You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Honey Bajaj <hb...@sapient.com> on 2010/03/09 16:39:17 UTC
RE: Intermitten issues with SSL handshake
Hi,
Our application (hosted on tomcat5.5.9, jdk 1.6_4 using JSSE) connects to the external webservice.
During SSL handshake, based on the following messages, it appears that tomcat is unable to send client certificate chain to the server after serverhello has been received but this issue happens only intermittenly. When the ssl handshake is successful the only difference is that after serverhello, the tomcat application is able to find matching alias: and then able to send the certificate chain back to the server.
I have gone through following bug https://issues.apache.org/bugzilla/show_bug.cgi?id=37869. Can someone kindly
confirm does it solve the same issue and if the patch can be used safely against tomcat 5.5.9.
*** ClientHello, TLSv1
RandomCookie: GMT: 1250752588 bytes = { 254, 18, 193, 215, 139, 30, 229, 96,
185, 57, 70, 219, 54, 117, 98, 130, 213, 225, 17, 22, 64, 7, 118, 182, 254,
230, 98, 249 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA,
SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA,
SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA,
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
***
RMI TCP Connection(25)-xx.xx.xx.xx, WRITE: TLSv1 Handshake, length = 79
RMI TCP Connection(25)-xx.xx.xx.xx, WRITE: SSLv2 client hello message, length =
107
RMI TCP Connection(25)-xx.xx.xx.xx, READ: TLSv1 Handshake, length = 2004
*** ServerHello, TLSv1
RandomCookie: GMT: 1250752588 bytes = { 32, 129, 54, 88, 10, 214, 152, 239,
226, 206, 229, 51, 23, 45, 165, 76, 226, 119, 151, 162, 163, 223, 246, 152,
101, 48, 142, 98 }
Session ID: {75, 141, 248, 76, 232, 162, 241, 4, 153, 104, 144, 240, 141, 215,
226, 59, 0, 212, 81, 211, 191, 80, 169, 201, 226, 238, 195, 24,254, 191, 152,
80}
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA
Compression Method: 0
***
%% Created: [Session-4, TLS_RSA_WITH_AES_128_CBC_SHA]
** TLS_RSA_WITH_AES_128_CBC_SHA
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: EMAILADDRESS=support@xx.com, C=GB, ST=England, L=London, O=Xxxxxxx,
OU=EMP, CN=www.ws.xxxxxxx.co.uk
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 2048 bits
modulus:
16162611199232823233425508780099750987125419660742934281961955972117378541058186137486428240040238581687349480496672869897783834258347125804210414091530301496353223561607070121681099669215297728417686799587105764278728480325557343219476259119320546884011084798277103308273666235262419825295319256304273466668578485966935492826750875858284641917095253856515172583714628445763789859607442240275914167338720348233597513648311014093918006192451527281147637064354340588151350762119918367896157881721760313234874893065293087246862013258834432826237700798003598398293316362809718059187206760048006681314966988913978521585333
public exponent: 65537
Validity: [From: Wed Apr 22 01:00:00 BST 2009,
To: Sun Apr 22 00:59:59 BST 2012]
Issuer: CN=B2B Xxxxxxx, O=Xxxxxxx
SerialNumber: [ 63df7cf5 89339db0 eead9c7e d6d141ae]
Certificate Extensions: 7
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 13 62 DA 37 9A 42 E6 D5 A9 01 66 B9 86 18 B1 04 .b.7.B....f.....
0010: 61 64 69 E6 adi.
]
]
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 43 8A 4C B5 D6 60 34 F9 B2 35 AB B3 66 06 E8 82 C.L..`4..5..f...
0010: 74 D4 8A 5B t..[
]
]
[3]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
RFC822Name: support@xx.com
]
[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://xxxxx.xxxxx.com/Xxxxxxxx/LatestCRL.crl]
]]
[5]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
]
[6]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
DigitalSignature
Key_Encipherment
]
[7]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
]
]
Algorithm: [SHA1withRSA]
Signature:
0000: 80 9F BA 48 F9 31 37 48 8B 10 63 70 E6 CC 26 8C ...H.17H..cp..&.
0010: 53 89 02 D2 64 6F D7 C1 B9 0A D2 F5 6D EC 3C EE S...do......m.<.
0020: 6D 37 A9 E6 BB 58 D4 16 64 45 64 62 20 A2 D7 70 m7...X..dEdb ..p
0030: 1D 9C 3C 5A EA C2 B7 91 3C DB 81 5E 4B D2 37 2F .. 0040: 69 D8 CE 22 A1 DA 88 D5 64 41 AC 82 FA 00 99 70 i.."....dA.....p
0050: C8 51 9A 43 78 B9 D6 43 0D 35 4D 17 36 A2 68 A4 .Q.Cx..C.5M.6.h.
0060: 37 17 1B 41 5D F9 50 D9 D5 4B 43 77 BC B5 26 E1 7..A].P..KCw..&.
0070: CE 5D 6D F7 B2 21 C5 01 A9 C7 27 D4 4A DE 82 4C .]m..!....'....L
]
chain [1] = [
[
Version: V3
Subject: CN=B2B Xxxxxxx, O=Xxxxxxx
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus:
136846065372317538061089166156165357583468716380366996471197328070132843792166503451548745338433502584592530976823733915600031064121671237645044956861960283807908277541163850367175181563842388465347872229405738887863442595931343517005913010511798422638402979134266100093374956526837394977218319598829645787333
public exponent: 65537
Validity: [From: Thu Feb 09 00:00:00 GMT 2006,
To: Mon Feb 08 23:59:59 GMT 2016]
Issuer: CN=B2B Xxxxxxx, O=Xxxxxxx
SerialNumber: [ 2d50b6ab d1e84e70 a06362df 807d235b]
Certificate Extensions: 5
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 43 8A 4C B5 D6 60 34 F9 B2 35 AB B3 66 06 E8 82 C.L..`4..5..f...
0010: 74 D4 8A 5B t..[
]
]
[2]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL CA
S/MIME CA
]
[3]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
CN=BTPrivate1-98
]
[4]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
Key_CertSign
Crl_Sign
]
[5]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:0
]
]
Algorithm: [SHA1withRSA]
Signature:
0000: 27 01 3D 42 A2 AB 93 98 1D D5 AB FC 98 FB 6C 22 '.=B..........l"
0010: 5C 6E 2D 10 E7 6B D5 E2 C2 E0 AE 38 E6 5E CF 59 n-..k.....8.^.Y
0020: D8 33 0F 95 98 50 87 19 F7 A6 D7 1A 63 8F 94 2A .3...P......c..*
0030: FB 16 48 F8 7E 53 6C 8D 02 AE 54 0C 35 B9 6B 6D ..H..Sl...T.5.km
0040: FD 8E 12 29 35 53 A4 1E EA 83 96 31 3E 24 9D 5E ...)5S.....1>$.^
0050: 70 09 1E 2F E4 2B 27 7B 9D 99 45 DE 42 FD F4 11 p../.+'...E.B...
0060: 37 64 8B 85 EB 2A 2D 87 A2 02 99 E3 99 DD 34 80 7d...*-.......4.
0070: C9 23 EA 8C 89 46 F6 8E B2 DB 14 40 1B 3B 05 38 .#...F.....@.;.8
]
***
Found trusted certificate:
[
[
Version: V3
Subject: EMAILADDRESS=support@xx.com, C=GB, ST=England, L=London, O=Xxxxxxx,
OU=EMP, CN=www.ws.xxxxxxx.co.uk
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 2048 bits
modulus:
16162611199232823233425508780099750987125419660742934281961955972117378541058186137486428240040238581687349480496672869897783834258347125804210414091530301496353223561607070121681099669215297728417686799587105764278728480325557343219476259119320546884011084798277103308273666235262419825295319256304273466668578485966935492826750875858284641917095253856515172583714628445763789859607442240275914167338720348233597513648311014093918006192451527281147637064354340588151350762119918367896157881721760313234874893065293087246862013258834432826237700798003598398293316362809718059187206760048006681314966988913978521585389
public exponent: 65537
Validity: [From: Wed Apr 22 01:00:00 BST 2009,
To: Sun Apr 22 00:59:59 BST 2012]
Issuer: CN=B2B Xxxxxxx, O=Xxxxxxx
SerialNumber: [ 63df7cf5 89339db0 eead9c7e d6d141ae]
Certificate Extensions: 7
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 13 62 DA 37 9A 42 E6 D5 A9 01 66 B9 86 18 B1 04 .b.7.B....f.....
0010: 61 64 69 E6 adi.
]
]
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 43 8A 4C B5 D6 60 34 F9 B2 35 AB B3 66 06 E8 82 C.L..`4..5..f...
0010: 74 D4 8A 5B t..[
]
]
[3]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
RFC822Name: support@xx.com
]
[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://xxxxx.xxxxx.com/Xxxxxxxx/LatestCRL.crl]
]]
[5]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
]
[6]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
DigitalSignature
Key_Encipherment
]
[7]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
]
]
Algorithm: [SHA1withRSA]
Signature:
0000: 80 9F BA 48 F9 31 37 48 8B 10 63 70 E6 CC 26 8C ...H.17H..cp..&.
0010: 53 89 02 D2 64 6F D7 C1 B9 0A D2 F5 6D EC 3C EE S...do......m.<.
0020: 6D 37 A9 E6 BB 58 D4 16 64 45 64 62 20 A2 D7 70 m7...X..dEdb ..p
0030: 1D 9C 3C 5A EA C2 B7 91 3C DB 81 5E 4B D2 37 2F .. 0040: 69 D8 CE 22 A1 DA 88 D5 64 41 AC 82 FA 00 99 70 i.."....dA.....p
0050: C8 51 9A 43 78 B9 D6 43 0D 35 4D 17 36 A2 68 A4 .Q.Cx..C.5M.6.h.
0060: 37 17 1B 41 5D F9 50 D9 D5 4B 43 77 BC B5 26 E1 7..A].P..KCw..&.
0070: CE 5D 6D F7 B2 21 C5 01 A9 C7 27 D4 1A DE 82 4C .]m..!....'....L
]
*** CertificateRequest
Cert Types: RSA, DSS
Cert Authorities:
York, C=US, EMAILADDRESS=xxxxxxx@xx.com>
*** ServerHelloDone
*** Certificate chain
***
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
RMI TCP Connection(25)-xx.xx.xx.xx, WRITE: TLSv1 Handshake, length = 269
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 1F 78 DB 39 2F C6 F1 53 63 EA 26 AA 01 53 ...x.9/..Sc.&..S
0010: FD 2F 19 21 5A 9A 7F 97 4C 3E 6C 02 BB 37 E8 0F ./.!Z...L>l..7..
0020: 97 CB 23 20 0A 81 06 C0 EC 96 37 CC 1E 76 4D FB ..# ......7..vM.
CONNECTION KEYGEN:
Client Nonce:
0000: 4B 8D F8 4C FE 12 C1 D7 8B 1E E5 60 B9 39 46 DB K..L.......`.9F.
0010: 36 75 62 82 D5 E1 11 16 40 07 76 B6 FE E6 62 F9 6ub.....@.v...b.
Server Nonce:
0000: 4B 8D F8 4C 20 81 36 58 0A D6 98 EF E2 CE E5 33 K..L .6X.......3
0010: 17 2D A5 4C E2 77 97 A2 A3 DF F6 98 65 30 8E 62 .-.L.w......e0.b
Master Secret:
0000: D0 CB 16 6B 96 DA D8 77 CA DC 97 F8 8C EE BB E9 ...k...w........
0010: E3 1E 8A AC 3E 1C 88 22 44 07 F6 07 5E 91 4A 22 ....>.."D...^.J"
0020: 70 BA 26 43 11 D2 6A 2E E4 DA EE C4 EC 62 68 80 p.&C..j......bh.
Client MAC write Secret:
0000: 81 B2 E3 3B F2 A9 CB 30 72 17 FF 8F 88 B7 4B B3 ...;...0r.....K.
0010: 0B B5 B7 5C ...
Server MAC write Secret:
0000: 50 72 1A 61 2A 57 93 87 97 88 5C E0 73 C8 C9 4D Pr.a*W.....s..M
0010: F6 23 E0 EC .#..
Client write key:
0000: F8 3D 71 99 0B 52 C0 BB F3 3F AE AF D2 86 65 E9 .=q..R...?....e.
Server write key:
0000: E2 18 CD 1A 15 3F 40 2C 00 07 B7 34 14 9B D6 5E .....?@,...4...^
Client write IV:
0000: 28 B3 96 47 4A 52 56 26 C9 1B CD CE 30 05 9C D4 (..GJRV&....0...
Server write IV:
0000: A0 11 79 FC 68 4E CA 3B BD DE AF 62 B4 26 86 7E ..y.hN.;...b.&..
RMI TCP Connection(25)-xx.xx.xx.xx, WRITE: TLSv1 Change Cipher Spec, length = 1
*** Finished
verify_data: { 156, 244, 254, 207, 105, 214, 249, 53, 171, 101, 254, 37 }
***
RMI TCP Connection(25)-xx.xx.xx.xx, WRITE: TLSv1 Handshake, length = 48
RMI TCP Connection(25)-xx.xx.xx.xx, READ: TLSv1 Alert, length = 2
RMI TCP Connection(25)-xx.xx.xx.xx, RECV TLSv1 ALERT: fatal, bad_certificate
RMI TCP Connection(25)-xx.xx.xx.xx, called closeSocket()
RMI TCP Connection(25)-xx.xx.xx.xx, handling exception:
javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
[ 03-Mar-2010 05:49:00:411 ERROR LluCheckerRequestSender RMI TCP
Connection(25)-xx.xx.xx.xx] Error type: 121 | Error code: 17001 |
null:communicateWithBtWebService:There is some problem at BT side but customer
can proceed with order placement
[ 03-Mar-2010 05:49:00:411 ERROR LluCheckerRequestSender RMI TCP
Connection(25)-xx.xx.xx.xx] EXCEPTION:
com.be.bss.emp.communication.exception.EMPCommunicationException,
MESSAGE: There is some problem at BT side but customer can proceed with order
placement;
CAUSE: (javax.net.ssl.SSLHandshakeException: Received fatal alert:
bad_certificate)
at
com.be.bss.emp.communication.LluCheckerRequestSender.communicateWithBtWebService(LluCheckerRequestSender.java:266)
at
com.be.bss.provisioning.thirdparty.bt.availabilitycheck.service.EMPWSLluCheckerDNRequestProcessor.process(EMPWSLluCheckerDNRequestProcessor.java:74)
at
com.be.bss.provisioning.thirdparty.bt.availabilitycheck.service.AvailabilityCheckerServiceImpl.getResponseFromService(AvailabilityCheckerServiceImpl.java:493)
at
com.be.bss.provisioning.thirdparty.bt.availabilitycheck.service.AvailabilityCheckerServiceImpl.getLluDetails(AvailabilityCheckerServiceImpl.java:410)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at
org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:280)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:187)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:154)
at
org.springframework.remoting.support.RemoteInvocationTraceInterceptor.invoke(RemoteInvocationTraceInterceptor.java:70)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:176)
at
org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:210)
at $Proxy135.getLluDetails(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at
org.springframework.remoting.support.RemoteInvocation.invoke(RemoteInvocation.java:181)
at
org.springframework.remoting.support.DefaultRemoteInvocationExecutor.invoke(DefaultRemoteInvocationExecutor.java:38)
at
org.springframework.remoting.support.RemoteInvocationBasedExporter.invoke(RemoteInvocationBasedExporter.java:76)
at
org.springframework.remoting.rmi.RmiBasedExporter.invoke(RmiBasedExporter.java:72)
at
com.be.bss.framework.rmi.RmiServiceExporter.invoke(RmiServiceExporter.java:43)
at
org.springframework.remoting.rmi.RmiInvocationWrapper.invoke(RmiInvocationWrapper.java:62)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:305)
at sun.rmi.transport.Transport$1.run(Transport.java:159)
at java.security.AccessController.doPrivileged(Native Method)
at sun.rmi.transport.Transport.serviceCall(Transport.java:155)
at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:535)
at
sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(TCPTransport.java:790)
at
sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:649)
at
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:885)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:907)
at java.lang.Thread.run(Thread.java:619)
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert:
bad_certificate
at org.apache.axis.AxisFault.makeFault(AxisFault.java:101)
at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:154)
at
org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
at org.apache.axis.client.Call.invoke(Call.java:2767)
at org.apache.axis.client.Call.invoke(Call.java:1910)
at
com.be.bss.emp.communication.LluCheckerRequestSender.communicateWithBtWebService(LluCheckerRequestSender.java:250)
... 38 more
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert:
bad_certificate
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:136)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1657)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:932)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1096)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1107)
at
org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:186)
at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:191)
at
org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:404)
at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:138)
... 46 more
AxisFault
Thanks,
[http://sigads.rediff.com/RealMedia/ads/adstream_nx.ads/www.rediffmail.com/signatureline.htm@Middle]<http://sigads.rediff.com/RealMedia/ads/click_nx.ads/www.rediffmail.com/signatureline.htm@Middle?>
RE: Intermitten issues with SSL handshake
Posted by "Caldarale, Charles R" <Ch...@unisys.com>.
> From: Honey Bajaj [mailto:hbajaj2@sapient.com]
> Subject: RE: Intermitten issues with SSL handshake
>
> I need to understand why intermittently it fails to pick up the
> alias and hence fails to deliver the certificate chain.
You'll need to discuss that with the developers of the webapp; again, Tomcat is not involved at all in your webapp's attempts to connect to an external server.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Intermitten issues with SSL handshake
Posted by Honey Bajaj <hb...@sapient.com>.
Thanks Charles, but I need to understand why intermittently it fails to pick up the alias and hence fails to deliver the certificate chain. Upgrade is in our roadmap but it will take couple of months to propagate it to production, any solution or workaround to resolve this issue is highly appreciated.
Thanks
-----Original Message-----
From: Caldarale, Charles R [mailto:Chuck.Caldarale@unisys.com]
Sent: Tuesday, March 09, 2010 3:54 PM
To: Tomcat Users List
Subject: RE: Intermitten issues with SSL handshake
> From: Honey Bajaj [mailto:hbajaj2@sapient.com]
> Subject: RE: Intermitten issues with SSL handshake
>
> Our application (hosted on tomcat5.5.9, jdk 1.6_4 using JSSE) connects
> to the external webservice.
Which means Tomcat is not involved. It's your webapp doing the negotiation, not Tomcat.
> I have gone through following bug
> https://issues.apache.org/bugzilla/show_bug.cgi?id=37869.
Which is completely unrelated, since it has to do with Tomcat authenticating clients, not a webapp connecting to an external server that Tomcat has no knowledge of or interest in.
Regardless, I would strongly urge you to upgrade your Tomcat to the latest 5.5.28, since running with a five-year old version leaves you open to all sorts of problems and security risks that have been fixed in the intervening period.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Intermitten issues with SSL handshake
Posted by "Caldarale, Charles R" <Ch...@unisys.com>.
> From: Honey Bajaj [mailto:hbajaj2@sapient.com]
> Subject: RE: Intermitten issues with SSL handshake
>
> Our application (hosted on tomcat5.5.9, jdk 1.6_4 using JSSE) connects
> to the external webservice.
Which means Tomcat is not involved. It's your webapp doing the negotiation, not Tomcat.
> I have gone through following bug
> https://issues.apache.org/bugzilla/show_bug.cgi?id=37869.
Which is completely unrelated, since it has to do with Tomcat authenticating clients, not a webapp connecting to an external server that Tomcat has no knowledge of or interest in.
Regardless, I would strongly urge you to upgrade your Tomcat to the latest 5.5.28, since running with a five-year old version leaves you open to all sorts of problems and security risks that have been fixed in the intervening period.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org