You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by "Amila Jayasekara (JIRA)" <ji...@apache.org> on 2011/07/28 13:45:09 UTC
[jira] [Created] (HTTPCORE-267) SSL handshake is failing when
unsafe re-negotiation is enabled
SSL handshake is failing when unsafe re-negotiation is enabled
--------------------------------------------------------------
Key: HTTPCORE-267
URL: https://issues.apache.org/jira/browse/HTTPCORE-267
Project: HttpComponents HttpCore
Issue Type: Bug
Components: HttpCore NIO
Affects Versions: 4.1
Environment: Java version "1.6.0_26"
Client OS - Ubuntu
Server - IIS 7 (Web service which uses HTTPS - HTTPS configuration is set to request client certificate
Reporter: Amila Jayasekara
I have a .Net web service which communicates through https transport.
On .Net web service end I have enabled "Require client certificate"
option. In which, connecting client needs to provide a valid
certificate.
In the client side i specified -Dsun.security.ssl.allowUnsafeRenegotiation=true. Still i am not able to properly handshake.
Logs are attached.
Same was tested with normal transport. That worked without an issue. I will also attach SSL logs with normal transport.
Thanks
AmilaJ
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org
[jira] [Commented] (HTTPCORE-267) SSL handshake is failing when
unsafe re-negotiation is enabled
Posted by "Amila Jayasekara (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HTTPCORE-267?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13072306#comment-13072306 ]
Amila Jayasekara commented on HTTPCORE-267:
-------------------------------------------
Attached logs with normal transport and NIO transport. Notice that "ClientRequest" message is missing in NIO ssl logs. Both programs are run by enabling "unsafe re-negotiation".
i.e. with -Dsun.security.ssl.allowUnsafeRenegotiation=true parameter.
> SSL handshake is failing when unsafe re-negotiation is enabled
> --------------------------------------------------------------
>
> Key: HTTPCORE-267
> URL: https://issues.apache.org/jira/browse/HTTPCORE-267
> Project: HttpComponents HttpCore
> Issue Type: Bug
> Components: HttpCore NIO
> Affects Versions: 4.1
> Environment: Java version "1.6.0_26"
> Client OS - Ubuntu
> Server - IIS 7 (Web service which uses HTTPS - HTTPS configuration is set to request client certificate
> Reporter: Amila Jayasekara
> Attachments: NIO-SSL-Logs.txt, Normal-Transport-Logs.txt
>
>
> I have a .Net web service which communicates through https transport.
> On .Net web service end I have enabled "Require client certificate"
> option. In which, connecting client needs to provide a valid
> certificate.
> In the client side i specified -Dsun.security.ssl.allowUnsafeRenegotiation=true. Still i am not able to properly handshake.
> Logs are attached.
> Same was tested with normal transport. That worked without an issue. I will also attach SSL logs with normal transport.
> Thanks
> AmilaJ
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org
[jira] [Commented] (HTTPCORE-267) SSL handshake is failing when
unsafe re-negotiation is enabled
Posted by "Oleg Kalnichevski (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HTTPCORE-267?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13072387#comment-13072387 ]
Oleg Kalnichevski commented on HTTPCORE-267:
--------------------------------------------
I guess that explains it.
blocking i/o
---
executing requestGET /WebHost/SampleService.svc?wsdl HTTP/1.1
main, setSoTimeout(0) called
Allow unsafe renegotiation: true
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
---
non-blocking i/o
---
Using SSLEngineImpl.
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
---
Oleg
> SSL handshake is failing when unsafe re-negotiation is enabled
> --------------------------------------------------------------
>
> Key: HTTPCORE-267
> URL: https://issues.apache.org/jira/browse/HTTPCORE-267
> Project: HttpComponents HttpCore
> Issue Type: Bug
> Components: HttpCore NIO
> Affects Versions: 4.1
> Environment: Java version "1.6.0_26"
> Client OS - Ubuntu
> Server - IIS 7 (Web service which uses HTTPS - HTTPS configuration is set to request client certificate
> Reporter: Amila Jayasekara
> Attachments: NIO-SSL-Logs.txt, Normal-Transport-Logs.txt
>
>
> I have a .Net web service which communicates through https transport.
> On .Net web service end I have enabled "Require client certificate"
> option. In which, connecting client needs to provide a valid
> certificate.
> In the client side i specified -Dsun.security.ssl.allowUnsafeRenegotiation=true. Still i am not able to properly handshake.
> Logs are attached.
> Same was tested with normal transport. That worked without an issue. I will also attach SSL logs with normal transport.
> Thanks
> AmilaJ
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org
[jira] [Resolved] (HTTPCORE-267) SSL handshake is failing when
unsafe re-negotiation is enabled
Posted by "Oleg Kalnichevski (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HTTPCORE-267?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Oleg Kalnichevski resolved HTTPCORE-267.
----------------------------------------
Resolution: Invalid
> SSL handshake is failing when unsafe re-negotiation is enabled
> --------------------------------------------------------------
>
> Key: HTTPCORE-267
> URL: https://issues.apache.org/jira/browse/HTTPCORE-267
> Project: HttpComponents HttpCore
> Issue Type: Bug
> Components: HttpCore NIO
> Affects Versions: 4.1
> Environment: Java version "1.6.0_26"
> Client OS - Ubuntu
> Server - IIS 7 (Web service which uses HTTPS - HTTPS configuration is set to request client certificate
> Reporter: Amila Jayasekara
> Attachments: NIO-SSL-Logs.txt, Normal-Transport-Logs.txt
>
>
> I have a .Net web service which communicates through https transport.
> On .Net web service end I have enabled "Require client certificate"
> option. In which, connecting client needs to provide a valid
> certificate.
> In the client side i specified -Dsun.security.ssl.allowUnsafeRenegotiation=true. Still i am not able to properly handshake.
> Logs are attached.
> Same was tested with normal transport. That worked without an issue. I will also attach SSL logs with normal transport.
> Thanks
> AmilaJ
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org
[jira] [Commented] (HTTPCORE-267) SSL handshake is failing when
unsafe re-negotiation is enabled
Posted by "Oleg Kalnichevski (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HTTPCORE-267?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13072378#comment-13072378 ]
Oleg Kalnichevski commented on HTTPCORE-267:
--------------------------------------------
Amila,
Both HttpCore NIO and HttpCore BIO rely on the JSSE for the low level SSL communication. This must be either (1) a configuration issue / missing key material on the client side or (2) a bug in JSSE. This is very unlikely to be caused by HttpCore it self.
I will not able to help you much without a reproducer and will have no choice but to close the issue as CANT REPRODUCE.
Oleg
> SSL handshake is failing when unsafe re-negotiation is enabled
> --------------------------------------------------------------
>
> Key: HTTPCORE-267
> URL: https://issues.apache.org/jira/browse/HTTPCORE-267
> Project: HttpComponents HttpCore
> Issue Type: Bug
> Components: HttpCore NIO
> Affects Versions: 4.1
> Environment: Java version "1.6.0_26"
> Client OS - Ubuntu
> Server - IIS 7 (Web service which uses HTTPS - HTTPS configuration is set to request client certificate
> Reporter: Amila Jayasekara
> Attachments: NIO-SSL-Logs.txt, Normal-Transport-Logs.txt
>
>
> I have a .Net web service which communicates through https transport.
> On .Net web service end I have enabled "Require client certificate"
> option. In which, connecting client needs to provide a valid
> certificate.
> In the client side i specified -Dsun.security.ssl.allowUnsafeRenegotiation=true. Still i am not able to properly handshake.
> Logs are attached.
> Same was tested with normal transport. That worked without an issue. I will also attach SSL logs with normal transport.
> Thanks
> AmilaJ
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org
[jira] [Updated] (HTTPCORE-267) SSL handshake is failing when
unsafe re-negotiation is enabled
Posted by "Amila Jayasekara (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HTTPCORE-267?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Amila Jayasekara updated HTTPCORE-267:
--------------------------------------
Attachment: NIO-SSL-Logs.txt
> SSL handshake is failing when unsafe re-negotiation is enabled
> --------------------------------------------------------------
>
> Key: HTTPCORE-267
> URL: https://issues.apache.org/jira/browse/HTTPCORE-267
> Project: HttpComponents HttpCore
> Issue Type: Bug
> Components: HttpCore NIO
> Affects Versions: 4.1
> Environment: Java version "1.6.0_26"
> Client OS - Ubuntu
> Server - IIS 7 (Web service which uses HTTPS - HTTPS configuration is set to request client certificate
> Reporter: Amila Jayasekara
> Attachments: NIO-SSL-Logs.txt
>
>
> I have a .Net web service which communicates through https transport.
> On .Net web service end I have enabled "Require client certificate"
> option. In which, connecting client needs to provide a valid
> certificate.
> In the client side i specified -Dsun.security.ssl.allowUnsafeRenegotiation=true. Still i am not able to properly handshake.
> Logs are attached.
> Same was tested with normal transport. That worked without an issue. I will also attach SSL logs with normal transport.
> Thanks
> AmilaJ
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org
[jira] [Updated] (HTTPCORE-267) SSL handshake is failing when
unsafe re-negotiation is enabled
Posted by "Amila Jayasekara (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HTTPCORE-267?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Amila Jayasekara updated HTTPCORE-267:
--------------------------------------
Attachment: Normal-Transport-Logs.txt
> SSL handshake is failing when unsafe re-negotiation is enabled
> --------------------------------------------------------------
>
> Key: HTTPCORE-267
> URL: https://issues.apache.org/jira/browse/HTTPCORE-267
> Project: HttpComponents HttpCore
> Issue Type: Bug
> Components: HttpCore NIO
> Affects Versions: 4.1
> Environment: Java version "1.6.0_26"
> Client OS - Ubuntu
> Server - IIS 7 (Web service which uses HTTPS - HTTPS configuration is set to request client certificate
> Reporter: Amila Jayasekara
> Attachments: NIO-SSL-Logs.txt, Normal-Transport-Logs.txt
>
>
> I have a .Net web service which communicates through https transport.
> On .Net web service end I have enabled "Require client certificate"
> option. In which, connecting client needs to provide a valid
> certificate.
> In the client side i specified -Dsun.security.ssl.allowUnsafeRenegotiation=true. Still i am not able to properly handshake.
> Logs are attached.
> Same was tested with normal transport. That worked without an issue. I will also attach SSL logs with normal transport.
> Thanks
> AmilaJ
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org