Java thick client + SSL + Weblogic 7.0

[Tarang]

I am seeing SSL handshake problems, interestingly they only appear from a java
client and not from a browser.
I used the WBL examples code (examples.security.sslclient.SSLClient ) compiled
using JDK 1.4 on Solaris box.
Does anyone test this stuff before release or am I just getting synical.

Here is what I see if I use JSEE (as bundled with JDK 1.4)

--------------------- Client side ------------------
> java examples.security.sslclient.SSLClient jsse myhost.domain.com 80 443
/jetspeed

JDK Protocol Handlers and Security Providers:
java.protocol.handler.pkgs - com.sun.net.ssl.internal.www.protocol|null
provider[0] - SUN - SUN (DSA key/parameter generation; DSA signing; SHA-1,
MD5 digests; SecureRandom; X.509 certificates; JKS keystore; PKIX CertPathValidator;
PKIX CertPathBuilder; LDAP, Collection CertStores)
provider[1] - SunJSSE - Sun JSSE provider(implements RSA Signatures, PKCS12,
SunX509 key/trust factories, SSLv3, TLSv1)
provider[2] - SunRsaSign - SUN's provider for RSA signatures
provider[3] - SunJCE - SunJCE Provider (implements DES, Triple DES, Blowfish,
PBE, Diffie-Hellman, HMAC-MD5, HMAC-SHA1)
provider[4] - SunJGSS - Sun (Kerberos v5)

Trying a new HTTP connection using JDK client classes -
http://myhost.domain.com/jetspeed
200 -- OK
sun.net.www.protocol.http.HttpURLConnection$HttpInputStream
Trying a new HTTPS connection using JDK client classes
https://myhost.domain.com/jetspeed
using a com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnectionOldImpl
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
at java.io.OutputStream.write(OutputStream.java:58)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA6275)
at sun.net.www.protocol.https.HttpsClient.afterConnect(DashoA6275)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(DashoA6275)
at com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnectionOldImpl.connect(DashoA6275)
at examples.security.sslclient.SSLClient.tryConnection(SSLClient.java:121)
at examples.security.sslclient.SSLClient.jsseURLConnect(SSLClient.java:187)
at examples.security.sslclient.SSLClient.main(SSLClient.java:70)
Received fatal alert: handshake_failure----
--------------------------

Server side, where I have the turned on DEBUG I see :

----------------------------
<Mar 27, 2003 6:24:20 PM PST> <Debug> <TLS> <000000> <Filtering JSSE SSLSocket>

<Mar 27, 2003 6:24:20 PM PST> <Debug> <TLS> <000000> <SSLIOContextTable.addContext(ctx):
8832552>
<Mar 27, 2003 6:24:20 PM PST> <Debug> <TLS> <000000> <SSLSocket will be Muxing>

<Mar 27, 2003 6:24:20 PM PST> <Debug> <TLS> <000000> <SSLIOContextTable.findContext(is):
3906313>
<Mar 27, 2003 6:24:20 PM PST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>

<Mar 27, 2003 6:24:20 PM PST> <Debug> <TLS> <000000> <isMuxerActivated: false>

<Mar 27, 2003 6:24:20 PM PST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>

<Mar 27, 2003 6:24:20 PM PST> <Debug> <TLS> <000000> <2179790 readRecord()>
<Mar 27, 2003 6:24:20 PM PST> <Debug> <TLS> <000000> <2179790 received SSL_20_RECORD>

<Mar 27, 2003 6:24:20 PM PST> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: ClientHelloV2>

<Mar 27, 2003 6:24:20 PM PST> <Debug> <TLS> <000000> <write HANDSHAKE offset =
0 length = 58>
<Mar 27, 2003 6:24:20 PM PST> <Debug> <TLS> <000000> <write HANDSHAKE offset =
0 length = 792>
<Mar 27, 2003 6:24:20 PM PST> <Debug> <TLS> <000000> <write HANDSHAKE offset =
0 length = 4>
<Mar 27, 2003 6:24:20 PM PST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>

<Mar 27, 2003 6:24:20 PM PST> <Debug> <TLS> <000000> <isMuxerActivated: false>

<Mar 27, 2003 6:24:20 PM PST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>

<Mar 27, 2003 6:24:21 PM PST> <Debug> <TLS> <000000> <2179790 readRecord()>
<Mar 27, 2003 6:24:21 PM PST> <Debug> <TLS> <000000> <2179790 received HANDSHAKE>

<Mar 27, 2003 6:24:21 PM PST> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: ClientKeyExchange>

<Mar 27, 2003 6:24:21 PM PST> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: ClientKeyExchange
RSA>
<Mar 27, 2003 6:24:21 PM PST> <Debug> <TLS> <000000> <Exception during handshake,
stack trace foll
ows
java.lang.IllegalStateException
at com.certicom.tls.provider.cipher.JSAFE_RSA.doFinal(Unknown Source)
at com.certicom.tls.record.handshake.ServerStateSentHelloDone.handle(Unknown
Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown
Sourc
e)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown
Sour
ce)
at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown
Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown
Source)
at com.certicom.net.ssl.CerticomContextWrapper.forceHandshakeOnAcceptedSocket(Unknown
Sour
ce)
at weblogic.t3.srvr.SSLListenThread$1.execute(SSLListenThread.java:400)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:153)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:134)

------------------

I get similar results whether I am using SSL library of Weblogic or the JSSE
of Java.

[Q] Whats going on ?

I notice this problem being reported back in 2001 with WBL 5 & 2002 with WBL
6.0

Is anyone listening for this, or are we all supporting each other and BEA is
getting paid

[Yeshwant]

If you are okay with using weblogic ssl I would recommend that you include the weblogic jar file in you
r classpath and explicitly remove jsse.jar from ext directory
If bothe of them are present the jsse classes will be used since it gets loaded by the extension
classloader .let me know if it works