You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by "Gaussmann, Horst" <Ho...@db-ig.com> on 2001/10/18 12:48:45 UTC
Always getting handshake_failure trying clientAuth
Hello!
I'm trying to get a client authentification running. But i'am always getting
a handshake_failure.
The following output is generated by jsse debugging=all
Thread-20, WRITE: SSL v3.0 Handshake, length = 745
Thread-20, READ: SSL v3.0 Alert, length = 2
Thread-20, RECV SSLv3 ALERT: warning, no_certificate
SSL -- handshake alert: no_certificate
Thread-20, SEND SSL v3.0 ALERT: fatal, description = handshake_failure
Thread-20, WRITE: SSL v3.0 Alert, length = 2
I've installed 2 trusted user certificates into my browsers ( IE5.5 and
Netscape 6.1 ) but always the same problem.
I've configured tomcat3.2.3
<Connector className="org.apache.tomcat.service.PoolTcpConnector">
<Parameter name="handler"
value="org.apache.tomcat.service.http.HttpConnectionHandler"/>
<Parameter name="port" value="443"/>
<Parameter name="socketFactory"
value="org.apache.tomcat.net.SSLSocketFactory" />
<Parameter name="keystore" value="c:\tomcat\conf\.keystore" />
<Parameter name="keypass" value="changeit" />
<Parameter name="clientAuth" value="true" />
</Connector>
I've tried the same with TC4.01 ( other configuration ) but found the same
problem.
Maybe some hints thanx Horst
Re: Always getting handshake_failure trying clientAuth
Posted by Kar YEOW <ka...@apir.com.au>.
I have a similar problem that may be related here is the trace. Hope
someone out here knows what it is. kar
PS I am using tc4.0.1
[read] MD5 and SHA1 hashes: len = 3
[read] MD5 and SHA1 hashes: len = 73
HttpProcessor[443][4], READ: SSL v2, contentType = 22, translated length =
65
*** ClientHello, v3.0
RandomCookie: GMT: 0 bytes = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 99, 168,
116
, 157, 125, 233, 221, 83, 24, 138, 0, 45, 10, 29, 160, 186 }
Session ID: {}
Cipher Suites: { 0, 4, 0, 5, 0, 10, 0, 9, 0, 100, 0, 98, 0, 3, 0, 6, 0, 19,
0,
18, 0, 99 }
Compression Methods: { 0 }
***
%% Created: [Session-1, SSL_NULL_WITH_NULL_NULL]
matching server alias : tomcat
*** ServerHello, v3.0
RandomCookie: GMT: 986608176 bytes = { 211, 152, 19, 92, 28, 90, 230, 111,
25,
187, 107, 187, 59, 72, 200, 150, 157, 233, 181, 178, 31, 123, 56, 155, 85,
9, 69
, 4 }
Session ID: {59, 206, 114, 48, 124, 14, 230, 207, 217, 118, 243, 235, 113,
103,
252, 132, 204, 143, 94, 79, 250, 21, 157, 2, 246, 142, 63, 61, 37, 90, 184,
123
}
Cipher Suite: { 0, 4 }
Compression Method: 0
***
Cipher suite: SSL_RSA_WITH_RC4_128_MD5
*** Certificate chain
chain [0] = [
[
]
Algorithm: [MD5withRSA]
Signature:
]
chain [1] = [
[
]
Algorithm: [MD5withRSA]
Signature:
]
***
*** ServerHelloDone
[write] MD5 and SHA1 hashes: len = 1489
HttpProcessor[443][4], WRITE: SSL v3.0 Handshake, length = 1489
HttpProcessor[443][4], READ: SSL v3.0 Handshake, length = 260
Finalizer, SEND SSL v3.1 ALERT: warning, description = close_notify
Finalizer, WRITE: SSL v3.1 Alert, length = 2
*** ClientKeyExchange, RSA PreMasterSecret, v3.0
Random Secret: { 3, 0, 78, 191, 234, 181, 236, 199, 196, 159, 231, 240,
147, 18
6, 202, 141, 164, 211, 189, 25, 159, 201, 10, 131, 107, 40, 196, 72, 170,
51, 21
7, 223, 114, 69, 34, 40, 211, 0, 189, 61, 246, 119, 209, 183, 126, 221, 73,
25 }
SESSION KEYGEN:
PreMaster Secret:
CONNECTION KEYGEN:
Client Nonce:
Server Nonce:
Master Secret:
Client MAC write Secret:
Server MAC write Secret:
Client write key:
Server write key:
... no IV for cipher
[read] MD5 and SHA1 hashes: len = 260
HttpProcessor[443][4], READ: SSL v3.0 Change Cipher Spec, length = 1
HttpProcessor[443][4], READ: SSL v3.0 Handshake, length = 56
Plaintext after DECRYPTION: len = 56
HttpProcessor[443][4], SEND SSL v3.0 ALERT: fatal, description =
handshake_fail
ure
HttpProcessor[443][4], WRITE: SSL v3.0 Alert, length = 2
----- Original Message -----
From: "Gaussmann, Horst" <Ho...@db-ig.com>
To: "'tomcat_user'" <to...@jakarta.apache.org>
Sent: Thursday, October 18, 2001 8:48 PM
Subject: Always getting handshake_failure trying clientAuth
Hello!
I'm trying to get a client authentification running. But i'am always getting
a handshake_failure.
The following output is generated by jsse debugging=all
Thread-20, WRITE: SSL v3.0 Handshake, length = 745
Thread-20, READ: SSL v3.0 Alert, length = 2
Thread-20, RECV SSLv3 ALERT: warning, no_certificate
SSL -- handshake alert: no_certificate
Thread-20, SEND SSL v3.0 ALERT: fatal, description = handshake_failure
Thread-20, WRITE: SSL v3.0 Alert, length = 2
I've installed 2 trusted user certificates into my browsers ( IE5.5 and
Netscape 6.1 ) but always the same problem.
I've configured tomcat3.2.3
<Connector className="org.apache.tomcat.service.PoolTcpConnector">
<Parameter name="handler"
value="org.apache.tomcat.service.http.HttpConnectionHandler"/>
<Parameter name="port" value="443"/>
<Parameter name="socketFactory"
value="org.apache.tomcat.net.SSLSocketFactory" />
<Parameter name="keystore" value="c:\tomcat\conf\.keystore" />
<Parameter name="keypass" value="changeit" />
<Parameter name="clientAuth" value="true" />
</Connector>
I've tried the same with TC4.01 ( other configuration ) but found the same
problem.
Maybe some hints thanx Horst