Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Security error in Weblogic

2 views
Skip to first unread message

Madhav Inamti

unread,
Oct 28, 2004, 10:12:25 PM10/28/04
to
Configured security with the following message

<Oct 28, 2004 8:00:55 PM PDT> <Debug> <TLS> <000000> <Found private key in keyst

ore>

<Oct 28, 2004 8:00:55 PM PDT> <Debug> <TLS> <000000> <SSLManager.getServerCertif

icate()>

<Oct 28, 2004 8:00:55 PM PDT> <Debug> <TLS> <000000> <Server identity successful

ly loaded>

<Oct 28, 2004 8:00:55 PM PDT> <Debug> <TLS> <000000> <SSLManager.getService(KEYM

ANAGER)>

<Oct 28, 2004 8:00:55 PM PDT> <Debug> <TLS> <000000> <SSLManager, getting truste

d CAs from TrustedCAFile: cacert512.pem>

<Oct 28, 2004 8:00:55 PM PDT> <Debug> <TLS> <000000> <Checking certificate chain

, 1 certs>

<Oct 28, 2004 8:00:55 PM PDT> <Debug> <TLS> <000000> <Cipher suites enabled:>


<Oct 28, 2004 8:00:56 PM PDT> <Notice> <WebLogicServer> <000354> <Thread "SSLLis

tenThread.Default" listening on port 7002>

<Oct 28, 2004 8:00:56 PM PDT> <Notice> <WebLogicServer> <000354> <Thread "Listen

Thread.Default" listening on port 7001>

<Oct 28, 2004 8:00:56 PM PDT> <Notice> <WebLogicServer> <000329> <Started WebLog

ic Admin Server "myserver" for domain "mydomain" running in Production Mode>

<Oct 28, 2004 8:00:57 PM PDT> <Notice> <WebLogicServer> <000365> <Server state c

hanged to RUNNING>

<Oct 28, 2004 8:00:57 PM PDT> <Notice> <WebLogicServer> <000360> <Server started

in RUNNING mode>

https://localhost:7002

gives this error

<Oct 28, 2004 8:02:23 PM PDT> <Debug> <TLS> <000000> <4998018 readRecord()>

<Oct 28, 2004 8:02:23 PM PDT> <Debug> <TLS> <000000> <4998018 received CHANGE_CI

PHER_SPEC>

<Oct 28, 2004 8:02:23 PM PDT> <Debug> <TLS> <000000> <NEW ALERT: com.certicom.tl

s.record.alert.Alert@103ad6 Severity: 1 Type: 0

java.lang.Throwable: Stack trace

at weblogic.security.utils.SSLSetup.debug(SSLSetup.java:241)

at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)

at com.certicom.tls.interfaceimpl.TLSConnectionImpl.closeWriteHandler(Un

known Source)

at com.certicom.tls.interfaceimpl.TLSConnectionImpl.close(Unknown Source

)

at javax.net.ssl.impl.SSLSocketImpl.close(Unknown Source)

at weblogic.t3.srvr.ListenThread.rejectCatastrophe(ListenThread.java:436

)

at weblogic.t3.srvr.SSLListenThread$1.execute(SSLListenThread.java:419)

at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:251)

at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:219)

>

<Oct 28, 2004 8:02:23 PM PDT> <Debug> <TLS> <000000> <NEW ALERT: com.certicom.tl

s.record.alert.Alert@3bdbbd Severity: 2 Type: 70

java.lang.Throwable: Stack trace

at weblogic.security.utils.SSLSetup.debug(SSLSetup.java:241)

at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)

at com.certicom.tls.record.handshake.HandshakeHandler.handleVersion2Hand

shakeMessages(Unknown Source)

at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)

at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)

at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknow

n Source)

at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Un

known Source)

at com.certicom.net.ssl.CerticomContextWrapper.forceHandshakeOnAcceptedS

ocket(Unknown Source)

at weblogic.t3.srvr.SSLListenThread$1.execute(SSLListenThread.java:399)

at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:251)

at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:219)

>

<Oct 28, 2004 8:02:23 PM PDT> <Debug> <TLS> <000000> <write ALERT offset = 0 len

gth = 2>

<Oct 28, 2004 8:02:23 PM PDT> <Debug> <TLS> <000000> <close(): 7195959>

<Oct 28, 2004 8:02:23 PM PDT> <Debug> <TLS> <000000> <SSLIOContextTable.removeCo

ntext(ctx): 3199646>

<Oct 28, 2004 8:02:23 PM PDT> <Error> <kernel> <000802> <ExecuteRequest failed

java.lang.IndexOutOfBoundsException

java.lang.IndexOutOfBoundsException

at java.io.ByteArrayInputStream.read(ByteArrayInputStream.java:164)

at com.certicom.tls.record.Util.readFully(Unknown Source)

at com.certicom.tls.record.Util.readFully(Unknown Source)

at com.certicom.tls.record.Util.readBytesLength24(Unknown Source)

at com.certicom.tls.record.handshake.HandshakeMessage.create(Unknown Sou

rce)

at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMes

sages(Unknown Source)

at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)

at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)

at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknow

n Source)

at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Un

known Source)

at com.certicom.tls.record.ReadHandler.read(Unknown Source)

at com.certicom.tls.interfaceimpl.TLSConnectionImpl.closeWriteHandler(Un

known Source)

at com.certicom.tls.interfaceimpl.TLSConnectionImpl.close(Unknown Source

)

at javax.net.ssl.impl.SSLSocketImpl.close(Unknown Source)

at weblogic.t3.srvr.ListenThread.rejectCatastrophe(ListenThread.java:436

)

at weblogic.t3.srvr.SSLListenThread$1.execute(SSLListenThread.java:419)

at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:251)

at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:219)

psmelkov

unread,
Oct 29, 2004, 4:49:27 PM10/29/04
to
Is there anything unusual with your SSL configuration? Maybe JRE has some non-default JCE providers installed?

Pavel.

Beng Hee Koh

unread,
Dec 13, 2004, 9:30:21 PM12/13/04
to
Hi

I am getting the same errors. I am using weblogic 8.1 sp2 on solaris 9. I am using the SSL cert that comes with the bea installation. The https access will work if I restart the weblogic server. However, after a few hours, the https access will hang and the following error messages appear in the log. Any help will be appreciated. Thanks.

regards
Beng Hee

<Dec 14, 2004 9:26:24 AM SGT> <Error> <Kernel> <BEA-000802> <ExecuteRequest failed
java.lang.IndexOutOfBoundsException.
java.lang.IndexOutOfBoundsException
at java.io.ByteArrayInputStream.read(ByteArrayInputStream.java:159)


at com.certicom.tls.record.Util.readFully(Unknown Source)
at com.certicom.tls.record.Util.readFully(Unknown Source)
at com.certicom.tls.record.Util.readBytesLength24(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeMessage.create(Unknown Source)

at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)


at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
at com.certicom.net.ssl.CerticomContextWrapper.forceHandshakeOnAcceptedSocket(Unknown Source)

at weblogic.t3.srvr.SSLListenThread$1.execute(SSLListenThread.java:514)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)

psmelkov

unread,
Dec 13, 2004, 10:28:19 PM12/13/04
to
The server in this case is trying to read SSL record, and it looks like it is not receiving the complete record. Could it be that the client stopped writing in the middle of an ssl record? Are you saying after some time all the ssl connections are failing like this, even from different clients? Does your server configuration envolve some non-default jce providers?

Pavel.

Beng Hee Koh

unread,
Dec 16, 2004, 4:03:51 AM12/16/04
to
Yes. After a restart, https access from MS internet explorer or mozilla from RedHat will be fine. But after a few hours, the https access will hung.
Fortunately, BEA support has managed to resolve this problem. BEA support said that I am using DES ciphers and ask me to change the SSL entry in my config.xml to Ciphersuites="TLS_RSA_EXPORT_WITH_RC4_40_MD5". I do not have the https hanging issue after that.
Thanks you for your help.
0 new messages