Debug> <TLS> <nakina-132> <NakinaMain> <ExecuteThread: '14' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <isMuxerActivated: false>
####<Nov 2, 2004 3:47:35 PM EST> <Debug> <TLS> <nakina-132> <NakinaMain> <ExecuteThread: '14' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <SSLFilter.isActivated: false>
####<Nov 2, 2004 3:47:37 PM EST> <Debug> <TLS> <nakina-132> <NakinaMain> <ExecuteThread: '13' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <NEW ALERT: com.certicom.tls.record.alert.Alert@159d796 Severity: 1 Type: 0


java.lang.Throwable: Stack trace
at weblogic.security.utils.SSLSetup.debug(SSLSetup.java:265)
at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)

at com.certicom.tls.interfaceimpl.TLSConnectionImpl.closeWriteHandler(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.close(Unknown Source)
at javax.net.ssl.impl.SSLSocketImpl.close(Unknown Source)
at weblogic.t3.srvr.ListenThread.rejectCatastrophe(ListenThread.java:443)
at weblogic.t3.srvr.SSLListenThread$1.execute(SSLListenThread.java:531)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)

Thanks for any help you can provide.

psmelkov

unread,
Nov 2, 2004, 6:38:06 PM11/2/04
to
SSL implementation used by WebLogic trys to pick a JCE Cipher first, and when it cannot find one it defaults to a RSA Cipher that is shipped with WebLogic. Not all providers are garanteed to work with it, and it already ignores those that are known to fail, but it looks like the JCE Cipher it picked in your case failed to initialize with the parameters that SSL impl normaly passes. The workaround in this case is to remove failing provider from the list in java.security file.

Pavel.

0 new messages