I am seeing SSL handshake problems, interestingly they only appear from a java
client and not from a browser.
I used the WBL examples code (examples.security.sslclient.SSLClient ) compiled
using JDK 1.4 on Solaris box.
Does anyone test this stuff before release or am I just getting synical.
Here is what I see if I use JSEE (as bundled with JDK 1.4)
--------------------- Client side ------------------
> java examples.security.sslclient.SSLClient jsse myhost.domain.com 80 443
/jetspeed
JDK Protocol Handlers and Security Providers:
java.protocol.handler.pkgs - com.sun.net.ssl.internal.www.protocol|null
provider[0] - SUN - SUN (DSA key/parameter generation; DSA signing; SHA-1,
MD5 digests; SecureRandom; X.509 certificates; JKS keystore; PKIX CertPathValidator;
PKIX CertPathBuilder; LDAP, Collection CertStores)
provider[1] - SunJSSE - Sun JSSE provider(implements RSA Signatures, PKCS12,
SunX509 key/trust factories, SSLv3, TLSv1)
provider[2] - SunRsaSign - SUN's provider for RSA signatures
provider[3] - SunJCE - SunJCE Provider (implements DES, Triple DES, Blowfish,
PBE, Diffie-Hellman, HMAC-MD5, HMAC-SHA1)
provider[4] - SunJGSS - Sun (Kerberos v5)
Trying a new HTTP connection using JDK client classes -
http://myhost.domain.com/jetspeed
200 -- OK
sun.net.www.protocol.http.HttpURLConnection$HttpInputStream
Trying a new HTTPS connection using JDK client classes
https://myhost.domain.com/jetspeed
using a com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnectionOldImpl
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
at java.io.OutputStream.write(OutputStream.java:58)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA6275)
at sun.net.www.protocol.https.HttpsClient.afterConnect(DashoA6275)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(DashoA6275)
at com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnectionOldImpl.connect(DashoA6275)
at examples.security.sslclient.SSLClient.tryConnection(SSLClient.java:121)
at examples.security.sslclient.SSLClient.jsseURLConnect(SSLClient.java:187)
at examples.security.sslclient.SSLClient.main(SSLClient.java:70)
Received fatal alert: handshake_failure----
--------------------------
Server side, where I have the turned on DEBUG I see :
----------------------------
<Mar 27, 2003 6:24:20 PM PST> <Debug> <TLS> <000000> <Filtering JSSE SSLSocket>
<Mar 27, 2003 6:24:20 PM PST> <Debug> <TLS> <000000> <SSLIOContextTable.addContext(ctx):
8832552>
<Mar 27, 2003 6:24:20 PM PST> <Debug> <TLS> <000000> <SSLSocket will be Muxing>
<Mar 27, 2003 6:24:20 PM PST> <Debug> <TLS> <000000> <SSLIOContextTable.findContext(is):
3906313>
<Mar 27, 2003 6:24:20 PM PST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<Mar 27, 2003 6:24:20 PM PST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<Mar 27, 2003 6:24:20 PM PST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<Mar 27, 2003 6:24:20 PM PST> <Debug> <TLS> <000000> <2179790 readRecord()>
<Mar 27, 2003 6:24:20 PM PST> <Debug> <TLS> <000000> <2179790 received SSL_20_RECORD>
<Mar 27, 2003 6:24:20 PM PST> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: ClientHelloV2>
<Mar 27, 2003 6:24:20 PM PST> <Debug> <TLS> <000000> <write HANDSHAKE offset =
0 length = 58>
<Mar 27, 2003 6:24:20 PM PST> <Debug> <TLS> <000000> <write HANDSHAKE offset =
0 length = 792>
<Mar 27, 2003 6:24:20 PM PST> <Debug> <TLS> <000000> <write HANDSHAKE offset =
0 length = 4>
<Mar 27, 2003 6:24:20 PM PST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<Mar 27, 2003 6:24:20 PM PST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<Mar 27, 2003 6:24:20 PM PST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<Mar 27, 2003 6:24:21 PM PST> <Debug> <TLS> <000000> <2179790 readRecord()>
<Mar 27, 2003 6:24:21 PM PST> <Debug> <TLS> <000000> <2179790 received HANDSHAKE>
<Mar 27, 2003 6:24:21 PM PST> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: ClientKeyExchange>
<Mar 27, 2003 6:24:21 PM PST> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: ClientKeyExchange
RSA>
<Mar 27, 2003 6:24:21 PM PST> <Debug> <TLS> <000000> <Exception during handshake,
stack trace foll
ows
java.lang.IllegalStateException
at com.certicom.tls.provider.cipher.JSAFE_RSA.doFinal(Unknown Source)
at com.certicom.tls.record.handshake.ServerStateSentHelloDone.handle(Unknown
Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown
Sourc
e)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown
Sour
ce)
at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown
Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown
Source)
at com.certicom.net.ssl.CerticomContextWrapper.forceHandshakeOnAcceptedSocket(Unknown
Sour
ce)
at weblogic.t3.srvr.SSLListenThread$1.execute(SSLListenThread.java:400)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:153)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:134)
------------------
I get similar results whether I am using SSL library of Weblogic or the JSSE
of Java.
[Q] Whats going on ?
I notice this problem being reported back in 2001 with WBL 5 & 2002 with WBL
6.0
Is anyone listening for this, or are we all supporting each other and BEA is
getting paid