You are viewing a plain text version of this content. The canonical link for it is here.
Posted to httpclient-users@hc.apache.org by Aviator <vp...@gmail.com> on 2008/09/23 14:10:29 UTC
SSLv3 alone is not working
Hi,
I am using HTTPClient to connect to Apache (SSL) web server. When the
SSLProtocol in Apache is set to SSLv3 and TLSv1, the client is able to
connect. But when the SSLProtocol is set to SSLv3 alone, the client is
throwing a bad_record_mac exception and not connecting. Could some one help
me in understanding why this is coming and how to rectify it? (I am not
using setEnabledProtocols in my code. I just use getInstance method with
string 'SSL').
Thanks&Regards
Prasanna Ram
--
View this message in context: http://www.nabble.com/SSLv3-alone-is-not-working-tp19626319p19626319.html
Sent from the HttpClient-User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
RE: SSLv3 alone is not working
Posted by Furmaniak Christophe <Ch...@atosorigin.com>.
I encountered the same problem that seemed to come from openssl (used by mod_ssl inside apache httpd) since recent releases (something like openssl > 0.9.6)
I had to use a custom AuthSSLProtocolSocketFactory (that uses setEnabledProtocol on sockets) to make it work.
for instance, for one of the createSocket methods of the AuthSSLProtocolSocketFactory that extends SecureProtocolSocketFactory:
========================================================================
public Socket createSocket(final String host, final int port,
final InetAddress localAddress, final int localPort,
final HttpConnectionParams params) throws IOException,
UnknownHostException, ConnectTimeoutException {
if (params == null) {
throw new IllegalArgumentException("Parameters may not be null");
}
int timeout = params.getConnectionTimeout();
SocketFactory socketfactory = getSSLContext().getSocketFactory();
Socket socket = null;
if (timeout == 0) {
socket = socketfactory.createSocket(host, port, localAddress,
localPort);
} else {
socket = socketfactory.createSocket();
SocketAddress localaddr = new InetSocketAddress(localAddress,
localPort);
SocketAddress remoteaddr = new InetSocketAddress(host, port);
socket.bind(localaddr);
socket.connect(remoteaddr, timeout);
}
if (sslEnabledProtocol != null) {
((SSLSocket) socket)
.setEnabledProtocols(new String[] { sslEnabledProtocol });
}
verifyHostname((SSLSocket) socket);
return socket;
}
========================================================================
christophe
P.S: using httpclient 3.x
> -----Message d'origine-----
> De : Oleg Kalnichevski [mailto:olegk@apache.org]
> Envoyé : mardi 23 septembre 2008 23:07
> À : HttpClient User Discussion
> Objet : Re: SSLv3 alone is not working
>
> On Tue, 2008-09-23 at 05:10 -0700, Aviator wrote:
> > Hi,
> > I am using HTTPClient to connect to Apache (SSL) web server.
>
> What version?
>
> > When the
> > SSLProtocol in Apache is set to SSLv3 and TLSv1, the client is able
> to
> > connect. But when the SSLProtocol is set to SSLv3 alone, the client
> is
> > throwing a bad_record_mac exception and not connecting. Could some
> one help
> > me in understanding why this is coming and how to rectify it? (I am
> not
> > using setEnabledProtocols in my code. I just use getInstance method
> with
> > string 'SSL').
>
> Post a code sample / test case.
>
> Oleg
>
>
> > Thanks&Regards
> > Prasanna Ram
> >
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>
Ce message et les pièces jointes sont confidentiels et réservés à l'usage exclusif de ses destinataires. Il peut également être protégé par le secret professionnel. Si vous recevez ce message par erreur, merci d'en avertir immédiatement l'expéditeur et de le détruire. L'intégrité du message ne pouvant être assurée sur Internet, la responsabilité du groupe Atos Origin ne pourra être recherchée quant au contenu de ce message. Bien que les meilleurs efforts soient faits pour maintenir cette transmission exempte de tout virus, l'expéditeur ne donne aucune garantie à cet égard et sa responsabilité ne saurait être recherchée pour tout dommage résultant d'un virus transmis.
This e-mail and the documents attached are confidential and intended solely for the addressee; it may also be privileged. If you receive this e-mail in error, please notify the sender immediately and destroy it. As its integrity cannot be secured on the Internet, the Atos Origin group liability cannot be triggered for the message content. Although the sender endeavours to maintain a computer virus-free network, the sender does not warrant that this transmission is virus-free and will not be liable for any damages resulting from any virus transmitted.
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
Re: SSLv3 alone is not working
Posted by Oleg Kalnichevski <ol...@apache.org>.
On Tue, 2008-09-23 at 05:10 -0700, Aviator wrote:
> Hi,
> I am using HTTPClient to connect to Apache (SSL) web server.
What version?
> When the
> SSLProtocol in Apache is set to SSLv3 and TLSv1, the client is able to
> connect. But when the SSLProtocol is set to SSLv3 alone, the client is
> throwing a bad_record_mac exception and not connecting. Could some one help
> me in understanding why this is coming and how to rectify it? (I am not
> using setEnabledProtocols in my code. I just use getInstance method with
> string 'SSL').
Post a code sample / test case.
Oleg
> Thanks&Regards
> Prasanna Ram
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org