You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by "David Roytenberg (Consultant)" <Da...@optimalpayments.com> on 2014/10/23 22:57:06 UTC
How to Disable SSLv2 client hello in CXF?
I'm having an SSL problem and I wonder if there is a way to fix it within CXF
We have our CXF 2.7.6 based integration deployed on Weblogic 11. We are using JDK 1.7_065
When we connect to our remote client via SSL we get the following trace with lots of SSL debugging turned on
What appears to be happening is that the Hello message is sent with an SSLV2 protocol, which our partner's server does not like. Apparently sending the Hello at this level is a common behavior and apparently it sometimes causes the remote server to fail. I found a suggestion on line that this can be fixed by removing the SSLv2 from the allowed protocols. I am wondering if I can do that through CFX configuration?
This is a reference to the article that suggests that removing the protocol is the solution to this problem:
http://stackoverflow.com/questions/4682957/why-does-javas-sslsocket-send-a-version-2-client-hello
The protocols are apparently set on the SSLContext in JSSE by calling setEnabledProtocols(String[] protocols)
Is there a way to set the enabled protocols on the SSLContext via CXF configuration?
If not, is there a way to get hold of the SSLContext programmatically in a CXF interceptor?
We can't fix this problem at the WebLogic level because of side-effects on other apps. Thanks in advance for any suggestions or guidance!
WebLogic SSL debug trace follows:
%% No cached client session
*** ClientHello, TLSv1.2
RandomCookie: GMT: 1414096267 bytes = { 183, 209, 47, 148, 54, 202, 98, 8, 191, 222, 122, 248, 80, 190, 53, 88, 128, 130, 126, 108, 100, 82, 100, 197, 213, 31, 89, 96 }
Session ID: {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS
_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AE
S_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_
WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES
_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_W
ITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp1
92k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA, MD5withRSA
***
[write] MD5 and SHA1 hashes: len = 221
0000: 01 00 00 D9 03 03 54 49 66 8B B7 D1 2F 94 36 CA ......TIf.../.6.
0010: 62 08 BF DE 7A F8 50 BE 35 58 80 82 7E 6C 64 52 b...z.P.5X...ldR
0020: 64 C5 D5 1F 59 60 00 00 54 C0 24 C0 28 00 3D C0 d...Y`..T.$.(.=.
0030: 26 C0 2A 00 6B 00 6A C0 0A C0 14 00 35 C0 05 C0 &.*.k.j.....5...
0040: 0F 00 39 00 38 C0 23 C0 27 00 3C C0 25 C0 29 00 ..9.8.#.'.<.%.).
0050: 67 00 40 C0 09 C0 13 00 2F C0 04 C0 0E 00 33 00 g.@...../.....3.
0060: 32 C0 07 C0 11 00 05 C0 02 C0 0C C0 08 C0 12 00 2...............
0070: 0A C0 03 C0 0D 00 16 00 13 00 04 00 FF 01 00 00 ................
0080: 5C 00 0A 00 34 00 32 00 17 00 01 00 03 00 13 00 \...4.2.........
0090: 15 00 06 00 07 00 09 00 0A 00 18 00 0B 00 0C 00 ................
00A0: 19 00 0D 00 0E 00 0F 00 10 00 11 00 02 00 12 00 ................
00B0: 04 00 05 00 14 00 08 00 16 00 0B 00 02 01 00 00 ................
00C0: 0D 00 1A 00 18 06 03 06 01 05 03 05 01 04 03 04 ................
00D0: 01 03 03 03 01 02 03 02 01 02 02 01 01 .............
[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)', WRITE: TLSv1.2 Handshake, length = 221
[write] MD5 and SHA1 hashes: len = 188
0000: 01 03 03 00 93 00 00 00 20 00 C0 24 00 C0 28 00 ........ ..$..(.
0010: 00 3D 00 C0 26 00 C0 2A 00 00 6B 00 00 6A 00 C0 .=..&..*..k..j..
0020: 0A 07 00 C0 00 C0 14 00 00 35 00 C0 05 00 C0 0F .........5......
0030: 00 00 39 00 00 38 00 C0 23 00 C0 27 00 00 3C 00 ..9..8..#..'..<.
0040: C0 25 00 C0 29 00 00 67 00 00 40 00 C0 09 06 00 .%..)..g..@.....
0050: 40 00 C0 13 00 00 2F 00 C0 04 01 00 80 00 C0 0E @...../.........
0060: 00 00 33 00 00 32 00 C0 07 05 00 80 00 C0 11 00 ..3..2..........
0070: 00 05 00 C0 02 00 C0 0C 00 C0 08 00 C0 12 00 00 ................
0080: 0A 07 00 C0 00 C0 03 02 00 80 00 C0 0D 00 00 16 ................
0090: 00 00 13 00 00 04 01 00 80 00 00 FF 54 49 66 8B ............TIf.
00A0: B7 D1 2F 94 36 CA 62 08 BF DE 7A F8 50 BE 35 58 ../.6.b...z.P.5X
00B0: 80 82 7E 6C 64 52 64 C5 D5 1F 59 60 ...ldRd...Y`
[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)', WRITE: SSLv2 client hello message, length = 188
[Raw write]: length = 190
0000: 80 BC 01 03 03 00 93 00 00 00 20 00 C0 24 00 C0 .......... ..$..
0010: 28 00 00 3D 00 C0 26 00 C0 2A 00 00 6B 00 00 6A (..=..&..*..k..j
0020: 00 C0 0A 07 00 C0 00 C0 14 00 00 35 00 C0 05 00 ...........5....
0030: C0 0F 00 00 39 00 00 38 00 C0 23 00 C0 27 00 00 ....9..8..#..'..
0040: 3C 00 C0 25 00 C0 29 00 00 67 00 00 40 00 C0 09 <..%..)..g..@...
0050: 06 00 40 00 C0 13 00 00 2F 00 C0 04 01 00 80 00 ..@...../.......
0060: C0 0E 00 00 33 00 00 32 00 C0 07 05 00 80 00 C0 ....3..2........
0070: 11 00 00 05 00 C0 02 00 C0 0C 00 C0 08 00 C0 12 ................
0080: 00 00 0A 07 00 C0 00 C0 03 02 00 80 00 C0 0D 00 ................
0090: 00 16 00 00 13 00 00 04 01 00 80 00 00 FF 54 49 ..............TI
00A0: 66 8B B7 D1 2F 94 36 CA 62 08 BF DE 7A F8 50 BE f.../.6.b...z.P.
00B0: 35 58 80 82 7E 6C 64 52 64 C5 D5 1F 59 60 5X...ldRd...Y`
<Oct 23, 2014 4:35:23 PM EDT> <Debug> <SecuritySSL> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE: SSLEngine.wrap(ByteBuffer,ByteBuffer)
called: result=Status = OK HandshakeStatus = NEED_UNWRAP
bytesConsumed = 0 bytesProduced = 190.>
<Oct 23, 2014 4:35:23 PM EDT> <Debug> <SecuritySSL> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE: SSLEngine.unwrap(ByteBuffer,ByteBuffer
[]) called: result=Status = BUFFER_UNDERFLOW HandshakeStatus = NEED_UNWRAP
bytesConsumed = 0 bytesProduced = 0.>
[Raw read]: length = 5
0000: 15 03 03 00 02 .....
[Raw read]: length = 2
0000: 02 28 .(
[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)', READ: TLSv1.2 Alert, length = 2
[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)', RECV TLSv1 ALERT: fatal, handshake_failure
[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)', fatal: engine already closed. Rethrowing javax.net.ssl.SSLException: Received fatal alert: handshake_failure
[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)', fatal: engine already closed. Rethrowing javax.net.ssl.SSLException: Received fatal alert: handshake_failure
<Oct 23, 2014 4:35:23 PM EDT> <Debug> <SecuritySSL> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE: Exception occurred during SSLEngine.un
wrap(ByteBuffer,ByteBuffer[]).
javax.net.ssl.SSLException: Received fatal alert: handshake_failure
at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1619)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1587)
at sun.security.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1756)
at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1060)
at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:884)
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:758)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:664)
at weblogic.security.SSL.jsseadapter.JaSSLEngine$5.run(JaSSLEngine.java:134)
at weblogic.security.SSL.jsseadapter.JaSSLEngine.doAction(JaSSLEngine.java:732)
at weblogic.security.SSL.jsseadapter.JaSSLEngine.unwrap(JaSSLEngine.java:132)
at weblogic.socket.JSSEFilterImpl.unwrap(JSSEFilterImpl.java:505)
at weblogic.socket.JSSEFilterImpl.unwrapAndHandleResults(JSSEFilterImpl.java:448)
at weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:80)
at weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:64)
at weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:59)
at weblogic.socket.JSSEFilterImpl.write(JSSEFilterImpl.java:390)
at weblogic.socket.JSSESocket$JSSEOutputStream.write(JSSESocket.java:89)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
at java.io.FilterOutputStream.flush(FilterOutputStream.java:140)
at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:186)
at weblogic.net.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:280)
at org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream.setupWrappedStream(URLConnectionHTTPConduit.java:168)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHeadersTrustCaching(HTTPConduit.java:1278)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWrite(HTTPConduit.java:1234)
at org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream.onFirstWrite(URLConnectionHTTPConduit.java:195)
at org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutputStream.java:47)
at org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThresholdOutputStream.java:69)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1291)
at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:623)
at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271)
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:541)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:474)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:377)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:330)
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:134)
at com.sun.proxy.$Proxy258.startTransaction(Unknown Source)
at com.optimal.identity.gateway.equifax.eidverify.VerifyClient.initiateVerification(VerifyClient.java:87)
at com.optimal.identity.gateway.equifax.eidverify.VerifyGateway.submitInitial(VerifyGateway.java:24)
at com.optimal.identity.service.IdentificationServiceImpl.submitInitial(IdentificationServiceImpl.java:147)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:110)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at com.sun.proxy.$Proxy211.submitInitial(Unknown Source)
at com.optimal.identity.web.rest.IdentificationController.create(IdentificationController.java:133)
at com.optimal.identity.web.rest.IdentificationController$$FastClassByCGLIB$$95f388d3.invoke(<generated>)
at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:698)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
at org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:64)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:631)
at com.optimal.identity.web.rest.IdentificationController$$EnhancerByCGLIB$$36b7b48f.create(<generated>)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.springframework.web.method.support.InvocableHandlerMethod.invoke(InvocableHandlerMethod.java:219)
at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:132)
at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:104)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandleMethod(RequestMappingHandlerAdapter.java:745)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:686)
at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:80)
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:925)
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:856)
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:920)
at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:827)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:801)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at org.springframework.web.filter.ShallowEtagHeaderFilter.doFilterInternal(ShallowEtagHeaderFilter.java:73)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:118)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:201)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at com.optimal.rest.loggerfilter.LoggerFilter.doFilterInternal(LoggerFilter.java:169)
at com.optimal.rest.loggerfilter.LoggerFilter.doFilter(LoggerFilter.java:123)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at com.optimal.web.spring.filter.ApplicationUidFilter.doFilterInternal(ApplicationUidFilter.java:51)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3730)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3696)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2273)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2179)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1490)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
>
AVIS IMPORTANT
WARNING
Ce message ?lectronique et ses pi?ces jointes peuvent contenir des renseignements confidentiels, exclusifs ou l?galement privil?gi?s destin?s au seul usage du destinataire vis?. L'exp?diteur original ne renonce ? aucun privil?ge ou ? aucun autre droit si le pr?sent message a ?t? transmis involontairement ou s'il est retransmis sans son autorisation. Si vous n'?tes pas le destinataire vis? du pr?sent message ou si vous l'avez re?u par erreur, veuillez cesser imm?diatement de le lire et le supprimer, ainsi que toutes ses pi?ces jointes, de votre syst?me. La lecture, la distribution, la copie ou tout autre usage du pr?sent message ou de ses pi?ces jointes par des personnes autres que le destinataire vis? ne sont pas autoris?s et pourraient ?tre ill?gaux. Si vous avez re?u ce courrier ?lectronique par erreur, veuillez en aviser l'exp?diteur.
This electronic message and its attachments may contain confidential, proprietary or legally privileged information, which is solely for the use of the intended recipient. No privilege or other rights are waived by any unintended transmission or unauthorized retransmission of this message. If you are not the intended recipient of this message, or if you have received it in error, you should immediately stop reading this message and delete it and all attachments from your system. The reading, distribution, copying or other use of this message or its attachments by unintended recipients is unauthorized and may be unlawful. If you have received this e-mail in error, please notify the sender.
--
WARNING
-------
This electronic message and its attachments may contain confidential, proprietary or legally privileged information, which is solely for the use of the intended recipient. No privilege or other rights are waived by any unintended transmission or unauthorized retransmission of this message. If you are not the intended recipient of this message, or if you have received it in error, you should immediately stop reading this message and delete it and all attachments from your system. The reading, distribution, copying or other use of this message or its attachments by unintended recipients is unauthorized and may be unlawful. If you have received this e-mail in error, please notify the sender.
AVIS IMPORTANT
--------------
Ce message electronique et ses pieces jointes peuvent contenir des renseignements confidentiels, exclusifs ou legalement privilegies destines au seul usage du destinataire vise. L'expediteur original ne renonce a aucun privilege ou a aucun autre droit si le present message a ete transmis involontairement ou s'il est retransmis sans son autorisation. Si vous n'etes pas le destinataire vise du present message ou si vous l'avez recu par erreur, veuillez cesser immediatement de le lire et le supprimer, ainsi que toutes ses pieces jointes, de votre systeme. La lecture, la distribution, la copie ou tout autre usage du present message ou de ses pieces jointes par des personnes autres que le destinataire vise ne sont pas autorises et pourraient etre illegaux. Si vous avez recu ce courrier electronique par erreur, veuillez en aviser l'expediteur.
Re: How to Disable SSLv2 client hello in CXF?
Posted by "Vjacheslav V. Borisov" <sl...@gmail.com>.
2014-10-24 17:40 GMT+04:00 David Roytenberg (Consultant) <
David.Roytenberg@optimalpayments.com>:
> Hi Vjacheslav,
>
> Thanks for your reply. We are deploying a web service client on
> WebLogic. So unfortunately idedtea won't help in our case as I believe
> it's a browser plugin.
>
No, icedtea is OpenJDK, and its recent releases containts fome fixes
against handshake_failure.
RE: How to Disable SSLv2 client hello in CXF?
Posted by "David Roytenberg (Consultant)" <Da...@optimalpayments.com>.
Hi Vjacheslav,
Thanks for your reply. We are deploying a web service client on WebLogic. So unfortunately idedtea won't help in our case as I believe it's a browser plugin.
I am looking for info on configuring or accessing the SSLContext in CXF 2.7.6.
David
-----Original Message-----
From: Vjacheslav V. Borisov [mailto:slavb18@gmail.com]
Sent: Friday, October 24, 2014 1:22 AM
To: users@cxf.apache.org
Subject: Re: How to Disable SSLv2 client hello in CXF?
2014-10-24 0:57 GMT+04:00 David Roytenberg (Consultant) <
David.Roytenberg@optimalpayments.com>:
> I'm having an SSL problem and I wonder if there is a way to fix it
> within CXF
>
> We have our CXF 2.7.6 based integration deployed on Weblogic 11. We
> are using JDK 1.7_065
>
> When we connect to our remote client via SSL we get the following
> trace with lots of SSL debugging turned on
>
> What appears to be happening is that the Hello message is sent with an
> SSLV2 protocol, which our partner's server does not like. Apparently
> sending the Hello at this level is a common behavior and apparently it
> sometimes causes the remote server to fail. I found a suggestion on
> line that this can be fixed by removing the SSLv2 from the allowed
> protocols. I am wondering if I can do that through CFX configuration?
>
> This is a reference to the article that suggests that removing the
> protocol is the solution to this problem:
>
>
>
>
We are using icedtea and solved handshake_failure issue by upgrading icedtea from 7.2.3.3 to 7.2.4.7 you can try upgading your jdk too or experement with enabling some subset of Cipher Suites, eg TLS_RSA_WITH_AES_128_CBC_SHA or some others
--
WARNING
-------
This electronic message and its attachments may contain confidential, proprietary or legally privileged information, which is solely for the use of the intended recipient. No privilege or other rights are waived by any unintended transmission or unauthorized retransmission of this message. If you are not the intended recipient of this message, or if you have received it in error, you should immediately stop reading this message and delete it and all attachments from your system. The reading, distribution, copying or other use of this message or its attachments by unintended recipients is unauthorized and may be unlawful. If you have received this e-mail in error, please notify the sender.
AVIS IMPORTANT
--------------
Ce message électronique et ses pièces jointes peuvent contenir des renseignements confidentiels, exclusifs ou légalement privilégiés destinés au seul usage du destinataire visé. L’expéditeur original ne renonce à aucun privilège ou à aucun autre droit si le présent message a été transmis involontairement ou s’il est retransmis sans son autorisation. Si vous n’êtes pas le destinataire visé du présent message ou si vous l’avez reçu par erreur, veuillez cesser immédiatement de le lire et le supprimer, ainsi que toutes ses pièces jointes, de votre système. La lecture, la distribution, la copie ou tout autre usage du présent message ou de ses pièces jointes par des personnes autres que le destinataire visé ne sont pas autorisés et pourraient être illégaux. Si vous avez reçu ce courrier électronique par erreur, veuillez en aviser l’expéditeur.
Re: How to Disable SSLv2 client hello in CXF?
Posted by "Vjacheslav V. Borisov" <sl...@gmail.com>.
2014-10-24 0:57 GMT+04:00 David Roytenberg (Consultant) <
David.Roytenberg@optimalpayments.com>:
> I'm having an SSL problem and I wonder if there is a way to fix it within
> CXF
>
> We have our CXF 2.7.6 based integration deployed on Weblogic 11. We are
> using JDK 1.7_065
>
> When we connect to our remote client via SSL we get the following trace
> with lots of SSL debugging turned on
>
> What appears to be happening is that the Hello message is sent with an
> SSLV2 protocol, which our partner's server does not like. Apparently
> sending the Hello at this level is a common behavior and apparently it
> sometimes causes the remote server to fail. I found a suggestion on line
> that this can be fixed by removing the SSLv2 from the allowed protocols. I
> am wondering if I can do that through CFX configuration?
>
> This is a reference to the article that suggests that removing the
> protocol is the solution to this problem:
>
>
>
>
We are using icedtea and solved handshake_failure issue by upgrading
icedtea from 7.2.3.3 to 7.2.4.7
you can try upgading your jdk too or experement with enabling some subset
of Cipher Suites, eg TLS_RSA_WITH_AES_128_CBC_SHA or some others
RE: How to Disable SSLv2 client hello in CXF?
Posted by "David Roytenberg (Consultant)" <Da...@optimalpayments.com>.
Thanks Colm.
a): We are already using JDK 7, but for some reason, SSLv2Hello is still being sent.
Likewise we have tried solution b) but it seems to be ignored in our current WebLogic based environment
c) works for us but we are currently precluded from using it by a conflict with another part of our local environment. Perhaps WebLogic is over-riding the CXF settings in our case.
Thanks for the response.
David Roytenberg
-----Original Message-----
From: Colm O hEigeartaigh [mailto:coheigea@apache.org]
Sent: Wednesday, October 29, 2014 11:23 AM
To: users@cxf.apache.org
Subject: Re: How to Disable SSLv2 client hello in CXF?
For the record, this issue can be resolved by either of the following:
a) Use (Oracle) JDK 1.7:
http://docs.oracle.com/javase/7/docs/technotes/guides/security/enhancements-7.html
"SSLv2Hello disabled by default on the client: In Java SE 7, SSLv2Hello is removed from the default enabled protocol list on the client."
b) Use the System property ("https.protocols"). e.g.
-Dhttps.protocols="TLSv1"
c) Use the secureSocketProtocol parameter of the TLSClientParameters Object, e.g. secureSocketProtocol="TLS"
Colm.
On Thu, Oct 23, 2014 at 9:57 PM, David Roytenberg (Consultant) < David.Roytenberg@optimalpayments.com> wrote:
> I'm having an SSL problem and I wonder if there is a way to fix it
> within CXF
>
> We have our CXF 2.7.6 based integration deployed on Weblogic 11. We
> are using JDK 1.7_065
>
> When we connect to our remote client via SSL we get the following
> trace with lots of SSL debugging turned on
>
> What appears to be happening is that the Hello message is sent with an
> SSLV2 protocol, which our partner's server does not like. Apparently
> sending the Hello at this level is a common behavior and apparently it
> sometimes causes the remote server to fail. I found a suggestion on
> line that this can be fixed by removing the SSLv2 from the allowed
> protocols. I am wondering if I can do that through CFX configuration?
>
> This is a reference to the article that suggests that removing the
> protocol is the solution to this problem:
>
>
> http://stackoverflow.com/questions/4682957/why-does-javas-sslsocket-se
> nd-a-version-2-client-hello
>
> The protocols are apparently set on the SSLContext in JSSE by calling
> setEnabledProtocols(String[] protocols)
>
> Is there a way to set the enabled protocols on the SSLContext via CXF
> configuration?
>
> If not, is there a way to get hold of the SSLContext programmatically
> in a CXF interceptor?
>
> We can't fix this problem at the WebLogic level because of side-effects on
> other apps. Thanks in advance for any suggestions or guidance!
>
> WebLogic SSL debug trace follows:
>
> %% No cached client session
> *** ClientHello, TLSv1.2
> RandomCookie: GMT: 1414096267 bytes = { 183, 209, 47, 148, 54, 202,
> 98, 8, 191, 222, 122, 248, 80, 190, 53, 88, 128, 130, 126, 108, 100,
> 82, 100, 197, 213, 31, 89, 96 } Session ID: {} Cipher Suites:
> [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
> TLS_RSA_WITH_AES_256_CBC_SHA256,
> TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
> TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
> TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
> TLS_DHE_DSS
> _WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA,
> TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
> TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
> TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AE S_256_CBC_SHA,
> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
> TLS_RSA_WITH_AES_128_CBC_SHA256,
> TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
> TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
> TLS_DHE_DSS_
> WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA,
> TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
> TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES _128_CBC_SHA,
> TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA,
> SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
> TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
> TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
> SSL_RSA_W
> ITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
> TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
> SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5,
> TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
> Compression Methods: { 0 }
> Extension elliptic_curves, curve names: {secp256r1, sect163k1,
> sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1,
> sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1,
> sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp1 92k1,
> sect193r1, sect193r2, secp224k1, sect239k1, secp256k1} Extension
> ec_point_formats, formats: [uncompressed] Extension
> signature_algorithms, signature_algorithms: SHA512withECDSA,
> SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA,
> SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA,
> SHA1withRSA, SHA1withDSA, MD5withRSA
> ***
> [write] MD5 and SHA1 hashes: len = 221
> 0000: 01 00 00 D9 03 03 54 49 66 8B B7 D1 2F 94 36 CA ......TIf.../.6.
> 0010: 62 08 BF DE 7A F8 50 BE 35 58 80 82 7E 6C 64 52 b...z.P.5X...ldR
> 0020: 64 C5 D5 1F 59 60 00 00 54 C0 24 C0 28 00 3D C0 d...Y`..T.$.(.=.
> 0030: 26 C0 2A 00 6B 00 6A C0 0A C0 14 00 35 C0 05 C0 &.*.k.j.....5...
> 0040: 0F 00 39 00 38 C0 23 C0 27 00 3C C0 25 C0 29 00 ..9.8.#.'.<.%.).
> 0050: 67 00 40 C0 09 C0 13 00 2F C0 04 C0 0E 00 33 00 g.@...../.....3.
> 0060: 32 C0 07 C0 11 00 05 C0 02 C0 0C C0 08 C0 12 00 2...............
> 0070: 0A C0 03 C0 0D 00 16 00 13 00 04 00 FF 01 00 00 ................
> 0080: 5C 00 0A 00 34 00 32 00 17 00 01 00 03 00 13 00 \...4.2.........
> 0090: 15 00 06 00 07 00 09 00 0A 00 18 00 0B 00 0C 00 ................
> 00A0: 19 00 0D 00 0E 00 0F 00 10 00 11 00 02 00 12 00 ................
> 00B0: 04 00 05 00 14 00 08 00 16 00 0B 00 02 01 00 00 ................
> 00C0: 0D 00 1A 00 18 06 03 06 01 05 03 05 01 04 03 04 ................
> 00D0: 01 03 03 03 01 02 03 02 01 02 02 01 01 .............
> [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default
> (self-tuning)', WRITE: TLSv1.2 Handshake, length = 221 [write] MD5 and
> SHA1 hashes: len = 188
> 0000: 01 03 03 00 93 00 00 00 20 00 C0 24 00 C0 28 00 ........ ..$..(.
> 0010: 00 3D 00 C0 26 00 C0 2A 00 00 6B 00 00 6A 00 C0 .=..&..*..k..j..
> 0020: 0A 07 00 C0 00 C0 14 00 00 35 00 C0 05 00 C0 0F .........5......
> 0030: 00 00 39 00 00 38 00 C0 23 00 C0 27 00 00 3C 00 ..9..8..#..'..<.
> 0040: C0 25 00 C0 29 00 00 67 00 00 40 00 C0 09 06 00 .%..)..g..@.....
> 0050: 40 00 C0 13 00 00 2F 00 C0 04 01 00 80 00 C0 0E @...../.........
> 0060: 00 00 33 00 00 32 00 C0 07 05 00 80 00 C0 11 00 ..3..2..........
> 0070: 00 05 00 C0 02 00 C0 0C 00 C0 08 00 C0 12 00 00 ................
> 0080: 0A 07 00 C0 00 C0 03 02 00 80 00 C0 0D 00 00 16 ................
> 0090: 00 00 13 00 00 04 01 00 80 00 00 FF 54 49 66 8B ............TIf.
> 00A0: B7 D1 2F 94 36 CA 62 08 BF DE 7A F8 50 BE 35 58 ../.6.b...z.P.5X
> 00B0: 80 82 7E 6C 64 52 64 C5 D5 1F 59 60 ...ldRd...Y`
> [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default
> (self-tuning)', WRITE: SSLv2 client hello message, length = 188 [Raw
> write]: length = 190
> 0000: 80 BC 01 03 03 00 93 00 00 00 20 00 C0 24 00 C0 .......... ..$..
> 0010: 28 00 00 3D 00 C0 26 00 C0 2A 00 00 6B 00 00 6A (..=..&..*..k..j
> 0020: 00 C0 0A 07 00 C0 00 C0 14 00 00 35 00 C0 05 00 ...........5....
> 0030: C0 0F 00 00 39 00 00 38 00 C0 23 00 C0 27 00 00 ....9..8..#..'..
> 0040: 3C 00 C0 25 00 C0 29 00 00 67 00 00 40 00 C0 09 <..%..)..g..@...
> 0050: 06 00 40 00 C0 13 00 00 2F 00 C0 04 01 00 80 00 ..@...../.......
> 0060: C0 0E 00 00 33 00 00 32 00 C0 07 05 00 80 00 C0 ....3..2........
> 0070: 11 00 00 05 00 C0 02 00 C0 0C 00 C0 08 00 C0 12 ................
> 0080: 00 00 0A 07 00 C0 00 C0 03 02 00 80 00 C0 0D 00 ................
> 0090: 00 16 00 00 13 00 00 04 01 00 80 00 00 FF 54 49 ..............TI
> 00A0: 66 8B B7 D1 2F 94 36 CA 62 08 BF DE 7A F8 50 BE f.../.6.b...z.P.
> 00B0: 35 58 80 82 7E 6C 64 52 64 C5 D5 1F 59 60 5X...ldRd...Y`
> <Oct 23, 2014 4:35:23 PM EDT> <Debug> <SecuritySSL> <BEA-000000>
> <[Thread[[ACTIVE] ExecuteThread: '0' for queue:
> 'weblogic.kernel.Default (self-tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseadapter:
> SSLENGINE: SSLEngine.wrap(ByteBuffer,ByteBuffer)
> called: result=Status = OK HandshakeStatus = NEED_UNWRAP bytesConsumed
> = 0 bytesProduced = 190.> <Oct 23, 2014 4:35:23 PM EDT> <Debug>
> <SecuritySSL> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '0' for
> queue: 'weblogic.kernel.Default (self-tuning)',5,Pooled
> Threads]]weblogic.security.SSL.jsseadapter:
> SSLENGINE: SSLEngine.unwrap(ByteBuffer,ByteBuffer
> []) called: result=Status = BUFFER_UNDERFLOW HandshakeStatus =
> NEED_UNWRAP bytesConsumed = 0 bytesProduced = 0.> [Raw read]: length =
> 5
> 0000: 15 03 03 00 02 .....
> [Raw read]: length = 2
> 0000: 02 28 .(
> [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default
> (self-tuning)', READ: TLSv1.2 Alert, length = 2 [ACTIVE]
> ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)',
> RECV TLSv1 ALERT: fatal, handshake_failure [ACTIVE] ExecuteThread:
> '0' for queue: 'weblogic.kernel.Default (self-tuning)', fatal: engine
> already closed. Rethrowing
> javax.net.ssl.SSLException: Received fatal alert: handshake_failure
> [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default
> (self-tuning)', fatal: engine already closed. Rethrowing
> javax.net.ssl.SSLException: Received fatal alert: handshake_failure
> <Oct 23, 2014 4:35:23 PM EDT> <Debug> <SecuritySSL> <BEA-000000>
> <[Thread[[ACTIVE] ExecuteThread: '0' for queue:
> 'weblogic.kernel.Default (self-tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseadapter:
> SSLENGINE: Exception occurred during SSLEngine.un
> wrap(ByteBuffer,ByteBuffer[]).
> javax.net.ssl.SSLException: Received fatal alert: handshake_failure
> at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
> at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1619)
> at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1587)
> at
> sun.security.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1756)
> at
> sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1060)
> at
> sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:884)
> at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:758)
> at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:664)
> at
> weblogic.security.SSL.jsseadapter.JaSSLEngine$5.run(JaSSLEngine.java:134)
> at
> weblogic.security.SSL.jsseadapter.JaSSLEngine.doAction(JaSSLEngine.java:732)
> at
> weblogic.security.SSL.jsseadapter.JaSSLEngine.unwrap(JaSSLEngine.java:132)
> at weblogic.socket.JSSEFilterImpl.unwrap(JSSEFilterImpl.java:505)
> at
> weblogic.socket.JSSEFilterImpl.unwrapAndHandleResults(JSSEFilterImpl.java:448)
> at
> weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:80)
> at
> weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:64)
> at
> weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:59)
> at weblogic.socket.JSSEFilterImpl.write(JSSEFilterImpl.java:390)
> at
> weblogic.socket.JSSESocket$JSSEOutputStream.write(JSSESocket.java:89)
> at
> java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
> at
> java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
> at java.io.FilterOutputStream.flush(FilterOutputStream.java:140)
> at
> weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:186)
> at
> weblogic.net.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:280)
> at
> org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream.setupWrappedStream(URLConnectionHTTPConduit.java:168)
> at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHeadersTrustCaching(HTTPConduit.java:1278)
> at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWrite(HTTPConduit.java:1234)
> at
> org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream.onFirstWrite(URLConnectionHTTPConduit.java:195)
> at
> org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutputStream.java:47)
> at
> org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThresholdOutputStream.java:69)
> at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1291)
> at
> org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
> at
> org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:623)
> at
> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
> at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271)
> at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:541)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:474)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:377)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:330)
> at
> org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
> at
> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:134)
> at com.sun.proxy.$Proxy258.startTransaction(Unknown Source)
> at
> com.optimal.identity.gateway.equifax.eidverify.VerifyClient.initiateVerification(VerifyClient.java:87)
> at
> com.optimal.identity.gateway.equifax.eidverify.VerifyGateway.submitInitial(VerifyGateway.java:24)
> at
> com.optimal.identity.service.IdentificationServiceImpl.submitInitial(IdentificationServiceImpl.java:147)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:606)
> at
> org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
> at
> org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:110)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
> at
> org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
> at com.sun.proxy.$Proxy211.submitInitial(Unknown Source)
> at
> com.optimal.identity.web.rest.IdentificationController.create(IdentificationController.java:133)
> at
> com.optimal.identity.web.rest.IdentificationController$$FastClassByCGLIB$$95f388d3.invoke(<generated>)
> at
> org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
> at
> org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:698)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
> at
> org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:64)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
> at
> org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:631)
> at
> com.optimal.identity.web.rest.IdentificationController$$EnhancerByCGLIB$$36b7b48f.create(<generated>)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:606)
> at
> org.springframework.web.method.support.InvocableHandlerMethod.invoke(InvocableHandlerMethod.java:219)
> at
> org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:132)
> at
> org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:104)
> at
> org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandleMethod(RequestMappingHandlerAdapter.java:745)
> at
> org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:686)
> at
> org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:80)
> at
> org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:925)
> at
> org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:856)
> at
> org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:920)
> at
> org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:827)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
> at
> org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:801)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
> at
> weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
> at
> weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
> at
> weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
> at
> weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
> at
> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
> at
> org.springframework.web.filter.ShallowEtagHeaderFilter.doFilterInternal(ShallowEtagHeaderFilter.java:73)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
> at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
> at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
> at
> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
> at
> org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:118)
> at
> org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> at
> org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> at
> org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> at
> org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> at
> org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:201)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> at
> org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> at
> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
> at
> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
> at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
> at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
> at
> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
> at
> com.optimal.rest.loggerfilter.LoggerFilter.doFilterInternal(LoggerFilter.java:169)
> at
> com.optimal.rest.loggerfilter.LoggerFilter.doFilter(LoggerFilter.java:123)
> at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
> at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
> at
> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
> at
> com.optimal.web.spring.filter.ApplicationUidFilter.doFilterInternal(ApplicationUidFilter.java:51)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
> at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
> at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
> at
> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
> at
> weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3730)
> at
> weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3696)
> at
> weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
> at
> weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
> at
> weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2273)
> at
> weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2179)
> at
> weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1490)
> at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
> at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
> >
> AVIS IMPORTANT
>
> WARNING
>
>
> Ce message ?lectronique et ses pi?ces jointes peuvent contenir des
> renseignements confidentiels, exclusifs ou l?galement privil?gi?s
> destin?s au seul usage du destinataire vis?. L'exp?diteur original ne renonce ?
> aucun privil?ge ou ? aucun autre droit si le pr?sent message a ?t?
> transmis involontairement ou s'il est retransmis sans son
> autorisation. Si vous n'?tes pas le destinataire vis? du pr?sent
> message ou si vous l'avez re?u par erreur, veuillez cesser
> imm?diatement de le lire et le supprimer, ainsi que toutes ses pi?ces
> jointes, de votre syst?me. La lecture, la distribution, la copie ou
> tout autre usage du pr?sent message ou de ses pi?ces jointes par des
> personnes autres que le destinataire vis? ne sont pas autoris?s et
> pourraient ?tre ill?gaux. Si vous avez re?u ce courrier ?lectronique par erreur, veuillez en aviser l'exp?diteur.
>
>
> This electronic message and its attachments may contain confidential,
> proprietary or legally privileged information, which is solely for the
> use of the intended recipient. No privilege or other rights are waived
> by any unintended transmission or unauthorized retransmission of this
> message. If you are not the intended recipient of this message, or if
> you have received it in error, you should immediately stop reading
> this message and delete it and all attachments from your system. The
> reading, distribution, copying or other use of this message or its
> attachments by unintended recipients is unauthorized and may be
> unlawful. If you have received this e-mail in error, please notify the sender.
>
> --
> WARNING
> -------
> This electronic message and its attachments may contain confidential,
> proprietary or legally privileged information, which is solely for the
> use of the intended recipient. No privilege or other rights are
> waived by any unintended transmission or unauthorized retransmission
> of this message. If you are not the intended recipient of this
> message, or if you have received it in error, you should immediately
> stop reading this message and delete it and all attachments from your
> system. The reading, distribution, copying or other use of this
> message or its attachments by unintended recipients is unauthorized
> and may be unlawful. If you have received this e-mail in error, please notify the sender.
>
> AVIS IMPORTANT
> --------------
> Ce message electronique et ses pieces jointes peuvent contenir des
> renseignements confidentiels, exclusifs ou legalement privilegies
> destines au seul usage du destinataire vise. L'expediteur original ne
> renonce a aucun privilege ou a aucun autre droit si le present message
> a ete transmis involontairement ou s'il est retransmis sans son
> autorisation. Si vous n'etes pas le destinataire vise du present
> message ou si vous l'avez recu par erreur, veuillez cesser
> immediatement de le lire et le supprimer, ainsi que toutes ses pieces
> jointes, de votre systeme. La lecture, la distribution, la copie ou
> tout autre usage du present message ou de ses pieces jointes par des
> personnes autres que le destinataire vise ne sont pas autorises et
> pourraient etre illegaux. Si vous avez recu ce courrier electronique par erreur, veuillez en aviser l'expediteur.
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
--
WARNING
-------
This electronic message and its attachments may contain confidential, proprietary or legally privileged information, which is solely for the use of the intended recipient. No privilege or other rights are waived by any unintended transmission or unauthorized retransmission of this message. If you are not the intended recipient of this message, or if you have received it in error, you should immediately stop reading this message and delete it and all attachments from your system. The reading, distribution, copying or other use of this message or its attachments by unintended recipients is unauthorized and may be unlawful. If you have received this e-mail in error, please notify the sender.
AVIS IMPORTANT
--------------
Ce message électronique et ses pièces jointes peuvent contenir des renseignements confidentiels, exclusifs ou légalement privilégiés destinés au seul usage du destinataire visé. L’expéditeur original ne renonce à aucun privilège ou à aucun autre droit si le présent message a été transmis involontairement ou s’il est retransmis sans son autorisation. Si vous n’êtes pas le destinataire visé du présent message ou si vous l’avez reçu par erreur, veuillez cesser immédiatement de le lire et le supprimer, ainsi que toutes ses pièces jointes, de votre système. La lecture, la distribution, la copie ou tout autre usage du présent message ou de ses pièces jointes par des personnes autres que le destinataire visé ne sont pas autorisés et pourraient être illégaux. Si vous avez reçu ce courrier électronique par erreur, veuillez en aviser l’expéditeur.
Re: How to Disable SSLv2 client hello in CXF?
Posted by Colm O hEigeartaigh <co...@apache.org>.
For the record, this issue can be resolved by either of the following:
a) Use (Oracle) JDK 1.7:
http://docs.oracle.com/javase/7/docs/technotes/guides/security/enhancements-7.html
"SSLv2Hello disabled by default on the client: In Java SE 7, SSLv2Hello
is removed from the default enabled protocol list on the client."
b) Use the System property ("https.protocols"). e.g.
-Dhttps.protocols="TLSv1"
c) Use the secureSocketProtocol parameter of the TLSClientParameters
Object, e.g. secureSocketProtocol="TLS"
Colm.
On Thu, Oct 23, 2014 at 9:57 PM, David Roytenberg (Consultant) <
David.Roytenberg@optimalpayments.com> wrote:
> I'm having an SSL problem and I wonder if there is a way to fix it within
> CXF
>
> We have our CXF 2.7.6 based integration deployed on Weblogic 11. We are
> using JDK 1.7_065
>
> When we connect to our remote client via SSL we get the following trace
> with lots of SSL debugging turned on
>
> What appears to be happening is that the Hello message is sent with an
> SSLV2 protocol, which our partner's server does not like. Apparently
> sending the Hello at this level is a common behavior and apparently it
> sometimes causes the remote server to fail. I found a suggestion on line
> that this can be fixed by removing the SSLv2 from the allowed protocols. I
> am wondering if I can do that through CFX configuration?
>
> This is a reference to the article that suggests that removing the
> protocol is the solution to this problem:
>
>
> http://stackoverflow.com/questions/4682957/why-does-javas-sslsocket-send-a-version-2-client-hello
>
> The protocols are apparently set on the SSLContext in JSSE by calling
> setEnabledProtocols(String[] protocols)
>
> Is there a way to set the enabled protocols on the SSLContext via CXF
> configuration?
>
> If not, is there a way to get hold of the SSLContext programmatically in a
> CXF interceptor?
>
> We can't fix this problem at the WebLogic level because of side-effects on
> other apps. Thanks in advance for any suggestions or guidance!
>
> WebLogic SSL debug trace follows:
>
> %% No cached client session
> *** ClientHello, TLSv1.2
> RandomCookie: GMT: 1414096267 bytes = { 183, 209, 47, 148, 54, 202, 98,
> 8, 191, 222, 122, 248, 80, 190, 53, 88, 128, 130, 126, 108, 100, 82, 100,
> 197, 213, 31, 89, 96 }
> Session ID: {}
> Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256,
> TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
> TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
> TLS_DHE_DSS
> _WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA,
> TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
> TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AE
> S_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256,
> TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
> TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
> TLS_DHE_DSS_
> WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA,
> TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES
> _128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
> TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA,
> TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA,
> TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
> SSL_RSA_W
> ITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
> TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
> SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5,
> TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
> Compression Methods: { 0 }
> Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2,
> secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1,
> secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1,
> secp160k1, secp160r1, secp160r2, sect163r1, secp1
> 92k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
> Extension ec_point_formats, formats: [uncompressed]
> Extension signature_algorithms, signature_algorithms: SHA512withECDSA,
> SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA,
> SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA,
> SHA1withDSA, MD5withRSA
> ***
> [write] MD5 and SHA1 hashes: len = 221
> 0000: 01 00 00 D9 03 03 54 49 66 8B B7 D1 2F 94 36 CA ......TIf.../.6.
> 0010: 62 08 BF DE 7A F8 50 BE 35 58 80 82 7E 6C 64 52 b...z.P.5X...ldR
> 0020: 64 C5 D5 1F 59 60 00 00 54 C0 24 C0 28 00 3D C0 d...Y`..T.$.(.=.
> 0030: 26 C0 2A 00 6B 00 6A C0 0A C0 14 00 35 C0 05 C0 &.*.k.j.....5...
> 0040: 0F 00 39 00 38 C0 23 C0 27 00 3C C0 25 C0 29 00 ..9.8.#.'.<.%.).
> 0050: 67 00 40 C0 09 C0 13 00 2F C0 04 C0 0E 00 33 00 g.@...../.....3.
> 0060: 32 C0 07 C0 11 00 05 C0 02 C0 0C C0 08 C0 12 00 2...............
> 0070: 0A C0 03 C0 0D 00 16 00 13 00 04 00 FF 01 00 00 ................
> 0080: 5C 00 0A 00 34 00 32 00 17 00 01 00 03 00 13 00 \...4.2.........
> 0090: 15 00 06 00 07 00 09 00 0A 00 18 00 0B 00 0C 00 ................
> 00A0: 19 00 0D 00 0E 00 0F 00 10 00 11 00 02 00 12 00 ................
> 00B0: 04 00 05 00 14 00 08 00 16 00 0B 00 02 01 00 00 ................
> 00C0: 0D 00 1A 00 18 06 03 06 01 05 03 05 01 04 03 04 ................
> 00D0: 01 03 03 03 01 02 03 02 01 02 02 01 01 .............
> [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default
> (self-tuning)', WRITE: TLSv1.2 Handshake, length = 221
> [write] MD5 and SHA1 hashes: len = 188
> 0000: 01 03 03 00 93 00 00 00 20 00 C0 24 00 C0 28 00 ........ ..$..(.
> 0010: 00 3D 00 C0 26 00 C0 2A 00 00 6B 00 00 6A 00 C0 .=..&..*..k..j..
> 0020: 0A 07 00 C0 00 C0 14 00 00 35 00 C0 05 00 C0 0F .........5......
> 0030: 00 00 39 00 00 38 00 C0 23 00 C0 27 00 00 3C 00 ..9..8..#..'..<.
> 0040: C0 25 00 C0 29 00 00 67 00 00 40 00 C0 09 06 00 .%..)..g..@.....
> 0050: 40 00 C0 13 00 00 2F 00 C0 04 01 00 80 00 C0 0E @...../.........
> 0060: 00 00 33 00 00 32 00 C0 07 05 00 80 00 C0 11 00 ..3..2..........
> 0070: 00 05 00 C0 02 00 C0 0C 00 C0 08 00 C0 12 00 00 ................
> 0080: 0A 07 00 C0 00 C0 03 02 00 80 00 C0 0D 00 00 16 ................
> 0090: 00 00 13 00 00 04 01 00 80 00 00 FF 54 49 66 8B ............TIf.
> 00A0: B7 D1 2F 94 36 CA 62 08 BF DE 7A F8 50 BE 35 58 ../.6.b...z.P.5X
> 00B0: 80 82 7E 6C 64 52 64 C5 D5 1F 59 60 ...ldRd...Y`
> [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default
> (self-tuning)', WRITE: SSLv2 client hello message, length = 188
> [Raw write]: length = 190
> 0000: 80 BC 01 03 03 00 93 00 00 00 20 00 C0 24 00 C0 .......... ..$..
> 0010: 28 00 00 3D 00 C0 26 00 C0 2A 00 00 6B 00 00 6A (..=..&..*..k..j
> 0020: 00 C0 0A 07 00 C0 00 C0 14 00 00 35 00 C0 05 00 ...........5....
> 0030: C0 0F 00 00 39 00 00 38 00 C0 23 00 C0 27 00 00 ....9..8..#..'..
> 0040: 3C 00 C0 25 00 C0 29 00 00 67 00 00 40 00 C0 09 <..%..)..g..@...
> 0050: 06 00 40 00 C0 13 00 00 2F 00 C0 04 01 00 80 00 ..@...../.......
> 0060: C0 0E 00 00 33 00 00 32 00 C0 07 05 00 80 00 C0 ....3..2........
> 0070: 11 00 00 05 00 C0 02 00 C0 0C 00 C0 08 00 C0 12 ................
> 0080: 00 00 0A 07 00 C0 00 C0 03 02 00 80 00 C0 0D 00 ................
> 0090: 00 16 00 00 13 00 00 04 01 00 80 00 00 FF 54 49 ..............TI
> 00A0: 66 8B B7 D1 2F 94 36 CA 62 08 BF DE 7A F8 50 BE f.../.6.b...z.P.
> 00B0: 35 58 80 82 7E 6C 64 52 64 C5 D5 1F 59 60 5X...ldRd...Y`
> <Oct 23, 2014 4:35:23 PM EDT> <Debug> <SecuritySSL> <BEA-000000>
> <[Thread[[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default
> (self-tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseadapter:
> SSLENGINE: SSLEngine.wrap(ByteBuffer,ByteBuffer)
> called: result=Status = OK HandshakeStatus = NEED_UNWRAP
> bytesConsumed = 0 bytesProduced = 190.>
> <Oct 23, 2014 4:35:23 PM EDT> <Debug> <SecuritySSL> <BEA-000000>
> <[Thread[[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default
> (self-tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseadapter:
> SSLENGINE: SSLEngine.unwrap(ByteBuffer,ByteBuffer
> []) called: result=Status = BUFFER_UNDERFLOW HandshakeStatus = NEED_UNWRAP
> bytesConsumed = 0 bytesProduced = 0.>
> [Raw read]: length = 5
> 0000: 15 03 03 00 02 .....
> [Raw read]: length = 2
> 0000: 02 28 .(
> [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default
> (self-tuning)', READ: TLSv1.2 Alert, length = 2
> [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default
> (self-tuning)', RECV TLSv1 ALERT: fatal, handshake_failure
> [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default
> (self-tuning)', fatal: engine already closed. Rethrowing
> javax.net.ssl.SSLException: Received fatal alert: handshake_failure
> [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default
> (self-tuning)', fatal: engine already closed. Rethrowing
> javax.net.ssl.SSLException: Received fatal alert: handshake_failure
> <Oct 23, 2014 4:35:23 PM EDT> <Debug> <SecuritySSL> <BEA-000000>
> <[Thread[[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default
> (self-tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseadapter:
> SSLENGINE: Exception occurred during SSLEngine.un
> wrap(ByteBuffer,ByteBuffer[]).
> javax.net.ssl.SSLException: Received fatal alert: handshake_failure
> at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
> at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1619)
> at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1587)
> at
> sun.security.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1756)
> at
> sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1060)
> at
> sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:884)
> at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:758)
> at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:664)
> at
> weblogic.security.SSL.jsseadapter.JaSSLEngine$5.run(JaSSLEngine.java:134)
> at
> weblogic.security.SSL.jsseadapter.JaSSLEngine.doAction(JaSSLEngine.java:732)
> at
> weblogic.security.SSL.jsseadapter.JaSSLEngine.unwrap(JaSSLEngine.java:132)
> at weblogic.socket.JSSEFilterImpl.unwrap(JSSEFilterImpl.java:505)
> at
> weblogic.socket.JSSEFilterImpl.unwrapAndHandleResults(JSSEFilterImpl.java:448)
> at
> weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:80)
> at
> weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:64)
> at
> weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:59)
> at weblogic.socket.JSSEFilterImpl.write(JSSEFilterImpl.java:390)
> at
> weblogic.socket.JSSESocket$JSSEOutputStream.write(JSSESocket.java:89)
> at
> java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
> at
> java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
> at java.io.FilterOutputStream.flush(FilterOutputStream.java:140)
> at
> weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:186)
> at
> weblogic.net.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:280)
> at
> org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream.setupWrappedStream(URLConnectionHTTPConduit.java:168)
> at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHeadersTrustCaching(HTTPConduit.java:1278)
> at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWrite(HTTPConduit.java:1234)
> at
> org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream.onFirstWrite(URLConnectionHTTPConduit.java:195)
> at
> org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutputStream.java:47)
> at
> org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThresholdOutputStream.java:69)
> at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1291)
> at
> org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
> at
> org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:623)
> at
> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
> at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271)
> at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:541)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:474)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:377)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:330)
> at
> org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
> at
> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:134)
> at com.sun.proxy.$Proxy258.startTransaction(Unknown Source)
> at
> com.optimal.identity.gateway.equifax.eidverify.VerifyClient.initiateVerification(VerifyClient.java:87)
> at
> com.optimal.identity.gateway.equifax.eidverify.VerifyGateway.submitInitial(VerifyGateway.java:24)
> at
> com.optimal.identity.service.IdentificationServiceImpl.submitInitial(IdentificationServiceImpl.java:147)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:606)
> at
> org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
> at
> org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:110)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
> at
> org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
> at com.sun.proxy.$Proxy211.submitInitial(Unknown Source)
> at
> com.optimal.identity.web.rest.IdentificationController.create(IdentificationController.java:133)
> at
> com.optimal.identity.web.rest.IdentificationController$$FastClassByCGLIB$$95f388d3.invoke(<generated>)
> at
> org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
> at
> org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:698)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
> at
> org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:64)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
> at
> org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:631)
> at
> com.optimal.identity.web.rest.IdentificationController$$EnhancerByCGLIB$$36b7b48f.create(<generated>)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:606)
> at
> org.springframework.web.method.support.InvocableHandlerMethod.invoke(InvocableHandlerMethod.java:219)
> at
> org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:132)
> at
> org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:104)
> at
> org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandleMethod(RequestMappingHandlerAdapter.java:745)
> at
> org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:686)
> at
> org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:80)
> at
> org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:925)
> at
> org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:856)
> at
> org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:920)
> at
> org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:827)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
> at
> org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:801)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
> at
> weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
> at
> weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
> at
> weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
> at
> weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
> at
> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
> at
> org.springframework.web.filter.ShallowEtagHeaderFilter.doFilterInternal(ShallowEtagHeaderFilter.java:73)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
> at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
> at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
> at
> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
> at
> org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:118)
> at
> org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> at
> org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> at
> org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> at
> org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> at
> org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:201)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> at
> org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> at
> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
> at
> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
> at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
> at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
> at
> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
> at
> com.optimal.rest.loggerfilter.LoggerFilter.doFilterInternal(LoggerFilter.java:169)
> at
> com.optimal.rest.loggerfilter.LoggerFilter.doFilter(LoggerFilter.java:123)
> at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
> at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
> at
> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
> at
> com.optimal.web.spring.filter.ApplicationUidFilter.doFilterInternal(ApplicationUidFilter.java:51)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
> at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
> at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
> at
> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
> at
> weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3730)
> at
> weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3696)
> at
> weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
> at
> weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
> at
> weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2273)
> at
> weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2179)
> at
> weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1490)
> at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
> at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
> >
> AVIS IMPORTANT
>
> WARNING
>
>
> Ce message ?lectronique et ses pi?ces jointes peuvent contenir des
> renseignements confidentiels, exclusifs ou l?galement privil?gi?s destin?s
> au seul usage du destinataire vis?. L'exp?diteur original ne renonce ?
> aucun privil?ge ou ? aucun autre droit si le pr?sent message a ?t? transmis
> involontairement ou s'il est retransmis sans son autorisation. Si vous
> n'?tes pas le destinataire vis? du pr?sent message ou si vous l'avez re?u
> par erreur, veuillez cesser imm?diatement de le lire et le supprimer, ainsi
> que toutes ses pi?ces jointes, de votre syst?me. La lecture, la
> distribution, la copie ou tout autre usage du pr?sent message ou de ses
> pi?ces jointes par des personnes autres que le destinataire vis? ne sont
> pas autoris?s et pourraient ?tre ill?gaux. Si vous avez re?u ce courrier
> ?lectronique par erreur, veuillez en aviser l'exp?diteur.
>
>
> This electronic message and its attachments may contain confidential,
> proprietary or legally privileged information, which is solely for the use
> of the intended recipient. No privilege or other rights are waived by any
> unintended transmission or unauthorized retransmission of this message. If
> you are not the intended recipient of this message, or if you have received
> it in error, you should immediately stop reading this message and delete it
> and all attachments from your system. The reading, distribution, copying or
> other use of this message or its attachments by unintended recipients is
> unauthorized and may be unlawful. If you have received this e-mail in
> error, please notify the sender.
>
> --
> WARNING
> -------
> This electronic message and its attachments may contain confidential,
> proprietary or legally privileged information, which is solely for the use
> of the intended recipient. No privilege or other rights are waived by any
> unintended transmission or unauthorized retransmission of this message. If
> you are not the intended recipient of this message, or if you have received
> it in error, you should immediately stop reading this message and delete it
> and all attachments from your system. The reading, distribution, copying
> or other use of this message or its attachments by unintended recipients is
> unauthorized and may be unlawful. If you have received this e-mail in
> error, please notify the sender.
>
> AVIS IMPORTANT
> --------------
> Ce message electronique et ses pieces jointes peuvent contenir des
> renseignements confidentiels, exclusifs ou legalement privilegies destines
> au seul usage du destinataire vise. L'expediteur original ne renonce a
> aucun privilege ou a aucun autre droit si le present message a ete transmis
> involontairement ou s'il est retransmis sans son autorisation. Si vous
> n'etes pas le destinataire vise du present message ou si vous l'avez recu
> par erreur, veuillez cesser immediatement de le lire et le supprimer, ainsi
> que toutes ses pieces jointes, de votre systeme. La lecture, la
> distribution, la copie ou tout autre usage du present message ou de ses
> pieces jointes par des personnes autres que le destinataire vise ne sont
> pas autorises et pourraient etre illegaux. Si vous avez recu ce courrier
> electronique par erreur, veuillez en aviser l'expediteur.
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
RE: How to Disable SSLv2 client hello in CXF?
Posted by "David Roytenberg (Consultant)" <Da...@optimalpayments.com>.
Hi Andrei,
Here is the code I am using to set the protocol. We also tried it with TLS, but it did not prevent the use of the SSLv2Hello protocol for the Hello packet in the handshake, which seems to be causing the problem with our partner's server. This configuration works fine with another partner that I integrated with in the summer. Until now I've just set the proxy server and port. Didn't have to worry about the TLSClientParameters. I'm using them here to try to control the protocol. But both TLS and SSLv3 settings seem to allow the hello packet to be sent with the SSLv2Hello protocol which seems top cause our new partner's server to drop the connection immediately. Do I need to add my own SSLSocketFactory?
.....
Client cxfClient = ClientProxy.getClient(eidVerifyCxfClient);
HTTPConduit conduit = (HTTPConduit) cxfClient.getConduit();
HTTPClientPolicy policy = conduit.getClient();
TLSClientParameters tlsClientParameters = conduit.getTlsClientParameters();
if(tlsClientParameters!=null) {
String protocol = tlsClientParameters.getSecureSocketProtocol();
logger.info("SSL SSL SSL Protocol: "+protocol);
}
else{
TLSClientParameters tp = new TLSClientParameters();
conduit.setTlsClientParameters(tp);
}
conduit.getTlsClientParameters().setSecureSocketProtocol("SSLv3");
// conduit.getTlsClientParameters().setSecureSocketProtocol("TLS");
......
-----Original Message-----
From: Andrei Shakirin [mailto:ashakirin@talend.com]
Sent: Monday, October 27, 2014 5:13 AM
To: users@cxf.apache.org
Subject: RE: How to Disable SSLv2 client hello in CXF?
Hi,
I guess you mean TLSClientParameters.secureSocketProtocol in Conduit.
As far as I can see this parameter is used for creating java.net.ssl.SSLContext:
String protocol = parameters.getSecureSocketProtocol() != null ? parameters
.getSecureSocketProtocol() : "TLS";
The setting should work. How you apply conduit settings: programmatically or via spring configuration?
Could you past the code snapshot?
Regards,
Andrei.
> -----Original Message-----
> From: David Roytenberg (Consultant)
> [mailto:David.Roytenberg@optimalpayments.com]
> Sent: Freitag, 24. Oktober 2014 17:46
> To: users@cxf.apache.org
> Subject: RE: How to Disable SSLv2 client hello in CXF?
>
> Hello again.
>
> I've dug further into the CXF documentation and found that it is
> possible to programmatically set the SSL protocols on the
> TLSProperties object of the Conduit.
>
> I've created the TLS properties and set the SSL protocols to TLS1, but
> this does not change the SSL behavior, which still starts with TLSv1.2
> then sends the hello with SSLv2 which is then dropped on the client
> end. Is there another switch that has to be set to over-ride the default SSL behavior?
>
> David
>
> -----Original Message-----
> From: David Roytenberg (Consultant)
> [mailto:David.Roytenberg@optimalpayments.com]
> Sent: Thursday, October 23, 2014 4:57 PM
> To: users@cxf.apache.org
> Subject: How to Disable SSLv2 client hello in CXF?
>
> I'm having an SSL problem and I wonder if there is a way to fix it
> within CXF
>
> We have our CXF 2.7.6 based integration deployed on Weblogic 11. We
> are using JDK 1.7_065
>
> When we connect to our remote client via SSL we get the following
> trace with lots of SSL debugging turned on
>
> What appears to be happening is that the Hello message is sent with an
> SSLV2 protocol, which our partner's server does not like. Apparently
> sending the Hello at this level is a common behavior and apparently it
> sometimes causes the remote server to fail. I found a suggestion on
> line that this can be fixed by removing the SSLv2 from the allowed
> protocols. I am wondering if I can do that through CFX configuration?
>
> This is a reference to the article that suggests that removing the
> protocol is the solution to this problem:
>
> http://stackoverflow.com/questions/4682957/why-does-javas-sslsocket-se
> nd-a-
> version-2-client-hello
>
> The protocols are apparently set on the SSLContext in JSSE by calling
> setEnabledProtocols(String[] protocols)
>
> Is there a way to set the enabled protocols on the SSLContext via CXF
> configuration?
>
> If not, is there a way to get hold of the SSLContext programmatically
> in a CXF interceptor?
>
> We can't fix this problem at the WebLogic level because of side-effects on
> other apps. Thanks in advance for any suggestions or guidance!
>
> WebLogic SSL debug trace follows:
>
> %% No cached client session
> *** ClientHello, TLSv1.2
> RandomCookie: GMT: 1414096267 bytes = { 183, 209, 47, 148, 54, 202,
> 98, 8, 191, 222, 122, 248, 80, 190, 53, 88, 128, 130, 126, 108, 100,
> 82, 100, 197, 213, 31, 89, 96 } Session ID: {} Cipher Suites:
> [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
> TLS_RSA_WITH_AES_256_CBC_SHA256,
> TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
> TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
> TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS
> _WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
> TLS_RSA_WITH_AES_256_CBC_SHA,
> TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
> TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
> TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AE S_256_CBC_SHA,
> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
> TLS_RSA_WITH_AES_128_CBC_SHA256,
> TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
> TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_
> WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
> TLS_RSA_WITH_AES_128_CBC_SHA,
> TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
> TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES _128_CBC_SHA,
> TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA,
> SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
> TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
> TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_W ITH_3DES_EDE_CBC_SHA,
> TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
> TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
> SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
> SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5,
> TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
> Compression Methods: { 0 }
> Extension elliptic_curves, curve names: {secp256r1, sect163k1,
> sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1,
> sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1,
> sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp1 92k1,
> sect193r1, sect193r2, secp224k1, sect239k1, secp256k1} Extension
> ec_point_formats, formats: [uncompressed] Extension
> signature_algorithms, signature_algorithms: SHA512withECDSA,
> SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA,
> SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA,
> SHA1withRSA, SHA1withDSA, MD5withRSA
> ***
> [write] MD5 and SHA1 hashes: len = 221
> 0000: 01 00 00 D9 03 03 54 49 66 8B B7 D1 2F 94 36 CA ......TIf.../.6.
> 0010: 62 08 BF DE 7A F8 50 BE 35 58 80 82 7E 6C 64 52 b...z.P.5X...ldR
> 0020: 64 C5 D5 1F 59 60 00 00 54 C0 24 C0 28 00 3D C0 d...Y`..T.$.(.=.
> 0030: 26 C0 2A 00 6B 00 6A C0 0A C0 14 00 35 C0 05 C0 &.*.k.j.....5...
> 0040: 0F 00 39 00 38 C0 23 C0 27 00 3C C0 25 C0 29 00 ..9.8.#.'.<.%.).
> 0050: 67 00 40 C0 09 C0 13 00 2F C0 04 C0 0E 00 33 00 g.@...../.....3.
> 0060: 32 C0 07 C0 11 00 05 C0 02 C0 0C C0 08 C0 12 00 2...............
> 0070: 0A C0 03 C0 0D 00 16 00 13 00 04 00 FF 01 00 00 ................
> 0080: 5C 00 0A 00 34 00 32 00 17 00 01 00 03 00 13 00 \...4.2.........
> 0090: 15 00 06 00 07 00 09 00 0A 00 18 00 0B 00 0C 00 ................
> 00A0: 19 00 0D 00 0E 00 0F 00 10 00 11 00 02 00 12 00 ................
> 00B0: 04 00 05 00 14 00 08 00 16 00 0B 00 02 01 00 00 ................
> 00C0: 0D 00 1A 00 18 06 03 06 01 05 03 05 01 04 03 04 ................
> 00D0: 01 03 03 03 01 02 03 02 01 02 02 01 01 .............
> [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default
> (self-tuning)',
> WRITE: TLSv1.2 Handshake, length = 221 [write] MD5 and SHA1 hashes:
> len =
> 188
> 0000: 01 03 03 00 93 00 00 00 20 00 C0 24 00 C0 28 00 ........ ..$..(.
> 0010: 00 3D 00 C0 26 00 C0 2A 00 00 6B 00 00 6A 00 C0 .=..&..*..k..j..
> 0020: 0A 07 00 C0 00 C0 14 00 00 35 00 C0 05 00 C0 0F .........5......
> 0030: 00 00 39 00 00 38 00 C0 23 00 C0 27 00 00 3C 00 ..9..8..#..'..<.
> 0040: C0 25 00 C0 29 00 00 67 00 00 40 00 C0 09 06 00 .%..)..g..@.....
> 0050: 40 00 C0 13 00 00 2F 00 C0 04 01 00 80 00 C0 0E @...../.........
> 0060: 00 00 33 00 00 32 00 C0 07 05 00 80 00 C0 11 00 ..3..2..........
> 0070: 00 05 00 C0 02 00 C0 0C 00 C0 08 00 C0 12 00 00 ................
> 0080: 0A 07 00 C0 00 C0 03 02 00 80 00 C0 0D 00 00 16 ................
> 0090: 00 00 13 00 00 04 01 00 80 00 00 FF 54 49 66 8B ............TIf.
> 00A0: B7 D1 2F 94 36 CA 62 08 BF DE 7A F8 50 BE 35 58 ../.6.b...z.P.5X
> 00B0: 80 82 7E 6C 64 52 64 C5 D5 1F 59 60 ...ldRd...Y`
> [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default
> (self-tuning)',
> WRITE: SSLv2 client hello message, length = 188 [Raw write]: length = 190
> 0000: 80 BC 01 03 03 00 93 00 00 00 20 00 C0 24 00 C0 .......... ..$..
> 0010: 28 00 00 3D 00 C0 26 00 C0 2A 00 00 6B 00 00 6A (..=..&..*..k..j
> 0020: 00 C0 0A 07 00 C0 00 C0 14 00 00 35 00 C0 05 00 ...........5....
> 0030: C0 0F 00 00 39 00 00 38 00 C0 23 00 C0 27 00 00 ....9..8..#..'..
> 0040: 3C 00 C0 25 00 C0 29 00 00 67 00 00 40 00 C0 09 <..%..)..g..@...
> 0050: 06 00 40 00 C0 13 00 00 2F 00 C0 04 01 00 80 00 ..@...../.......
> 0060: C0 0E 00 00 33 00 00 32 00 C0 07 05 00 80 00 C0 ....3..2........
> 0070: 11 00 00 05 00 C0 02 00 C0 0C 00 C0 08 00 C0 12 ................
> 0080: 00 00 0A 07 00 C0 00 C0 03 02 00 80 00 C0 0D 00 ................
> 0090: 00 16 00 00 13 00 00 04 01 00 80 00 00 FF 54 49 ..............TI
> 00A0: 66 8B B7 D1 2F 94 36 CA 62 08 BF DE 7A F8 50 BE f.../.6.b...z.P.
> 00B0: 35 58 80 82 7E 6C 64 52 64 C5 D5 1F 59 60 5X...ldRd...Y`
> <Oct 23, 2014 4:35:23 PM EDT> <Debug> <SecuritySSL> <BEA-000000>
> <[Thread[[ACTIVE] ExecuteThread: '0' for queue:
> 'weblogic.kernel.Default (self- tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE:
> SSLEngine.wrap(ByteBuffer,ByteBuffer)
> called: result=Status = OK HandshakeStatus = NEED_UNWRAP bytesConsumed
> =
> 0 bytesProduced = 190.> <Oct 23, 2014 4:35:23 PM EDT> <Debug>
> <SecuritySSL> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '0' for queue:
> 'weblogic.kernel.Default (self-tuning)',5,Pooled
> Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE:
> SSLEngine.unwrap(ByteBuffer,ByteBuffer
> []) called: result=Status = BUFFER_UNDERFLOW HandshakeStatus =
> NEED_UNWRAP bytesConsumed = 0 bytesProduced = 0.> [Raw read]: length = 5
> 0000: 15 03 03 00 02 .....
> [Raw read]: length = 2
> 0000: 02 28 .(
> [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default
> (self-tuning)',
> READ: TLSv1.2 Alert, length = 2 [ACTIVE] ExecuteThread: '0' for queue:
> 'weblogic.kernel.Default (self-tuning)', RECV TLSv1 ALERT: fatal,
> handshake_failure [ACTIVE] ExecuteThread: '0' for queue:
> 'weblogic.kernel.Default (self-tuning)', fatal: engine already closed.
> Rethrowing javax.net.ssl.SSLException: Received fatal alert:
> handshake_failure [ACTIVE] ExecuteThread: '0' for queue:
> 'weblogic.kernel.Default (self-tuning)',
> fatal: engine already closed. Rethrowing javax.net.ssl.SSLException:
> Received fatal alert: handshake_failure <Oct 23, 2014 4:35:23 PM EDT>
> <Debug> <SecuritySSL> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '0' for queue:
> 'weblogic.kernel.Default (self-tuning)',5,Pooled
> Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE: Exception
> occurred during SSLEngine.un wrap(ByteBuffer,ByteBuffer[]).
> javax.net.ssl.SSLException: Received fatal alert: handshake_failure
> at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
> at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1619)
> at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1587)
> at sun.security.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1756)
> at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1060)
> at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:884)
> at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:758)
> at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:664)
> at
> weblogic.security.SSL.jsseadapter.JaSSLEngine$5.run(JaSSLEngine.java:134)
> at
> weblogic.security.SSL.jsseadapter.JaSSLEngine.doAction(JaSSLEngine.java:732)
> at
> weblogic.security.SSL.jsseadapter.JaSSLEngine.unwrap(JaSSLEngine.java:132)
> at weblogic.socket.JSSEFilterImpl.unwrap(JSSEFilterImpl.java:505)
> at
> weblogic.socket.JSSEFilterImpl.unwrapAndHandleResults(JSSEFilterImpl.j
> ava:44
> 8)
> at weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:80)
> at weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:64)
> at weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:59)
> at weblogic.socket.JSSEFilterImpl.write(JSSEFilterImpl.java:390)
> at
> weblogic.socket.JSSESocket$JSSEOutputStream.write(JSSESocket.java:89)
> at
> java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
> at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
> at java.io.FilterOutputStream.flush(FilterOutputStream.java:140)
> at
> weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.ja
> va:1
> 86)
> at
> weblogic.net.http.HttpURLConnection.getOutputStream(HttpURLConnection.
> jav
> a:280)
> at
> org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWr
> a
> ppedOutputStream.setupWrappedStream(URLConnectionHTTPConduit.java:168
> )
> at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHe
> a
> dersTrustCaching(HTTPConduit.java:1278)
> at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstW
> rit
> e(HTTPConduit.java:1234)
> at
> org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWr
> a
> ppedOutputStream.onFirstWrite(URLConnectionHTTPConduit.java:195)
> at
> org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOut
> pu
> tStream.java:47)
> at
> org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThreshol
> dOutp
> utStream.java:69)
> at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HT
> TP
> Conduit.java:1291)
> at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
> at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:623)
> at
> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndin
> gI
> nterceptor.handleMessage(MessageSenderInterceptor.java:62)
> at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseIntercepto
> rChai
> n.java:271)
> at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:541)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:474)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:377)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:330)
> at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
> at
> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:134)
> at com.sun.proxy.$Proxy258.startTransaction(Unknown Source)
> at
> com.optimal.identity.gateway.equifax.eidverify.VerifyClient.initiateVe
> rification(
> VerifyClient.java:87)
> at
> com.optimal.identity.gateway.equifax.eidverify.VerifyGateway.submitIni
> tial(Ve
> rifyGateway.java:24)
> at
> com.optimal.identity.service.IdentificationServiceImpl.submitInitial(I
> dentificatio
> nServiceImpl.java:147)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:
> 57)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess
> orI
> mpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:606)
> at
> org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflectio
> n(Aop
> Utils.java:317)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoi
> npo
> int(ReflectiveMethodInvocation.java:183)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(R
> efl
> ectiveMethodInvocation.java:150)
> at
> org.springframework.transaction.interceptor.TransactionInterceptor.inv
> oke(Tra
> nsactionInterceptor.java:110)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(R
> efl
> ectiveMethodInvocation.java:172)
> at
> org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamic
> AopProxy.java:204)
> at com.sun.proxy.$Proxy211.submitInitial(Unknown Source)
> at
> com.optimal.identity.web.rest.IdentificationController.create(Identifi
> cationCont
> roller.java:133)
> at
> com.optimal.identity.web.rest.IdentificationController$$FastClassByCGL
> IB$$95f
> 388d3.invoke(<generated>)
> at
> org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
> at
> org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.
> in
> vokeJoinpoint(CglibAopProxy.java:698)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(R
> efl
> ectiveMethodInvocation.java:150)
> at
> org.springframework.security.access.intercept.aopalliance.MethodSecuri
> tyInter
> ceptor.invoke(MethodSecurityInterceptor.java:64)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(R
> efl
> ectiveMethodInvocation.java:172)
> at
> org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedIntercep
> t
> or.intercept(CglibAopProxy.java:631)
> at
> com.optimal.identity.web.rest.IdentificationController$$EnhancerByCGLI
> B$$36
> b7b48f.create(<generated>)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:
> 57)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess
> orI
> mpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:606)
> at
> org.springframework.web.method.support.InvocableHandlerMethod.invoke(I
> nv
> ocableHandlerMethod.java:219)
> at
> org.springframework.web.method.support.InvocableHandlerMethod.invokeFo
> r
> Request(InvocableHandlerMethod.java:132)
> at
> org.springframework.web.servlet.mvc.method.annotation.ServletInvocable
> Han
> dlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:104)
> at
> org.springframework.web.servlet.mvc.method.annotation.RequestMappingHa
> n
> dlerAdapter.invokeHandleMethod(RequestMappingHandlerAdapter.java:745)
> at
> org.springframework.web.servlet.mvc.method.annotation.RequestMappingHa
> n
> dlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:686)
> at
> org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.
> handle(AbstractHandlerMethodAdapter.java:80)
> at
> org.springframework.web.servlet.DispatcherServlet.doDispatch(Dispatche
> rServl
> et.java:925)
> at
> org.springframework.web.servlet.DispatcherServlet.doService(Dispatcher
> Servle
> t.java:856)
> at
> org.springframework.web.servlet.FrameworkServlet.processRequest(Framew
> or
> kServlet.java:920)
> at
> org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServl
> et.j
> ava:827)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
> at
> org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.
> java:801)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
> at
> weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(
> StubSecu
> rityHelper.java:227)
> at
> weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurit
> yHelper.j
> ava:125)
> at
> weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
> at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
> at
> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
> at
> org.springframework.web.filter.ShallowEtagHeaderFilter.doFilterInterna
> l(Shallo
> wEtagHeaderFilter.java:73)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRe
> quest
> Filter.java:107)
> at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(De
> legati
> ngFilterProxy.java:346)
> at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(Delegati
> ngFilter
> Proxy.java:259)
> at
> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.d
> oFilter(
> FilterChainProxy.java:330)
> at
> org.springframework.security.web.access.intercept.FilterSecurityInterc
> eptor.inv
> oke(FilterSecurityInterceptor.java:118)
> at
> org.springframework.security.web.access.intercept.FilterSecurityInterc
> eptor.do
> Filter(FilterSecurityInterceptor.java:84)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.d
> oFilter(
> FilterChainProxy.java:342)
> at
> org.springframework.security.web.access.ExceptionTranslationFilter.doF
> ilter(Ex
> ceptionTranslationFilter.java:113)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.d
> oFilter(
> FilterChainProxy.java:342)
> at
> org.springframework.security.web.authentication.AnonymousAuthenticatio
> nFilt
> er.doFilter(AnonymousAuthenticationFilter.java:113)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.d
> oFilter(
> FilterChainProxy.java:342)
> at
> org.springframework.security.web.servletapi.SecurityContextHolderAware
> Requ
> estFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.d
> oFilter(
> FilterChainProxy.java:342)
> at
> org.springframework.security.web.authentication.www.BasicAuthenticatio
> nFilt
> er.doFilter(BasicAuthenticationFilter.java:201)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.d
> oFilter(
> FilterChainProxy.java:342)
> at
> org.springframework.security.web.context.SecurityContextPersistenceFil
> ter.doF
> ilter(SecurityContextPersistenceFilter.java:87)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.d
> oFilter(
> FilterChainProxy.java:342)
> at
> org.springframework.security.web.FilterChainProxy.doFilterInternal(Fil
> terChain
> Proxy.java:192)
> at
> org.springframework.security.web.FilterChainProxy.doFilter(FilterChain
> Proxy.ja
> va:160)
> at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(De
> legati
> ngFilterProxy.java:346)
> at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(Delegati
> ngFilter
> Proxy.java:259)
> at
> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
> at
> com.optimal.rest.loggerfilter.LoggerFilter.doFilterInternal(LoggerFilt
> er.java:16
> 9)
> at
> com.optimal.rest.loggerfilter.LoggerFilter.doFilter(LoggerFilter.java:123)
> at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(De
> legati
> ngFilterProxy.java:346)
> at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(Delegati
> ngFilter
> Proxy.java:259)
> at
> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
> at
> com.optimal.web.spring.filter.ApplicationUidFilter.doFilterInternal(Ap
> plicationU
> idFilter.java:51)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRe
> quest
> Filter.java:107)
> at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(De
> legati
> ngFilterProxy.java:346)
> at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(Delegati
> ngFilter
> Proxy.java:259)
> at
> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
> at
> weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction
> .wrap
> Run(WebAppServletContext.java:3730)
> at
> weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction
> .run(
> WebAppServletContext.java:3696)
> at
> weblogic.security.acl.internal.AuthenticatedSubject.doAs(Authenticated
> Subject.j
> ava:321)
> at
> weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
> at
> weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppSe
> rvl
> etContext.java:2273)
> at
> weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletCo
> nte
> xt.java:2179)
> at
> weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.ja
> va:1490
> )
> at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
> at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
> >
> AVIS IMPORTANT
>
> WARNING
>
>
> Ce message ?lectronique et ses pi?ces jointes peuvent contenir des
> renseignements confidentiels, exclusifs ou l?galement privil?gi?s
> destin?s au seul usage du destinataire vis?. L'exp?diteur original ne
> renonce ? aucun privil?ge ou ? aucun autre droit si le pr?sent message
> a ?t? transmis involontairement ou s'il est retransmis sans son
> autorisation. Si vous n'?tes pas le destinataire vis? du pr?sent
> message ou si vous l'avez re?u par erreur, veuillez cesser
> imm?diatement de le lire et le supprimer, ainsi que toutes ses pi?ces
> jointes, de votre syst?me. La lecture, la distribution, la copie ou
> tout autre usage du pr?sent message ou de ses pi?ces jointes par des personnes autres que le destinataire vis? ne sont pas autoris?s et pourraient ?tre ill?gaux.
> Si vous avez re?u ce courrier ?lectronique par erreur, veuillez en
> aviser l'exp?diteur.
>
>
> This electronic message and its attachments may contain confidential,
> proprietary or legally privileged information, which is solely for the
> use of the intended recipient. No privilege or other rights are waived
> by any unintended transmission or unauthorized retransmission of this
> message. If you are not the intended recipient of this message, or if
> you have received it in error, you should immediately stop reading
> this message and delete it and all attachments from your system. The
> reading, distribution, copying or other use of this message or its
> attachments by unintended recipients is unauthorized and may be
> unlawful. If you have received this e-mail in error, please notify the sender.
>
> --
> WARNING
> -------
> This electronic message and its attachments may contain confidential,
> proprietary or legally privileged information, which is solely for the
> use of the intended recipient. No privilege or other rights are
> waived by any unintended transmission or unauthorized retransmission
> of this message. If you are not the intended recipient of this
> message, or if you have received it in error, you should immediately
> stop reading this message and delete it and all attachments from your
> system. The reading, distribution, copying or other use of this
> message or its attachments by unintended recipients is unauthorized
> and may be unlawful. If you have received this e-mail in error, please notify the sender.
>
> AVIS IMPORTANT
> --------------
> Ce message electronique et ses pieces jointes peuvent contenir des
> renseignements confidentiels, exclusifs ou legalement privilegies
> destines au seul usage du destinataire vise. L'expediteur original ne
> renonce a aucun privilege ou a aucun autre droit si le present message
> a ete transmis involontairement ou s'il est retransmis sans son
> autorisation. Si vous n'etes pas le destinataire vise du present
> message ou si vous l'avez recu par erreur, veuillez cesser
> immediatement de le lire et le supprimer, ainsi que toutes ses pieces
> jointes, de votre systeme. La lecture, la distribution, la copie ou
> tout autre usage du present message ou de ses pieces jointes par des personnes autres que le destinataire vise ne sont pas autorises et pourraient etre illegaux.
> Si vous avez recu ce courrier electronique par erreur, veuillez en
> aviser l'expediteur.
>
>
> --
> WARNING
> -------
> This electronic message and its attachments may contain confidential,
> proprietary or legally privileged information, which is solely for the
> use of the intended recipient. No privilege or other rights are
> waived by any unintended transmission or unauthorized retransmission
> of this message. If you are not the intended recipient of this
> message, or if you have received it in error, you should immediately
> stop reading this message and delete it and all attachments from your
> system. The reading, distribution, copying or other use of this
> message or its attachments by unintended recipients is unauthorized
> and may be unlawful. If you have received this e-mail in error, please notify the sender.
>
> AVIS IMPORTANT
> --------------
> Ce message ?lectronique et ses pi?ces jointes peuvent contenir des
> renseignements confidentiels, exclusifs ou l?galement privil?gi?s
> destin?s au seul usage du destinataire vis?. L'exp?diteur original ne
> renonce ? aucun privil?ge ou ? aucun autre droit si le pr?sent message
> a ?t? transmis involontairement ou s'il est retransmis sans son
> autorisation. Si vous n'?tes pas le destinataire vis? du pr?sent
> message ou si vous l'avez re?u par erreur, veuillez cesser
> imm?diatement de le lire et le supprimer, ainsi que toutes ses pi?ces
> jointes, de votre syst?me. La lecture, la distribution, la copie ou
> tout autre usage du pr?sent message ou de ses pi?ces jointes par des personnes autres que le destinataire vis? ne sont pas autoris?s et pourraient ?tre ill?gaux.
> Si vous avez re?u ce courrier ?lectronique par erreur, veuillez en
> aviser l'exp?diteur.
>
> --
> WARNING
> -------
> This electronic message and its attachments may contain confidential,
> proprietary or legally privileged information, which is solely for the
> use of the intended recipient. No privilege or other rights are
> waived by any unintended transmission or unauthorized retransmission
> of this message. If you are not the intended recipient of this
> message, or if you have received it in error, you should immediately
> stop reading this message and delete it and all attachments from your
> system. The reading, distribution, copying or other use of this
> message or its attachments by unintended recipients is unauthorized
> and may be unlawful. If you have received this e-mail in error, please notify the sender.
>
> AVIS IMPORTANT
> --------------
> Ce message electronique et ses pieces jointes peuvent contenir des
> renseignements confidentiels, exclusifs ou legalement privilegies
> destines au seul usage du destinataire vise. L'expediteur original ne
> renonce a aucun privilege ou a aucun autre droit si le present message
> a ete transmis involontairement ou s'il est retransmis sans son
> autorisation. Si vous n'etes pas le destinataire vise du present
> message ou si vous l'avez recu par erreur, veuillez cesser
> immediatement de le lire et le supprimer, ainsi que toutes ses pieces
> jointes, de votre systeme. La lecture, la distribution, la copie ou
> tout autre usage du present message ou de ses pieces jointes par des personnes autres que le destinataire vise ne sont pas autorises et pourraient etre illegaux.
> Si vous avez recu ce courrier electronique par erreur, veuillez en
> aviser l'expediteur.
--
WARNING
-------
This electronic message and its attachments may contain confidential, proprietary or legally privileged information, which is solely for the use of the intended recipient. No privilege or other rights are waived by any unintended transmission or unauthorized retransmission of this message. If you are not the intended recipient of this message, or if you have received it in error, you should immediately stop reading this message and delete it and all attachments from your system. The reading, distribution, copying or other use of this message or its attachments by unintended recipients is unauthorized and may be unlawful. If you have received this e-mail in error, please notify the sender.
AVIS IMPORTANT
--------------
Ce message ?lectronique et ses pi?ces jointes peuvent contenir des renseignements confidentiels, exclusifs ou l?galement privil?gi?s destin?s au seul usage du destinataire vis?. L'exp?diteur original ne renonce ? aucun privil?ge ou ? aucun autre droit si le pr?sent message a ?t? transmis involontairement ou s'il est retransmis sans son autorisation. Si vous n'?tes pas le destinataire vis? du pr?sent message ou si vous l'avez re?u par erreur, veuillez cesser imm?diatement de le lire et le supprimer, ainsi que toutes ses pi?ces jointes, de votre syst?me. La lecture, la distribution, la copie ou tout autre usage du pr?sent message ou de ses pi?ces jointes par des personnes autres que le destinataire vis? ne sont pas autoris?s et pourraient ?tre ill?gaux. Si vous avez re?u ce courrier ?lectronique par erreur, veuillez en aviser l'exp?diteur.
--
WARNING
-------
This electronic message and its attachments may contain confidential, proprietary or legally privileged information, which is solely for the use of the intended recipient. No privilege or other rights are waived by any unintended transmission or unauthorized retransmission of this message. If you are not the intended recipient of this message, or if you have received it in error, you should immediately stop reading this message and delete it and all attachments from your system. The reading, distribution, copying or other use of this message or its attachments by unintended recipients is unauthorized and may be unlawful. If you have received this e-mail in error, please notify the sender.
AVIS IMPORTANT
--------------
Ce message electronique et ses pieces jointes peuvent contenir des renseignements confidentiels, exclusifs ou legalement privilegies destines au seul usage du destinataire vise. L'expediteur original ne renonce a aucun privilege ou a aucun autre droit si le present message a ete transmis involontairement ou s'il est retransmis sans son autorisation. Si vous n'etes pas le destinataire vise du present message ou si vous l'avez recu par erreur, veuillez cesser immediatement de le lire et le supprimer, ainsi que toutes ses pieces jointes, de votre systeme. La lecture, la distribution, la copie ou tout autre usage du present message ou de ses pieces jointes par des personnes autres que le destinataire vise ne sont pas autorises et pourraient etre illegaux. Si vous avez recu ce courrier electronique par erreur, veuillez en aviser l'expediteur.
RE: How to Disable SSLv2 client hello in CXF?
Posted by "David Roytenberg (Consultant)" <Da...@optimalpayments.com>.
Thanks Jason. Much appreciated. I will have a look at what you are doing.
David Roytenberg
-----Original Message-----
From: jasonmpell@gmail.com [mailto:jasonmpell@gmail.com] On Behalf Of Jason Pell
Sent: Monday, October 27, 2014 7:23 AM
To: users@cxf.apache.org
Subject: Re: How to Disable SSLv2 client hello in CXF?
Hi,
Here is a sample of using your own custom version of the jetty factory in your spring context. It is pretty invasive, so its actually better to wait for 2.7.14 and take advantage of the code already there. I use this code for other reasons though, as it allows me to configure the trust / key stores via spring properties.
https://github.com/pellcorp/cxf/tree/master/JavaFirst/src/main/java/com/pellcorp/server/jetty
A sample spring context:
https://github.com/pellcorp/cxf/blob/master/JavaFirst/src/main/resources/META-INF/samlApplicationContext.xml
On Mon, Oct 27, 2014 at 9:44 PM, Jason Pell <ja...@pellcorp.com> wrote:
> That setting won't actually control what protocols jetty will actually
> use. I think it just controls what the highest protocol is used.
>
> The excluded protocols list needs to include the sslv2 setting.
>
> we actually overrode the jetty factory jetty engine and one other
> class to get access to the SSL context to configure the excluded
> protocols. Not pretty but we can't wait for 2.7.14.
>
> If you are interested I shall post our classes to my git repo.
>
> Let me know
> On 27/10/2014 8:14 PM, "Andrei Shakirin" <as...@talend.com> wrote:
>
>> Hi,
>>
>> I guess you mean TLSClientParameters.secureSocketProtocol in Conduit.
>>
>> As far as I can see this parameter is used for creating
>> java.net.ssl.SSLContext:
>> String protocol = parameters.getSecureSocketProtocol() != null ?
>> parameters
>> .getSecureSocketProtocol() : "TLS";
>>
>> The setting should work. How you apply conduit settings:
>> programmatically or via spring configuration?
>> Could you past the code snapshot?
>>
>> Regards,
>> Andrei.
>>
>> > -----Original Message-----
>> > From: David Roytenberg (Consultant)
>> > [mailto:David.Roytenberg@optimalpayments.com]
>> > Sent: Freitag, 24. Oktober 2014 17:46
>> > To: users@cxf.apache.org
>> > Subject: RE: How to Disable SSLv2 client hello in CXF?
>> >
>> > Hello again.
>> >
>> > I've dug further into the CXF documentation and found that it is
>> possible to
>> > programmatically set the SSL protocols on the TLSProperties object
>> > of
>> the
>> > Conduit.
>> >
>> > I've created the TLS properties and set the SSL protocols to TLS1,
>> > but
>> this does
>> > not change the SSL behavior, which still starts with TLSv1.2 then
>> > sends
>> the hello
>> > with SSLv2 which is then dropped on the client end. Is there
>> > another
>> switch that
>> > has to be set to over-ride the default SSL behavior?
>> >
>> > David
>> >
>> > -----Original Message-----
>> > From: David Roytenberg (Consultant)
>> > [mailto:David.Roytenberg@optimalpayments.com]
>> > Sent: Thursday, October 23, 2014 4:57 PM
>> > To: users@cxf.apache.org
>> > Subject: How to Disable SSLv2 client hello in CXF?
>> >
>> > I'm having an SSL problem and I wonder if there is a way to fix it
>> within CXF
>> >
>> > We have our CXF 2.7.6 based integration deployed on Weblogic 11.
>> > We are using JDK 1.7_065
>> >
>> > When we connect to our remote client via SSL we get the following
>> > trace
>> with
>> > lots of SSL debugging turned on
>> >
>> > What appears to be happening is that the Hello message is sent with
>> > an
>> SSLV2
>> > protocol, which our partner's server does not like. Apparently
>> > sending
>> the
>> > Hello at this level is a common behavior and apparently it
>> > sometimes
>> causes
>> > the remote server to fail. I found a suggestion on line that this
>> > can
>> be fixed by
>> > removing the SSLv2 from the allowed protocols. I am wondering if I
>> > can
>> do that
>> > through CFX configuration?
>> >
>> > This is a reference to the article that suggests that removing the
>> protocol is the
>> > solution to this problem:
>> >
>> >
>> http://stackoverflow.com/questions/4682957/why-does-javas-sslsocket-s
>> end-a-
>> > version-2-client-hello
>> >
>> > The protocols are apparently set on the SSLContext in JSSE by
>> > calling setEnabledProtocols(String[] protocols)
>> >
>> > Is there a way to set the enabled protocols on the SSLContext via
>> > CXF configuration?
>> >
>> > If not, is there a way to get hold of the SSLContext
>> > programmatically
>> in a CXF
>> > interceptor?
>> >
>> > We can't fix this problem at the WebLogic level because of
>> > side-effects
>> on
>> > other apps. Thanks in advance for any suggestions or guidance!
>> >
>> > WebLogic SSL debug trace follows:
>> >
>> > %% No cached client session
>> > *** ClientHello, TLSv1.2
>> > RandomCookie: GMT: 1414096267 bytes = { 183, 209, 47, 148, 54,
>> > 202,
>> 98, 8,
>> > 191, 222, 122, 248, 80, 190, 53, 88, 128, 130, 126, 108, 100, 82,
>> > 100,
>> 197, 213,
>> > 31, 89, 96 } Session ID: {} Cipher Suites:
>> > [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
>> > TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
>> > TLS_RSA_WITH_AES_256_CBC_SHA256,
>> > TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
>> > TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
>> > TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS
>> > _WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
>> > TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
>> > TLS_RSA_WITH_AES_256_CBC_SHA,
>> > TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
>> > TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
>> > TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AE
>> > S_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
>> > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
>> > TLS_RSA_WITH_AES_128_CBC_SHA256,
>> > TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
>> > TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
>> > TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_
>> > WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
>> > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
>> > TLS_RSA_WITH_AES_128_CBC_SHA,
>> > TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
>> > TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
>> > TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES
>> > _128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
>> > TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA,
>> > TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA,
>> > TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
>> > TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_W
>> > ITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
>> > TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
>> > SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
>> > SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5,
>> > TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
>> > Compression Methods: { 0 }
>> > Extension elliptic_curves, curve names: {secp256r1, sect163k1,
>> sect163r2,
>> > secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1,
>> secp384r1,
>> > sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1,
>> secp160r1,
>> > secp160r2, sect163r1, secp1 92k1, sect193r1, sect193r2, secp224k1,
>> sect239k1,
>> > secp256k1} Extension ec_point_formats, formats: [uncompressed]
>> > Extension signature_algorithms, signature_algorithms:
>> > SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA,
>> > SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA,
>> > SHA1withECDSA, SHA1withRSA, SHA1withDSA, MD5withRSA
>> > ***
>> > [write] MD5 and SHA1 hashes: len = 221
>> > 0000: 01 00 00 D9 03 03 54 49 66 8B B7 D1 2F 94 36 CA
>> ......TIf.../.6.
>> > 0010: 62 08 BF DE 7A F8 50 BE 35 58 80 82 7E 6C 64 52
>> b...z.P.5X...ldR
>> > 0020: 64 C5 D5 1F 59 60 00 00 54 C0 24 C0 28 00 3D C0
>> d...Y`..T.$.(.=.
>> > 0030: 26 C0 2A 00 6B 00 6A C0 0A C0 14 00 35 C0 05 C0
>> &.*.k.j.....5...
>> > 0040: 0F 00 39 00 38 C0 23 C0 27 00 3C C0 25 C0 29 00
>> ..9.8.#.'.<.%.).
>> > 0050: 67 00 40 C0 09 C0 13 00 2F C0 04 C0 0E 00 33 00 g.@
>> ...../.....3.
>> > 0060: 32 C0 07 C0 11 00 05 C0 02 C0 0C C0 08 C0 12 00
>> 2...............
>> > 0070: 0A C0 03 C0 0D 00 16 00 13 00 04 00 FF 01 00 00
>> ................
>> > 0080: 5C 00 0A 00 34 00 32 00 17 00 01 00 03 00 13 00
>> \...4.2.........
>> > 0090: 15 00 06 00 07 00 09 00 0A 00 18 00 0B 00 0C 00
>> ................
>> > 00A0: 19 00 0D 00 0E 00 0F 00 10 00 11 00 02 00 12 00
>> ................
>> > 00B0: 04 00 05 00 14 00 08 00 16 00 0B 00 02 01 00 00
>> ................
>> > 00C0: 0D 00 1A 00 18 06 03 06 01 05 03 05 01 04 03 04
>> ................
>> > 00D0: 01 03 03 03 01 02 03 02 01 02 02 01 01 .............
>> > [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default
>> (self-tuning)',
>> > WRITE: TLSv1.2 Handshake, length = 221 [write] MD5 and SHA1 hashes:
>> len =
>> > 188
>> > 0000: 01 03 03 00 93 00 00 00 20 00 C0 24 00 C0 28 00 ........
>> ..$..(.
>> > 0010: 00 3D 00 C0 26 00 C0 2A 00 00 6B 00 00 6A 00 C0
>> .=..&..*..k..j..
>> > 0020: 0A 07 00 C0 00 C0 14 00 00 35 00 C0 05 00 C0 0F
>> .........5......
>> > 0030: 00 00 39 00 00 38 00 C0 23 00 C0 27 00 00 3C 00
>> ..9..8..#..'..<.
>> > 0040: C0 25 00 C0 29 00 00 67 00 00 40 00 C0 09 06 00 .%..)..g..@
>> .....
>> > 0050: 40 00 C0 13 00 00 2F 00 C0 04 01 00 80 00 C0 0E
>> @...../.........
>> > 0060: 00 00 33 00 00 32 00 C0 07 05 00 80 00 C0 11 00
>> ..3..2..........
>> > 0070: 00 05 00 C0 02 00 C0 0C 00 C0 08 00 C0 12 00 00
>> ................
>> > 0080: 0A 07 00 C0 00 C0 03 02 00 80 00 C0 0D 00 00 16
>> ................
>> > 0090: 00 00 13 00 00 04 01 00 80 00 00 FF 54 49 66 8B
>> ............TIf.
>> > 00A0: B7 D1 2F 94 36 CA 62 08 BF DE 7A F8 50 BE 35 58
>> ../.6.b...z.P.5X
>> > 00B0: 80 82 7E 6C 64 52 64 C5 D5 1F 59 60 ...ldRd...Y`
>> > [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default
>> (self-tuning)',
>> > WRITE: SSLv2 client hello message, length = 188 [Raw write]: length
>> > =
>> 190
>> > 0000: 80 BC 01 03 03 00 93 00 00 00 20 00 C0 24 00 C0 ..........
>> ..$..
>> > 0010: 28 00 00 3D 00 C0 26 00 C0 2A 00 00 6B 00 00 6A
>> (..=..&..*..k..j
>> > 0020: 00 C0 0A 07 00 C0 00 C0 14 00 00 35 00 C0 05 00
>> ...........5....
>> > 0030: C0 0F 00 00 39 00 00 38 00 C0 23 00 C0 27 00 00
>> ....9..8..#..'..
>> > 0040: 3C 00 C0 25 00 C0 29 00 00 67 00 00 40 00 C0 09 <..%..)..g..@
>> ...
>> > 0050: 06 00 40 00 C0 13 00 00 2F 00 C0 04 01 00 80 00
>> ..@...../.......
>> > 0060: C0 0E 00 00 33 00 00 32 00 C0 07 05 00 80 00 C0
>> ....3..2........
>> > 0070: 11 00 00 05 00 C0 02 00 C0 0C 00 C0 08 00 C0 12
>> ................
>> > 0080: 00 00 0A 07 00 C0 00 C0 03 02 00 80 00 C0 0D 00
>> ................
>> > 0090: 00 16 00 00 13 00 00 04 01 00 80 00 00 FF 54 49
>> ..............TI
>> > 00A0: 66 8B B7 D1 2F 94 36 CA 62 08 BF DE 7A F8 50 BE
>> f.../.6.b...z.P.
>> > 00B0: 35 58 80 82 7E 6C 64 52 64 C5 D5 1F 59 60 5X...ldRd...Y`
>> > <Oct 23, 2014 4:35:23 PM EDT> <Debug> <SecuritySSL> <BEA-000000>
>> > <[Thread[[ACTIVE] ExecuteThread: '0' for queue:
>> 'weblogic.kernel.Default (self-
>> > tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE:
>> > SSLEngine.wrap(ByteBuffer,ByteBuffer)
>> > called: result=Status = OK HandshakeStatus = NEED_UNWRAP
>> > bytesConsumed =
>> > 0 bytesProduced = 190.> <Oct 23, 2014 4:35:23 PM EDT> <Debug>
>> > <SecuritySSL> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '0' for
>> queue:
>> > 'weblogic.kernel.Default (self-tuning)',5,Pooled
>> > Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE:
>> > SSLEngine.unwrap(ByteBuffer,ByteBuffer
>> > []) called: result=Status = BUFFER_UNDERFLOW HandshakeStatus =
>> > NEED_UNWRAP bytesConsumed = 0 bytesProduced = 0.> [Raw read]: length = 5
>> > 0000: 15 03 03 00 02 .....
>> > [Raw read]: length = 2
>> > 0000: 02 28 .(
>> > [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default
>> (self-tuning)',
>> > READ: TLSv1.2 Alert, length = 2 [ACTIVE] ExecuteThread: '0' for queue:
>> > 'weblogic.kernel.Default (self-tuning)', RECV TLSv1 ALERT: fatal,
>> > handshake_failure [ACTIVE] ExecuteThread: '0' for queue:
>> > 'weblogic.kernel.Default (self-tuning)', fatal: engine already closed.
>> > Rethrowing javax.net.ssl.SSLException: Received fatal alert:
>> handshake_failure
>> > [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default
>> (self-tuning)',
>> > fatal: engine already closed. Rethrowing javax.net.ssl.SSLException:
>> Received
>> > fatal alert: handshake_failure <Oct 23, 2014 4:35:23 PM EDT>
>> > <Debug> <SecuritySSL> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread:
>> > '0' for
>> queue:
>> > 'weblogic.kernel.Default (self-tuning)',5,Pooled
>> > Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE: Exception
>> occurred
>> > during SSLEngine.un wrap(ByteBuffer,ByteBuffer[]).
>> > javax.net.ssl.SSLException: Received fatal alert: handshake_failure
>> > at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
>> > at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1619)
>> > at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1587)
>> > at
>> sun.security.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1756)
>> > at
>> sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1060)
>> > at
>> sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:884)
>> > at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:758)
>> > at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:664)
>> > at
>> >
>> weblogic.security.SSL.jsseadapter.JaSSLEngine$5.run(JaSSLEngine.java:
>> 134)
>> > at
>> >
>> weblogic.security.SSL.jsseadapter.JaSSLEngine.doAction(JaSSLEngine.ja
>> va:732)
>> > at
>> >
>> weblogic.security.SSL.jsseadapter.JaSSLEngine.unwrap(JaSSLEngine.java
>> :132)
>> > at
>> weblogic.socket.JSSEFilterImpl.unwrap(JSSEFilterImpl.java:505)
>> > at
>> >
>> weblogic.socket.JSSEFilterImpl.unwrapAndHandleResults(JSSEFilterImpl.
>> java:44
>> > 8)
>> > at
>> weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:80)
>> > at
>> weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:64)
>> > at
>> weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:59)
>> > at weblogic.socket.JSSEFilterImpl.write(JSSEFilterImpl.java:390)
>> > at
>> > weblogic.socket.JSSESocket$JSSEOutputStream.write(JSSESocket.java:89)
>> > at
>> > java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
>> > at
>> java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
>> > at java.io.FilterOutputStream.flush(FilterOutputStream.java:140)
>> > at
>> >
>> weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.j
>> ava:1
>> > 86)
>> > at
>> >
>> weblogic.net.http.HttpURLConnection.getOutputStream(HttpURLConnection
>> .jav
>> > a:280)
>> > at
>> > org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectio
>> > nWra
>> > ppedOutputStream.setupWrappedStream(URLConnectionHTTPConduit.java:1
>> > 68
>> > )
>> > at
>> > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handl
>> > eHea
>> > dersTrustCaching(HTTPConduit.java:1278)
>> > at
>> >
>> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirst
>> Writ
>> > e(HTTPConduit.java:1234)
>> > at
>> > org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectio
>> > nWra
>> > ppedOutputStream.onFirstWrite(URLConnectionHTTPConduit.java:195)
>> > at
>> > org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrapped
>> > Outpu
>> > tStream.java:47)
>> > at
>> >
>> org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThresho
>> ldOutp
>> > utStream.java:69)
>> > at
>> > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close
>> > (HTTP
>> > Conduit.java:1291)
>> > at
>> org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:5
>> 6)
>> > at
>> org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:623)
>> > at
>> > org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEn
>> > dingI
>> > nterceptor.handleMessage(MessageSenderInterceptor.java:62)
>> > at
>> >
>> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseIntercept
>> orChai
>> > n.java:271)
>> > at
>> org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:541)
>> > at
>> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:474)
>> > at
>> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:377)
>> > at
>> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:330)
>> > at
>> org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
>> > at
>> > org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:134)
>> > at com.sun.proxy.$Proxy258.startTransaction(Unknown Source)
>> > at
>> >
>> com.optimal.identity.gateway.equifax.eidverify.VerifyClient.initiateV
>> erification(
>> > VerifyClient.java:87)
>> > at
>> >
>> com.optimal.identity.gateway.equifax.eidverify.VerifyGateway.submitIn
>> itial(Ve
>> > rifyGateway.java:24)
>> > at
>> >
>> com.optimal.identity.service.IdentificationServiceImpl.submitInitial(
>> Identificatio
>> > nServiceImpl.java:147)
>> > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> > at
>> >
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:
>> > 57)
>> > at
>> >
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
>> sorI
>> > mpl.java:43)
>> > at java.lang.reflect.Method.invoke(Method.java:606)
>> > at
>> >
>> org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflecti
>> on(Aop
>> > Utils.java:317)
>> > at
>> >
>> org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJo
>> inpo
>> > int(ReflectiveMethodInvocation.java:183)
>> > at
>> >
>> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(
>> Refl
>> > ectiveMethodInvocation.java:150)
>> > at
>> >
>> org.springframework.transaction.interceptor.TransactionInterceptor.in
>> voke(Tra
>> > nsactionInterceptor.java:110)
>> > at
>> >
>> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(
>> Refl
>> > ectiveMethodInvocation.java:172)
>> > at
>> > org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDyna
>> > mic
>> > AopProxy.java:204)
>> > at com.sun.proxy.$Proxy211.submitInitial(Unknown Source)
>> > at
>> >
>> com.optimal.identity.web.rest.IdentificationController.create(Identif
>> icationCont
>> > roller.java:133)
>> > at
>> >
>> com.optimal.identity.web.rest.IdentificationController$$FastClassByCG
>> LIB$$95f
>> > 388d3.invoke(<generated>)
>> > at
>> > org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
>> > at
>> > org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocati
>> > on.in
>> > vokeJoinpoint(CglibAopProxy.java:698)
>> > at
>> >
>> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(
>> Refl
>> > ectiveMethodInvocation.java:150)
>> > at
>> >
>> org.springframework.security.access.intercept.aopalliance.MethodSecur
>> ityInter
>> > ceptor.invoke(MethodSecurityInterceptor.java:64)
>> > at
>> >
>> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(
>> Refl
>> > ectiveMethodInvocation.java:172)
>> > at
>> > org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInter
>> > cept
>> > or.intercept(CglibAopProxy.java:631)
>> > at
>> >
>> com.optimal.identity.web.rest.IdentificationController$$EnhancerByCGL
>> IB$$36
>> > b7b48f.create(<generated>)
>> > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> > at
>> >
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:
>> > 57)
>> > at
>> >
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
>> sorI
>> > mpl.java:43)
>> > at java.lang.reflect.Method.invoke(Method.java:606)
>> > at
>> > org.springframework.web.method.support.InvocableHandlerMethod.invok
>> > e(Inv
>> > ocableHandlerMethod.java:219)
>> > at
>> > org.springframework.web.method.support.InvocableHandlerMethod.invok
>> > eFor
>> > Request(InvocableHandlerMethod.java:132)
>> > at
>> >
>> org.springframework.web.servlet.mvc.method.annotation.ServletInvocabl
>> eHan
>> > dlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:104)
>> > at
>> > org.springframework.web.servlet.mvc.method.annotation.RequestMappin
>> > gHan
>> > dlerAdapter.invokeHandleMethod(RequestMappingHandlerAdapter.java:745)
>> > at
>> > org.springframework.web.servlet.mvc.method.annotation.RequestMappin
>> > gHan
>> > dlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:686)
>> > at
>> > org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.
>> > handle(AbstractHandlerMethodAdapter.java:80)
>> > at
>> >
>> org.springframework.web.servlet.DispatcherServlet.doDispatch(Dispatch
>> erServl
>> > et.java:925)
>> > at
>> >
>> org.springframework.web.servlet.DispatcherServlet.doService(Dispatche
>> rServle
>> > t.java:856)
>> > at
>> > org.springframework.web.servlet.FrameworkServlet.processRequest(Fra
>> > mewor
>> > kServlet.java:920)
>> > at
>> >
>> org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServ
>> let.j
>> > ava:827)
>> > at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
>> > at
>> >
>> org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.
>> > java:801)
>> > at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
>> > at
>> >
>> weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run
>> (StubSecu
>> > rityHelper.java:227)
>> > at
>> >
>> weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecuri
>> tyHelper.j
>> > ava:125)
>> > at
>> >
>> weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.jav
>> a:301)
>> > at
>> weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
>> > at
>> >
>> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.ja
>> va:56)
>> > at
>> >
>> org.springframework.web.filter.ShallowEtagHeaderFilter.doFilterIntern
>> al(Shallo
>> > wEtagHeaderFilter.java:73)
>> > at
>> >
>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerR
>> equest
>> > Filter.java:107)
>> > at
>> >
>> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(D
>> elegati
>> > ngFilterProxy.java:346)
>> > at
>> >
>> org.springframework.web.filter.DelegatingFilterProxy.doFilter(Delegat
>> ingFilter
>> > Proxy.java:259)
>> > at
>> >
>> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.ja
>> va:56)
>> > at
>> >
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
>> doFilter(
>> > FilterChainProxy.java:330)
>> > at
>> >
>> org.springframework.security.web.access.intercept.FilterSecurityInter
>> ceptor.inv
>> > oke(FilterSecurityInterceptor.java:118)
>> > at
>> >
>> org.springframework.security.web.access.intercept.FilterSecurityInter
>> ceptor.do
>> > Filter(FilterSecurityInterceptor.java:84)
>> > at
>> >
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
>> doFilter(
>> > FilterChainProxy.java:342)
>> > at
>> >
>> org.springframework.security.web.access.ExceptionTranslationFilter.do
>> Filter(Ex
>> > ceptionTranslationFilter.java:113)
>> > at
>> >
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
>> doFilter(
>> > FilterChainProxy.java:342)
>> > at
>> >
>> org.springframework.security.web.authentication.AnonymousAuthenticati
>> onFilt
>> > er.doFilter(AnonymousAuthenticationFilter.java:113)
>> > at
>> >
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
>> doFilter(
>> > FilterChainProxy.java:342)
>> > at
>> >
>> org.springframework.security.web.servletapi.SecurityContextHolderAwar
>> eRequ
>> > estFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
>> > at
>> >
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
>> doFilter(
>> > FilterChainProxy.java:342)
>> > at
>> >
>> org.springframework.security.web.authentication.www.BasicAuthenticati
>> onFilt
>> > er.doFilter(BasicAuthenticationFilter.java:201)
>> > at
>> >
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
>> doFilter(
>> > FilterChainProxy.java:342)
>> > at
>> >
>> org.springframework.security.web.context.SecurityContextPersistenceFi
>> lter.doF
>> > ilter(SecurityContextPersistenceFilter.java:87)
>> > at
>> >
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
>> doFilter(
>> > FilterChainProxy.java:342)
>> > at
>> >
>> org.springframework.security.web.FilterChainProxy.doFilterInternal(Fi
>> lterChain
>> > Proxy.java:192)
>> > at
>> >
>> org.springframework.security.web.FilterChainProxy.doFilter(FilterChai
>> nProxy.ja
>> > va:160)
>> > at
>> >
>> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(D
>> elegati
>> > ngFilterProxy.java:346)
>> > at
>> >
>> org.springframework.web.filter.DelegatingFilterProxy.doFilter(Delegat
>> ingFilter
>> > Proxy.java:259)
>> > at
>> >
>> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.ja
>> va:56)
>> > at
>> >
>> com.optimal.rest.loggerfilter.LoggerFilter.doFilterInternal(LoggerFil
>> ter.java:16
>> > 9)
>> > at
>> >
>> com.optimal.rest.loggerfilter.LoggerFilter.doFilter(LoggerFilter.java
>> :123)
>> > at
>> >
>> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(D
>> elegati
>> > ngFilterProxy.java:346)
>> > at
>> >
>> org.springframework.web.filter.DelegatingFilterProxy.doFilter(Delegat
>> ingFilter
>> > Proxy.java:259)
>> > at
>> >
>> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.ja
>> va:56)
>> > at
>> >
>> com.optimal.web.spring.filter.ApplicationUidFilter.doFilterInternal(A
>> pplicationU
>> > idFilter.java:51)
>> > at
>> >
>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerR
>> equest
>> > Filter.java:107)
>> > at
>> >
>> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(D
>> elegati
>> > ngFilterProxy.java:346)
>> > at
>> >
>> org.springframework.web.filter.DelegatingFilterProxy.doFilter(Delegat
>> ingFilter
>> > Proxy.java:259)
>> > at
>> >
>> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.ja
>> va:56)
>> > at
>> >
>> weblogic.servlet.internal.WebAppServletContext$ServletInvocationActio
>> n.wrap
>> > Run(WebAppServletContext.java:3730)
>> > at
>> >
>> weblogic.servlet.internal.WebAppServletContext$ServletInvocationActio
>> n.run(
>> > WebAppServletContext.java:3696)
>> > at
>> >
>> weblogic.security.acl.internal.AuthenticatedSubject.doAs(Authenticate
>> dSubject.j
>> > ava:321)
>> > at
>> >
>> weblogic.security.service.SecurityManager.runAs(SecurityManager.java:
>> 120)
>> > at
>> >
>> weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppS
>> ervl
>> > etContext.java:2273)
>> > at
>> >
>> weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletC
>> onte
>> > xt.java:2179)
>> > at
>> >
>> weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.j
>> ava:1490
>> > )
>> > at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
>> > at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
>> > >
>> > AVIS IMPORTANT
>> >
>> > WARNING
>> >
>> >
>> > Ce message ?lectronique et ses pi?ces jointes peuvent contenir des
>> > renseignements confidentiels, exclusifs ou l?galement privil?gi?s
>> destin?s au
>> > seul usage du destinataire vis?. L'exp?diteur original ne renonce ?
>> aucun
>> > privil?ge ou ? aucun autre droit si le pr?sent message a ?t?
>> > transmis involontairement ou s'il est retransmis sans son
>> > autorisation. Si vous
>> n'?tes pas
>> > le destinataire vis? du pr?sent message ou si vous l'avez re?u par
>> erreur,
>> > veuillez cesser imm?diatement de le lire et le supprimer, ainsi que
>> toutes ses
>> > pi?ces jointes, de votre syst?me. La lecture, la distribution, la
>> > copie
>> ou tout
>> > autre usage du pr?sent message ou de ses pi?ces jointes par des
>> personnes
>> > autres que le destinataire vis? ne sont pas autoris?s et pourraient
>> ?tre ill?gaux.
>> > Si vous avez re?u ce courrier ?lectronique par erreur, veuillez en
>> aviser
>> > l'exp?diteur.
>> >
>> >
>> > This electronic message and its attachments may contain
>> > confidential, proprietary or legally privileged information, which
>> > is solely for the
>> use of the
>> > intended recipient. No privilege or other rights are waived by any
>> unintended
>> > transmission or unauthorized retransmission of this message. If you
>> > are
>> not the
>> > intended recipient of this message, or if you have received it in
>> error, you
>> > should immediately stop reading this message and delete it and all
>> > attachments from your system. The reading, distribution, copying or
>> other use
>> > of this message or its attachments by unintended recipients is
>> unauthorized and
>> > may be unlawful. If you have received this e-mail in error, please
>> notify the
>> > sender.
>> >
>> > --
>> > WARNING
>> > -------
>> > This electronic message and its attachments may contain
>> > confidential, proprietary or legally privileged information, which
>> > is solely for the
>> use of the
>> > intended recipient. No privilege or other rights are waived by any
>> unintended
>> > transmission or unauthorized retransmission of this message. If
>> > you
>> are not the
>> > intended recipient of this message, or if you have received it in
>> error, you
>> > should immediately stop reading this message and delete it and all
>> > attachments from your system. The reading, distribution, copying
>> > or
>> other use
>> > of this message or its attachments by unintended recipients is
>> unauthorized and
>> > may be unlawful. If you have received this e-mail in error, please
>> notify the
>> > sender.
>> >
>> > AVIS IMPORTANT
>> > --------------
>> > Ce message electronique et ses pieces jointes peuvent contenir des
>> > renseignements confidentiels, exclusifs ou legalement privilegies
>> destines au
>> > seul usage du destinataire vise. L'expediteur original ne renonce
>> > a
>> aucun
>> > privilege ou a aucun autre droit si le present message a ete
>> > transmis involontairement ou s'il est retransmis sans son
>> > autorisation. Si vous
>> n'etes pas
>> > le destinataire vise du present message ou si vous l'avez recu par
>> erreur,
>> > veuillez cesser immediatement de le lire et le supprimer, ainsi que
>> toutes ses
>> > pieces jointes, de votre systeme. La lecture, la distribution, la
>> copie ou tout
>> > autre usage du present message ou de ses pieces jointes par des
>> personnes
>> > autres que le destinataire vise ne sont pas autorises et pourraient
>> etre illegaux.
>> > Si vous avez recu ce courrier electronique par erreur, veuillez en
>> aviser
>> > l'expediteur.
>> >
>> >
>> > --
>> > WARNING
>> > -------
>> > This electronic message and its attachments may contain
>> > confidential, proprietary or legally privileged information, which
>> > is solely for the
>> use of the
>> > intended recipient. No privilege or other rights are waived by any
>> unintended
>> > transmission or unauthorized retransmission of this message. If
>> > you
>> are not the
>> > intended recipient of this message, or if you have received it in
>> error, you
>> > should immediately stop reading this message and delete it and all
>> > attachments from your system. The reading, distribution, copying
>> > or
>> other use
>> > of this message or its attachments by unintended recipients is
>> unauthorized and
>> > may be unlawful. If you have received this e-mail in error, please
>> notify the
>> > sender.
>> >
>> > AVIS IMPORTANT
>> > --------------
>> > Ce message ?lectronique et ses pi?ces jointes peuvent contenir des
>> > renseignements confidentiels, exclusifs ou l?galement privil?gi?s
>> destin?s au
>> > seul usage du destinataire vis?. L'exp?diteur original ne renonce ?
>> aucun
>> > privil?ge ou ? aucun autre droit si le pr?sent message a ?t?
>> > transmis involontairement ou s'il est retransmis sans son
>> > autorisation. Si vous
>> n'?tes pas
>> > le destinataire vis? du pr?sent message ou si vous l'avez re?u par
>> erreur,
>> > veuillez cesser imm?diatement de le lire et le supprimer, ainsi que
>> toutes ses
>> > pi?ces jointes, de votre syst?me. La lecture, la distribution, la
>> copie ou tout
>> > autre usage du pr?sent message ou de ses pi?ces jointes par des
>> personnes
>> > autres que le destinataire vis? ne sont pas autoris?s et pourraient
>> ?tre ill?gaux.
>> > Si vous avez re?u ce courrier ?lectronique par erreur, veuillez en
>> aviser
>> > l'exp?diteur.
>> >
>> > --
>> > WARNING
>> > -------
>> > This electronic message and its attachments may contain
>> > confidential, proprietary or legally privileged information, which
>> > is solely for the
>> use of the
>> > intended recipient. No privilege or other rights are waived by any
>> unintended
>> > transmission or unauthorized retransmission of this message. If
>> > you
>> are not the
>> > intended recipient of this message, or if you have received it in
>> error, you
>> > should immediately stop reading this message and delete it and all
>> > attachments from your system. The reading, distribution, copying
>> > or
>> other use
>> > of this message or its attachments by unintended recipients is
>> unauthorized and
>> > may be unlawful. If you have received this e-mail in error, please
>> notify the
>> > sender.
>> >
>> > AVIS IMPORTANT
>> > --------------
>> > Ce message electronique et ses pieces jointes peuvent contenir des
>> > renseignements confidentiels, exclusifs ou legalement privilegies
>> destines au
>> > seul usage du destinataire vise. L'expediteur original ne renonce
>> > a
>> aucun
>> > privilege ou a aucun autre droit si le present message a ete
>> > transmis involontairement ou s'il est retransmis sans son
>> > autorisation. Si vous
>> n'etes pas
>> > le destinataire vise du present message ou si vous l'avez recu par
>> erreur,
>> > veuillez cesser immediatement de le lire et le supprimer, ainsi que
>> toutes ses
>> > pieces jointes, de votre systeme. La lecture, la distribution, la
>> copie ou tout
>> > autre usage du present message ou de ses pieces jointes par des
>> personnes
>> > autres que le destinataire vise ne sont pas autorises et pourraient
>> etre illegaux.
>> > Si vous avez recu ce courrier electronique par erreur, veuillez en
>> aviser
>> > l'expediteur.
>>
>>
--
WARNING
-------
This electronic message and its attachments may contain confidential, proprietary or legally privileged information, which is solely for the use of the intended recipient. No privilege or other rights are waived by any unintended transmission or unauthorized retransmission of this message. If you are not the intended recipient of this message, or if you have received it in error, you should immediately stop reading this message and delete it and all attachments from your system. The reading, distribution, copying or other use of this message or its attachments by unintended recipients is unauthorized and may be unlawful. If you have received this e-mail in error, please notify the sender.
AVIS IMPORTANT
--------------
Ce message électronique et ses pièces jointes peuvent contenir des renseignements confidentiels, exclusifs ou légalement privilégiés destinés au seul usage du destinataire visé. L’expéditeur original ne renonce à aucun privilège ou à aucun autre droit si le présent message a été transmis involontairement ou s’il est retransmis sans son autorisation. Si vous n’êtes pas le destinataire visé du présent message ou si vous l’avez reçu par erreur, veuillez cesser immédiatement de le lire et le supprimer, ainsi que toutes ses pièces jointes, de votre système. La lecture, la distribution, la copie ou tout autre usage du présent message ou de ses pièces jointes par des personnes autres que le destinataire visé ne sont pas autorisés et pourraient être illégaux. Si vous avez reçu ce courrier électronique par erreur, veuillez en aviser l’expéditeur.
Re: How to Disable SSLv2 client hello in CXF?
Posted by Jason Pell <ja...@pellcorp.com>.
Sorry not jetty config http config is what I meant to say
On 29/10/2014 7:57 AM, "Jason Pell" <ja...@pellcorp.com> wrote:
> sorry forgot to get back to you on the 2.7.6 thing.
> org.apache.cxf.transport.https.SSLSocketFactoryWrapper has not been changed
> in 6 years, so its definately calling setEnabledProtocols where you pass in
> a secureSocketProtocol in the jetty config.
>
> If you can attach a debugger and ensure it gets to that code in
> SSLSocketFactoryWrapper
>
> On Tue, Oct 28, 2014 at 7:08 AM, Jason Pell <ja...@pellcorp.com> wrote:
>
>> Hi,
>>
>> The code for poodle was added for server side.
>>
>> The conduit config that you use should have set the enabled protocols on
>> the jdk SSL context.
>>
>> I only checked cxf 2.7.12 not 2.7.6. I would expect they are the same
>> but will check real quick and reply to this email.
>>
>> Can you attach a debugger to weblogic and put a break point in the SSL
>> context factory wrapper class? You can make sure its executing the enabled
>> protocols bit.
>>
>> If it is perhaps it's a jdk issue
>> On 28/10/2014 6:50 AM, "David Roytenberg (Consultant)" <
>> David.Roytenberg@optimalpayments.com> wrote:
>>
>>> Thanks Jason, Since you've worked on Poodle, maybe you are aware of
>>> whether the CXF client has changed its behavior since 2.7.6 as far as
>>> SSLv2Hello protocol is concerned. I have two identical CXF configurations,
>>> using the default protocol setting which looks to be TLS. With the SSL
>>> debugging turned on, I see that the SSLv2Hello is being used to wrap the
>>> client hello packet in each case. In my first integration all is well
>>> while in the current integration, the server appears to drop the connection
>>> as soon as it receives the SSLV2Hello packet.
>>>
>>> What I'd like to do is prevent the client from using that SSLv2Hello
>>> protocol for the handshake Hello packet.
>>>
>>> None of the settings on this page:
>>> http://cxf.apache.org/docs/tls-configuration.html seem to allow me to
>>> control the Protocols directly, but I am still learning all the ins and
>>> outs of how SSL is configured under the hood.
>>>
>>> From what you wrote it sounds like SSLv2Hello protocol is going to be
>>> removed in the client in CXF 2.7.14. Is that right?
>>>
>>> Thanks,
>>>
>>> David
>>>
>>>
>>> -----Original Message-----
>>> From: jasonmpell@gmail.com [mailto:jasonmpell@gmail.com] On Behalf Of
>>> Jason Pell
>>> Sent: Monday, October 27, 2014 2:07 PM
>>> To: users@cxf.apache.org
>>> Subject: Re: How to Disable SSLv2 client hello in CXF?
>>>
>>> Here is the actual page which deals with the config for tls
>>>
>>> http://cxf.apache.org/docs/tls-configuration.html
>>>
>>>
>>>
>>> On Tue, Oct 28, 2014 at 5:06 AM, Jason Pell <ja...@pellcorp.com> wrote:
>>>
>>> > See, but note that the secureSocketProtocol is missing from the
>>> examples.
>>> > (Search in the page for Configuring SSL Support)
>>> >
>>> > http://cxf.apache.org/docs/client-http-transport-including-ssl-support
>>> > .html
>>> >
>>> > On Tue, Oct 28, 2014 at 5:02 AM, Jason Pell <ja...@pellcorp.com>
>>> wrote:
>>> >
>>> >> So I did some digging to remind myself of how it works on the client
>>> >> and I was dead wrong.
>>> >>
>>> >> I was thinking about how the server works (having just done the
>>> >> poodle
>>> >> changes)
>>> >>
>>> >> Anyway, what Andrei was absolutely correct.
>>> >>
>>> >> You can see it applied in
>>> >> org.apache.cxf.transport.https.SSLSocketFactoryWrapper. The
>>> >> SSLSocketFactoryWrapper is called from the
>>> >> org.apache.cxf.transport.https.HttpsURLConnectionFactory
>>> >>
>>> >> It results in the Socket Factory setEnabledProtocols to the actual
>>> >> protocol you listed in the tls client parameters (see below)
>>> >>
>>> >> <http:tlsClientParameters disableCNCheck="true"
>>> >> secureSocketProtocol="TLSv1">
>>> >>
>>> >> You need to make sure that your conduit configuration is being
>>> >> applied correctly in web logic, perhaps its not being picked up.
>>> >>
>>> >>
>>> >>
>>> >>
>>> >>
>>> >>
>>> >>
>>> >> On Tue, Oct 28, 2014 at 4:36 AM, Jason Pell <ja...@pellcorp.com>
>>> wrote:
>>> >>
>>> >>> Hi,
>>> >>>
>>> >>> I run embedded jetty container
>>> >>>
>>> >>> Sorry I forgot that you were running weblogic when I responded. In
>>> that
>>> >>> case do you even use the embedded jetty container? I am guessing
>>> no. If
>>> >>> not, then you would need to use the standard weblogic ssl
>>> configuration.
>>> >>>
>>> >>> I don't believe CXF is responsible for any of the ssl config in that
>>> >>> case. But then I am not very knowledgeable of cxf deployed to a
>>> >>> j2ee container sorry.
>>> >>>
>>> >>> Sorry for the runaround and wasting your time
>>> >>>
>>> >>> Regards
>>> >>> Jason
>>> >>>
>>> >>>
>>> >>> On Tue, Oct 28, 2014 at 2:33 AM, David Roytenberg (Consultant) <
>>> >>> David.Roytenberg@optimalpayments.com> wrote:
>>> >>>
>>> >>>> Hi Jason,
>>> >>>>
>>> >>>> Are you running on WebLogic by any chance? When I configured
>>> >>>> the properties in the deployment to point to the WebLogic default
>>> >>>> key store and trust store, I get a
>>> >>>> java.security.UnrecoverableKeyException while trying to deploy my
>>> application. Did you encounter this problem?
>>> >>>>
>>> >>>> Here's my config:
>>> >>>>
>>> >>>> <constructor-arg>
>>> >>>> <list>
>>> >>>> <bean
>>> >>>> class="com.pellcorp.server.jetty.JettyHttpEngineConfig">
>>> >>>> <property name="uri" value="
>>> >>>> https://localhost:7002" />
>>> >>>> <property
>>> name="keyStoreFile"
>>> >>>> value="/opt/weblogic_11/wlserver_10.3/server/lib/DemoIdentity.jks"
>>> />
>>> >>>> <property
>>> >>>> name="keyStorePassword" value="DemoIdentityKeyStorePassPhrase" />
>>> >>>> <property
>>> name="trustStoreFile"
>>> >>>> value="/opt/weblogic_11/wlserver_10.3/server/lib/DemoTrust.jks" />
>>> >>>> <property
>>> >>>> name="trustStorePassword" value="DemoTrustKeyStorePassPhrase" />
>>> >>>> <property
>>> >>>> name="secureSocketProtocol" value="TLSv1" />
>>> >>>> </bean>
>>> >>>>
>>> >>>> <bean
>>> >>>> class="com.pellcorp.server.jetty.JettyHttpEngineConfig">
>>> >>>> <property name="uri" value="
>>> >>>> https://localhost:7002" />
>>> >>>> <property
>>> name="keyStoreFile"
>>> >>>> value="/opt/weblogic_11/wlserver_10.3/server/lib/DemoIdentity.jks"
>>> />
>>> >>>> <property
>>> >>>> name="keyStorePassword" value="DemoIdentityKeyStorePassPhrase" />
>>> >>>> <property
>>> >>>> name="secureSocketProtocol" value="TLSv1" />
>>> >>>> </bean>
>>> >>>> </list>
>>> >>>> </constructor-arg>
>>> >>>>
>>> >>>> David
>>> >>>>
>>> >>>> -----Original Message-----
>>> >>>> From: jasonmpell@gmail.com [mailto:jasonmpell@gmail.com] On Behalf
>>> >>>> Of Jason Pell
>>> >>>> Sent: Monday, October 27, 2014 7:23 AM
>>> >>>> To: users@cxf.apache.org
>>> >>>> Subject: Re: How to Disable SSLv2 client hello in CXF?
>>> >>>>
>>> >>>> Hi,
>>> >>>>
>>> >>>> Here is a sample of using your own custom version of the jetty
>>> >>>> factory in your spring context. It is pretty invasive, so its
>>> >>>> actually better to wait for 2.7.14 and take advantage of the code
>>> >>>> already there. I use this code for other reasons though, as it
>>> >>>> allows me to configure the trust / key stores via spring properties.
>>> >>>>
>>> >>>>
>>> >>>> https://github.com/pellcorp/cxf/tree/master/JavaFirst/src/main/java
>>> >>>> /com/pellcorp/server/jetty
>>> >>>>
>>> >>>>
>>> >>>>
>>> >>>> A sample spring context:
>>> >>>>
>>> >>>>
>>> >>>> https://github.com/pellcorp/cxf/blob/master/JavaFirst/src/main/reso
>>> >>>> urces/META-INF/samlApplicationContext.xml
>>> >>>>
>>> >>>>
>>> >>>>
>>> >>>>
>>> >>>> On Mon, Oct 27, 2014 at 9:44 PM, Jason Pell <ja...@pellcorp.com>
>>> wrote:
>>> >>>>
>>> >>>> > That setting won't actually control what protocols jetty will
>>> >>>> > actually use. I think it just controls what the highest protocol
>>> is used.
>>> >>>> >
>>> >>>> > The excluded protocols list needs to include the sslv2 setting.
>>> >>>> >
>>> >>>> > we actually overrode the jetty factory jetty engine and one other
>>> >>>> > class to get access to the SSL context to configure the excluded
>>> >>>> > protocols. Not pretty but we can't wait for 2.7.14.
>>> >>>> >
>>> >>>> > If you are interested I shall post our classes to my git repo.
>>> >>>> >
>>> >>>> > Let me know
>>> >>>> > On 27/10/2014 8:14 PM, "Andrei Shakirin" <as...@talend.com>
>>> >>>> wrote:
>>> >>>> >
>>> >>>> >> Hi,
>>> >>>> >>
>>> >>>> >> I guess you mean TLSClientParameters.secureSocketProtocol in
>>> Conduit.
>>> >>>> >>
>>> >>>> >> As far as I can see this parameter is used for creating
>>> >>>> >> java.net.ssl.SSLContext:
>>> >>>> >> String protocol = parameters.getSecureSocketProtocol()
>>> >>>> >> !=
>>> >>>> null ?
>>> >>>> >> parameters
>>> >>>> >> .getSecureSocketProtocol() : "TLS";
>>> >>>> >>
>>> >>>> >> The setting should work. How you apply conduit settings:
>>> >>>> >> programmatically or via spring configuration?
>>> >>>> >> Could you past the code snapshot?
>>> >>>> >>
>>> >>>> >> Regards,
>>> >>>> >> Andrei.
>>> >>>> >>
>>> >>>> >> > -----Original Message-----
>>> >>>> >> > From: David Roytenberg (Consultant)
>>> >>>> >> > [mailto:David.Roytenberg@optimalpayments.com]
>>> >>>> >> > Sent: Freitag, 24. Oktober 2014 17:46
>>> >>>> >> > To: users@cxf.apache.org
>>> >>>> >> > Subject: RE: How to Disable SSLv2 client hello in CXF?
>>> >>>> >> >
>>> >>>> >> > Hello again.
>>> >>>> >> >
>>> >>>> >> > I've dug further into the CXF documentation and found that it
>>> >>>> >> > is
>>> >>>> >> possible to
>>> >>>> >> > programmatically set the SSL protocols on the TLSProperties
>>> >>>> >> > object of
>>> >>>> >> the
>>> >>>> >> > Conduit.
>>> >>>> >> >
>>> >>>> >> > I've created the TLS properties and set the SSL protocols to
>>> >>>> >> > TLS1, but
>>> >>>> >> this does
>>> >>>> >> > not change the SSL behavior, which still starts with TLSv1.2
>>> >>>> >> > then sends
>>> >>>> >> the hello
>>> >>>> >> > with SSLv2 which is then dropped on the client end. Is there
>>> >>>> >> > another
>>> >>>> >> switch that
>>> >>>> >> > has to be set to over-ride the default SSL behavior?
>>> >>>> >> >
>>> >>>> >> > David
>>> >>>> >> >
>>> >>>> >> > -----Original Message-----
>>> >>>> >> > From: David Roytenberg (Consultant)
>>> >>>> >> > [mailto:David.Roytenberg@optimalpayments.com]
>>> >>>> >> > Sent: Thursday, October 23, 2014 4:57 PM
>>> >>>> >> > To: users@cxf.apache.org
>>> >>>> >> > Subject: How to Disable SSLv2 client hello in CXF?
>>> >>>> >> >
>>> >>>> >> > I'm having an SSL problem and I wonder if there is a way to
>>> >>>> >> > fix it
>>> >>>> >> within CXF
>>> >>>> >> >
>>> >>>> >> > We have our CXF 2.7.6 based integration deployed on Weblogic
>>> 11.
>>> >>>> >> > We are using JDK 1.7_065
>>> >>>> >> >
>>> >>>> >> > When we connect to our remote client via SSL we get the
>>> >>>> >> > following trace
>>> >>>> >> with
>>> >>>> >> > lots of SSL debugging turned on
>>> >>>> >> >
>>> >>>> >> > What appears to be happening is that the Hello message is sent
>>> >>>> >> > with an
>>> >>>> >> SSLV2
>>> >>>> >> > protocol, which our partner's server does not like.
>>> >>>> >> > Apparently sending
>>> >>>> >> the
>>> >>>> >> > Hello at this level is a common behavior and apparently it
>>> >>>> >> > sometimes
>>> >>>> >> causes
>>> >>>> >> > the remote server to fail. I found a suggestion on line that
>>> >>>> >> > this can
>>> >>>> >> be fixed by
>>> >>>> >> > removing the SSLv2 from the allowed protocols. I am wondering
>>> >>>> >> > if I can
>>> >>>> >> do that
>>> >>>> >> > through CFX configuration?
>>> >>>> >> >
>>> >>>> >> > This is a reference to the article that suggests that removing
>>> >>>> >> > the
>>> >>>> >> protocol is the
>>> >>>> >> > solution to this problem:
>>> >>>> >> >
>>> >>>> >> >
>>> >>>> >>
>>> >>>> http://stackoverflow.com/questions/4682957/why-does-javas-sslsocket
>>> >>>> -s
>>> >>>> >> end-a-
>>> >>>> >> > version-2-client-hello
>>> >>>> >> >
>>> >>>> >> > The protocols are apparently set on the SSLContext in JSSE by
>>> >>>> >> > calling setEnabledProtocols(String[] protocols)
>>> >>>> >> >
>>> >>>> >> > Is there a way to set the enabled protocols on the SSLContext
>>> >>>> >> > via CXF configuration?
>>> >>>> >> >
>>> >>>> >> > If not, is there a way to get hold of the SSLContext
>>> >>>> >> > programmatically
>>> >>>> >> in a CXF
>>> >>>> >> > interceptor?
>>> >>>> >> >
>>> >>>> >> > We can't fix this problem at the WebLogic level because of
>>> >>>> >> > side-effects
>>> >>>> >> on
>>> >>>> >> > other apps. Thanks in advance for any suggestions or
>>> guidance!
>>> >>>> >> >
>>> >>>> >> > WebLogic SSL debug trace follows:
>>> >>>> >> >
>>> >>>> >> > %% No cached client session
>>> >>>> >> > *** ClientHello, TLSv1.2
>>> >>>> >> > RandomCookie: GMT: 1414096267 bytes = { 183, 209, 47, 148,
>>> >>>> >> > 54, 202,
>>> >>>> >> 98, 8,
>>> >>>> >> > 191, 222, 122, 248, 80, 190, 53, 88, 128, 130, 126, 108, 100,
>>> >>>> >> > 82, 100,
>>> >>>> >> 197, 213,
>>> >>>> >> > 31, 89, 96 } Session ID: {} Cipher Suites:
>>> >>>> >> > [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
>>> >>>> >> > TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
>>> >>>> >> > TLS_RSA_WITH_AES_256_CBC_SHA256,
>>> >>>> >> > TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
>>> >>>> >> > TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
>>> >>>> >> > TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS
>>> >>>> >> > _WITH_AES_256_CBC_SHA256,
>>> >>>> >> > TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
>>> >>>> >> > TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
>>> >>>> >> > TLS_RSA_WITH_AES_256_CBC_SHA,
>>> >>>> >> > TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
>>> >>>> >> > TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
>>> >>>> >> > TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AE
>>> >>>> >> > S_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
>>> >>>> >> > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
>>> >>>> >> > TLS_RSA_WITH_AES_128_CBC_SHA256,
>>> >>>> >> > TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
>>> >>>> >> > TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
>>> >>>> >> > TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_
>>> >>>> >> > WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
>>> >>>> >> > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
>>> >>>> >> > TLS_RSA_WITH_AES_128_CBC_SHA,
>>> >>>> >> > TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
>>> >>>> >> > TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
>>> >>>> >> > TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES
>>> >>>> >> > _128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
>>> >>>> >> > TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA,
>>> >>>> >> > TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
>>> >>>> >> > TLS_ECDH_RSA_WITH_RC4_128_SHA,
>>> >>>> >> > TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
>>> >>>> >> > TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_W
>>> >>>> >> > ITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
>>> >>>> >> > TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
>>> >>>> >> > SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
>>> >>>> >> > SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5,
>>> >>>> >> > TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
>>> >>>> >> > Compression Methods: { 0 }
>>> >>>> >> > Extension elliptic_curves, curve names: {secp256r1, sect163k1,
>>> >>>> >> sect163r2,
>>> >>>> >> > secp192r1, secp224r1, sect233k1, sect233r1, sect283k1,
>>> >>>> >> > sect283r1,
>>> >>>> >> secp384r1,
>>> >>>> >> > sect409k1, sect409r1, secp521r1, sect571k1, sect571r1,
>>> >>>> >> > secp160k1,
>>> >>>> >> secp160r1,
>>> >>>> >> > secp160r2, sect163r1, secp1 92k1, sect193r1, sect193r2,
>>> >>>> >> > secp224k1,
>>> >>>> >> sect239k1,
>>> >>>> >> > secp256k1} Extension ec_point_formats, formats: [uncompressed]
>>> >>>> >> > Extension signature_algorithms, signature_algorithms:
>>> >>>> >> > SHA512withECDSA, SHA512withRSA, SHA384withECDSA,
>>> >>>> >> > SHA384withRSA, SHA256withECDSA, SHA256withRSA,
>>> >>>> >> > SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA,
>>> >>>> >> > SHA1withDSA, MD5withRSA
>>> >>>> >> > ***
>>> >>>> >> > [write] MD5 and SHA1 hashes: len = 221
>>> >>>> >> > 0000: 01 00 00 D9 03 03 54 49 66 8B B7 D1 2F 94 36 CA
>>> >>>> >> ......TIf.../.6.
>>> >>>> >> > 0010: 62 08 BF DE 7A F8 50 BE 35 58 80 82 7E 6C 64 52
>>> >>>> >> b...z.P.5X...ldR
>>> >>>> >> > 0020: 64 C5 D5 1F 59 60 00 00 54 C0 24 C0 28 00 3D C0
>>> >>>> >> d...Y`..T.$.(.=.
>>> >>>> >> > 0030: 26 C0 2A 00 6B 00 6A C0 0A C0 14 00 35 C0 05 C0
>>> >>>> >> &.*.k.j.....5...
>>> >>>> >> > 0040: 0F 00 39 00 38 C0 23 C0 27 00 3C C0 25 C0 29 00
>>> >>>> >> ..9.8.#.'.<.%.).
>>> >>>> >> > 0050: 67 00 40 C0 09 C0 13 00 2F C0 04 C0 0E 00 33 00 g.@
>>> >>>> >> ...../.....3.
>>> >>>> >> > 0060: 32 C0 07 C0 11 00 05 C0 02 C0 0C C0 08 C0 12 00
>>> >>>> >> 2...............
>>> >>>> >> > 0070: 0A C0 03 C0 0D 00 16 00 13 00 04 00 FF 01 00 00
>>> >>>> >> ................
>>> >>>> >> > 0080: 5C 00 0A 00 34 00 32 00 17 00 01 00 03 00 13 00
>>> >>>> >> \...4.2.........
>>> >>>> >> > 0090: 15 00 06 00 07 00 09 00 0A 00 18 00 0B 00 0C 00
>>> >>>> >> ................
>>> >>>> >> > 00A0: 19 00 0D 00 0E 00 0F 00 10 00 11 00 02 00 12 00
>>> >>>> >> ................
>>> >>>> >> > 00B0: 04 00 05 00 14 00 08 00 16 00 0B 00 02 01 00 00
>>> >>>> >> ................
>>> >>>> >> > 00C0: 0D 00 1A 00 18 06 03 06 01 05 03 05 01 04 03 04
>>> >>>> >> ................
>>> >>>> >> > 00D0: 01 03 03 03 01 02 03 02 01 02 02 01 01
>>> >>>> .............
>>> >>>> >> > [ACTIVE] ExecuteThread: '0' for queue:
>>> >>>> >> > 'weblogic.kernel.Default
>>> >>>> >> (self-tuning)',
>>> >>>> >> > WRITE: TLSv1.2 Handshake, length = 221 [write] MD5 and SHA1
>>> hashes:
>>> >>>> >> len =
>>> >>>> >> > 188
>>> >>>> >> > 0000: 01 03 03 00 93 00 00 00 20 00 C0 24 00 C0 28 00
>>> ........
>>> >>>> >> ..$..(.
>>> >>>> >> > 0010: 00 3D 00 C0 26 00 C0 2A 00 00 6B 00 00 6A 00 C0
>>> >>>> >> .=..&..*..k..j..
>>> >>>> >> > 0020: 0A 07 00 C0 00 C0 14 00 00 35 00 C0 05 00 C0 0F
>>> >>>> >> .........5......
>>> >>>> >> > 0030: 00 00 39 00 00 38 00 C0 23 00 C0 27 00 00 3C 00
>>> >>>> >> ..9..8..#..'..<.
>>> >>>> >> > 0040: C0 25 00 C0 29 00 00 67 00 00 40 00 C0 09 06 00
>>> >>>> .%..)..g..@
>>> >>>> >> .....
>>> >>>> >> > 0050: 40 00 C0 13 00 00 2F 00 C0 04 01 00 80 00 C0 0E
>>> >>>> >> @...../.........
>>> >>>> >> > 0060: 00 00 33 00 00 32 00 C0 07 05 00 80 00 C0 11 00
>>> >>>> >> ..3..2..........
>>> >>>> >> > 0070: 00 05 00 C0 02 00 C0 0C 00 C0 08 00 C0 12 00 00
>>> >>>> >> ................
>>> >>>> >> > 0080: 0A 07 00 C0 00 C0 03 02 00 80 00 C0 0D 00 00 16
>>> >>>> >> ................
>>> >>>> >> > 0090: 00 00 13 00 00 04 01 00 80 00 00 FF 54 49 66 8B
>>> >>>> >> ............TIf.
>>> >>>> >> > 00A0: B7 D1 2F 94 36 CA 62 08 BF DE 7A F8 50 BE 35 58
>>> >>>> >> ../.6.b...z.P.5X
>>> >>>> >> > 00B0: 80 82 7E 6C 64 52 64 C5 D5 1F 59 60
>>> >>>> ...ldRd...Y`
>>> >>>> >> > [ACTIVE] ExecuteThread: '0' for queue:
>>> >>>> >> > 'weblogic.kernel.Default
>>> >>>> >> (self-tuning)',
>>> >>>> >> > WRITE: SSLv2 client hello message, length = 188 [Raw write]:
>>> >>>> >> > length =
>>> >>>> >> 190
>>> >>>> >> > 0000: 80 BC 01 03 03 00 93 00 00 00 20 00 C0 24 00 C0
>>> ..........
>>> >>>> >> ..$..
>>> >>>> >> > 0010: 28 00 00 3D 00 C0 26 00 C0 2A 00 00 6B 00 00 6A
>>> >>>> >> (..=..&..*..k..j
>>> >>>> >> > 0020: 00 C0 0A 07 00 C0 00 C0 14 00 00 35 00 C0 05 00
>>> >>>> >> ...........5....
>>> >>>> >> > 0030: C0 0F 00 00 39 00 00 38 00 C0 23 00 C0 27 00 00
>>> >>>> >> ....9..8..#..'..
>>> >>>> >> > 0040: 3C 00 C0 25 00 C0 29 00 00 67 00 00 40 00 C0 09
>>> >>>> <..%..)..g..@
>>> >>>> >> ...
>>> >>>> >> > 0050: 06 00 40 00 C0 13 00 00 2F 00 C0 04 01 00 80 00
>>> >>>> >> ..@...../.......
>>> >>>> >> > 0060: C0 0E 00 00 33 00 00 32 00 C0 07 05 00 80 00 C0
>>> >>>> >> ....3..2........
>>> >>>> >> > 0070: 11 00 00 05 00 C0 02 00 C0 0C 00 C0 08 00 C0 12
>>> >>>> >> ................
>>> >>>> >> > 0080: 00 00 0A 07 00 C0 00 C0 03 02 00 80 00 C0 0D 00
>>> >>>> >> ................
>>> >>>> >> > 0090: 00 16 00 00 13 00 00 04 01 00 80 00 00 FF 54 49
>>> >>>> >> ..............TI
>>> >>>> >> > 00A0: 66 8B B7 D1 2F 94 36 CA 62 08 BF DE 7A F8 50 BE
>>> >>>> >> f.../.6.b...z.P.
>>> >>>> >> > 00B0: 35 58 80 82 7E 6C 64 52 64 C5 D5 1F 59 60
>>> >>>> 5X...ldRd...Y`
>>> >>>> >> > <Oct 23, 2014 4:35:23 PM EDT> <Debug> <SecuritySSL>
>>> >>>> >> > <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '0' for queue:
>>> >>>> >> 'weblogic.kernel.Default (self-
>>> >>>> >> > tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseadapter:
>>> >>>> SSLENGINE:
>>> >>>> >> > SSLEngine.wrap(ByteBuffer,ByteBuffer)
>>> >>>> >> > called: result=Status = OK HandshakeStatus = NEED_UNWRAP
>>> >>>> >> > bytesConsumed =
>>> >>>> >> > 0 bytesProduced = 190.> <Oct 23, 2014 4:35:23 PM EDT> <Debug>
>>> >>>> >> > <SecuritySSL> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread:
>>> >>>> >> > '0' for
>>> >>>> >> queue:
>>> >>>> >> > 'weblogic.kernel.Default (self-tuning)',5,Pooled
>>> >>>> >> > Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE:
>>> >>>> >> > SSLEngine.unwrap(ByteBuffer,ByteBuffer
>>> >>>> >> > []) called: result=Status = BUFFER_UNDERFLOW HandshakeStatus =
>>> >>>> >> > NEED_UNWRAP bytesConsumed = 0 bytesProduced = 0.> [Raw read]:
>>> >>>> length = 5
>>> >>>> >> > 0000: 15 03 03 00 02 .....
>>> >>>> >> > [Raw read]: length = 2
>>> >>>> >> > 0000: 02 28 .(
>>> >>>> >> > [ACTIVE] ExecuteThread: '0' for queue:
>>> >>>> >> > 'weblogic.kernel.Default
>>> >>>> >> (self-tuning)',
>>> >>>> >> > READ: TLSv1.2 Alert, length = 2 [ACTIVE] ExecuteThread: '0'
>>> >>>> >> > for
>>> >>>> queue:
>>> >>>> >> > 'weblogic.kernel.Default (self-tuning)', RECV TLSv1 ALERT:
>>> >>>> >> > fatal, handshake_failure [ACTIVE] ExecuteThread: '0' for queue:
>>> >>>> >> > 'weblogic.kernel.Default (self-tuning)', fatal: engine already
>>> >>>> closed.
>>> >>>> >> > Rethrowing javax.net.ssl.SSLException: Received fatal alert:
>>> >>>> >> handshake_failure
>>> >>>> >> > [ACTIVE] ExecuteThread: '0' for queue:
>>> >>>> >> > 'weblogic.kernel.Default
>>> >>>> >> (self-tuning)',
>>> >>>> >> > fatal: engine already closed. Rethrowing
>>> >>>> javax.net.ssl.SSLException:
>>> >>>> >> Received
>>> >>>> >> > fatal alert: handshake_failure <Oct 23, 2014 4:35:23 PM EDT>
>>> >>>> >> > <Debug> <SecuritySSL> <BEA-000000> <[Thread[[ACTIVE]
>>> ExecuteThread:
>>> >>>> >> > '0' for
>>> >>>> >> queue:
>>> >>>> >> > 'weblogic.kernel.Default (self-tuning)',5,Pooled
>>> >>>> >> > Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE:
>>> >>>> >> > Exception
>>> >>>> >> occurred
>>> >>>> >> > during SSLEngine.un wrap(ByteBuffer,ByteBuffer[]).
>>> >>>> >> > javax.net.ssl.SSLException: Received fatal alert:
>>> handshake_failure
>>> >>>> >> > at
>>> sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
>>> >>>> >> > at
>>> >>>> sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1619)
>>> >>>> >> > at
>>> >>>> sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1587)
>>> >>>> >> > at
>>> >>>> >> sun.security.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1756
>>> >>>> >> )
>>> >>>> >> > at
>>> >>>> >> sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:106
>>> >>>> >> 0)
>>> >>>> >> > at
>>> >>>> >> sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:
>>> >>>> >> 884)
>>> >>>> >> > at
>>> >>>> sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:758)
>>> >>>> >> > at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:664)
>>> >>>> >> > at
>>> >>>> >> >
>>> >>>> >>
>>> weblogic.security.SSL.jsseadapter.JaSSLEngine$5.run(JaSSLEngine.java:
>>> >>>> >> 134)
>>> >>>> >> > at
>>> >>>> >> >
>>> >>>> >> weblogic.security.SSL.jsseadapter.JaSSLEngine.doAction(JaSSLEngi
>>> >>>> >> ne.ja
>>> >>>> >> va:732)
>>> >>>> >> > at
>>> >>>> >> >
>>> >>>> >> weblogic.security.SSL.jsseadapter.JaSSLEngine.unwrap(JaSSLEngine
>>> >>>> >> .java
>>> >>>> >> :132)
>>> >>>> >> > at
>>> >>>> >> weblogic.socket.JSSEFilterImpl.unwrap(JSSEFilterImpl.java:505)
>>> >>>> >> > at
>>> >>>> >> >
>>> >>>> >>
>>> weblogic.socket.JSSEFilterImpl.unwrapAndHandleResults(JSSEFilterImpl.
>>> >>>> >> java:44
>>> >>>> >> > 8)
>>> >>>> >> > at
>>> >>>> >> weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:8
>>> >>>> >> 0)
>>> >>>> >> > at
>>> >>>> >> weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:6
>>> >>>> >> 4)
>>> >>>> >> > at
>>> >>>> >> weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:5
>>> >>>> >> 9)
>>> >>>> >> > at
>>> >>>> weblogic.socket.JSSEFilterImpl.write(JSSEFilterImpl.java:390)
>>> >>>> >> > at
>>> >>>> >> >
>>> >>>> weblogic.socket.JSSESocket$JSSEOutputStream.write(JSSESocket.java:8
>>> >>>> 9)
>>> >>>> >> > at
>>> >>>> >> >
>>> >>>> java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:
>>> >>>> 82)
>>> >>>> >> > at
>>> >>>> >> java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140
>>> >>>> >> )
>>> >>>> >> > at
>>> >>>> java.io.FilterOutputStream.flush(FilterOutputStream.java:140)
>>> >>>> >> > at
>>> >>>> >> >
>>> >>>> >> weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnect
>>> >>>> >> ion.j
>>> >>>> >> ava:1
>>> >>>> >> > 86)
>>> >>>> >> > at
>>> >>>> >> >
>>> >>>> >> weblogic.net.http.HttpURLConnection.getOutputStream(HttpURLConne
>>> >>>> >> ction
>>> >>>> >> .jav
>>> >>>> >> > a:280)
>>> >>>> >> > at
>>> >>>> >> > org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConn
>>> >>>> >> > ectio
>>> >>>> >> > nWra
>>> >>>> >> > ppedOutputStream.setupWrappedStream(URLConnectionHTTPConduit.j
>>> >>>> >> > ava:1
>>> >>>> >> > 68
>>> >>>> >> > )
>>> >>>> >> > at
>>> >>>> >> > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.
>>> >>>> >> > handl
>>> >>>> >> > eHea
>>> >>>> >> > dersTrustCaching(HTTPConduit.java:1278)
>>> >>>> >> > at
>>> >>>> >> >
>>> >>>> >> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.on
>>> >>>> >> First
>>> >>>> >> Writ
>>> >>>> >> > e(HTTPConduit.java:1234)
>>> >>>> >> > at
>>> >>>> >> > org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConn
>>> >>>> >> > ectio
>>> >>>> >> > nWra
>>> >>>> >> >
>>> ppedOutputStream.onFirstWrite(URLConnectionHTTPConduit.java:195)
>>> >>>> >> > at
>>> >>>> >> > org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWr
>>> >>>> >> > apped
>>> >>>> >> > Outpu
>>> >>>> >> > tStream.java:47)
>>> >>>> >> > at
>>> >>>> >> >
>>> >>>> >> org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractTh
>>> >>>> >> resho
>>> >>>> >> ldOutp
>>> >>>> >> > utStream.java:69)
>>> >>>> >> > at
>>> >>>> >> > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.
>>> >>>> >> > close
>>> >>>> >> > (HTTP
>>> >>>> >> > Conduit.java:1291)
>>> >>>> >> > at
>>> >>>> >> org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.j
>>> >>>> >> ava:5
>>> >>>> >> 6)
>>> >>>> >> > at
>>> >>>> >> org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java
>>> >>>> >> :623)
>>> >>>> >> > at
>>> >>>> >> > org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSen
>>> >>>> >> > derEn
>>> >>>> >> > dingI
>>> >>>> >> > nterceptor.handleMessage(MessageSenderInterceptor.java:62)
>>> >>>> >> > at
>>> >>>> >> >
>>> >>>> >> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInte
>>> >>>> >> rcept
>>> >>>> >> orChai
>>> >>>> >> > n.java:271)
>>> >>>> >> > at
>>> >>>> >> org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:541)
>>> >>>> >> > at
>>> >>>> >> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:474)
>>> >>>> >> > at
>>> >>>> >> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:377)
>>> >>>> >> > at
>>> >>>> >> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:330)
>>> >>>> >> > at
>>> >>>> >> org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:
>>> >>>> >> 96)
>>> >>>> >> > at
>>> >>>> >> >
>>> >>>> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:
>>> >>>> 134)
>>> >>>> >> > at com.sun.proxy.$Proxy258.startTransaction(Unknown
>>> Source)
>>> >>>> >> > at
>>> >>>> >> >
>>> >>>> >> com.optimal.identity.gateway.equifax.eidverify.VerifyClient.init
>>> >>>> >> iateV
>>> >>>> >> erification(
>>> >>>> >> > VerifyClient.java:87)
>>> >>>> >> > at
>>> >>>> >> >
>>> >>>> >> com.optimal.identity.gateway.equifax.eidverify.VerifyGateway.sub
>>> >>>> >> mitIn
>>> >>>> >> itial(Ve
>>> >>>> >> > rifyGateway.java:24)
>>> >>>> >> > at
>>> >>>> >> >
>>> >>>> >> com.optimal.identity.service.IdentificationServiceImpl.submitIni
>>> >>>> >> tial(
>>> >>>> >> Identificatio
>>> >>>> >> > nServiceImpl.java:147)
>>> >>>> >> > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
>>> >>>> Method)
>>> >>>> >> > at
>>> >>>> >> >
>>> >>>> >>
>>> >>>>
>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:
>>> >>>> >> > 57)
>>> >>>> >> > at
>>> >>>> >> >
>>> >>>> >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethod
>>> >>>> >> Acces
>>> >>>> >> sorI
>>> >>>> >> > mpl.java:43)
>>> >>>> >> > at java.lang.reflect.Method.invoke(Method.java:606)
>>> >>>> >> > at
>>> >>>> >> >
>>> >>>> >> org.springframework.aop.support.AopUtils.invokeJoinpointUsingRef
>>> >>>> >> lecti
>>> >>>> >> on(Aop
>>> >>>> >> > Utils.java:317)
>>> >>>> >> > at
>>> >>>> >> >
>>> >>>> >> org.springframework.aop.framework.ReflectiveMethodInvocation.inv
>>> >>>> >> okeJo
>>> >>>> >> inpo
>>> >>>> >> > int(ReflectiveMethodInvocation.java:183)
>>> >>>> >> > at
>>> >>>> >> >
>>> >>>> >> org.springframework.aop.framework.ReflectiveMethodInvocation.pro
>>> >>>> >> ceed(
>>> >>>> >> Refl
>>> >>>> >> > ectiveMethodInvocation.java:150)
>>> >>>> >> > at
>>> >>>> >> >
>>> >>>> >>
>>> >>>> org.springframework.transaction.interceptor.TransactionInterceptor.
>>> >>>> in
>>> >>>> >> voke(Tra
>>> >>>> >> > nsactionInterceptor.java:110)
>>> >>>> >> > at
>>> >>>> >> >
>>> >>>> >> org.springframework.aop.framework.ReflectiveMethodInvocation.pro
>>> >>>> >> ceed(
>>> >>>> >> Refl
>>> >>>> >> > ectiveMethodInvocation.java:172)
>>> >>>> >> > at
>>> >>>> >> > org.springframework.aop.framework.JdkDynamicAopProxy.invoke(Jd
>>> >>>> >> > kDyna
>>> >>>> >> > mic
>>> >>>> >> > AopProxy.java:204)
>>> >>>> >> > at com.sun.proxy.$Proxy211.submitInitial(Unknown
>>> Source)
>>> >>>> >> > at
>>> >>>> >> >
>>> >>>> >> com.optimal.identity.web.rest.IdentificationController.create(Id
>>> >>>> >> entif
>>> >>>> >> icationCont
>>> >>>> >> > roller.java:133)
>>> >>>> >> > at
>>> >>>> >> >
>>> >>>> >> com.optimal.identity.web.rest.IdentificationController$$FastClas
>>> >>>> >> sByCG
>>> >>>> >> LIB$$95f
>>> >>>> >> > 388d3.invoke(<generated>)
>>> >>>> >> > at
>>> >>>> >> >
>>> >>>> org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java
>>> >>>> :204)
>>> >>>> >> > at
>>> >>>> >> > org.springframework.aop.framework.CglibAopProxy$CglibMethodInv
>>> >>>> >> > ocati
>>> >>>> >> > on.in
>>> >>>> >> > vokeJoinpoint(CglibAopProxy.java:698)
>>> >>>> >> > at
>>> >>>> >> >
>>> >>>> >> org.springframework.aop.framework.ReflectiveMethodInvocation.pro
>>> >>>> >> ceed(
>>> >>>> >> Refl
>>> >>>> >> > ectiveMethodInvocation.java:150)
>>> >>>> >> > at
>>> >>>> >> >
>>> >>>> >> org.springframework.security.access.intercept.aopalliance.Method
>>> >>>> >> Secur
>>> >>>> >> ityInter
>>> >>>> >> > ceptor.invoke(MethodSecurityInterceptor.java:64)
>>> >>>> >> > at
>>> >>>> >> >
>>> >>>> >> org.springframework.aop.framework.ReflectiveMethodInvocation.pro
>>> >>>> >> ceed(
>>> >>>> >> Refl
>>> >>>> >> > ectiveMethodInvocation.java:172)
>>> >>>> >> > at
>>> >>>> >> > org.springframework.aop.framework.CglibAopProxy$DynamicAdvised
>>> >>>> >> > Inter
>>> >>>> >> > cept
>>> >>>> >> > or.intercept(CglibAopProxy.java:631)
>>> >>>> >> > at
>>> >>>> >> >
>>> >>>> >> com.optimal.identity.web.rest.IdentificationController$$Enhancer
>>> >>>> >> ByCGL
>>> >>>> >> IB$$36
>>> >>>> >> > b7b48f.create(<generated>)
>>> >>>> >> > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
>>> >>>> Method)
>>> >>>> >> > at
>>> >>>> >> >
>>> >>>> >>
>>> >>>>
>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:
>>> >>>> >> > 57)
>>> >>>> >> > at
>>> >>>> >> >
>>> >>>> >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethod
>>> >>>> >> Acces
>>> >>>> >> sorI
>>> >>>> >> > mpl.java:43)
>>> >>>> >> > at java.lang.reflect.Method.invoke(Method.java:606)
>>> >>>> >> > at
>>> >>>> >> > org.springframework.web.method.support.InvocableHandlerMethod.
>>> >>>> >> > invok
>>> >>>> >> > e(Inv
>>> >>>> >> > ocableHandlerMethod.java:219)
>>> >>>> >> > at
>>> >>>> >> > org.springframework.web.method.support.InvocableHandlerMethod.
>>> >>>> >> > invok
>>> >>>> >> > eFor
>>> >>>> >> > Request(InvocableHandlerMethod.java:132)
>>> >>>> >> > at
>>> >>>> >> >
>>> >>>> >> org.springframework.web.servlet.mvc.method.annotation.ServletInv
>>> >>>> >> ocabl
>>> >>>> >> eHan
>>> >>>> >> >
>>> dlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:104)
>>> >>>> >> > at
>>> >>>> >> > org.springframework.web.servlet.mvc.method.annotation.RequestM
>>> >>>> >> > appin
>>> >>>> >> > gHan
>>> >>>> >> >
>>> >>>> dlerAdapter.invokeHandleMethod(RequestMappingHandlerAdapter.java:74
>>> >>>> 5)
>>> >>>> >> > at
>>> >>>> >> > org.springframework.web.servlet.mvc.method.annotation.RequestM
>>> >>>> >> > appin
>>> >>>> >> > gHan
>>> >>>> >> >
>>> dlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:686)
>>> >>>> >> > at
>>> >>>> >> >
>>> >>>>
>>> org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.
>>> >>>> >> > handle(AbstractHandlerMethodAdapter.java:80)
>>> >>>> >> > at
>>> >>>> >> >
>>> >>>> >> org.springframework.web.servlet.DispatcherServlet.doDispatch(Dis
>>> >>>> >> patch
>>> >>>> >> erServl
>>> >>>> >> > et.java:925)
>>> >>>> >> > at
>>> >>>> >> >
>>> >>>> >> org.springframework.web.servlet.DispatcherServlet.doService(Disp
>>> >>>> >> atche
>>> >>>> >> rServle
>>> >>>> >> > t.java:856)
>>> >>>> >> > at
>>> >>>> >> > org.springframework.web.servlet.FrameworkServlet.processReques
>>> >>>> >> > t(Fra
>>> >>>> >> > mewor
>>> >>>> >> > kServlet.java:920)
>>> >>>> >> > at
>>> >>>> >> >
>>> >>>> >> org.springframework.web.servlet.FrameworkServlet.doPost(Framewor
>>> >>>> >> kServ
>>> >>>> >> let.j
>>> >>>> >> > ava:827)
>>> >>>> >> > at
>>> >>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
>>> >>>> >> > at
>>> >>>> >> >
>>> >>>> >>
>>> >>>>
>>> org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.
>>> >>>> >> > java:801)
>>> >>>> >> > at
>>> >>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
>>> >>>> >> > at
>>> >>>> >> >
>>> >>>> >> weblogic.servlet.internal.StubSecurityHelper$ServletServiceActio
>>> >>>> >> n.run
>>> >>>> >> (StubSecu
>>> >>>> >> > rityHelper.java:227)
>>> >>>> >> > at
>>> >>>> >> >
>>> >>>> >> weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubS
>>> >>>> >> ecuri
>>> >>>> >> tyHelper.j
>>> >>>> >> > ava:125)
>>> >>>> >> > at
>>> >>>> >> >
>>> >>>> >> weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImp
>>> >>>> >> l.jav
>>> >>>> >> a:301)
>>> >>>> >> > at
>>> >>>> >> weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26
>>> >>>> >> )
>>> >>>> >> > at
>>> >>>> >> >
>>> >>>> >> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainIm
>>> >>>> >> pl.ja
>>> >>>> >> va:56)
>>> >>>> >> > at
>>> >>>> >> >
>>> >>>> >> org.springframework.web.filter.ShallowEtagHeaderFilter.doFilterI
>>> >>>> >> ntern
>>> >>>> >> al(Shallo
>>> >>>> >> > wEtagHeaderFilter.java:73)
>>> >>>> >> > at
>>> >>>> >> >
>>> >>>> >> org.springframework.web.filter.OncePerRequestFilter.doFilter(Onc
>>> >>>> >> ePerR
>>> >>>> >> equest
>>> >>>> >> > Filter.java:107)
>>> >>>> >> > at
>>> >>>> >> >
>>> >>>> >> org.springframework.web.filter.DelegatingFilterProxy.invokeDeleg
>>> >>>> >> ate(D
>>> >>>> >> elegati
>>> >>>> >> > ngFilterProxy.java:346)
>>> >>>> >> > at
>>> >>>> >> >
>>> >>>> >> org.springframework.web.filter.DelegatingFilterProxy.doFilter(De
>>> >>>> >> legat
>>> >>>> >> ingFilter
>>> >>>> >> > Proxy.java:259)
>>> >>>> >> > at
>>> >>>> >> >
>>> >>>> >> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainIm
>>> >>>> >> pl.ja
>>> >>>> >> va:56)
>>> >>>> >> > at
>>> >>>> >> >
>>> >>>> >>
>>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
>>> >>>> >> doFilter(
>>> >>>> >> > FilterChainProxy.java:330)
>>> >>>> >> > at
>>> >>>> >> >
>>> >>>> >> org.springframework.security.web.access.intercept.FilterSecurity
>>> >>>> >> Inter
>>> >>>> >> ceptor.inv
>>> >>>> >> > oke(FilterSecurityInterceptor.java:118)
>>> >>>> >> > at
>>> >>>> >> >
>>> >>>> >> org.springframework.security.web.access.intercept.FilterSecurity
>>> >>>> >> Inter
>>> >>>> >> ceptor.do
>>> >>>> >> > Filter(FilterSecurityInterceptor.java:84)
>>> >>>> >> > at
>>> >>>> >> >
>>> >>>> >>
>>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
>>> >>>> >> doFilter(
>>> >>>> >> > FilterChainProxy.java:342)
>>> >>>> >> > at
>>> >>>> >> >
>>> >>>> >>
>>> >>>> org.springframework.security.web.access.ExceptionTranslationFilter.
>>> >>>> do
>>> >>>> >> Filter(Ex
>>> >>>> >> > ceptionTranslationFilter.java:113)
>>> >>>> >> > at
>>> >>>> >> >
>>> >>>> >>
>>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
>>> >>>> >> doFilter(
>>> >>>> >> > FilterChainProxy.java:342)
>>> >>>> >> > at
>>> >>>> >> >
>>> >>>> >> org.springframework.security.web.authentication.AnonymousAuthent
>>> >>>> >> icati
>>> >>>> >> onFilt
>>> >>>> >> > er.doFilter(AnonymousAuthenticationFilter.java:113)
>>> >>>> >> > at
>>> >>>> >> >
>>> >>>> >>
>>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
>>> >>>> >> doFilter(
>>> >>>> >> > FilterChainProxy.java:342)
>>> >>>> >> > at
>>> >>>> >> >
>>> >>>> >> org.springframework.security.web.servletapi.SecurityContextHolde
>>> >>>> >> rAwar
>>> >>>> >> eRequ
>>> >>>> >> >
>>> estFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
>>> >>>> >> > at
>>> >>>> >> >
>>> >>>> >>
>>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
>>> >>>> >> doFilter(
>>> >>>> >> > FilterChainProxy.java:342)
>>> >>>> >> > at
>>> >>>> >> >
>>> >>>> >> org.springframework.security.web.authentication.www.BasicAuthent
>>> >>>> >> icati
>>> >>>> >> onFilt
>>> >>>> >> > er.doFilter(BasicAuthenticationFilter.java:201)
>>> >>>> >> > at
>>> >>>> >> >
>>> >>>> >>
>>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
>>> >>>> >> doFilter(
>>> >>>> >> > FilterChainProxy.java:342)
>>> >>>> >> > at
>>> >>>> >> >
>>> >>>> >> org.springframework.security.web.context.SecurityContextPersiste
>>> >>>> >> nceFi
>>> >>>> >> lter.doF
>>> >>>> >> > ilter(SecurityContextPersistenceFilter.java:87)
>>> >>>> >> > at
>>> >>>> >> >
>>> >>>> >>
>>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
>>> >>>> >> doFilter(
>>> >>>> >> > FilterChainProxy.java:342)
>>> >>>> >> > at
>>> >>>> >> >
>>> >>>> >> org.springframework.security.web.FilterChainProxy.doFilterIntern
>>> >>>> >> al(Fi
>>> >>>> >> lterChain
>>> >>>> >> > Proxy.java:192)
>>> >>>> >> > at
>>> >>>> >> >
>>> >>>> >> org.springframework.security.web.FilterChainProxy.doFilter(Filte
>>> >>>> >> rChai
>>> >>>> >> nProxy.ja
>>> >>>> >> > va:160)
>>> >>>> >> > at
>>> >>>> >> >
>>> >>>> >> org.springframework.web.filter.DelegatingFilterProxy.invokeDeleg
>>> >>>> >> ate(D
>>> >>>> >> elegati
>>> >>>> >> > ngFilterProxy.java:346)
>>> >>>> >> > at
>>> >>>> >> >
>>> >>>> >> org.springframework.web.filter.DelegatingFilterProxy.doFilter(De
>>> >>>> >> legat
>>> >>>> >> ingFilter
>>> >>>> >> > Proxy.java:259)
>>> >>>> >> > at
>>> >>>> >> >
>>> >>>> >> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainIm
>>> >>>> >> pl.ja
>>> >>>> >> va:56)
>>> >>>> >> > at
>>> >>>> >> >
>>> >>>> >> com.optimal.rest.loggerfilter.LoggerFilter.doFilterInternal(Logg
>>> >>>> >> erFil
>>> >>>> >> ter.java:16
>>> >>>> >> > 9)
>>> >>>> >> > at
>>> >>>> >> >
>>> >>>> >> com.optimal.rest.loggerfilter.LoggerFilter.doFilter(LoggerFilter
>>> >>>> >> .java
>>> >>>> >> :123)
>>> >>>> >> > at
>>> >>>> >> >
>>> >>>> >> org.springframework.web.filter.DelegatingFilterProxy.invokeDeleg
>>> >>>> >> ate(D
>>> >>>> >> elegati
>>> >>>> >> > ngFilterProxy.java:346)
>>> >>>> >> > at
>>> >>>> >> >
>>> >>>> >> org.springframework.web.filter.DelegatingFilterProxy.doFilter(De
>>> >>>> >> legat
>>> >>>> >> ingFilter
>>> >>>> >> > Proxy.java:259)
>>> >>>> >> > at
>>> >>>> >> >
>>> >>>> >> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainIm
>>> >>>> >> pl.ja
>>> >>>> >> va:56)
>>> >>>> >> > at
>>> >>>> >> >
>>> >>>> >> com.optimal.web.spring.filter.ApplicationUidFilter.doFilterInter
>>> >>>> >> nal(A
>>> >>>> >> pplicationU
>>> >>>> >> > idFilter.java:51)
>>> >>>> >> > at
>>> >>>> >> >
>>> >>>> >> org.springframework.web.filter.OncePerRequestFilter.doFilter(Onc
>>> >>>> >> ePerR
>>> >>>> >> equest
>>> >>>> >> > Filter.java:107)
>>> >>>> >> > at
>>> >>>> >> >
>>> >>>> >> org.springframework.web.filter.DelegatingFilterProxy.invokeDeleg
>>> >>>> >> ate(D
>>> >>>> >> elegati
>>> >>>> >> > ngFilterProxy.java:346)
>>> >>>> >> > at
>>> >>>> >> >
>>> >>>> >> org.springframework.web.filter.DelegatingFilterProxy.doFilter(De
>>> >>>> >> legat
>>> >>>> >> ingFilter
>>> >>>> >> > Proxy.java:259)
>>> >>>> >> > at
>>> >>>> >> >
>>> >>>> >> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainIm
>>> >>>> >> pl.ja
>>> >>>> >> va:56)
>>> >>>> >> > at
>>> >>>> >> >
>>> >>>> >> weblogic.servlet.internal.WebAppServletContext$ServletInvocation
>>> >>>> >> Actio
>>> >>>> >> n.wrap
>>> >>>> >> > Run(WebAppServletContext.java:3730)
>>> >>>> >> > at
>>> >>>> >> >
>>> >>>> >> weblogic.servlet.internal.WebAppServletContext$ServletInvocation
>>> >>>> >> Actio
>>> >>>> >> n.run(
>>> >>>> >> > WebAppServletContext.java:3696)
>>> >>>> >> > at
>>> >>>> >> >
>>> >>>> >> weblogic.security.acl.internal.AuthenticatedSubject.doAs(Authent
>>> >>>> >> icate
>>> >>>> >> dSubject.j
>>> >>>> >> > ava:321)
>>> >>>> >> > at
>>> >>>> >> >
>>> >>>> >>
>>> weblogic.security.service.SecurityManager.runAs(SecurityManager.java:
>>> >>>> >> 120)
>>> >>>> >> > at
>>> >>>> >> >
>>> >>>> >> weblogic.servlet.internal.WebAppServletContext.securedExecute(We
>>> >>>> >> bAppS
>>> >>>> >> ervl
>>> >>>> >> > etContext.java:2273)
>>> >>>> >> > at
>>> >>>> >> >
>>> >>>> >> weblogic.servlet.internal.WebAppServletContext.execute(WebAppSer
>>> >>>> >> vletC
>>> >>>> >> onte
>>> >>>> >> > xt.java:2179)
>>> >>>> >> > at
>>> >>>> >> >
>>> >>>> >> weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestI
>>> >>>> >> mpl.j
>>> >>>> >> ava:1490
>>> >>>> >> > )
>>> >>>> >> > at
>>> >>>> weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
>>> >>>> >> > at
>>> >>>> >> > weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
>>> >>>> >> > >
>>> >>>> >> > AVIS IMPORTANT
>>> >>>> >> >
>>> >>>> >> > WARNING
>>> >>>> >> >
>>> >>>> >> >
>>> >>>> >> > Ce message ?lectronique et ses pi?ces jointes peuvent contenir
>>> >>>> >> > des renseignements confidentiels, exclusifs ou l?galement
>>> >>>> >> > privil?gi?s
>>> >>>> >> destin?s au
>>> >>>> >> > seul usage du destinataire vis?. L'exp?diteur original ne
>>> renonce ?
>>> >>>> >> aucun
>>> >>>> >> > privil?ge ou ? aucun autre droit si le pr?sent message a ?t?
>>> >>>> >> > transmis involontairement ou s'il est retransmis sans son
>>> >>>> >> > autorisation. Si vous
>>> >>>> >> n'?tes pas
>>> >>>> >> > le destinataire vis? du pr?sent message ou si vous l'avez re?u
>>> >>>> >> > par
>>> >>>> >> erreur,
>>> >>>> >> > veuillez cesser imm?diatement de le lire et le supprimer,
>>> >>>> >> > ainsi que
>>> >>>> >> toutes ses
>>> >>>> >> > pi?ces jointes, de votre syst?me. La lecture, la distribution,
>>> >>>> >> > la copie
>>> >>>> >> ou tout
>>> >>>> >> > autre usage du pr?sent message ou de ses pi?ces jointes par
>>> >>>> >> > des
>>> >>>> >> personnes
>>> >>>> >> > autres que le destinataire vis? ne sont pas autoris?s et
>>> >>>> >> > pourraient
>>> >>>> >> ?tre ill?gaux.
>>> >>>> >> > Si vous avez re?u ce courrier ?lectronique par erreur,
>>> >>>> >> > veuillez en
>>> >>>> >> aviser
>>> >>>> >> > l'exp?diteur.
>>> >>>> >> >
>>> >>>> >> >
>>> >>>> >> > This electronic message and its attachments may contain
>>> >>>> >> > confidential, proprietary or legally privileged information,
>>> >>>> >> > which is solely for the
>>> >>>> >> use of the
>>> >>>> >> > intended recipient. No privilege or other rights are waived by
>>> >>>> >> > any
>>> >>>> >> unintended
>>> >>>> >> > transmission or unauthorized retransmission of this message.
>>> >>>> >> > If you are
>>> >>>> >> not the
>>> >>>> >> > intended recipient of this message, or if you have received it
>>> >>>> >> > in
>>> >>>> >> error, you
>>> >>>> >> > should immediately stop reading this message and delete it and
>>> >>>> >> > all attachments from your system. The reading, distribution,
>>> >>>> >> > copying or
>>> >>>> >> other use
>>> >>>> >> > of this message or its attachments by unintended recipients is
>>> >>>> >> unauthorized and
>>> >>>> >> > may be unlawful. If you have received this e-mail in error,
>>> >>>> >> > please
>>> >>>> >> notify the
>>> >>>> >> > sender.
>>> >>>> >> >
>>> >>>> >> > --
>>> >>>> >> > WARNING
>>> >>>> >> > -------
>>> >>>> >> > This electronic message and its attachments may contain
>>> >>>> >> > confidential, proprietary or legally privileged information,
>>> >>>> >> > which is solely for the
>>> >>>> >> use of the
>>> >>>> >> > intended recipient. No privilege or other rights are waived
>>> >>>> >> > by any
>>> >>>> >> unintended
>>> >>>> >> > transmission or unauthorized retransmission of this message.
>>> >>>> >> > If you
>>> >>>> >> are not the
>>> >>>> >> > intended recipient of this message, or if you have received it
>>> >>>> >> > in
>>> >>>> >> error, you
>>> >>>> >> > should immediately stop reading this message and delete it and
>>> >>>> >> > all attachments from your system. The reading, distribution,
>>> >>>> >> > copying or
>>> >>>> >> other use
>>> >>>> >> > of this message or its attachments by unintended recipients is
>>> >>>> >> unauthorized and
>>> >>>> >> > may be unlawful. If you have received this e-mail in error,
>>> >>>> >> > please
>>> >>>> >> notify the
>>> >>>> >> > sender.
>>> >>>> >> >
>>> >>>> >> > AVIS IMPORTANT
>>> >>>> >> > --------------
>>> >>>> >> > Ce message electronique et ses pieces jointes peuvent contenir
>>> >>>> >> > des renseignements confidentiels, exclusifs ou legalement
>>> >>>> >> > privilegies
>>> >>>> >> destines au
>>> >>>> >> > seul usage du destinataire vise. L'expediteur original ne
>>> >>>> >> > renonce a
>>> >>>> >> aucun
>>> >>>> >> > privilege ou a aucun autre droit si le present message a ete
>>> >>>> >> > transmis involontairement ou s'il est retransmis sans son
>>> >>>> >> > autorisation. Si vous
>>> >>>> >> n'etes pas
>>> >>>> >> > le destinataire vise du present message ou si vous l'avez recu
>>> >>>> >> > par
>>> >>>> >> erreur,
>>> >>>> >> > veuillez cesser immediatement de le lire et le supprimer,
>>> >>>> >> > ainsi que
>>> >>>> >> toutes ses
>>> >>>> >> > pieces jointes, de votre systeme. La lecture, la
>>> >>>> >> > distribution, la
>>> >>>> >> copie ou tout
>>> >>>> >> > autre usage du present message ou de ses pieces jointes par
>>> >>>> >> > des
>>> >>>> >> personnes
>>> >>>> >> > autres que le destinataire vise ne sont pas autorises et
>>> >>>> >> > pourraient
>>> >>>> >> etre illegaux.
>>> >>>> >> > Si vous avez recu ce courrier electronique par erreur,
>>> >>>> >> > veuillez en
>>> >>>> >> aviser
>>> >>>> >> > l'expediteur.
>>> >>>> >> >
>>> >>>> >> >
>>> >>>> >> > --
>>> >>>> >> > WARNING
>>> >>>> >> > -------
>>> >>>> >> > This electronic message and its attachments may contain
>>> >>>> >> > confidential, proprietary or legally privileged information,
>>> >>>> >> > which is solely for the
>>> >>>> >> use of the
>>> >>>> >> > intended recipient. No privilege or other rights are waived
>>> >>>> >> > by any
>>> >>>> >> unintended
>>> >>>> >> > transmission or unauthorized retransmission of this message.
>>> >>>> >> > If you
>>> >>>> >> are not the
>>> >>>> >> > intended recipient of this message, or if you have received it
>>> >>>> >> > in
>>> >>>> >> error, you
>>> >>>> >> > should immediately stop reading this message and delete it and
>>> >>>> >> > all attachments from your system. The reading, distribution,
>>> >>>> >> > copying or
>>> >>>> >> other use
>>> >>>> >> > of this message or its attachments by unintended recipients is
>>> >>>> >> unauthorized and
>>> >>>> >> > may be unlawful. If you have received this e-mail in error,
>>> >>>> >> > please
>>> >>>> >> notify the
>>> >>>> >> > sender.
>>> >>>> >> >
>>> >>>> >> > AVIS IMPORTANT
>>> >>>> >> > --------------
>>> >>>> >> > Ce message ?lectronique et ses pi?ces jointes peuvent contenir
>>> >>>> >> > des renseignements confidentiels, exclusifs ou l?galement
>>> >>>> >> > privil?gi?s
>>> >>>> >> destin?s au
>>> >>>> >> > seul usage du destinataire vis?. L'exp?diteur original ne
>>> >>>> >> > renonce
>>> >>>> ?
>>> >>>> >> aucun
>>> >>>> >> > privil?ge ou ? aucun autre droit si le pr?sent message a ?t?
>>> >>>> >> > transmis involontairement ou s'il est retransmis sans son
>>> >>>> >> > autorisation. Si vous
>>> >>>> >> n'?tes pas
>>> >>>> >> > le destinataire vis? du pr?sent message ou si vous l'avez re?u
>>> >>>> >> > par
>>> >>>> >> erreur,
>>> >>>> >> > veuillez cesser imm?diatement de le lire et le supprimer,
>>> >>>> >> > ainsi que
>>> >>>> >> toutes ses
>>> >>>> >> > pi?ces jointes, de votre syst?me. La lecture, la
>>> >>>> >> > distribution, la
>>> >>>> >> copie ou tout
>>> >>>> >> > autre usage du pr?sent message ou de ses pi?ces jointes par
>>> >>>> >> > des
>>> >>>> >> personnes
>>> >>>> >> > autres que le destinataire vis? ne sont pas autoris?s et
>>> >>>> >> > pourraient
>>> >>>> >> ?tre ill?gaux.
>>> >>>> >> > Si vous avez re?u ce courrier ?lectronique par erreur,
>>> >>>> >> > veuillez en
>>> >>>> >> aviser
>>> >>>> >> > l'exp?diteur.
>>> >>>> >> >
>>> >>>> >> > --
>>> >>>> >> > WARNING
>>> >>>> >> > -------
>>> >>>> >> > This electronic message and its attachments may contain
>>> >>>> >> > confidential, proprietary or legally privileged information,
>>> >>>> >> > which is solely for the
>>> >>>> >> use of the
>>> >>>> >> > intended recipient. No privilege or other rights are waived
>>> >>>> >> > by any
>>> >>>> >> unintended
>>> >>>> >> > transmission or unauthorized retransmission of this message.
>>> >>>> >> > If you
>>> >>>> >> are not the
>>> >>>> >> > intended recipient of this message, or if you have received it
>>> >>>> >> > in
>>> >>>> >> error, you
>>> >>>> >> > should immediately stop reading this message and delete it and
>>> >>>> >> > all attachments from your system. The reading, distribution,
>>> >>>> >> > copying or
>>> >>>> >> other use
>>> >>>> >> > of this message or its attachments by unintended recipients is
>>> >>>> >> unauthorized and
>>> >>>> >> > may be unlawful. If you have received this e-mail in error,
>>> >>>> >> > please
>>> >>>> >> notify the
>>> >>>> >> > sender.
>>> >>>> >> >
>>> >>>> >> > AVIS IMPORTANT
>>> >>>> >> > --------------
>>> >>>> >> > Ce message electronique et ses pieces jointes peuvent contenir
>>> >>>> >> > des renseignements confidentiels, exclusifs ou legalement
>>> >>>> >> > privilegies
>>> >>>> >> destines au
>>> >>>> >> > seul usage du destinataire vise. L'expediteur original ne
>>> >>>> >> > renonce a
>>> >>>> >> aucun
>>> >>>> >> > privilege ou a aucun autre droit si le present message a ete
>>> >>>> >> > transmis involontairement ou s'il est retransmis sans son
>>> >>>> >> > autorisation. Si vous
>>> >>>> >> n'etes pas
>>> >>>> >> > le destinataire vise du present message ou si vous l'avez recu
>>> >>>> >> > par
>>> >>>> >> erreur,
>>> >>>> >> > veuillez cesser immediatement de le lire et le supprimer,
>>> >>>> >> > ainsi que
>>> >>>> >> toutes ses
>>> >>>> >> > pieces jointes, de votre systeme. La lecture, la
>>> >>>> >> > distribution, la
>>> >>>> >> copie ou tout
>>> >>>> >> > autre usage du present message ou de ses pieces jointes par
>>> >>>> >> > des
>>> >>>> >> personnes
>>> >>>> >> > autres que le destinataire vise ne sont pas autorises et
>>> >>>> >> > pourraient
>>> >>>> >> etre illegaux.
>>> >>>> >> > Si vous avez recu ce courrier electronique par erreur,
>>> >>>> >> > veuillez en
>>> >>>> >> aviser
>>> >>>> >> > l'expediteur.
>>> >>>> >>
>>> >>>> >>
>>> >>>>
>>> >>>> --
>>> >>>> WARNING
>>> >>>> -------
>>> >>>> This electronic message and its attachments may contain
>>> >>>> confidential, proprietary or legally privileged information, which
>>> >>>> is solely for the use of the intended recipient. No privilege or
>>> >>>> other rights are waived by any unintended transmission or
>>> >>>> unauthorized retransmission of this message. If you are not the
>>> >>>> intended recipient of this message, or if you have received it in
>>> >>>> error, you should immediately stop reading this message and delete
>>> >>>> it and all attachments from your system. The reading,
>>> >>>> distribution, copying or other use of this message or its
>>> >>>> attachments by unintended recipients is unauthorized and may be
>>> unlawful. If you have received this e-mail in error, please notify the
>>> sender.
>>> >>>>
>>> >>>> AVIS IMPORTANT
>>> >>>> --------------
>>> >>>> Ce message électronique et ses pièces jointes peuvent contenir des
>>> >>>> renseignements confidentiels, exclusifs ou légalement privilégiés
>>> >>>> destinés au seul usage du destinataire visé. L’expéditeur original
>>> >>>> ne renonce à aucun privilège ou à aucun autre droit si le présent
>>> >>>> message a été transmis involontairement ou s’il est retransmis sans
>>> >>>> son autorisation. Si vous n’êtes pas le destinataire visé du
>>> >>>> présent message ou si vous l’avez reçu par erreur, veuillez cesser
>>> >>>> immédiatement de le lire et le supprimer, ainsi que toutes ses
>>> >>>> pièces jointes, de votre système. La lecture, la distribution, la
>>> >>>> copie ou tout autre usage du présent message ou de ses pièces
>>> >>>> jointes par des personnes autres que le destinataire visé ne sont
>>> >>>> pas autorisés et pourraient être illégaux. Si vous avez reçu ce
>>> courrier électronique par erreur, veuillez en aviser l’expéditeur.
>>> >>>>
>>> >>>>
>>> >>>
>>> >>
>>> >
>>>
>>
>
Re: How to Disable SSLv2 client hello in CXF?
Posted by Jason Pell <ja...@pellcorp.com>.
sorry forgot to get back to you on the 2.7.6 thing.
org.apache.cxf.transport.https.SSLSocketFactoryWrapper has not been changed
in 6 years, so its definately calling setEnabledProtocols where you pass in
a secureSocketProtocol in the jetty config.
If you can attach a debugger and ensure it gets to that code in
SSLSocketFactoryWrapper
On Tue, Oct 28, 2014 at 7:08 AM, Jason Pell <ja...@pellcorp.com> wrote:
> Hi,
>
> The code for poodle was added for server side.
>
> The conduit config that you use should have set the enabled protocols on
> the jdk SSL context.
>
> I only checked cxf 2.7.12 not 2.7.6. I would expect they are the same but
> will check real quick and reply to this email.
>
> Can you attach a debugger to weblogic and put a break point in the SSL
> context factory wrapper class? You can make sure its executing the enabled
> protocols bit.
>
> If it is perhaps it's a jdk issue
> On 28/10/2014 6:50 AM, "David Roytenberg (Consultant)" <
> David.Roytenberg@optimalpayments.com> wrote:
>
>> Thanks Jason, Since you've worked on Poodle, maybe you are aware of
>> whether the CXF client has changed its behavior since 2.7.6 as far as
>> SSLv2Hello protocol is concerned. I have two identical CXF configurations,
>> using the default protocol setting which looks to be TLS. With the SSL
>> debugging turned on, I see that the SSLv2Hello is being used to wrap the
>> client hello packet in each case. In my first integration all is well
>> while in the current integration, the server appears to drop the connection
>> as soon as it receives the SSLV2Hello packet.
>>
>> What I'd like to do is prevent the client from using that SSLv2Hello
>> protocol for the handshake Hello packet.
>>
>> None of the settings on this page:
>> http://cxf.apache.org/docs/tls-configuration.html seem to allow me to
>> control the Protocols directly, but I am still learning all the ins and
>> outs of how SSL is configured under the hood.
>>
>> From what you wrote it sounds like SSLv2Hello protocol is going to be
>> removed in the client in CXF 2.7.14. Is that right?
>>
>> Thanks,
>>
>> David
>>
>>
>> -----Original Message-----
>> From: jasonmpell@gmail.com [mailto:jasonmpell@gmail.com] On Behalf Of
>> Jason Pell
>> Sent: Monday, October 27, 2014 2:07 PM
>> To: users@cxf.apache.org
>> Subject: Re: How to Disable SSLv2 client hello in CXF?
>>
>> Here is the actual page which deals with the config for tls
>>
>> http://cxf.apache.org/docs/tls-configuration.html
>>
>>
>>
>> On Tue, Oct 28, 2014 at 5:06 AM, Jason Pell <ja...@pellcorp.com> wrote:
>>
>> > See, but note that the secureSocketProtocol is missing from the
>> examples.
>> > (Search in the page for Configuring SSL Support)
>> >
>> > http://cxf.apache.org/docs/client-http-transport-including-ssl-support
>> > .html
>> >
>> > On Tue, Oct 28, 2014 at 5:02 AM, Jason Pell <ja...@pellcorp.com> wrote:
>> >
>> >> So I did some digging to remind myself of how it works on the client
>> >> and I was dead wrong.
>> >>
>> >> I was thinking about how the server works (having just done the
>> >> poodle
>> >> changes)
>> >>
>> >> Anyway, what Andrei was absolutely correct.
>> >>
>> >> You can see it applied in
>> >> org.apache.cxf.transport.https.SSLSocketFactoryWrapper. The
>> >> SSLSocketFactoryWrapper is called from the
>> >> org.apache.cxf.transport.https.HttpsURLConnectionFactory
>> >>
>> >> It results in the Socket Factory setEnabledProtocols to the actual
>> >> protocol you listed in the tls client parameters (see below)
>> >>
>> >> <http:tlsClientParameters disableCNCheck="true"
>> >> secureSocketProtocol="TLSv1">
>> >>
>> >> You need to make sure that your conduit configuration is being
>> >> applied correctly in web logic, perhaps its not being picked up.
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >> On Tue, Oct 28, 2014 at 4:36 AM, Jason Pell <ja...@pellcorp.com>
>> wrote:
>> >>
>> >>> Hi,
>> >>>
>> >>> I run embedded jetty container
>> >>>
>> >>> Sorry I forgot that you were running weblogic when I responded. In
>> that
>> >>> case do you even use the embedded jetty container? I am guessing
>> no. If
>> >>> not, then you would need to use the standard weblogic ssl
>> configuration.
>> >>>
>> >>> I don't believe CXF is responsible for any of the ssl config in that
>> >>> case. But then I am not very knowledgeable of cxf deployed to a
>> >>> j2ee container sorry.
>> >>>
>> >>> Sorry for the runaround and wasting your time
>> >>>
>> >>> Regards
>> >>> Jason
>> >>>
>> >>>
>> >>> On Tue, Oct 28, 2014 at 2:33 AM, David Roytenberg (Consultant) <
>> >>> David.Roytenberg@optimalpayments.com> wrote:
>> >>>
>> >>>> Hi Jason,
>> >>>>
>> >>>> Are you running on WebLogic by any chance? When I configured
>> >>>> the properties in the deployment to point to the WebLogic default
>> >>>> key store and trust store, I get a
>> >>>> java.security.UnrecoverableKeyException while trying to deploy my
>> application. Did you encounter this problem?
>> >>>>
>> >>>> Here's my config:
>> >>>>
>> >>>> <constructor-arg>
>> >>>> <list>
>> >>>> <bean
>> >>>> class="com.pellcorp.server.jetty.JettyHttpEngineConfig">
>> >>>> <property name="uri" value="
>> >>>> https://localhost:7002" />
>> >>>> <property name="keyStoreFile"
>> >>>> value="/opt/weblogic_11/wlserver_10.3/server/lib/DemoIdentity.jks" />
>> >>>> <property
>> >>>> name="keyStorePassword" value="DemoIdentityKeyStorePassPhrase" />
>> >>>> <property
>> name="trustStoreFile"
>> >>>> value="/opt/weblogic_11/wlserver_10.3/server/lib/DemoTrust.jks" />
>> >>>> <property
>> >>>> name="trustStorePassword" value="DemoTrustKeyStorePassPhrase" />
>> >>>> <property
>> >>>> name="secureSocketProtocol" value="TLSv1" />
>> >>>> </bean>
>> >>>>
>> >>>> <bean
>> >>>> class="com.pellcorp.server.jetty.JettyHttpEngineConfig">
>> >>>> <property name="uri" value="
>> >>>> https://localhost:7002" />
>> >>>> <property name="keyStoreFile"
>> >>>> value="/opt/weblogic_11/wlserver_10.3/server/lib/DemoIdentity.jks" />
>> >>>> <property
>> >>>> name="keyStorePassword" value="DemoIdentityKeyStorePassPhrase" />
>> >>>> <property
>> >>>> name="secureSocketProtocol" value="TLSv1" />
>> >>>> </bean>
>> >>>> </list>
>> >>>> </constructor-arg>
>> >>>>
>> >>>> David
>> >>>>
>> >>>> -----Original Message-----
>> >>>> From: jasonmpell@gmail.com [mailto:jasonmpell@gmail.com] On Behalf
>> >>>> Of Jason Pell
>> >>>> Sent: Monday, October 27, 2014 7:23 AM
>> >>>> To: users@cxf.apache.org
>> >>>> Subject: Re: How to Disable SSLv2 client hello in CXF?
>> >>>>
>> >>>> Hi,
>> >>>>
>> >>>> Here is a sample of using your own custom version of the jetty
>> >>>> factory in your spring context. It is pretty invasive, so its
>> >>>> actually better to wait for 2.7.14 and take advantage of the code
>> >>>> already there. I use this code for other reasons though, as it
>> >>>> allows me to configure the trust / key stores via spring properties.
>> >>>>
>> >>>>
>> >>>> https://github.com/pellcorp/cxf/tree/master/JavaFirst/src/main/java
>> >>>> /com/pellcorp/server/jetty
>> >>>>
>> >>>>
>> >>>>
>> >>>> A sample spring context:
>> >>>>
>> >>>>
>> >>>> https://github.com/pellcorp/cxf/blob/master/JavaFirst/src/main/reso
>> >>>> urces/META-INF/samlApplicationContext.xml
>> >>>>
>> >>>>
>> >>>>
>> >>>>
>> >>>> On Mon, Oct 27, 2014 at 9:44 PM, Jason Pell <ja...@pellcorp.com>
>> wrote:
>> >>>>
>> >>>> > That setting won't actually control what protocols jetty will
>> >>>> > actually use. I think it just controls what the highest protocol
>> is used.
>> >>>> >
>> >>>> > The excluded protocols list needs to include the sslv2 setting.
>> >>>> >
>> >>>> > we actually overrode the jetty factory jetty engine and one other
>> >>>> > class to get access to the SSL context to configure the excluded
>> >>>> > protocols. Not pretty but we can't wait for 2.7.14.
>> >>>> >
>> >>>> > If you are interested I shall post our classes to my git repo.
>> >>>> >
>> >>>> > Let me know
>> >>>> > On 27/10/2014 8:14 PM, "Andrei Shakirin" <as...@talend.com>
>> >>>> wrote:
>> >>>> >
>> >>>> >> Hi,
>> >>>> >>
>> >>>> >> I guess you mean TLSClientParameters.secureSocketProtocol in
>> Conduit.
>> >>>> >>
>> >>>> >> As far as I can see this parameter is used for creating
>> >>>> >> java.net.ssl.SSLContext:
>> >>>> >> String protocol = parameters.getSecureSocketProtocol()
>> >>>> >> !=
>> >>>> null ?
>> >>>> >> parameters
>> >>>> >> .getSecureSocketProtocol() : "TLS";
>> >>>> >>
>> >>>> >> The setting should work. How you apply conduit settings:
>> >>>> >> programmatically or via spring configuration?
>> >>>> >> Could you past the code snapshot?
>> >>>> >>
>> >>>> >> Regards,
>> >>>> >> Andrei.
>> >>>> >>
>> >>>> >> > -----Original Message-----
>> >>>> >> > From: David Roytenberg (Consultant)
>> >>>> >> > [mailto:David.Roytenberg@optimalpayments.com]
>> >>>> >> > Sent: Freitag, 24. Oktober 2014 17:46
>> >>>> >> > To: users@cxf.apache.org
>> >>>> >> > Subject: RE: How to Disable SSLv2 client hello in CXF?
>> >>>> >> >
>> >>>> >> > Hello again.
>> >>>> >> >
>> >>>> >> > I've dug further into the CXF documentation and found that it
>> >>>> >> > is
>> >>>> >> possible to
>> >>>> >> > programmatically set the SSL protocols on the TLSProperties
>> >>>> >> > object of
>> >>>> >> the
>> >>>> >> > Conduit.
>> >>>> >> >
>> >>>> >> > I've created the TLS properties and set the SSL protocols to
>> >>>> >> > TLS1, but
>> >>>> >> this does
>> >>>> >> > not change the SSL behavior, which still starts with TLSv1.2
>> >>>> >> > then sends
>> >>>> >> the hello
>> >>>> >> > with SSLv2 which is then dropped on the client end. Is there
>> >>>> >> > another
>> >>>> >> switch that
>> >>>> >> > has to be set to over-ride the default SSL behavior?
>> >>>> >> >
>> >>>> >> > David
>> >>>> >> >
>> >>>> >> > -----Original Message-----
>> >>>> >> > From: David Roytenberg (Consultant)
>> >>>> >> > [mailto:David.Roytenberg@optimalpayments.com]
>> >>>> >> > Sent: Thursday, October 23, 2014 4:57 PM
>> >>>> >> > To: users@cxf.apache.org
>> >>>> >> > Subject: How to Disable SSLv2 client hello in CXF?
>> >>>> >> >
>> >>>> >> > I'm having an SSL problem and I wonder if there is a way to
>> >>>> >> > fix it
>> >>>> >> within CXF
>> >>>> >> >
>> >>>> >> > We have our CXF 2.7.6 based integration deployed on Weblogic 11.
>> >>>> >> > We are using JDK 1.7_065
>> >>>> >> >
>> >>>> >> > When we connect to our remote client via SSL we get the
>> >>>> >> > following trace
>> >>>> >> with
>> >>>> >> > lots of SSL debugging turned on
>> >>>> >> >
>> >>>> >> > What appears to be happening is that the Hello message is sent
>> >>>> >> > with an
>> >>>> >> SSLV2
>> >>>> >> > protocol, which our partner's server does not like.
>> >>>> >> > Apparently sending
>> >>>> >> the
>> >>>> >> > Hello at this level is a common behavior and apparently it
>> >>>> >> > sometimes
>> >>>> >> causes
>> >>>> >> > the remote server to fail. I found a suggestion on line that
>> >>>> >> > this can
>> >>>> >> be fixed by
>> >>>> >> > removing the SSLv2 from the allowed protocols. I am wondering
>> >>>> >> > if I can
>> >>>> >> do that
>> >>>> >> > through CFX configuration?
>> >>>> >> >
>> >>>> >> > This is a reference to the article that suggests that removing
>> >>>> >> > the
>> >>>> >> protocol is the
>> >>>> >> > solution to this problem:
>> >>>> >> >
>> >>>> >> >
>> >>>> >>
>> >>>> http://stackoverflow.com/questions/4682957/why-does-javas-sslsocket
>> >>>> -s
>> >>>> >> end-a-
>> >>>> >> > version-2-client-hello
>> >>>> >> >
>> >>>> >> > The protocols are apparently set on the SSLContext in JSSE by
>> >>>> >> > calling setEnabledProtocols(String[] protocols)
>> >>>> >> >
>> >>>> >> > Is there a way to set the enabled protocols on the SSLContext
>> >>>> >> > via CXF configuration?
>> >>>> >> >
>> >>>> >> > If not, is there a way to get hold of the SSLContext
>> >>>> >> > programmatically
>> >>>> >> in a CXF
>> >>>> >> > interceptor?
>> >>>> >> >
>> >>>> >> > We can't fix this problem at the WebLogic level because of
>> >>>> >> > side-effects
>> >>>> >> on
>> >>>> >> > other apps. Thanks in advance for any suggestions or guidance!
>> >>>> >> >
>> >>>> >> > WebLogic SSL debug trace follows:
>> >>>> >> >
>> >>>> >> > %% No cached client session
>> >>>> >> > *** ClientHello, TLSv1.2
>> >>>> >> > RandomCookie: GMT: 1414096267 bytes = { 183, 209, 47, 148,
>> >>>> >> > 54, 202,
>> >>>> >> 98, 8,
>> >>>> >> > 191, 222, 122, 248, 80, 190, 53, 88, 128, 130, 126, 108, 100,
>> >>>> >> > 82, 100,
>> >>>> >> 197, 213,
>> >>>> >> > 31, 89, 96 } Session ID: {} Cipher Suites:
>> >>>> >> > [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
>> >>>> >> > TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
>> >>>> >> > TLS_RSA_WITH_AES_256_CBC_SHA256,
>> >>>> >> > TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
>> >>>> >> > TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
>> >>>> >> > TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS
>> >>>> >> > _WITH_AES_256_CBC_SHA256,
>> >>>> >> > TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
>> >>>> >> > TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
>> >>>> >> > TLS_RSA_WITH_AES_256_CBC_SHA,
>> >>>> >> > TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
>> >>>> >> > TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
>> >>>> >> > TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AE
>> >>>> >> > S_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
>> >>>> >> > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
>> >>>> >> > TLS_RSA_WITH_AES_128_CBC_SHA256,
>> >>>> >> > TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
>> >>>> >> > TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
>> >>>> >> > TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_
>> >>>> >> > WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
>> >>>> >> > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
>> >>>> >> > TLS_RSA_WITH_AES_128_CBC_SHA,
>> >>>> >> > TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
>> >>>> >> > TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
>> >>>> >> > TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES
>> >>>> >> > _128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
>> >>>> >> > TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA,
>> >>>> >> > TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
>> >>>> >> > TLS_ECDH_RSA_WITH_RC4_128_SHA,
>> >>>> >> > TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
>> >>>> >> > TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_W
>> >>>> >> > ITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
>> >>>> >> > TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
>> >>>> >> > SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
>> >>>> >> > SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5,
>> >>>> >> > TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
>> >>>> >> > Compression Methods: { 0 }
>> >>>> >> > Extension elliptic_curves, curve names: {secp256r1, sect163k1,
>> >>>> >> sect163r2,
>> >>>> >> > secp192r1, secp224r1, sect233k1, sect233r1, sect283k1,
>> >>>> >> > sect283r1,
>> >>>> >> secp384r1,
>> >>>> >> > sect409k1, sect409r1, secp521r1, sect571k1, sect571r1,
>> >>>> >> > secp160k1,
>> >>>> >> secp160r1,
>> >>>> >> > secp160r2, sect163r1, secp1 92k1, sect193r1, sect193r2,
>> >>>> >> > secp224k1,
>> >>>> >> sect239k1,
>> >>>> >> > secp256k1} Extension ec_point_formats, formats: [uncompressed]
>> >>>> >> > Extension signature_algorithms, signature_algorithms:
>> >>>> >> > SHA512withECDSA, SHA512withRSA, SHA384withECDSA,
>> >>>> >> > SHA384withRSA, SHA256withECDSA, SHA256withRSA,
>> >>>> >> > SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA,
>> >>>> >> > SHA1withDSA, MD5withRSA
>> >>>> >> > ***
>> >>>> >> > [write] MD5 and SHA1 hashes: len = 221
>> >>>> >> > 0000: 01 00 00 D9 03 03 54 49 66 8B B7 D1 2F 94 36 CA
>> >>>> >> ......TIf.../.6.
>> >>>> >> > 0010: 62 08 BF DE 7A F8 50 BE 35 58 80 82 7E 6C 64 52
>> >>>> >> b...z.P.5X...ldR
>> >>>> >> > 0020: 64 C5 D5 1F 59 60 00 00 54 C0 24 C0 28 00 3D C0
>> >>>> >> d...Y`..T.$.(.=.
>> >>>> >> > 0030: 26 C0 2A 00 6B 00 6A C0 0A C0 14 00 35 C0 05 C0
>> >>>> >> &.*.k.j.....5...
>> >>>> >> > 0040: 0F 00 39 00 38 C0 23 C0 27 00 3C C0 25 C0 29 00
>> >>>> >> ..9.8.#.'.<.%.).
>> >>>> >> > 0050: 67 00 40 C0 09 C0 13 00 2F C0 04 C0 0E 00 33 00 g.@
>> >>>> >> ...../.....3.
>> >>>> >> > 0060: 32 C0 07 C0 11 00 05 C0 02 C0 0C C0 08 C0 12 00
>> >>>> >> 2...............
>> >>>> >> > 0070: 0A C0 03 C0 0D 00 16 00 13 00 04 00 FF 01 00 00
>> >>>> >> ................
>> >>>> >> > 0080: 5C 00 0A 00 34 00 32 00 17 00 01 00 03 00 13 00
>> >>>> >> \...4.2.........
>> >>>> >> > 0090: 15 00 06 00 07 00 09 00 0A 00 18 00 0B 00 0C 00
>> >>>> >> ................
>> >>>> >> > 00A0: 19 00 0D 00 0E 00 0F 00 10 00 11 00 02 00 12 00
>> >>>> >> ................
>> >>>> >> > 00B0: 04 00 05 00 14 00 08 00 16 00 0B 00 02 01 00 00
>> >>>> >> ................
>> >>>> >> > 00C0: 0D 00 1A 00 18 06 03 06 01 05 03 05 01 04 03 04
>> >>>> >> ................
>> >>>> >> > 00D0: 01 03 03 03 01 02 03 02 01 02 02 01 01
>> >>>> .............
>> >>>> >> > [ACTIVE] ExecuteThread: '0' for queue:
>> >>>> >> > 'weblogic.kernel.Default
>> >>>> >> (self-tuning)',
>> >>>> >> > WRITE: TLSv1.2 Handshake, length = 221 [write] MD5 and SHA1
>> hashes:
>> >>>> >> len =
>> >>>> >> > 188
>> >>>> >> > 0000: 01 03 03 00 93 00 00 00 20 00 C0 24 00 C0 28 00
>> ........
>> >>>> >> ..$..(.
>> >>>> >> > 0010: 00 3D 00 C0 26 00 C0 2A 00 00 6B 00 00 6A 00 C0
>> >>>> >> .=..&..*..k..j..
>> >>>> >> > 0020: 0A 07 00 C0 00 C0 14 00 00 35 00 C0 05 00 C0 0F
>> >>>> >> .........5......
>> >>>> >> > 0030: 00 00 39 00 00 38 00 C0 23 00 C0 27 00 00 3C 00
>> >>>> >> ..9..8..#..'..<.
>> >>>> >> > 0040: C0 25 00 C0 29 00 00 67 00 00 40 00 C0 09 06 00
>> >>>> .%..)..g..@
>> >>>> >> .....
>> >>>> >> > 0050: 40 00 C0 13 00 00 2F 00 C0 04 01 00 80 00 C0 0E
>> >>>> >> @...../.........
>> >>>> >> > 0060: 00 00 33 00 00 32 00 C0 07 05 00 80 00 C0 11 00
>> >>>> >> ..3..2..........
>> >>>> >> > 0070: 00 05 00 C0 02 00 C0 0C 00 C0 08 00 C0 12 00 00
>> >>>> >> ................
>> >>>> >> > 0080: 0A 07 00 C0 00 C0 03 02 00 80 00 C0 0D 00 00 16
>> >>>> >> ................
>> >>>> >> > 0090: 00 00 13 00 00 04 01 00 80 00 00 FF 54 49 66 8B
>> >>>> >> ............TIf.
>> >>>> >> > 00A0: B7 D1 2F 94 36 CA 62 08 BF DE 7A F8 50 BE 35 58
>> >>>> >> ../.6.b...z.P.5X
>> >>>> >> > 00B0: 80 82 7E 6C 64 52 64 C5 D5 1F 59 60
>> >>>> ...ldRd...Y`
>> >>>> >> > [ACTIVE] ExecuteThread: '0' for queue:
>> >>>> >> > 'weblogic.kernel.Default
>> >>>> >> (self-tuning)',
>> >>>> >> > WRITE: SSLv2 client hello message, length = 188 [Raw write]:
>> >>>> >> > length =
>> >>>> >> 190
>> >>>> >> > 0000: 80 BC 01 03 03 00 93 00 00 00 20 00 C0 24 00 C0
>> ..........
>> >>>> >> ..$..
>> >>>> >> > 0010: 28 00 00 3D 00 C0 26 00 C0 2A 00 00 6B 00 00 6A
>> >>>> >> (..=..&..*..k..j
>> >>>> >> > 0020: 00 C0 0A 07 00 C0 00 C0 14 00 00 35 00 C0 05 00
>> >>>> >> ...........5....
>> >>>> >> > 0030: C0 0F 00 00 39 00 00 38 00 C0 23 00 C0 27 00 00
>> >>>> >> ....9..8..#..'..
>> >>>> >> > 0040: 3C 00 C0 25 00 C0 29 00 00 67 00 00 40 00 C0 09
>> >>>> <..%..)..g..@
>> >>>> >> ...
>> >>>> >> > 0050: 06 00 40 00 C0 13 00 00 2F 00 C0 04 01 00 80 00
>> >>>> >> ..@...../.......
>> >>>> >> > 0060: C0 0E 00 00 33 00 00 32 00 C0 07 05 00 80 00 C0
>> >>>> >> ....3..2........
>> >>>> >> > 0070: 11 00 00 05 00 C0 02 00 C0 0C 00 C0 08 00 C0 12
>> >>>> >> ................
>> >>>> >> > 0080: 00 00 0A 07 00 C0 00 C0 03 02 00 80 00 C0 0D 00
>> >>>> >> ................
>> >>>> >> > 0090: 00 16 00 00 13 00 00 04 01 00 80 00 00 FF 54 49
>> >>>> >> ..............TI
>> >>>> >> > 00A0: 66 8B B7 D1 2F 94 36 CA 62 08 BF DE 7A F8 50 BE
>> >>>> >> f.../.6.b...z.P.
>> >>>> >> > 00B0: 35 58 80 82 7E 6C 64 52 64 C5 D5 1F 59 60
>> >>>> 5X...ldRd...Y`
>> >>>> >> > <Oct 23, 2014 4:35:23 PM EDT> <Debug> <SecuritySSL>
>> >>>> >> > <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '0' for queue:
>> >>>> >> 'weblogic.kernel.Default (self-
>> >>>> >> > tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseadapter:
>> >>>> SSLENGINE:
>> >>>> >> > SSLEngine.wrap(ByteBuffer,ByteBuffer)
>> >>>> >> > called: result=Status = OK HandshakeStatus = NEED_UNWRAP
>> >>>> >> > bytesConsumed =
>> >>>> >> > 0 bytesProduced = 190.> <Oct 23, 2014 4:35:23 PM EDT> <Debug>
>> >>>> >> > <SecuritySSL> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread:
>> >>>> >> > '0' for
>> >>>> >> queue:
>> >>>> >> > 'weblogic.kernel.Default (self-tuning)',5,Pooled
>> >>>> >> > Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE:
>> >>>> >> > SSLEngine.unwrap(ByteBuffer,ByteBuffer
>> >>>> >> > []) called: result=Status = BUFFER_UNDERFLOW HandshakeStatus =
>> >>>> >> > NEED_UNWRAP bytesConsumed = 0 bytesProduced = 0.> [Raw read]:
>> >>>> length = 5
>> >>>> >> > 0000: 15 03 03 00 02 .....
>> >>>> >> > [Raw read]: length = 2
>> >>>> >> > 0000: 02 28 .(
>> >>>> >> > [ACTIVE] ExecuteThread: '0' for queue:
>> >>>> >> > 'weblogic.kernel.Default
>> >>>> >> (self-tuning)',
>> >>>> >> > READ: TLSv1.2 Alert, length = 2 [ACTIVE] ExecuteThread: '0'
>> >>>> >> > for
>> >>>> queue:
>> >>>> >> > 'weblogic.kernel.Default (self-tuning)', RECV TLSv1 ALERT:
>> >>>> >> > fatal, handshake_failure [ACTIVE] ExecuteThread: '0' for queue:
>> >>>> >> > 'weblogic.kernel.Default (self-tuning)', fatal: engine already
>> >>>> closed.
>> >>>> >> > Rethrowing javax.net.ssl.SSLException: Received fatal alert:
>> >>>> >> handshake_failure
>> >>>> >> > [ACTIVE] ExecuteThread: '0' for queue:
>> >>>> >> > 'weblogic.kernel.Default
>> >>>> >> (self-tuning)',
>> >>>> >> > fatal: engine already closed. Rethrowing
>> >>>> javax.net.ssl.SSLException:
>> >>>> >> Received
>> >>>> >> > fatal alert: handshake_failure <Oct 23, 2014 4:35:23 PM EDT>
>> >>>> >> > <Debug> <SecuritySSL> <BEA-000000> <[Thread[[ACTIVE]
>> ExecuteThread:
>> >>>> >> > '0' for
>> >>>> >> queue:
>> >>>> >> > 'weblogic.kernel.Default (self-tuning)',5,Pooled
>> >>>> >> > Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE:
>> >>>> >> > Exception
>> >>>> >> occurred
>> >>>> >> > during SSLEngine.un wrap(ByteBuffer,ByteBuffer[]).
>> >>>> >> > javax.net.ssl.SSLException: Received fatal alert:
>> handshake_failure
>> >>>> >> > at
>> sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
>> >>>> >> > at
>> >>>> sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1619)
>> >>>> >> > at
>> >>>> sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1587)
>> >>>> >> > at
>> >>>> >> sun.security.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1756
>> >>>> >> )
>> >>>> >> > at
>> >>>> >> sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:106
>> >>>> >> 0)
>> >>>> >> > at
>> >>>> >> sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:
>> >>>> >> 884)
>> >>>> >> > at
>> >>>> sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:758)
>> >>>> >> > at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:664)
>> >>>> >> > at
>> >>>> >> >
>> >>>> >>
>> weblogic.security.SSL.jsseadapter.JaSSLEngine$5.run(JaSSLEngine.java:
>> >>>> >> 134)
>> >>>> >> > at
>> >>>> >> >
>> >>>> >> weblogic.security.SSL.jsseadapter.JaSSLEngine.doAction(JaSSLEngi
>> >>>> >> ne.ja
>> >>>> >> va:732)
>> >>>> >> > at
>> >>>> >> >
>> >>>> >> weblogic.security.SSL.jsseadapter.JaSSLEngine.unwrap(JaSSLEngine
>> >>>> >> .java
>> >>>> >> :132)
>> >>>> >> > at
>> >>>> >> weblogic.socket.JSSEFilterImpl.unwrap(JSSEFilterImpl.java:505)
>> >>>> >> > at
>> >>>> >> >
>> >>>> >>
>> weblogic.socket.JSSEFilterImpl.unwrapAndHandleResults(JSSEFilterImpl.
>> >>>> >> java:44
>> >>>> >> > 8)
>> >>>> >> > at
>> >>>> >> weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:8
>> >>>> >> 0)
>> >>>> >> > at
>> >>>> >> weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:6
>> >>>> >> 4)
>> >>>> >> > at
>> >>>> >> weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:5
>> >>>> >> 9)
>> >>>> >> > at
>> >>>> weblogic.socket.JSSEFilterImpl.write(JSSEFilterImpl.java:390)
>> >>>> >> > at
>> >>>> >> >
>> >>>> weblogic.socket.JSSESocket$JSSEOutputStream.write(JSSESocket.java:8
>> >>>> 9)
>> >>>> >> > at
>> >>>> >> >
>> >>>> java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:
>> >>>> 82)
>> >>>> >> > at
>> >>>> >> java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140
>> >>>> >> )
>> >>>> >> > at
>> >>>> java.io.FilterOutputStream.flush(FilterOutputStream.java:140)
>> >>>> >> > at
>> >>>> >> >
>> >>>> >> weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnect
>> >>>> >> ion.j
>> >>>> >> ava:1
>> >>>> >> > 86)
>> >>>> >> > at
>> >>>> >> >
>> >>>> >> weblogic.net.http.HttpURLConnection.getOutputStream(HttpURLConne
>> >>>> >> ction
>> >>>> >> .jav
>> >>>> >> > a:280)
>> >>>> >> > at
>> >>>> >> > org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConn
>> >>>> >> > ectio
>> >>>> >> > nWra
>> >>>> >> > ppedOutputStream.setupWrappedStream(URLConnectionHTTPConduit.j
>> >>>> >> > ava:1
>> >>>> >> > 68
>> >>>> >> > )
>> >>>> >> > at
>> >>>> >> > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.
>> >>>> >> > handl
>> >>>> >> > eHea
>> >>>> >> > dersTrustCaching(HTTPConduit.java:1278)
>> >>>> >> > at
>> >>>> >> >
>> >>>> >> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.on
>> >>>> >> First
>> >>>> >> Writ
>> >>>> >> > e(HTTPConduit.java:1234)
>> >>>> >> > at
>> >>>> >> > org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConn
>> >>>> >> > ectio
>> >>>> >> > nWra
>> >>>> >> > ppedOutputStream.onFirstWrite(URLConnectionHTTPConduit.java:195)
>> >>>> >> > at
>> >>>> >> > org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWr
>> >>>> >> > apped
>> >>>> >> > Outpu
>> >>>> >> > tStream.java:47)
>> >>>> >> > at
>> >>>> >> >
>> >>>> >> org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractTh
>> >>>> >> resho
>> >>>> >> ldOutp
>> >>>> >> > utStream.java:69)
>> >>>> >> > at
>> >>>> >> > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.
>> >>>> >> > close
>> >>>> >> > (HTTP
>> >>>> >> > Conduit.java:1291)
>> >>>> >> > at
>> >>>> >> org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.j
>> >>>> >> ava:5
>> >>>> >> 6)
>> >>>> >> > at
>> >>>> >> org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java
>> >>>> >> :623)
>> >>>> >> > at
>> >>>> >> > org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSen
>> >>>> >> > derEn
>> >>>> >> > dingI
>> >>>> >> > nterceptor.handleMessage(MessageSenderInterceptor.java:62)
>> >>>> >> > at
>> >>>> >> >
>> >>>> >> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInte
>> >>>> >> rcept
>> >>>> >> orChai
>> >>>> >> > n.java:271)
>> >>>> >> > at
>> >>>> >> org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:541)
>> >>>> >> > at
>> >>>> >> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:474)
>> >>>> >> > at
>> >>>> >> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:377)
>> >>>> >> > at
>> >>>> >> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:330)
>> >>>> >> > at
>> >>>> >> org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:
>> >>>> >> 96)
>> >>>> >> > at
>> >>>> >> >
>> >>>> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:
>> >>>> 134)
>> >>>> >> > at com.sun.proxy.$Proxy258.startTransaction(Unknown
>> Source)
>> >>>> >> > at
>> >>>> >> >
>> >>>> >> com.optimal.identity.gateway.equifax.eidverify.VerifyClient.init
>> >>>> >> iateV
>> >>>> >> erification(
>> >>>> >> > VerifyClient.java:87)
>> >>>> >> > at
>> >>>> >> >
>> >>>> >> com.optimal.identity.gateway.equifax.eidverify.VerifyGateway.sub
>> >>>> >> mitIn
>> >>>> >> itial(Ve
>> >>>> >> > rifyGateway.java:24)
>> >>>> >> > at
>> >>>> >> >
>> >>>> >> com.optimal.identity.service.IdentificationServiceImpl.submitIni
>> >>>> >> tial(
>> >>>> >> Identificatio
>> >>>> >> > nServiceImpl.java:147)
>> >>>> >> > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
>> >>>> Method)
>> >>>> >> > at
>> >>>> >> >
>> >>>> >>
>> >>>>
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:
>> >>>> >> > 57)
>> >>>> >> > at
>> >>>> >> >
>> >>>> >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethod
>> >>>> >> Acces
>> >>>> >> sorI
>> >>>> >> > mpl.java:43)
>> >>>> >> > at java.lang.reflect.Method.invoke(Method.java:606)
>> >>>> >> > at
>> >>>> >> >
>> >>>> >> org.springframework.aop.support.AopUtils.invokeJoinpointUsingRef
>> >>>> >> lecti
>> >>>> >> on(Aop
>> >>>> >> > Utils.java:317)
>> >>>> >> > at
>> >>>> >> >
>> >>>> >> org.springframework.aop.framework.ReflectiveMethodInvocation.inv
>> >>>> >> okeJo
>> >>>> >> inpo
>> >>>> >> > int(ReflectiveMethodInvocation.java:183)
>> >>>> >> > at
>> >>>> >> >
>> >>>> >> org.springframework.aop.framework.ReflectiveMethodInvocation.pro
>> >>>> >> ceed(
>> >>>> >> Refl
>> >>>> >> > ectiveMethodInvocation.java:150)
>> >>>> >> > at
>> >>>> >> >
>> >>>> >>
>> >>>> org.springframework.transaction.interceptor.TransactionInterceptor.
>> >>>> in
>> >>>> >> voke(Tra
>> >>>> >> > nsactionInterceptor.java:110)
>> >>>> >> > at
>> >>>> >> >
>> >>>> >> org.springframework.aop.framework.ReflectiveMethodInvocation.pro
>> >>>> >> ceed(
>> >>>> >> Refl
>> >>>> >> > ectiveMethodInvocation.java:172)
>> >>>> >> > at
>> >>>> >> > org.springframework.aop.framework.JdkDynamicAopProxy.invoke(Jd
>> >>>> >> > kDyna
>> >>>> >> > mic
>> >>>> >> > AopProxy.java:204)
>> >>>> >> > at com.sun.proxy.$Proxy211.submitInitial(Unknown Source)
>> >>>> >> > at
>> >>>> >> >
>> >>>> >> com.optimal.identity.web.rest.IdentificationController.create(Id
>> >>>> >> entif
>> >>>> >> icationCont
>> >>>> >> > roller.java:133)
>> >>>> >> > at
>> >>>> >> >
>> >>>> >> com.optimal.identity.web.rest.IdentificationController$$FastClas
>> >>>> >> sByCG
>> >>>> >> LIB$$95f
>> >>>> >> > 388d3.invoke(<generated>)
>> >>>> >> > at
>> >>>> >> >
>> >>>> org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java
>> >>>> :204)
>> >>>> >> > at
>> >>>> >> > org.springframework.aop.framework.CglibAopProxy$CglibMethodInv
>> >>>> >> > ocati
>> >>>> >> > on.in
>> >>>> >> > vokeJoinpoint(CglibAopProxy.java:698)
>> >>>> >> > at
>> >>>> >> >
>> >>>> >> org.springframework.aop.framework.ReflectiveMethodInvocation.pro
>> >>>> >> ceed(
>> >>>> >> Refl
>> >>>> >> > ectiveMethodInvocation.java:150)
>> >>>> >> > at
>> >>>> >> >
>> >>>> >> org.springframework.security.access.intercept.aopalliance.Method
>> >>>> >> Secur
>> >>>> >> ityInter
>> >>>> >> > ceptor.invoke(MethodSecurityInterceptor.java:64)
>> >>>> >> > at
>> >>>> >> >
>> >>>> >> org.springframework.aop.framework.ReflectiveMethodInvocation.pro
>> >>>> >> ceed(
>> >>>> >> Refl
>> >>>> >> > ectiveMethodInvocation.java:172)
>> >>>> >> > at
>> >>>> >> > org.springframework.aop.framework.CglibAopProxy$DynamicAdvised
>> >>>> >> > Inter
>> >>>> >> > cept
>> >>>> >> > or.intercept(CglibAopProxy.java:631)
>> >>>> >> > at
>> >>>> >> >
>> >>>> >> com.optimal.identity.web.rest.IdentificationController$$Enhancer
>> >>>> >> ByCGL
>> >>>> >> IB$$36
>> >>>> >> > b7b48f.create(<generated>)
>> >>>> >> > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
>> >>>> Method)
>> >>>> >> > at
>> >>>> >> >
>> >>>> >>
>> >>>>
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:
>> >>>> >> > 57)
>> >>>> >> > at
>> >>>> >> >
>> >>>> >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethod
>> >>>> >> Acces
>> >>>> >> sorI
>> >>>> >> > mpl.java:43)
>> >>>> >> > at java.lang.reflect.Method.invoke(Method.java:606)
>> >>>> >> > at
>> >>>> >> > org.springframework.web.method.support.InvocableHandlerMethod.
>> >>>> >> > invok
>> >>>> >> > e(Inv
>> >>>> >> > ocableHandlerMethod.java:219)
>> >>>> >> > at
>> >>>> >> > org.springframework.web.method.support.InvocableHandlerMethod.
>> >>>> >> > invok
>> >>>> >> > eFor
>> >>>> >> > Request(InvocableHandlerMethod.java:132)
>> >>>> >> > at
>> >>>> >> >
>> >>>> >> org.springframework.web.servlet.mvc.method.annotation.ServletInv
>> >>>> >> ocabl
>> >>>> >> eHan
>> >>>> >> >
>> dlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:104)
>> >>>> >> > at
>> >>>> >> > org.springframework.web.servlet.mvc.method.annotation.RequestM
>> >>>> >> > appin
>> >>>> >> > gHan
>> >>>> >> >
>> >>>> dlerAdapter.invokeHandleMethod(RequestMappingHandlerAdapter.java:74
>> >>>> 5)
>> >>>> >> > at
>> >>>> >> > org.springframework.web.servlet.mvc.method.annotation.RequestM
>> >>>> >> > appin
>> >>>> >> > gHan
>> >>>> >> >
>> dlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:686)
>> >>>> >> > at
>> >>>> >> >
>> >>>>
>> org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.
>> >>>> >> > handle(AbstractHandlerMethodAdapter.java:80)
>> >>>> >> > at
>> >>>> >> >
>> >>>> >> org.springframework.web.servlet.DispatcherServlet.doDispatch(Dis
>> >>>> >> patch
>> >>>> >> erServl
>> >>>> >> > et.java:925)
>> >>>> >> > at
>> >>>> >> >
>> >>>> >> org.springframework.web.servlet.DispatcherServlet.doService(Disp
>> >>>> >> atche
>> >>>> >> rServle
>> >>>> >> > t.java:856)
>> >>>> >> > at
>> >>>> >> > org.springframework.web.servlet.FrameworkServlet.processReques
>> >>>> >> > t(Fra
>> >>>> >> > mewor
>> >>>> >> > kServlet.java:920)
>> >>>> >> > at
>> >>>> >> >
>> >>>> >> org.springframework.web.servlet.FrameworkServlet.doPost(Framewor
>> >>>> >> kServ
>> >>>> >> let.j
>> >>>> >> > ava:827)
>> >>>> >> > at
>> >>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
>> >>>> >> > at
>> >>>> >> >
>> >>>> >>
>> >>>>
>> org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.
>> >>>> >> > java:801)
>> >>>> >> > at
>> >>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
>> >>>> >> > at
>> >>>> >> >
>> >>>> >> weblogic.servlet.internal.StubSecurityHelper$ServletServiceActio
>> >>>> >> n.run
>> >>>> >> (StubSecu
>> >>>> >> > rityHelper.java:227)
>> >>>> >> > at
>> >>>> >> >
>> >>>> >> weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubS
>> >>>> >> ecuri
>> >>>> >> tyHelper.j
>> >>>> >> > ava:125)
>> >>>> >> > at
>> >>>> >> >
>> >>>> >> weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImp
>> >>>> >> l.jav
>> >>>> >> a:301)
>> >>>> >> > at
>> >>>> >> weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26
>> >>>> >> )
>> >>>> >> > at
>> >>>> >> >
>> >>>> >> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainIm
>> >>>> >> pl.ja
>> >>>> >> va:56)
>> >>>> >> > at
>> >>>> >> >
>> >>>> >> org.springframework.web.filter.ShallowEtagHeaderFilter.doFilterI
>> >>>> >> ntern
>> >>>> >> al(Shallo
>> >>>> >> > wEtagHeaderFilter.java:73)
>> >>>> >> > at
>> >>>> >> >
>> >>>> >> org.springframework.web.filter.OncePerRequestFilter.doFilter(Onc
>> >>>> >> ePerR
>> >>>> >> equest
>> >>>> >> > Filter.java:107)
>> >>>> >> > at
>> >>>> >> >
>> >>>> >> org.springframework.web.filter.DelegatingFilterProxy.invokeDeleg
>> >>>> >> ate(D
>> >>>> >> elegati
>> >>>> >> > ngFilterProxy.java:346)
>> >>>> >> > at
>> >>>> >> >
>> >>>> >> org.springframework.web.filter.DelegatingFilterProxy.doFilter(De
>> >>>> >> legat
>> >>>> >> ingFilter
>> >>>> >> > Proxy.java:259)
>> >>>> >> > at
>> >>>> >> >
>> >>>> >> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainIm
>> >>>> >> pl.ja
>> >>>> >> va:56)
>> >>>> >> > at
>> >>>> >> >
>> >>>> >>
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
>> >>>> >> doFilter(
>> >>>> >> > FilterChainProxy.java:330)
>> >>>> >> > at
>> >>>> >> >
>> >>>> >> org.springframework.security.web.access.intercept.FilterSecurity
>> >>>> >> Inter
>> >>>> >> ceptor.inv
>> >>>> >> > oke(FilterSecurityInterceptor.java:118)
>> >>>> >> > at
>> >>>> >> >
>> >>>> >> org.springframework.security.web.access.intercept.FilterSecurity
>> >>>> >> Inter
>> >>>> >> ceptor.do
>> >>>> >> > Filter(FilterSecurityInterceptor.java:84)
>> >>>> >> > at
>> >>>> >> >
>> >>>> >>
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
>> >>>> >> doFilter(
>> >>>> >> > FilterChainProxy.java:342)
>> >>>> >> > at
>> >>>> >> >
>> >>>> >>
>> >>>> org.springframework.security.web.access.ExceptionTranslationFilter.
>> >>>> do
>> >>>> >> Filter(Ex
>> >>>> >> > ceptionTranslationFilter.java:113)
>> >>>> >> > at
>> >>>> >> >
>> >>>> >>
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
>> >>>> >> doFilter(
>> >>>> >> > FilterChainProxy.java:342)
>> >>>> >> > at
>> >>>> >> >
>> >>>> >> org.springframework.security.web.authentication.AnonymousAuthent
>> >>>> >> icati
>> >>>> >> onFilt
>> >>>> >> > er.doFilter(AnonymousAuthenticationFilter.java:113)
>> >>>> >> > at
>> >>>> >> >
>> >>>> >>
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
>> >>>> >> doFilter(
>> >>>> >> > FilterChainProxy.java:342)
>> >>>> >> > at
>> >>>> >> >
>> >>>> >> org.springframework.security.web.servletapi.SecurityContextHolde
>> >>>> >> rAwar
>> >>>> >> eRequ
>> >>>> >> >
>> estFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
>> >>>> >> > at
>> >>>> >> >
>> >>>> >>
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
>> >>>> >> doFilter(
>> >>>> >> > FilterChainProxy.java:342)
>> >>>> >> > at
>> >>>> >> >
>> >>>> >> org.springframework.security.web.authentication.www.BasicAuthent
>> >>>> >> icati
>> >>>> >> onFilt
>> >>>> >> > er.doFilter(BasicAuthenticationFilter.java:201)
>> >>>> >> > at
>> >>>> >> >
>> >>>> >>
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
>> >>>> >> doFilter(
>> >>>> >> > FilterChainProxy.java:342)
>> >>>> >> > at
>> >>>> >> >
>> >>>> >> org.springframework.security.web.context.SecurityContextPersiste
>> >>>> >> nceFi
>> >>>> >> lter.doF
>> >>>> >> > ilter(SecurityContextPersistenceFilter.java:87)
>> >>>> >> > at
>> >>>> >> >
>> >>>> >>
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
>> >>>> >> doFilter(
>> >>>> >> > FilterChainProxy.java:342)
>> >>>> >> > at
>> >>>> >> >
>> >>>> >> org.springframework.security.web.FilterChainProxy.doFilterIntern
>> >>>> >> al(Fi
>> >>>> >> lterChain
>> >>>> >> > Proxy.java:192)
>> >>>> >> > at
>> >>>> >> >
>> >>>> >> org.springframework.security.web.FilterChainProxy.doFilter(Filte
>> >>>> >> rChai
>> >>>> >> nProxy.ja
>> >>>> >> > va:160)
>> >>>> >> > at
>> >>>> >> >
>> >>>> >> org.springframework.web.filter.DelegatingFilterProxy.invokeDeleg
>> >>>> >> ate(D
>> >>>> >> elegati
>> >>>> >> > ngFilterProxy.java:346)
>> >>>> >> > at
>> >>>> >> >
>> >>>> >> org.springframework.web.filter.DelegatingFilterProxy.doFilter(De
>> >>>> >> legat
>> >>>> >> ingFilter
>> >>>> >> > Proxy.java:259)
>> >>>> >> > at
>> >>>> >> >
>> >>>> >> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainIm
>> >>>> >> pl.ja
>> >>>> >> va:56)
>> >>>> >> > at
>> >>>> >> >
>> >>>> >> com.optimal.rest.loggerfilter.LoggerFilter.doFilterInternal(Logg
>> >>>> >> erFil
>> >>>> >> ter.java:16
>> >>>> >> > 9)
>> >>>> >> > at
>> >>>> >> >
>> >>>> >> com.optimal.rest.loggerfilter.LoggerFilter.doFilter(LoggerFilter
>> >>>> >> .java
>> >>>> >> :123)
>> >>>> >> > at
>> >>>> >> >
>> >>>> >> org.springframework.web.filter.DelegatingFilterProxy.invokeDeleg
>> >>>> >> ate(D
>> >>>> >> elegati
>> >>>> >> > ngFilterProxy.java:346)
>> >>>> >> > at
>> >>>> >> >
>> >>>> >> org.springframework.web.filter.DelegatingFilterProxy.doFilter(De
>> >>>> >> legat
>> >>>> >> ingFilter
>> >>>> >> > Proxy.java:259)
>> >>>> >> > at
>> >>>> >> >
>> >>>> >> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainIm
>> >>>> >> pl.ja
>> >>>> >> va:56)
>> >>>> >> > at
>> >>>> >> >
>> >>>> >> com.optimal.web.spring.filter.ApplicationUidFilter.doFilterInter
>> >>>> >> nal(A
>> >>>> >> pplicationU
>> >>>> >> > idFilter.java:51)
>> >>>> >> > at
>> >>>> >> >
>> >>>> >> org.springframework.web.filter.OncePerRequestFilter.doFilter(Onc
>> >>>> >> ePerR
>> >>>> >> equest
>> >>>> >> > Filter.java:107)
>> >>>> >> > at
>> >>>> >> >
>> >>>> >> org.springframework.web.filter.DelegatingFilterProxy.invokeDeleg
>> >>>> >> ate(D
>> >>>> >> elegati
>> >>>> >> > ngFilterProxy.java:346)
>> >>>> >> > at
>> >>>> >> >
>> >>>> >> org.springframework.web.filter.DelegatingFilterProxy.doFilter(De
>> >>>> >> legat
>> >>>> >> ingFilter
>> >>>> >> > Proxy.java:259)
>> >>>> >> > at
>> >>>> >> >
>> >>>> >> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainIm
>> >>>> >> pl.ja
>> >>>> >> va:56)
>> >>>> >> > at
>> >>>> >> >
>> >>>> >> weblogic.servlet.internal.WebAppServletContext$ServletInvocation
>> >>>> >> Actio
>> >>>> >> n.wrap
>> >>>> >> > Run(WebAppServletContext.java:3730)
>> >>>> >> > at
>> >>>> >> >
>> >>>> >> weblogic.servlet.internal.WebAppServletContext$ServletInvocation
>> >>>> >> Actio
>> >>>> >> n.run(
>> >>>> >> > WebAppServletContext.java:3696)
>> >>>> >> > at
>> >>>> >> >
>> >>>> >> weblogic.security.acl.internal.AuthenticatedSubject.doAs(Authent
>> >>>> >> icate
>> >>>> >> dSubject.j
>> >>>> >> > ava:321)
>> >>>> >> > at
>> >>>> >> >
>> >>>> >>
>> weblogic.security.service.SecurityManager.runAs(SecurityManager.java:
>> >>>> >> 120)
>> >>>> >> > at
>> >>>> >> >
>> >>>> >> weblogic.servlet.internal.WebAppServletContext.securedExecute(We
>> >>>> >> bAppS
>> >>>> >> ervl
>> >>>> >> > etContext.java:2273)
>> >>>> >> > at
>> >>>> >> >
>> >>>> >> weblogic.servlet.internal.WebAppServletContext.execute(WebAppSer
>> >>>> >> vletC
>> >>>> >> onte
>> >>>> >> > xt.java:2179)
>> >>>> >> > at
>> >>>> >> >
>> >>>> >> weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestI
>> >>>> >> mpl.j
>> >>>> >> ava:1490
>> >>>> >> > )
>> >>>> >> > at
>> >>>> weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
>> >>>> >> > at
>> >>>> >> > weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
>> >>>> >> > >
>> >>>> >> > AVIS IMPORTANT
>> >>>> >> >
>> >>>> >> > WARNING
>> >>>> >> >
>> >>>> >> >
>> >>>> >> > Ce message ?lectronique et ses pi?ces jointes peuvent contenir
>> >>>> >> > des renseignements confidentiels, exclusifs ou l?galement
>> >>>> >> > privil?gi?s
>> >>>> >> destin?s au
>> >>>> >> > seul usage du destinataire vis?. L'exp?diteur original ne
>> renonce ?
>> >>>> >> aucun
>> >>>> >> > privil?ge ou ? aucun autre droit si le pr?sent message a ?t?
>> >>>> >> > transmis involontairement ou s'il est retransmis sans son
>> >>>> >> > autorisation. Si vous
>> >>>> >> n'?tes pas
>> >>>> >> > le destinataire vis? du pr?sent message ou si vous l'avez re?u
>> >>>> >> > par
>> >>>> >> erreur,
>> >>>> >> > veuillez cesser imm?diatement de le lire et le supprimer,
>> >>>> >> > ainsi que
>> >>>> >> toutes ses
>> >>>> >> > pi?ces jointes, de votre syst?me. La lecture, la distribution,
>> >>>> >> > la copie
>> >>>> >> ou tout
>> >>>> >> > autre usage du pr?sent message ou de ses pi?ces jointes par
>> >>>> >> > des
>> >>>> >> personnes
>> >>>> >> > autres que le destinataire vis? ne sont pas autoris?s et
>> >>>> >> > pourraient
>> >>>> >> ?tre ill?gaux.
>> >>>> >> > Si vous avez re?u ce courrier ?lectronique par erreur,
>> >>>> >> > veuillez en
>> >>>> >> aviser
>> >>>> >> > l'exp?diteur.
>> >>>> >> >
>> >>>> >> >
>> >>>> >> > This electronic message and its attachments may contain
>> >>>> >> > confidential, proprietary or legally privileged information,
>> >>>> >> > which is solely for the
>> >>>> >> use of the
>> >>>> >> > intended recipient. No privilege or other rights are waived by
>> >>>> >> > any
>> >>>> >> unintended
>> >>>> >> > transmission or unauthorized retransmission of this message.
>> >>>> >> > If you are
>> >>>> >> not the
>> >>>> >> > intended recipient of this message, or if you have received it
>> >>>> >> > in
>> >>>> >> error, you
>> >>>> >> > should immediately stop reading this message and delete it and
>> >>>> >> > all attachments from your system. The reading, distribution,
>> >>>> >> > copying or
>> >>>> >> other use
>> >>>> >> > of this message or its attachments by unintended recipients is
>> >>>> >> unauthorized and
>> >>>> >> > may be unlawful. If you have received this e-mail in error,
>> >>>> >> > please
>> >>>> >> notify the
>> >>>> >> > sender.
>> >>>> >> >
>> >>>> >> > --
>> >>>> >> > WARNING
>> >>>> >> > -------
>> >>>> >> > This electronic message and its attachments may contain
>> >>>> >> > confidential, proprietary or legally privileged information,
>> >>>> >> > which is solely for the
>> >>>> >> use of the
>> >>>> >> > intended recipient. No privilege or other rights are waived
>> >>>> >> > by any
>> >>>> >> unintended
>> >>>> >> > transmission or unauthorized retransmission of this message.
>> >>>> >> > If you
>> >>>> >> are not the
>> >>>> >> > intended recipient of this message, or if you have received it
>> >>>> >> > in
>> >>>> >> error, you
>> >>>> >> > should immediately stop reading this message and delete it and
>> >>>> >> > all attachments from your system. The reading, distribution,
>> >>>> >> > copying or
>> >>>> >> other use
>> >>>> >> > of this message or its attachments by unintended recipients is
>> >>>> >> unauthorized and
>> >>>> >> > may be unlawful. If you have received this e-mail in error,
>> >>>> >> > please
>> >>>> >> notify the
>> >>>> >> > sender.
>> >>>> >> >
>> >>>> >> > AVIS IMPORTANT
>> >>>> >> > --------------
>> >>>> >> > Ce message electronique et ses pieces jointes peuvent contenir
>> >>>> >> > des renseignements confidentiels, exclusifs ou legalement
>> >>>> >> > privilegies
>> >>>> >> destines au
>> >>>> >> > seul usage du destinataire vise. L'expediteur original ne
>> >>>> >> > renonce a
>> >>>> >> aucun
>> >>>> >> > privilege ou a aucun autre droit si le present message a ete
>> >>>> >> > transmis involontairement ou s'il est retransmis sans son
>> >>>> >> > autorisation. Si vous
>> >>>> >> n'etes pas
>> >>>> >> > le destinataire vise du present message ou si vous l'avez recu
>> >>>> >> > par
>> >>>> >> erreur,
>> >>>> >> > veuillez cesser immediatement de le lire et le supprimer,
>> >>>> >> > ainsi que
>> >>>> >> toutes ses
>> >>>> >> > pieces jointes, de votre systeme. La lecture, la
>> >>>> >> > distribution, la
>> >>>> >> copie ou tout
>> >>>> >> > autre usage du present message ou de ses pieces jointes par
>> >>>> >> > des
>> >>>> >> personnes
>> >>>> >> > autres que le destinataire vise ne sont pas autorises et
>> >>>> >> > pourraient
>> >>>> >> etre illegaux.
>> >>>> >> > Si vous avez recu ce courrier electronique par erreur,
>> >>>> >> > veuillez en
>> >>>> >> aviser
>> >>>> >> > l'expediteur.
>> >>>> >> >
>> >>>> >> >
>> >>>> >> > --
>> >>>> >> > WARNING
>> >>>> >> > -------
>> >>>> >> > This electronic message and its attachments may contain
>> >>>> >> > confidential, proprietary or legally privileged information,
>> >>>> >> > which is solely for the
>> >>>> >> use of the
>> >>>> >> > intended recipient. No privilege or other rights are waived
>> >>>> >> > by any
>> >>>> >> unintended
>> >>>> >> > transmission or unauthorized retransmission of this message.
>> >>>> >> > If you
>> >>>> >> are not the
>> >>>> >> > intended recipient of this message, or if you have received it
>> >>>> >> > in
>> >>>> >> error, you
>> >>>> >> > should immediately stop reading this message and delete it and
>> >>>> >> > all attachments from your system. The reading, distribution,
>> >>>> >> > copying or
>> >>>> >> other use
>> >>>> >> > of this message or its attachments by unintended recipients is
>> >>>> >> unauthorized and
>> >>>> >> > may be unlawful. If you have received this e-mail in error,
>> >>>> >> > please
>> >>>> >> notify the
>> >>>> >> > sender.
>> >>>> >> >
>> >>>> >> > AVIS IMPORTANT
>> >>>> >> > --------------
>> >>>> >> > Ce message ?lectronique et ses pi?ces jointes peuvent contenir
>> >>>> >> > des renseignements confidentiels, exclusifs ou l?galement
>> >>>> >> > privil?gi?s
>> >>>> >> destin?s au
>> >>>> >> > seul usage du destinataire vis?. L'exp?diteur original ne
>> >>>> >> > renonce
>> >>>> ?
>> >>>> >> aucun
>> >>>> >> > privil?ge ou ? aucun autre droit si le pr?sent message a ?t?
>> >>>> >> > transmis involontairement ou s'il est retransmis sans son
>> >>>> >> > autorisation. Si vous
>> >>>> >> n'?tes pas
>> >>>> >> > le destinataire vis? du pr?sent message ou si vous l'avez re?u
>> >>>> >> > par
>> >>>> >> erreur,
>> >>>> >> > veuillez cesser imm?diatement de le lire et le supprimer,
>> >>>> >> > ainsi que
>> >>>> >> toutes ses
>> >>>> >> > pi?ces jointes, de votre syst?me. La lecture, la
>> >>>> >> > distribution, la
>> >>>> >> copie ou tout
>> >>>> >> > autre usage du pr?sent message ou de ses pi?ces jointes par
>> >>>> >> > des
>> >>>> >> personnes
>> >>>> >> > autres que le destinataire vis? ne sont pas autoris?s et
>> >>>> >> > pourraient
>> >>>> >> ?tre ill?gaux.
>> >>>> >> > Si vous avez re?u ce courrier ?lectronique par erreur,
>> >>>> >> > veuillez en
>> >>>> >> aviser
>> >>>> >> > l'exp?diteur.
>> >>>> >> >
>> >>>> >> > --
>> >>>> >> > WARNING
>> >>>> >> > -------
>> >>>> >> > This electronic message and its attachments may contain
>> >>>> >> > confidential, proprietary or legally privileged information,
>> >>>> >> > which is solely for the
>> >>>> >> use of the
>> >>>> >> > intended recipient. No privilege or other rights are waived
>> >>>> >> > by any
>> >>>> >> unintended
>> >>>> >> > transmission or unauthorized retransmission of this message.
>> >>>> >> > If you
>> >>>> >> are not the
>> >>>> >> > intended recipient of this message, or if you have received it
>> >>>> >> > in
>> >>>> >> error, you
>> >>>> >> > should immediately stop reading this message and delete it and
>> >>>> >> > all attachments from your system. The reading, distribution,
>> >>>> >> > copying or
>> >>>> >> other use
>> >>>> >> > of this message or its attachments by unintended recipients is
>> >>>> >> unauthorized and
>> >>>> >> > may be unlawful. If you have received this e-mail in error,
>> >>>> >> > please
>> >>>> >> notify the
>> >>>> >> > sender.
>> >>>> >> >
>> >>>> >> > AVIS IMPORTANT
>> >>>> >> > --------------
>> >>>> >> > Ce message electronique et ses pieces jointes peuvent contenir
>> >>>> >> > des renseignements confidentiels, exclusifs ou legalement
>> >>>> >> > privilegies
>> >>>> >> destines au
>> >>>> >> > seul usage du destinataire vise. L'expediteur original ne
>> >>>> >> > renonce a
>> >>>> >> aucun
>> >>>> >> > privilege ou a aucun autre droit si le present message a ete
>> >>>> >> > transmis involontairement ou s'il est retransmis sans son
>> >>>> >> > autorisation. Si vous
>> >>>> >> n'etes pas
>> >>>> >> > le destinataire vise du present message ou si vous l'avez recu
>> >>>> >> > par
>> >>>> >> erreur,
>> >>>> >> > veuillez cesser immediatement de le lire et le supprimer,
>> >>>> >> > ainsi que
>> >>>> >> toutes ses
>> >>>> >> > pieces jointes, de votre systeme. La lecture, la
>> >>>> >> > distribution, la
>> >>>> >> copie ou tout
>> >>>> >> > autre usage du present message ou de ses pieces jointes par
>> >>>> >> > des
>> >>>> >> personnes
>> >>>> >> > autres que le destinataire vise ne sont pas autorises et
>> >>>> >> > pourraient
>> >>>> >> etre illegaux.
>> >>>> >> > Si vous avez recu ce courrier electronique par erreur,
>> >>>> >> > veuillez en
>> >>>> >> aviser
>> >>>> >> > l'expediteur.
>> >>>> >>
>> >>>> >>
>> >>>>
>> >>>> --
>> >>>> WARNING
>> >>>> -------
>> >>>> This electronic message and its attachments may contain
>> >>>> confidential, proprietary or legally privileged information, which
>> >>>> is solely for the use of the intended recipient. No privilege or
>> >>>> other rights are waived by any unintended transmission or
>> >>>> unauthorized retransmission of this message. If you are not the
>> >>>> intended recipient of this message, or if you have received it in
>> >>>> error, you should immediately stop reading this message and delete
>> >>>> it and all attachments from your system. The reading,
>> >>>> distribution, copying or other use of this message or its
>> >>>> attachments by unintended recipients is unauthorized and may be
>> unlawful. If you have received this e-mail in error, please notify the
>> sender.
>> >>>>
>> >>>> AVIS IMPORTANT
>> >>>> --------------
>> >>>> Ce message électronique et ses pièces jointes peuvent contenir des
>> >>>> renseignements confidentiels, exclusifs ou légalement privilégiés
>> >>>> destinés au seul usage du destinataire visé. L’expéditeur original
>> >>>> ne renonce à aucun privilège ou à aucun autre droit si le présent
>> >>>> message a été transmis involontairement ou s’il est retransmis sans
>> >>>> son autorisation. Si vous n’êtes pas le destinataire visé du
>> >>>> présent message ou si vous l’avez reçu par erreur, veuillez cesser
>> >>>> immédiatement de le lire et le supprimer, ainsi que toutes ses
>> >>>> pièces jointes, de votre système. La lecture, la distribution, la
>> >>>> copie ou tout autre usage du présent message ou de ses pièces
>> >>>> jointes par des personnes autres que le destinataire visé ne sont
>> >>>> pas autorisés et pourraient être illégaux. Si vous avez reçu ce
>> courrier électronique par erreur, veuillez en aviser l’expéditeur.
>> >>>>
>> >>>>
>> >>>
>> >>
>> >
>>
>
RE: How to Disable SSLv2 client hello in CXF?
Posted by Jason Pell <ja...@pellcorp.com>.
Hi,
The code for poodle was added for server side.
The conduit config that you use should have set the enabled protocols on
the jdk SSL context.
I only checked cxf 2.7.12 not 2.7.6. I would expect they are the same but
will check real quick and reply to this email.
Can you attach a debugger to weblogic and put a break point in the SSL
context factory wrapper class? You can make sure its executing the enabled
protocols bit.
If it is perhaps it's a jdk issue
On 28/10/2014 6:50 AM, "David Roytenberg (Consultant)" <
David.Roytenberg@optimalpayments.com> wrote:
> Thanks Jason, Since you've worked on Poodle, maybe you are aware of
> whether the CXF client has changed its behavior since 2.7.6 as far as
> SSLv2Hello protocol is concerned. I have two identical CXF configurations,
> using the default protocol setting which looks to be TLS. With the SSL
> debugging turned on, I see that the SSLv2Hello is being used to wrap the
> client hello packet in each case. In my first integration all is well
> while in the current integration, the server appears to drop the connection
> as soon as it receives the SSLV2Hello packet.
>
> What I'd like to do is prevent the client from using that SSLv2Hello
> protocol for the handshake Hello packet.
>
> None of the settings on this page:
> http://cxf.apache.org/docs/tls-configuration.html seem to allow me to
> control the Protocols directly, but I am still learning all the ins and
> outs of how SSL is configured under the hood.
>
> From what you wrote it sounds like SSLv2Hello protocol is going to be
> removed in the client in CXF 2.7.14. Is that right?
>
> Thanks,
>
> David
>
>
> -----Original Message-----
> From: jasonmpell@gmail.com [mailto:jasonmpell@gmail.com] On Behalf Of
> Jason Pell
> Sent: Monday, October 27, 2014 2:07 PM
> To: users@cxf.apache.org
> Subject: Re: How to Disable SSLv2 client hello in CXF?
>
> Here is the actual page which deals with the config for tls
>
> http://cxf.apache.org/docs/tls-configuration.html
>
>
>
> On Tue, Oct 28, 2014 at 5:06 AM, Jason Pell <ja...@pellcorp.com> wrote:
>
> > See, but note that the secureSocketProtocol is missing from the examples.
> > (Search in the page for Configuring SSL Support)
> >
> > http://cxf.apache.org/docs/client-http-transport-including-ssl-support
> > .html
> >
> > On Tue, Oct 28, 2014 at 5:02 AM, Jason Pell <ja...@pellcorp.com> wrote:
> >
> >> So I did some digging to remind myself of how it works on the client
> >> and I was dead wrong.
> >>
> >> I was thinking about how the server works (having just done the
> >> poodle
> >> changes)
> >>
> >> Anyway, what Andrei was absolutely correct.
> >>
> >> You can see it applied in
> >> org.apache.cxf.transport.https.SSLSocketFactoryWrapper. The
> >> SSLSocketFactoryWrapper is called from the
> >> org.apache.cxf.transport.https.HttpsURLConnectionFactory
> >>
> >> It results in the Socket Factory setEnabledProtocols to the actual
> >> protocol you listed in the tls client parameters (see below)
> >>
> >> <http:tlsClientParameters disableCNCheck="true"
> >> secureSocketProtocol="TLSv1">
> >>
> >> You need to make sure that your conduit configuration is being
> >> applied correctly in web logic, perhaps its not being picked up.
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >> On Tue, Oct 28, 2014 at 4:36 AM, Jason Pell <ja...@pellcorp.com> wrote:
> >>
> >>> Hi,
> >>>
> >>> I run embedded jetty container
> >>>
> >>> Sorry I forgot that you were running weblogic when I responded. In
> that
> >>> case do you even use the embedded jetty container? I am guessing
> no. If
> >>> not, then you would need to use the standard weblogic ssl
> configuration.
> >>>
> >>> I don't believe CXF is responsible for any of the ssl config in that
> >>> case. But then I am not very knowledgeable of cxf deployed to a
> >>> j2ee container sorry.
> >>>
> >>> Sorry for the runaround and wasting your time
> >>>
> >>> Regards
> >>> Jason
> >>>
> >>>
> >>> On Tue, Oct 28, 2014 at 2:33 AM, David Roytenberg (Consultant) <
> >>> David.Roytenberg@optimalpayments.com> wrote:
> >>>
> >>>> Hi Jason,
> >>>>
> >>>> Are you running on WebLogic by any chance? When I configured
> >>>> the properties in the deployment to point to the WebLogic default
> >>>> key store and trust store, I get a
> >>>> java.security.UnrecoverableKeyException while trying to deploy my
> application. Did you encounter this problem?
> >>>>
> >>>> Here's my config:
> >>>>
> >>>> <constructor-arg>
> >>>> <list>
> >>>> <bean
> >>>> class="com.pellcorp.server.jetty.JettyHttpEngineConfig">
> >>>> <property name="uri" value="
> >>>> https://localhost:7002" />
> >>>> <property name="keyStoreFile"
> >>>> value="/opt/weblogic_11/wlserver_10.3/server/lib/DemoIdentity.jks" />
> >>>> <property
> >>>> name="keyStorePassword" value="DemoIdentityKeyStorePassPhrase" />
> >>>> <property
> name="trustStoreFile"
> >>>> value="/opt/weblogic_11/wlserver_10.3/server/lib/DemoTrust.jks" />
> >>>> <property
> >>>> name="trustStorePassword" value="DemoTrustKeyStorePassPhrase" />
> >>>> <property
> >>>> name="secureSocketProtocol" value="TLSv1" />
> >>>> </bean>
> >>>>
> >>>> <bean
> >>>> class="com.pellcorp.server.jetty.JettyHttpEngineConfig">
> >>>> <property name="uri" value="
> >>>> https://localhost:7002" />
> >>>> <property name="keyStoreFile"
> >>>> value="/opt/weblogic_11/wlserver_10.3/server/lib/DemoIdentity.jks" />
> >>>> <property
> >>>> name="keyStorePassword" value="DemoIdentityKeyStorePassPhrase" />
> >>>> <property
> >>>> name="secureSocketProtocol" value="TLSv1" />
> >>>> </bean>
> >>>> </list>
> >>>> </constructor-arg>
> >>>>
> >>>> David
> >>>>
> >>>> -----Original Message-----
> >>>> From: jasonmpell@gmail.com [mailto:jasonmpell@gmail.com] On Behalf
> >>>> Of Jason Pell
> >>>> Sent: Monday, October 27, 2014 7:23 AM
> >>>> To: users@cxf.apache.org
> >>>> Subject: Re: How to Disable SSLv2 client hello in CXF?
> >>>>
> >>>> Hi,
> >>>>
> >>>> Here is a sample of using your own custom version of the jetty
> >>>> factory in your spring context. It is pretty invasive, so its
> >>>> actually better to wait for 2.7.14 and take advantage of the code
> >>>> already there. I use this code for other reasons though, as it
> >>>> allows me to configure the trust / key stores via spring properties.
> >>>>
> >>>>
> >>>> https://github.com/pellcorp/cxf/tree/master/JavaFirst/src/main/java
> >>>> /com/pellcorp/server/jetty
> >>>>
> >>>>
> >>>>
> >>>> A sample spring context:
> >>>>
> >>>>
> >>>> https://github.com/pellcorp/cxf/blob/master/JavaFirst/src/main/reso
> >>>> urces/META-INF/samlApplicationContext.xml
> >>>>
> >>>>
> >>>>
> >>>>
> >>>> On Mon, Oct 27, 2014 at 9:44 PM, Jason Pell <ja...@pellcorp.com>
> wrote:
> >>>>
> >>>> > That setting won't actually control what protocols jetty will
> >>>> > actually use. I think it just controls what the highest protocol is
> used.
> >>>> >
> >>>> > The excluded protocols list needs to include the sslv2 setting.
> >>>> >
> >>>> > we actually overrode the jetty factory jetty engine and one other
> >>>> > class to get access to the SSL context to configure the excluded
> >>>> > protocols. Not pretty but we can't wait for 2.7.14.
> >>>> >
> >>>> > If you are interested I shall post our classes to my git repo.
> >>>> >
> >>>> > Let me know
> >>>> > On 27/10/2014 8:14 PM, "Andrei Shakirin" <as...@talend.com>
> >>>> wrote:
> >>>> >
> >>>> >> Hi,
> >>>> >>
> >>>> >> I guess you mean TLSClientParameters.secureSocketProtocol in
> Conduit.
> >>>> >>
> >>>> >> As far as I can see this parameter is used for creating
> >>>> >> java.net.ssl.SSLContext:
> >>>> >> String protocol = parameters.getSecureSocketProtocol()
> >>>> >> !=
> >>>> null ?
> >>>> >> parameters
> >>>> >> .getSecureSocketProtocol() : "TLS";
> >>>> >>
> >>>> >> The setting should work. How you apply conduit settings:
> >>>> >> programmatically or via spring configuration?
> >>>> >> Could you past the code snapshot?
> >>>> >>
> >>>> >> Regards,
> >>>> >> Andrei.
> >>>> >>
> >>>> >> > -----Original Message-----
> >>>> >> > From: David Roytenberg (Consultant)
> >>>> >> > [mailto:David.Roytenberg@optimalpayments.com]
> >>>> >> > Sent: Freitag, 24. Oktober 2014 17:46
> >>>> >> > To: users@cxf.apache.org
> >>>> >> > Subject: RE: How to Disable SSLv2 client hello in CXF?
> >>>> >> >
> >>>> >> > Hello again.
> >>>> >> >
> >>>> >> > I've dug further into the CXF documentation and found that it
> >>>> >> > is
> >>>> >> possible to
> >>>> >> > programmatically set the SSL protocols on the TLSProperties
> >>>> >> > object of
> >>>> >> the
> >>>> >> > Conduit.
> >>>> >> >
> >>>> >> > I've created the TLS properties and set the SSL protocols to
> >>>> >> > TLS1, but
> >>>> >> this does
> >>>> >> > not change the SSL behavior, which still starts with TLSv1.2
> >>>> >> > then sends
> >>>> >> the hello
> >>>> >> > with SSLv2 which is then dropped on the client end. Is there
> >>>> >> > another
> >>>> >> switch that
> >>>> >> > has to be set to over-ride the default SSL behavior?
> >>>> >> >
> >>>> >> > David
> >>>> >> >
> >>>> >> > -----Original Message-----
> >>>> >> > From: David Roytenberg (Consultant)
> >>>> >> > [mailto:David.Roytenberg@optimalpayments.com]
> >>>> >> > Sent: Thursday, October 23, 2014 4:57 PM
> >>>> >> > To: users@cxf.apache.org
> >>>> >> > Subject: How to Disable SSLv2 client hello in CXF?
> >>>> >> >
> >>>> >> > I'm having an SSL problem and I wonder if there is a way to
> >>>> >> > fix it
> >>>> >> within CXF
> >>>> >> >
> >>>> >> > We have our CXF 2.7.6 based integration deployed on Weblogic 11.
> >>>> >> > We are using JDK 1.7_065
> >>>> >> >
> >>>> >> > When we connect to our remote client via SSL we get the
> >>>> >> > following trace
> >>>> >> with
> >>>> >> > lots of SSL debugging turned on
> >>>> >> >
> >>>> >> > What appears to be happening is that the Hello message is sent
> >>>> >> > with an
> >>>> >> SSLV2
> >>>> >> > protocol, which our partner's server does not like.
> >>>> >> > Apparently sending
> >>>> >> the
> >>>> >> > Hello at this level is a common behavior and apparently it
> >>>> >> > sometimes
> >>>> >> causes
> >>>> >> > the remote server to fail. I found a suggestion on line that
> >>>> >> > this can
> >>>> >> be fixed by
> >>>> >> > removing the SSLv2 from the allowed protocols. I am wondering
> >>>> >> > if I can
> >>>> >> do that
> >>>> >> > through CFX configuration?
> >>>> >> >
> >>>> >> > This is a reference to the article that suggests that removing
> >>>> >> > the
> >>>> >> protocol is the
> >>>> >> > solution to this problem:
> >>>> >> >
> >>>> >> >
> >>>> >>
> >>>> http://stackoverflow.com/questions/4682957/why-does-javas-sslsocket
> >>>> -s
> >>>> >> end-a-
> >>>> >> > version-2-client-hello
> >>>> >> >
> >>>> >> > The protocols are apparently set on the SSLContext in JSSE by
> >>>> >> > calling setEnabledProtocols(String[] protocols)
> >>>> >> >
> >>>> >> > Is there a way to set the enabled protocols on the SSLContext
> >>>> >> > via CXF configuration?
> >>>> >> >
> >>>> >> > If not, is there a way to get hold of the SSLContext
> >>>> >> > programmatically
> >>>> >> in a CXF
> >>>> >> > interceptor?
> >>>> >> >
> >>>> >> > We can't fix this problem at the WebLogic level because of
> >>>> >> > side-effects
> >>>> >> on
> >>>> >> > other apps. Thanks in advance for any suggestions or guidance!
> >>>> >> >
> >>>> >> > WebLogic SSL debug trace follows:
> >>>> >> >
> >>>> >> > %% No cached client session
> >>>> >> > *** ClientHello, TLSv1.2
> >>>> >> > RandomCookie: GMT: 1414096267 bytes = { 183, 209, 47, 148,
> >>>> >> > 54, 202,
> >>>> >> 98, 8,
> >>>> >> > 191, 222, 122, 248, 80, 190, 53, 88, 128, 130, 126, 108, 100,
> >>>> >> > 82, 100,
> >>>> >> 197, 213,
> >>>> >> > 31, 89, 96 } Session ID: {} Cipher Suites:
> >>>> >> > [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
> >>>> >> > TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
> >>>> >> > TLS_RSA_WITH_AES_256_CBC_SHA256,
> >>>> >> > TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
> >>>> >> > TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
> >>>> >> > TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS
> >>>> >> > _WITH_AES_256_CBC_SHA256,
> >>>> >> > TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
> >>>> >> > TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
> >>>> >> > TLS_RSA_WITH_AES_256_CBC_SHA,
> >>>> >> > TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
> >>>> >> > TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
> >>>> >> > TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AE
> >>>> >> > S_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
> >>>> >> > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
> >>>> >> > TLS_RSA_WITH_AES_128_CBC_SHA256,
> >>>> >> > TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
> >>>> >> > TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
> >>>> >> > TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_
> >>>> >> > WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
> >>>> >> > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
> >>>> >> > TLS_RSA_WITH_AES_128_CBC_SHA,
> >>>> >> > TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
> >>>> >> > TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
> >>>> >> > TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES
> >>>> >> > _128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
> >>>> >> > TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA,
> >>>> >> > TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
> >>>> >> > TLS_ECDH_RSA_WITH_RC4_128_SHA,
> >>>> >> > TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
> >>>> >> > TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_W
> >>>> >> > ITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
> >>>> >> > TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
> >>>> >> > SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
> >>>> >> > SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5,
> >>>> >> > TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
> >>>> >> > Compression Methods: { 0 }
> >>>> >> > Extension elliptic_curves, curve names: {secp256r1, sect163k1,
> >>>> >> sect163r2,
> >>>> >> > secp192r1, secp224r1, sect233k1, sect233r1, sect283k1,
> >>>> >> > sect283r1,
> >>>> >> secp384r1,
> >>>> >> > sect409k1, sect409r1, secp521r1, sect571k1, sect571r1,
> >>>> >> > secp160k1,
> >>>> >> secp160r1,
> >>>> >> > secp160r2, sect163r1, secp1 92k1, sect193r1, sect193r2,
> >>>> >> > secp224k1,
> >>>> >> sect239k1,
> >>>> >> > secp256k1} Extension ec_point_formats, formats: [uncompressed]
> >>>> >> > Extension signature_algorithms, signature_algorithms:
> >>>> >> > SHA512withECDSA, SHA512withRSA, SHA384withECDSA,
> >>>> >> > SHA384withRSA, SHA256withECDSA, SHA256withRSA,
> >>>> >> > SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA,
> >>>> >> > SHA1withDSA, MD5withRSA
> >>>> >> > ***
> >>>> >> > [write] MD5 and SHA1 hashes: len = 221
> >>>> >> > 0000: 01 00 00 D9 03 03 54 49 66 8B B7 D1 2F 94 36 CA
> >>>> >> ......TIf.../.6.
> >>>> >> > 0010: 62 08 BF DE 7A F8 50 BE 35 58 80 82 7E 6C 64 52
> >>>> >> b...z.P.5X...ldR
> >>>> >> > 0020: 64 C5 D5 1F 59 60 00 00 54 C0 24 C0 28 00 3D C0
> >>>> >> d...Y`..T.$.(.=.
> >>>> >> > 0030: 26 C0 2A 00 6B 00 6A C0 0A C0 14 00 35 C0 05 C0
> >>>> >> &.*.k.j.....5...
> >>>> >> > 0040: 0F 00 39 00 38 C0 23 C0 27 00 3C C0 25 C0 29 00
> >>>> >> ..9.8.#.'.<.%.).
> >>>> >> > 0050: 67 00 40 C0 09 C0 13 00 2F C0 04 C0 0E 00 33 00 g.@
> >>>> >> ...../.....3.
> >>>> >> > 0060: 32 C0 07 C0 11 00 05 C0 02 C0 0C C0 08 C0 12 00
> >>>> >> 2...............
> >>>> >> > 0070: 0A C0 03 C0 0D 00 16 00 13 00 04 00 FF 01 00 00
> >>>> >> ................
> >>>> >> > 0080: 5C 00 0A 00 34 00 32 00 17 00 01 00 03 00 13 00
> >>>> >> \...4.2.........
> >>>> >> > 0090: 15 00 06 00 07 00 09 00 0A 00 18 00 0B 00 0C 00
> >>>> >> ................
> >>>> >> > 00A0: 19 00 0D 00 0E 00 0F 00 10 00 11 00 02 00 12 00
> >>>> >> ................
> >>>> >> > 00B0: 04 00 05 00 14 00 08 00 16 00 0B 00 02 01 00 00
> >>>> >> ................
> >>>> >> > 00C0: 0D 00 1A 00 18 06 03 06 01 05 03 05 01 04 03 04
> >>>> >> ................
> >>>> >> > 00D0: 01 03 03 03 01 02 03 02 01 02 02 01 01
> >>>> .............
> >>>> >> > [ACTIVE] ExecuteThread: '0' for queue:
> >>>> >> > 'weblogic.kernel.Default
> >>>> >> (self-tuning)',
> >>>> >> > WRITE: TLSv1.2 Handshake, length = 221 [write] MD5 and SHA1
> hashes:
> >>>> >> len =
> >>>> >> > 188
> >>>> >> > 0000: 01 03 03 00 93 00 00 00 20 00 C0 24 00 C0 28 00 ........
> >>>> >> ..$..(.
> >>>> >> > 0010: 00 3D 00 C0 26 00 C0 2A 00 00 6B 00 00 6A 00 C0
> >>>> >> .=..&..*..k..j..
> >>>> >> > 0020: 0A 07 00 C0 00 C0 14 00 00 35 00 C0 05 00 C0 0F
> >>>> >> .........5......
> >>>> >> > 0030: 00 00 39 00 00 38 00 C0 23 00 C0 27 00 00 3C 00
> >>>> >> ..9..8..#..'..<.
> >>>> >> > 0040: C0 25 00 C0 29 00 00 67 00 00 40 00 C0 09 06 00
> >>>> .%..)..g..@
> >>>> >> .....
> >>>> >> > 0050: 40 00 C0 13 00 00 2F 00 C0 04 01 00 80 00 C0 0E
> >>>> >> @...../.........
> >>>> >> > 0060: 00 00 33 00 00 32 00 C0 07 05 00 80 00 C0 11 00
> >>>> >> ..3..2..........
> >>>> >> > 0070: 00 05 00 C0 02 00 C0 0C 00 C0 08 00 C0 12 00 00
> >>>> >> ................
> >>>> >> > 0080: 0A 07 00 C0 00 C0 03 02 00 80 00 C0 0D 00 00 16
> >>>> >> ................
> >>>> >> > 0090: 00 00 13 00 00 04 01 00 80 00 00 FF 54 49 66 8B
> >>>> >> ............TIf.
> >>>> >> > 00A0: B7 D1 2F 94 36 CA 62 08 BF DE 7A F8 50 BE 35 58
> >>>> >> ../.6.b...z.P.5X
> >>>> >> > 00B0: 80 82 7E 6C 64 52 64 C5 D5 1F 59 60
> >>>> ...ldRd...Y`
> >>>> >> > [ACTIVE] ExecuteThread: '0' for queue:
> >>>> >> > 'weblogic.kernel.Default
> >>>> >> (self-tuning)',
> >>>> >> > WRITE: SSLv2 client hello message, length = 188 [Raw write]:
> >>>> >> > length =
> >>>> >> 190
> >>>> >> > 0000: 80 BC 01 03 03 00 93 00 00 00 20 00 C0 24 00 C0
> ..........
> >>>> >> ..$..
> >>>> >> > 0010: 28 00 00 3D 00 C0 26 00 C0 2A 00 00 6B 00 00 6A
> >>>> >> (..=..&..*..k..j
> >>>> >> > 0020: 00 C0 0A 07 00 C0 00 C0 14 00 00 35 00 C0 05 00
> >>>> >> ...........5....
> >>>> >> > 0030: C0 0F 00 00 39 00 00 38 00 C0 23 00 C0 27 00 00
> >>>> >> ....9..8..#..'..
> >>>> >> > 0040: 3C 00 C0 25 00 C0 29 00 00 67 00 00 40 00 C0 09
> >>>> <..%..)..g..@
> >>>> >> ...
> >>>> >> > 0050: 06 00 40 00 C0 13 00 00 2F 00 C0 04 01 00 80 00
> >>>> >> ..@...../.......
> >>>> >> > 0060: C0 0E 00 00 33 00 00 32 00 C0 07 05 00 80 00 C0
> >>>> >> ....3..2........
> >>>> >> > 0070: 11 00 00 05 00 C0 02 00 C0 0C 00 C0 08 00 C0 12
> >>>> >> ................
> >>>> >> > 0080: 00 00 0A 07 00 C0 00 C0 03 02 00 80 00 C0 0D 00
> >>>> >> ................
> >>>> >> > 0090: 00 16 00 00 13 00 00 04 01 00 80 00 00 FF 54 49
> >>>> >> ..............TI
> >>>> >> > 00A0: 66 8B B7 D1 2F 94 36 CA 62 08 BF DE 7A F8 50 BE
> >>>> >> f.../.6.b...z.P.
> >>>> >> > 00B0: 35 58 80 82 7E 6C 64 52 64 C5 D5 1F 59 60
> >>>> 5X...ldRd...Y`
> >>>> >> > <Oct 23, 2014 4:35:23 PM EDT> <Debug> <SecuritySSL>
> >>>> >> > <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '0' for queue:
> >>>> >> 'weblogic.kernel.Default (self-
> >>>> >> > tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseadapter:
> >>>> SSLENGINE:
> >>>> >> > SSLEngine.wrap(ByteBuffer,ByteBuffer)
> >>>> >> > called: result=Status = OK HandshakeStatus = NEED_UNWRAP
> >>>> >> > bytesConsumed =
> >>>> >> > 0 bytesProduced = 190.> <Oct 23, 2014 4:35:23 PM EDT> <Debug>
> >>>> >> > <SecuritySSL> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread:
> >>>> >> > '0' for
> >>>> >> queue:
> >>>> >> > 'weblogic.kernel.Default (self-tuning)',5,Pooled
> >>>> >> > Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE:
> >>>> >> > SSLEngine.unwrap(ByteBuffer,ByteBuffer
> >>>> >> > []) called: result=Status = BUFFER_UNDERFLOW HandshakeStatus =
> >>>> >> > NEED_UNWRAP bytesConsumed = 0 bytesProduced = 0.> [Raw read]:
> >>>> length = 5
> >>>> >> > 0000: 15 03 03 00 02 .....
> >>>> >> > [Raw read]: length = 2
> >>>> >> > 0000: 02 28 .(
> >>>> >> > [ACTIVE] ExecuteThread: '0' for queue:
> >>>> >> > 'weblogic.kernel.Default
> >>>> >> (self-tuning)',
> >>>> >> > READ: TLSv1.2 Alert, length = 2 [ACTIVE] ExecuteThread: '0'
> >>>> >> > for
> >>>> queue:
> >>>> >> > 'weblogic.kernel.Default (self-tuning)', RECV TLSv1 ALERT:
> >>>> >> > fatal, handshake_failure [ACTIVE] ExecuteThread: '0' for queue:
> >>>> >> > 'weblogic.kernel.Default (self-tuning)', fatal: engine already
> >>>> closed.
> >>>> >> > Rethrowing javax.net.ssl.SSLException: Received fatal alert:
> >>>> >> handshake_failure
> >>>> >> > [ACTIVE] ExecuteThread: '0' for queue:
> >>>> >> > 'weblogic.kernel.Default
> >>>> >> (self-tuning)',
> >>>> >> > fatal: engine already closed. Rethrowing
> >>>> javax.net.ssl.SSLException:
> >>>> >> Received
> >>>> >> > fatal alert: handshake_failure <Oct 23, 2014 4:35:23 PM EDT>
> >>>> >> > <Debug> <SecuritySSL> <BEA-000000> <[Thread[[ACTIVE]
> ExecuteThread:
> >>>> >> > '0' for
> >>>> >> queue:
> >>>> >> > 'weblogic.kernel.Default (self-tuning)',5,Pooled
> >>>> >> > Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE:
> >>>> >> > Exception
> >>>> >> occurred
> >>>> >> > during SSLEngine.un wrap(ByteBuffer,ByteBuffer[]).
> >>>> >> > javax.net.ssl.SSLException: Received fatal alert:
> handshake_failure
> >>>> >> > at
> sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
> >>>> >> > at
> >>>> sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1619)
> >>>> >> > at
> >>>> sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1587)
> >>>> >> > at
> >>>> >> sun.security.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1756
> >>>> >> )
> >>>> >> > at
> >>>> >> sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:106
> >>>> >> 0)
> >>>> >> > at
> >>>> >> sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:
> >>>> >> 884)
> >>>> >> > at
> >>>> sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:758)
> >>>> >> > at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:664)
> >>>> >> > at
> >>>> >> >
> >>>> >>
> weblogic.security.SSL.jsseadapter.JaSSLEngine$5.run(JaSSLEngine.java:
> >>>> >> 134)
> >>>> >> > at
> >>>> >> >
> >>>> >> weblogic.security.SSL.jsseadapter.JaSSLEngine.doAction(JaSSLEngi
> >>>> >> ne.ja
> >>>> >> va:732)
> >>>> >> > at
> >>>> >> >
> >>>> >> weblogic.security.SSL.jsseadapter.JaSSLEngine.unwrap(JaSSLEngine
> >>>> >> .java
> >>>> >> :132)
> >>>> >> > at
> >>>> >> weblogic.socket.JSSEFilterImpl.unwrap(JSSEFilterImpl.java:505)
> >>>> >> > at
> >>>> >> >
> >>>> >>
> weblogic.socket.JSSEFilterImpl.unwrapAndHandleResults(JSSEFilterImpl.
> >>>> >> java:44
> >>>> >> > 8)
> >>>> >> > at
> >>>> >> weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:8
> >>>> >> 0)
> >>>> >> > at
> >>>> >> weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:6
> >>>> >> 4)
> >>>> >> > at
> >>>> >> weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:5
> >>>> >> 9)
> >>>> >> > at
> >>>> weblogic.socket.JSSEFilterImpl.write(JSSEFilterImpl.java:390)
> >>>> >> > at
> >>>> >> >
> >>>> weblogic.socket.JSSESocket$JSSEOutputStream.write(JSSESocket.java:8
> >>>> 9)
> >>>> >> > at
> >>>> >> >
> >>>> java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:
> >>>> 82)
> >>>> >> > at
> >>>> >> java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140
> >>>> >> )
> >>>> >> > at
> >>>> java.io.FilterOutputStream.flush(FilterOutputStream.java:140)
> >>>> >> > at
> >>>> >> >
> >>>> >> weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnect
> >>>> >> ion.j
> >>>> >> ava:1
> >>>> >> > 86)
> >>>> >> > at
> >>>> >> >
> >>>> >> weblogic.net.http.HttpURLConnection.getOutputStream(HttpURLConne
> >>>> >> ction
> >>>> >> .jav
> >>>> >> > a:280)
> >>>> >> > at
> >>>> >> > org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConn
> >>>> >> > ectio
> >>>> >> > nWra
> >>>> >> > ppedOutputStream.setupWrappedStream(URLConnectionHTTPConduit.j
> >>>> >> > ava:1
> >>>> >> > 68
> >>>> >> > )
> >>>> >> > at
> >>>> >> > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.
> >>>> >> > handl
> >>>> >> > eHea
> >>>> >> > dersTrustCaching(HTTPConduit.java:1278)
> >>>> >> > at
> >>>> >> >
> >>>> >> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.on
> >>>> >> First
> >>>> >> Writ
> >>>> >> > e(HTTPConduit.java:1234)
> >>>> >> > at
> >>>> >> > org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConn
> >>>> >> > ectio
> >>>> >> > nWra
> >>>> >> > ppedOutputStream.onFirstWrite(URLConnectionHTTPConduit.java:195)
> >>>> >> > at
> >>>> >> > org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWr
> >>>> >> > apped
> >>>> >> > Outpu
> >>>> >> > tStream.java:47)
> >>>> >> > at
> >>>> >> >
> >>>> >> org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractTh
> >>>> >> resho
> >>>> >> ldOutp
> >>>> >> > utStream.java:69)
> >>>> >> > at
> >>>> >> > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.
> >>>> >> > close
> >>>> >> > (HTTP
> >>>> >> > Conduit.java:1291)
> >>>> >> > at
> >>>> >> org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.j
> >>>> >> ava:5
> >>>> >> 6)
> >>>> >> > at
> >>>> >> org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java
> >>>> >> :623)
> >>>> >> > at
> >>>> >> > org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSen
> >>>> >> > derEn
> >>>> >> > dingI
> >>>> >> > nterceptor.handleMessage(MessageSenderInterceptor.java:62)
> >>>> >> > at
> >>>> >> >
> >>>> >> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInte
> >>>> >> rcept
> >>>> >> orChai
> >>>> >> > n.java:271)
> >>>> >> > at
> >>>> >> org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:541)
> >>>> >> > at
> >>>> >> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:474)
> >>>> >> > at
> >>>> >> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:377)
> >>>> >> > at
> >>>> >> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:330)
> >>>> >> > at
> >>>> >> org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:
> >>>> >> 96)
> >>>> >> > at
> >>>> >> >
> >>>> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:
> >>>> 134)
> >>>> >> > at com.sun.proxy.$Proxy258.startTransaction(Unknown
> Source)
> >>>> >> > at
> >>>> >> >
> >>>> >> com.optimal.identity.gateway.equifax.eidverify.VerifyClient.init
> >>>> >> iateV
> >>>> >> erification(
> >>>> >> > VerifyClient.java:87)
> >>>> >> > at
> >>>> >> >
> >>>> >> com.optimal.identity.gateway.equifax.eidverify.VerifyGateway.sub
> >>>> >> mitIn
> >>>> >> itial(Ve
> >>>> >> > rifyGateway.java:24)
> >>>> >> > at
> >>>> >> >
> >>>> >> com.optimal.identity.service.IdentificationServiceImpl.submitIni
> >>>> >> tial(
> >>>> >> Identificatio
> >>>> >> > nServiceImpl.java:147)
> >>>> >> > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
> >>>> Method)
> >>>> >> > at
> >>>> >> >
> >>>> >>
> >>>>
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:
> >>>> >> > 57)
> >>>> >> > at
> >>>> >> >
> >>>> >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethod
> >>>> >> Acces
> >>>> >> sorI
> >>>> >> > mpl.java:43)
> >>>> >> > at java.lang.reflect.Method.invoke(Method.java:606)
> >>>> >> > at
> >>>> >> >
> >>>> >> org.springframework.aop.support.AopUtils.invokeJoinpointUsingRef
> >>>> >> lecti
> >>>> >> on(Aop
> >>>> >> > Utils.java:317)
> >>>> >> > at
> >>>> >> >
> >>>> >> org.springframework.aop.framework.ReflectiveMethodInvocation.inv
> >>>> >> okeJo
> >>>> >> inpo
> >>>> >> > int(ReflectiveMethodInvocation.java:183)
> >>>> >> > at
> >>>> >> >
> >>>> >> org.springframework.aop.framework.ReflectiveMethodInvocation.pro
> >>>> >> ceed(
> >>>> >> Refl
> >>>> >> > ectiveMethodInvocation.java:150)
> >>>> >> > at
> >>>> >> >
> >>>> >>
> >>>> org.springframework.transaction.interceptor.TransactionInterceptor.
> >>>> in
> >>>> >> voke(Tra
> >>>> >> > nsactionInterceptor.java:110)
> >>>> >> > at
> >>>> >> >
> >>>> >> org.springframework.aop.framework.ReflectiveMethodInvocation.pro
> >>>> >> ceed(
> >>>> >> Refl
> >>>> >> > ectiveMethodInvocation.java:172)
> >>>> >> > at
> >>>> >> > org.springframework.aop.framework.JdkDynamicAopProxy.invoke(Jd
> >>>> >> > kDyna
> >>>> >> > mic
> >>>> >> > AopProxy.java:204)
> >>>> >> > at com.sun.proxy.$Proxy211.submitInitial(Unknown Source)
> >>>> >> > at
> >>>> >> >
> >>>> >> com.optimal.identity.web.rest.IdentificationController.create(Id
> >>>> >> entif
> >>>> >> icationCont
> >>>> >> > roller.java:133)
> >>>> >> > at
> >>>> >> >
> >>>> >> com.optimal.identity.web.rest.IdentificationController$$FastClas
> >>>> >> sByCG
> >>>> >> LIB$$95f
> >>>> >> > 388d3.invoke(<generated>)
> >>>> >> > at
> >>>> >> >
> >>>> org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java
> >>>> :204)
> >>>> >> > at
> >>>> >> > org.springframework.aop.framework.CglibAopProxy$CglibMethodInv
> >>>> >> > ocati
> >>>> >> > on.in
> >>>> >> > vokeJoinpoint(CglibAopProxy.java:698)
> >>>> >> > at
> >>>> >> >
> >>>> >> org.springframework.aop.framework.ReflectiveMethodInvocation.pro
> >>>> >> ceed(
> >>>> >> Refl
> >>>> >> > ectiveMethodInvocation.java:150)
> >>>> >> > at
> >>>> >> >
> >>>> >> org.springframework.security.access.intercept.aopalliance.Method
> >>>> >> Secur
> >>>> >> ityInter
> >>>> >> > ceptor.invoke(MethodSecurityInterceptor.java:64)
> >>>> >> > at
> >>>> >> >
> >>>> >> org.springframework.aop.framework.ReflectiveMethodInvocation.pro
> >>>> >> ceed(
> >>>> >> Refl
> >>>> >> > ectiveMethodInvocation.java:172)
> >>>> >> > at
> >>>> >> > org.springframework.aop.framework.CglibAopProxy$DynamicAdvised
> >>>> >> > Inter
> >>>> >> > cept
> >>>> >> > or.intercept(CglibAopProxy.java:631)
> >>>> >> > at
> >>>> >> >
> >>>> >> com.optimal.identity.web.rest.IdentificationController$$Enhancer
> >>>> >> ByCGL
> >>>> >> IB$$36
> >>>> >> > b7b48f.create(<generated>)
> >>>> >> > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
> >>>> Method)
> >>>> >> > at
> >>>> >> >
> >>>> >>
> >>>>
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:
> >>>> >> > 57)
> >>>> >> > at
> >>>> >> >
> >>>> >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethod
> >>>> >> Acces
> >>>> >> sorI
> >>>> >> > mpl.java:43)
> >>>> >> > at java.lang.reflect.Method.invoke(Method.java:606)
> >>>> >> > at
> >>>> >> > org.springframework.web.method.support.InvocableHandlerMethod.
> >>>> >> > invok
> >>>> >> > e(Inv
> >>>> >> > ocableHandlerMethod.java:219)
> >>>> >> > at
> >>>> >> > org.springframework.web.method.support.InvocableHandlerMethod.
> >>>> >> > invok
> >>>> >> > eFor
> >>>> >> > Request(InvocableHandlerMethod.java:132)
> >>>> >> > at
> >>>> >> >
> >>>> >> org.springframework.web.servlet.mvc.method.annotation.ServletInv
> >>>> >> ocabl
> >>>> >> eHan
> >>>> >> >
> dlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:104)
> >>>> >> > at
> >>>> >> > org.springframework.web.servlet.mvc.method.annotation.RequestM
> >>>> >> > appin
> >>>> >> > gHan
> >>>> >> >
> >>>> dlerAdapter.invokeHandleMethod(RequestMappingHandlerAdapter.java:74
> >>>> 5)
> >>>> >> > at
> >>>> >> > org.springframework.web.servlet.mvc.method.annotation.RequestM
> >>>> >> > appin
> >>>> >> > gHan
> >>>> >> > dlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:686)
> >>>> >> > at
> >>>> >> >
> >>>>
> org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.
> >>>> >> > handle(AbstractHandlerMethodAdapter.java:80)
> >>>> >> > at
> >>>> >> >
> >>>> >> org.springframework.web.servlet.DispatcherServlet.doDispatch(Dis
> >>>> >> patch
> >>>> >> erServl
> >>>> >> > et.java:925)
> >>>> >> > at
> >>>> >> >
> >>>> >> org.springframework.web.servlet.DispatcherServlet.doService(Disp
> >>>> >> atche
> >>>> >> rServle
> >>>> >> > t.java:856)
> >>>> >> > at
> >>>> >> > org.springframework.web.servlet.FrameworkServlet.processReques
> >>>> >> > t(Fra
> >>>> >> > mewor
> >>>> >> > kServlet.java:920)
> >>>> >> > at
> >>>> >> >
> >>>> >> org.springframework.web.servlet.FrameworkServlet.doPost(Framewor
> >>>> >> kServ
> >>>> >> let.j
> >>>> >> > ava:827)
> >>>> >> > at
> >>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
> >>>> >> > at
> >>>> >> >
> >>>> >>
> >>>>
> org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.
> >>>> >> > java:801)
> >>>> >> > at
> >>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
> >>>> >> > at
> >>>> >> >
> >>>> >> weblogic.servlet.internal.StubSecurityHelper$ServletServiceActio
> >>>> >> n.run
> >>>> >> (StubSecu
> >>>> >> > rityHelper.java:227)
> >>>> >> > at
> >>>> >> >
> >>>> >> weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubS
> >>>> >> ecuri
> >>>> >> tyHelper.j
> >>>> >> > ava:125)
> >>>> >> > at
> >>>> >> >
> >>>> >> weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImp
> >>>> >> l.jav
> >>>> >> a:301)
> >>>> >> > at
> >>>> >> weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26
> >>>> >> )
> >>>> >> > at
> >>>> >> >
> >>>> >> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainIm
> >>>> >> pl.ja
> >>>> >> va:56)
> >>>> >> > at
> >>>> >> >
> >>>> >> org.springframework.web.filter.ShallowEtagHeaderFilter.doFilterI
> >>>> >> ntern
> >>>> >> al(Shallo
> >>>> >> > wEtagHeaderFilter.java:73)
> >>>> >> > at
> >>>> >> >
> >>>> >> org.springframework.web.filter.OncePerRequestFilter.doFilter(Onc
> >>>> >> ePerR
> >>>> >> equest
> >>>> >> > Filter.java:107)
> >>>> >> > at
> >>>> >> >
> >>>> >> org.springframework.web.filter.DelegatingFilterProxy.invokeDeleg
> >>>> >> ate(D
> >>>> >> elegati
> >>>> >> > ngFilterProxy.java:346)
> >>>> >> > at
> >>>> >> >
> >>>> >> org.springframework.web.filter.DelegatingFilterProxy.doFilter(De
> >>>> >> legat
> >>>> >> ingFilter
> >>>> >> > Proxy.java:259)
> >>>> >> > at
> >>>> >> >
> >>>> >> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainIm
> >>>> >> pl.ja
> >>>> >> va:56)
> >>>> >> > at
> >>>> >> >
> >>>> >>
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
> >>>> >> doFilter(
> >>>> >> > FilterChainProxy.java:330)
> >>>> >> > at
> >>>> >> >
> >>>> >> org.springframework.security.web.access.intercept.FilterSecurity
> >>>> >> Inter
> >>>> >> ceptor.inv
> >>>> >> > oke(FilterSecurityInterceptor.java:118)
> >>>> >> > at
> >>>> >> >
> >>>> >> org.springframework.security.web.access.intercept.FilterSecurity
> >>>> >> Inter
> >>>> >> ceptor.do
> >>>> >> > Filter(FilterSecurityInterceptor.java:84)
> >>>> >> > at
> >>>> >> >
> >>>> >>
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
> >>>> >> doFilter(
> >>>> >> > FilterChainProxy.java:342)
> >>>> >> > at
> >>>> >> >
> >>>> >>
> >>>> org.springframework.security.web.access.ExceptionTranslationFilter.
> >>>> do
> >>>> >> Filter(Ex
> >>>> >> > ceptionTranslationFilter.java:113)
> >>>> >> > at
> >>>> >> >
> >>>> >>
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
> >>>> >> doFilter(
> >>>> >> > FilterChainProxy.java:342)
> >>>> >> > at
> >>>> >> >
> >>>> >> org.springframework.security.web.authentication.AnonymousAuthent
> >>>> >> icati
> >>>> >> onFilt
> >>>> >> > er.doFilter(AnonymousAuthenticationFilter.java:113)
> >>>> >> > at
> >>>> >> >
> >>>> >>
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
> >>>> >> doFilter(
> >>>> >> > FilterChainProxy.java:342)
> >>>> >> > at
> >>>> >> >
> >>>> >> org.springframework.security.web.servletapi.SecurityContextHolde
> >>>> >> rAwar
> >>>> >> eRequ
> >>>> >> >
> estFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
> >>>> >> > at
> >>>> >> >
> >>>> >>
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
> >>>> >> doFilter(
> >>>> >> > FilterChainProxy.java:342)
> >>>> >> > at
> >>>> >> >
> >>>> >> org.springframework.security.web.authentication.www.BasicAuthent
> >>>> >> icati
> >>>> >> onFilt
> >>>> >> > er.doFilter(BasicAuthenticationFilter.java:201)
> >>>> >> > at
> >>>> >> >
> >>>> >>
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
> >>>> >> doFilter(
> >>>> >> > FilterChainProxy.java:342)
> >>>> >> > at
> >>>> >> >
> >>>> >> org.springframework.security.web.context.SecurityContextPersiste
> >>>> >> nceFi
> >>>> >> lter.doF
> >>>> >> > ilter(SecurityContextPersistenceFilter.java:87)
> >>>> >> > at
> >>>> >> >
> >>>> >>
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
> >>>> >> doFilter(
> >>>> >> > FilterChainProxy.java:342)
> >>>> >> > at
> >>>> >> >
> >>>> >> org.springframework.security.web.FilterChainProxy.doFilterIntern
> >>>> >> al(Fi
> >>>> >> lterChain
> >>>> >> > Proxy.java:192)
> >>>> >> > at
> >>>> >> >
> >>>> >> org.springframework.security.web.FilterChainProxy.doFilter(Filte
> >>>> >> rChai
> >>>> >> nProxy.ja
> >>>> >> > va:160)
> >>>> >> > at
> >>>> >> >
> >>>> >> org.springframework.web.filter.DelegatingFilterProxy.invokeDeleg
> >>>> >> ate(D
> >>>> >> elegati
> >>>> >> > ngFilterProxy.java:346)
> >>>> >> > at
> >>>> >> >
> >>>> >> org.springframework.web.filter.DelegatingFilterProxy.doFilter(De
> >>>> >> legat
> >>>> >> ingFilter
> >>>> >> > Proxy.java:259)
> >>>> >> > at
> >>>> >> >
> >>>> >> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainIm
> >>>> >> pl.ja
> >>>> >> va:56)
> >>>> >> > at
> >>>> >> >
> >>>> >> com.optimal.rest.loggerfilter.LoggerFilter.doFilterInternal(Logg
> >>>> >> erFil
> >>>> >> ter.java:16
> >>>> >> > 9)
> >>>> >> > at
> >>>> >> >
> >>>> >> com.optimal.rest.loggerfilter.LoggerFilter.doFilter(LoggerFilter
> >>>> >> .java
> >>>> >> :123)
> >>>> >> > at
> >>>> >> >
> >>>> >> org.springframework.web.filter.DelegatingFilterProxy.invokeDeleg
> >>>> >> ate(D
> >>>> >> elegati
> >>>> >> > ngFilterProxy.java:346)
> >>>> >> > at
> >>>> >> >
> >>>> >> org.springframework.web.filter.DelegatingFilterProxy.doFilter(De
> >>>> >> legat
> >>>> >> ingFilter
> >>>> >> > Proxy.java:259)
> >>>> >> > at
> >>>> >> >
> >>>> >> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainIm
> >>>> >> pl.ja
> >>>> >> va:56)
> >>>> >> > at
> >>>> >> >
> >>>> >> com.optimal.web.spring.filter.ApplicationUidFilter.doFilterInter
> >>>> >> nal(A
> >>>> >> pplicationU
> >>>> >> > idFilter.java:51)
> >>>> >> > at
> >>>> >> >
> >>>> >> org.springframework.web.filter.OncePerRequestFilter.doFilter(Onc
> >>>> >> ePerR
> >>>> >> equest
> >>>> >> > Filter.java:107)
> >>>> >> > at
> >>>> >> >
> >>>> >> org.springframework.web.filter.DelegatingFilterProxy.invokeDeleg
> >>>> >> ate(D
> >>>> >> elegati
> >>>> >> > ngFilterProxy.java:346)
> >>>> >> > at
> >>>> >> >
> >>>> >> org.springframework.web.filter.DelegatingFilterProxy.doFilter(De
> >>>> >> legat
> >>>> >> ingFilter
> >>>> >> > Proxy.java:259)
> >>>> >> > at
> >>>> >> >
> >>>> >> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainIm
> >>>> >> pl.ja
> >>>> >> va:56)
> >>>> >> > at
> >>>> >> >
> >>>> >> weblogic.servlet.internal.WebAppServletContext$ServletInvocation
> >>>> >> Actio
> >>>> >> n.wrap
> >>>> >> > Run(WebAppServletContext.java:3730)
> >>>> >> > at
> >>>> >> >
> >>>> >> weblogic.servlet.internal.WebAppServletContext$ServletInvocation
> >>>> >> Actio
> >>>> >> n.run(
> >>>> >> > WebAppServletContext.java:3696)
> >>>> >> > at
> >>>> >> >
> >>>> >> weblogic.security.acl.internal.AuthenticatedSubject.doAs(Authent
> >>>> >> icate
> >>>> >> dSubject.j
> >>>> >> > ava:321)
> >>>> >> > at
> >>>> >> >
> >>>> >>
> weblogic.security.service.SecurityManager.runAs(SecurityManager.java:
> >>>> >> 120)
> >>>> >> > at
> >>>> >> >
> >>>> >> weblogic.servlet.internal.WebAppServletContext.securedExecute(We
> >>>> >> bAppS
> >>>> >> ervl
> >>>> >> > etContext.java:2273)
> >>>> >> > at
> >>>> >> >
> >>>> >> weblogic.servlet.internal.WebAppServletContext.execute(WebAppSer
> >>>> >> vletC
> >>>> >> onte
> >>>> >> > xt.java:2179)
> >>>> >> > at
> >>>> >> >
> >>>> >> weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestI
> >>>> >> mpl.j
> >>>> >> ava:1490
> >>>> >> > )
> >>>> >> > at
> >>>> weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
> >>>> >> > at
> >>>> >> > weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
> >>>> >> > >
> >>>> >> > AVIS IMPORTANT
> >>>> >> >
> >>>> >> > WARNING
> >>>> >> >
> >>>> >> >
> >>>> >> > Ce message ?lectronique et ses pi?ces jointes peuvent contenir
> >>>> >> > des renseignements confidentiels, exclusifs ou l?galement
> >>>> >> > privil?gi?s
> >>>> >> destin?s au
> >>>> >> > seul usage du destinataire vis?. L'exp?diteur original ne
> renonce ?
> >>>> >> aucun
> >>>> >> > privil?ge ou ? aucun autre droit si le pr?sent message a ?t?
> >>>> >> > transmis involontairement ou s'il est retransmis sans son
> >>>> >> > autorisation. Si vous
> >>>> >> n'?tes pas
> >>>> >> > le destinataire vis? du pr?sent message ou si vous l'avez re?u
> >>>> >> > par
> >>>> >> erreur,
> >>>> >> > veuillez cesser imm?diatement de le lire et le supprimer,
> >>>> >> > ainsi que
> >>>> >> toutes ses
> >>>> >> > pi?ces jointes, de votre syst?me. La lecture, la distribution,
> >>>> >> > la copie
> >>>> >> ou tout
> >>>> >> > autre usage du pr?sent message ou de ses pi?ces jointes par
> >>>> >> > des
> >>>> >> personnes
> >>>> >> > autres que le destinataire vis? ne sont pas autoris?s et
> >>>> >> > pourraient
> >>>> >> ?tre ill?gaux.
> >>>> >> > Si vous avez re?u ce courrier ?lectronique par erreur,
> >>>> >> > veuillez en
> >>>> >> aviser
> >>>> >> > l'exp?diteur.
> >>>> >> >
> >>>> >> >
> >>>> >> > This electronic message and its attachments may contain
> >>>> >> > confidential, proprietary or legally privileged information,
> >>>> >> > which is solely for the
> >>>> >> use of the
> >>>> >> > intended recipient. No privilege or other rights are waived by
> >>>> >> > any
> >>>> >> unintended
> >>>> >> > transmission or unauthorized retransmission of this message.
> >>>> >> > If you are
> >>>> >> not the
> >>>> >> > intended recipient of this message, or if you have received it
> >>>> >> > in
> >>>> >> error, you
> >>>> >> > should immediately stop reading this message and delete it and
> >>>> >> > all attachments from your system. The reading, distribution,
> >>>> >> > copying or
> >>>> >> other use
> >>>> >> > of this message or its attachments by unintended recipients is
> >>>> >> unauthorized and
> >>>> >> > may be unlawful. If you have received this e-mail in error,
> >>>> >> > please
> >>>> >> notify the
> >>>> >> > sender.
> >>>> >> >
> >>>> >> > --
> >>>> >> > WARNING
> >>>> >> > -------
> >>>> >> > This electronic message and its attachments may contain
> >>>> >> > confidential, proprietary or legally privileged information,
> >>>> >> > which is solely for the
> >>>> >> use of the
> >>>> >> > intended recipient. No privilege or other rights are waived
> >>>> >> > by any
> >>>> >> unintended
> >>>> >> > transmission or unauthorized retransmission of this message.
> >>>> >> > If you
> >>>> >> are not the
> >>>> >> > intended recipient of this message, or if you have received it
> >>>> >> > in
> >>>> >> error, you
> >>>> >> > should immediately stop reading this message and delete it and
> >>>> >> > all attachments from your system. The reading, distribution,
> >>>> >> > copying or
> >>>> >> other use
> >>>> >> > of this message or its attachments by unintended recipients is
> >>>> >> unauthorized and
> >>>> >> > may be unlawful. If you have received this e-mail in error,
> >>>> >> > please
> >>>> >> notify the
> >>>> >> > sender.
> >>>> >> >
> >>>> >> > AVIS IMPORTANT
> >>>> >> > --------------
> >>>> >> > Ce message electronique et ses pieces jointes peuvent contenir
> >>>> >> > des renseignements confidentiels, exclusifs ou legalement
> >>>> >> > privilegies
> >>>> >> destines au
> >>>> >> > seul usage du destinataire vise. L'expediteur original ne
> >>>> >> > renonce a
> >>>> >> aucun
> >>>> >> > privilege ou a aucun autre droit si le present message a ete
> >>>> >> > transmis involontairement ou s'il est retransmis sans son
> >>>> >> > autorisation. Si vous
> >>>> >> n'etes pas
> >>>> >> > le destinataire vise du present message ou si vous l'avez recu
> >>>> >> > par
> >>>> >> erreur,
> >>>> >> > veuillez cesser immediatement de le lire et le supprimer,
> >>>> >> > ainsi que
> >>>> >> toutes ses
> >>>> >> > pieces jointes, de votre systeme. La lecture, la
> >>>> >> > distribution, la
> >>>> >> copie ou tout
> >>>> >> > autre usage du present message ou de ses pieces jointes par
> >>>> >> > des
> >>>> >> personnes
> >>>> >> > autres que le destinataire vise ne sont pas autorises et
> >>>> >> > pourraient
> >>>> >> etre illegaux.
> >>>> >> > Si vous avez recu ce courrier electronique par erreur,
> >>>> >> > veuillez en
> >>>> >> aviser
> >>>> >> > l'expediteur.
> >>>> >> >
> >>>> >> >
> >>>> >> > --
> >>>> >> > WARNING
> >>>> >> > -------
> >>>> >> > This electronic message and its attachments may contain
> >>>> >> > confidential, proprietary or legally privileged information,
> >>>> >> > which is solely for the
> >>>> >> use of the
> >>>> >> > intended recipient. No privilege or other rights are waived
> >>>> >> > by any
> >>>> >> unintended
> >>>> >> > transmission or unauthorized retransmission of this message.
> >>>> >> > If you
> >>>> >> are not the
> >>>> >> > intended recipient of this message, or if you have received it
> >>>> >> > in
> >>>> >> error, you
> >>>> >> > should immediately stop reading this message and delete it and
> >>>> >> > all attachments from your system. The reading, distribution,
> >>>> >> > copying or
> >>>> >> other use
> >>>> >> > of this message or its attachments by unintended recipients is
> >>>> >> unauthorized and
> >>>> >> > may be unlawful. If you have received this e-mail in error,
> >>>> >> > please
> >>>> >> notify the
> >>>> >> > sender.
> >>>> >> >
> >>>> >> > AVIS IMPORTANT
> >>>> >> > --------------
> >>>> >> > Ce message ?lectronique et ses pi?ces jointes peuvent contenir
> >>>> >> > des renseignements confidentiels, exclusifs ou l?galement
> >>>> >> > privil?gi?s
> >>>> >> destin?s au
> >>>> >> > seul usage du destinataire vis?. L'exp?diteur original ne
> >>>> >> > renonce
> >>>> ?
> >>>> >> aucun
> >>>> >> > privil?ge ou ? aucun autre droit si le pr?sent message a ?t?
> >>>> >> > transmis involontairement ou s'il est retransmis sans son
> >>>> >> > autorisation. Si vous
> >>>> >> n'?tes pas
> >>>> >> > le destinataire vis? du pr?sent message ou si vous l'avez re?u
> >>>> >> > par
> >>>> >> erreur,
> >>>> >> > veuillez cesser imm?diatement de le lire et le supprimer,
> >>>> >> > ainsi que
> >>>> >> toutes ses
> >>>> >> > pi?ces jointes, de votre syst?me. La lecture, la
> >>>> >> > distribution, la
> >>>> >> copie ou tout
> >>>> >> > autre usage du pr?sent message ou de ses pi?ces jointes par
> >>>> >> > des
> >>>> >> personnes
> >>>> >> > autres que le destinataire vis? ne sont pas autoris?s et
> >>>> >> > pourraient
> >>>> >> ?tre ill?gaux.
> >>>> >> > Si vous avez re?u ce courrier ?lectronique par erreur,
> >>>> >> > veuillez en
> >>>> >> aviser
> >>>> >> > l'exp?diteur.
> >>>> >> >
> >>>> >> > --
> >>>> >> > WARNING
> >>>> >> > -------
> >>>> >> > This electronic message and its attachments may contain
> >>>> >> > confidential, proprietary or legally privileged information,
> >>>> >> > which is solely for the
> >>>> >> use of the
> >>>> >> > intended recipient. No privilege or other rights are waived
> >>>> >> > by any
> >>>> >> unintended
> >>>> >> > transmission or unauthorized retransmission of this message.
> >>>> >> > If you
> >>>> >> are not the
> >>>> >> > intended recipient of this message, or if you have received it
> >>>> >> > in
> >>>> >> error, you
> >>>> >> > should immediately stop reading this message and delete it and
> >>>> >> > all attachments from your system. The reading, distribution,
> >>>> >> > copying or
> >>>> >> other use
> >>>> >> > of this message or its attachments by unintended recipients is
> >>>> >> unauthorized and
> >>>> >> > may be unlawful. If you have received this e-mail in error,
> >>>> >> > please
> >>>> >> notify the
> >>>> >> > sender.
> >>>> >> >
> >>>> >> > AVIS IMPORTANT
> >>>> >> > --------------
> >>>> >> > Ce message electronique et ses pieces jointes peuvent contenir
> >>>> >> > des renseignements confidentiels, exclusifs ou legalement
> >>>> >> > privilegies
> >>>> >> destines au
> >>>> >> > seul usage du destinataire vise. L'expediteur original ne
> >>>> >> > renonce a
> >>>> >> aucun
> >>>> >> > privilege ou a aucun autre droit si le present message a ete
> >>>> >> > transmis involontairement ou s'il est retransmis sans son
> >>>> >> > autorisation. Si vous
> >>>> >> n'etes pas
> >>>> >> > le destinataire vise du present message ou si vous l'avez recu
> >>>> >> > par
> >>>> >> erreur,
> >>>> >> > veuillez cesser immediatement de le lire et le supprimer,
> >>>> >> > ainsi que
> >>>> >> toutes ses
> >>>> >> > pieces jointes, de votre systeme. La lecture, la
> >>>> >> > distribution, la
> >>>> >> copie ou tout
> >>>> >> > autre usage du present message ou de ses pieces jointes par
> >>>> >> > des
> >>>> >> personnes
> >>>> >> > autres que le destinataire vise ne sont pas autorises et
> >>>> >> > pourraient
> >>>> >> etre illegaux.
> >>>> >> > Si vous avez recu ce courrier electronique par erreur,
> >>>> >> > veuillez en
> >>>> >> aviser
> >>>> >> > l'expediteur.
> >>>> >>
> >>>> >>
> >>>>
> >>>> --
> >>>> WARNING
> >>>> -------
> >>>> This electronic message and its attachments may contain
> >>>> confidential, proprietary or legally privileged information, which
> >>>> is solely for the use of the intended recipient. No privilege or
> >>>> other rights are waived by any unintended transmission or
> >>>> unauthorized retransmission of this message. If you are not the
> >>>> intended recipient of this message, or if you have received it in
> >>>> error, you should immediately stop reading this message and delete
> >>>> it and all attachments from your system. The reading,
> >>>> distribution, copying or other use of this message or its
> >>>> attachments by unintended recipients is unauthorized and may be
> unlawful. If you have received this e-mail in error, please notify the
> sender.
> >>>>
> >>>> AVIS IMPORTANT
> >>>> --------------
> >>>> Ce message électronique et ses pièces jointes peuvent contenir des
> >>>> renseignements confidentiels, exclusifs ou légalement privilégiés
> >>>> destinés au seul usage du destinataire visé. L’expéditeur original
> >>>> ne renonce à aucun privilège ou à aucun autre droit si le présent
> >>>> message a été transmis involontairement ou s’il est retransmis sans
> >>>> son autorisation. Si vous n’êtes pas le destinataire visé du
> >>>> présent message ou si vous l’avez reçu par erreur, veuillez cesser
> >>>> immédiatement de le lire et le supprimer, ainsi que toutes ses
> >>>> pièces jointes, de votre système. La lecture, la distribution, la
> >>>> copie ou tout autre usage du présent message ou de ses pièces
> >>>> jointes par des personnes autres que le destinataire visé ne sont
> >>>> pas autorisés et pourraient être illégaux. Si vous avez reçu ce
> courrier électronique par erreur, veuillez en aviser l’expéditeur.
> >>>>
> >>>>
> >>>
> >>
> >
>
RE: How to Disable SSLv2 client hello in CXF?
Posted by "David Roytenberg (Consultant)" <Da...@optimalpayments.com>.
Thanks Jason, Since you've worked on Poodle, maybe you are aware of whether the CXF client has changed its behavior since 2.7.6 as far as SSLv2Hello protocol is concerned. I have two identical CXF configurations, using the default protocol setting which looks to be TLS. With the SSL debugging turned on, I see that the SSLv2Hello is being used to wrap the client hello packet in each case. In my first integration all is well while in the current integration, the server appears to drop the connection as soon as it receives the SSLV2Hello packet.
What I'd like to do is prevent the client from using that SSLv2Hello protocol for the handshake Hello packet.
None of the settings on this page: http://cxf.apache.org/docs/tls-configuration.html seem to allow me to control the Protocols directly, but I am still learning all the ins and outs of how SSL is configured under the hood.
From what you wrote it sounds like SSLv2Hello protocol is going to be removed in the client in CXF 2.7.14. Is that right?
Thanks,
David
-----Original Message-----
From: jasonmpell@gmail.com [mailto:jasonmpell@gmail.com] On Behalf Of Jason Pell
Sent: Monday, October 27, 2014 2:07 PM
To: users@cxf.apache.org
Subject: Re: How to Disable SSLv2 client hello in CXF?
Here is the actual page which deals with the config for tls
http://cxf.apache.org/docs/tls-configuration.html
On Tue, Oct 28, 2014 at 5:06 AM, Jason Pell <ja...@pellcorp.com> wrote:
> See, but note that the secureSocketProtocol is missing from the examples.
> (Search in the page for Configuring SSL Support)
>
> http://cxf.apache.org/docs/client-http-transport-including-ssl-support
> .html
>
> On Tue, Oct 28, 2014 at 5:02 AM, Jason Pell <ja...@pellcorp.com> wrote:
>
>> So I did some digging to remind myself of how it works on the client
>> and I was dead wrong.
>>
>> I was thinking about how the server works (having just done the
>> poodle
>> changes)
>>
>> Anyway, what Andrei was absolutely correct.
>>
>> You can see it applied in
>> org.apache.cxf.transport.https.SSLSocketFactoryWrapper. The
>> SSLSocketFactoryWrapper is called from the
>> org.apache.cxf.transport.https.HttpsURLConnectionFactory
>>
>> It results in the Socket Factory setEnabledProtocols to the actual
>> protocol you listed in the tls client parameters (see below)
>>
>> <http:tlsClientParameters disableCNCheck="true"
>> secureSocketProtocol="TLSv1">
>>
>> You need to make sure that your conduit configuration is being
>> applied correctly in web logic, perhaps its not being picked up.
>>
>>
>>
>>
>>
>>
>>
>> On Tue, Oct 28, 2014 at 4:36 AM, Jason Pell <ja...@pellcorp.com> wrote:
>>
>>> Hi,
>>>
>>> I run embedded jetty container
>>>
>>> Sorry I forgot that you were running weblogic when I responded. In that
>>> case do you even use the embedded jetty container? I am guessing no. If
>>> not, then you would need to use the standard weblogic ssl configuration.
>>>
>>> I don't believe CXF is responsible for any of the ssl config in that
>>> case. But then I am not very knowledgeable of cxf deployed to a
>>> j2ee container sorry.
>>>
>>> Sorry for the runaround and wasting your time
>>>
>>> Regards
>>> Jason
>>>
>>>
>>> On Tue, Oct 28, 2014 at 2:33 AM, David Roytenberg (Consultant) <
>>> David.Roytenberg@optimalpayments.com> wrote:
>>>
>>>> Hi Jason,
>>>>
>>>> Are you running on WebLogic by any chance? When I configured
>>>> the properties in the deployment to point to the WebLogic default
>>>> key store and trust store, I get a
>>>> java.security.UnrecoverableKeyException while trying to deploy my application. Did you encounter this problem?
>>>>
>>>> Here's my config:
>>>>
>>>> <constructor-arg>
>>>> <list>
>>>> <bean
>>>> class="com.pellcorp.server.jetty.JettyHttpEngineConfig">
>>>> <property name="uri" value="
>>>> https://localhost:7002" />
>>>> <property name="keyStoreFile"
>>>> value="/opt/weblogic_11/wlserver_10.3/server/lib/DemoIdentity.jks" />
>>>> <property
>>>> name="keyStorePassword" value="DemoIdentityKeyStorePassPhrase" />
>>>> <property name="trustStoreFile"
>>>> value="/opt/weblogic_11/wlserver_10.3/server/lib/DemoTrust.jks" />
>>>> <property
>>>> name="trustStorePassword" value="DemoTrustKeyStorePassPhrase" />
>>>> <property
>>>> name="secureSocketProtocol" value="TLSv1" />
>>>> </bean>
>>>>
>>>> <bean
>>>> class="com.pellcorp.server.jetty.JettyHttpEngineConfig">
>>>> <property name="uri" value="
>>>> https://localhost:7002" />
>>>> <property name="keyStoreFile"
>>>> value="/opt/weblogic_11/wlserver_10.3/server/lib/DemoIdentity.jks" />
>>>> <property
>>>> name="keyStorePassword" value="DemoIdentityKeyStorePassPhrase" />
>>>> <property
>>>> name="secureSocketProtocol" value="TLSv1" />
>>>> </bean>
>>>> </list>
>>>> </constructor-arg>
>>>>
>>>> David
>>>>
>>>> -----Original Message-----
>>>> From: jasonmpell@gmail.com [mailto:jasonmpell@gmail.com] On Behalf
>>>> Of Jason Pell
>>>> Sent: Monday, October 27, 2014 7:23 AM
>>>> To: users@cxf.apache.org
>>>> Subject: Re: How to Disable SSLv2 client hello in CXF?
>>>>
>>>> Hi,
>>>>
>>>> Here is a sample of using your own custom version of the jetty
>>>> factory in your spring context. It is pretty invasive, so its
>>>> actually better to wait for 2.7.14 and take advantage of the code
>>>> already there. I use this code for other reasons though, as it
>>>> allows me to configure the trust / key stores via spring properties.
>>>>
>>>>
>>>> https://github.com/pellcorp/cxf/tree/master/JavaFirst/src/main/java
>>>> /com/pellcorp/server/jetty
>>>>
>>>>
>>>>
>>>> A sample spring context:
>>>>
>>>>
>>>> https://github.com/pellcorp/cxf/blob/master/JavaFirst/src/main/reso
>>>> urces/META-INF/samlApplicationContext.xml
>>>>
>>>>
>>>>
>>>>
>>>> On Mon, Oct 27, 2014 at 9:44 PM, Jason Pell <ja...@pellcorp.com> wrote:
>>>>
>>>> > That setting won't actually control what protocols jetty will
>>>> > actually use. I think it just controls what the highest protocol is used.
>>>> >
>>>> > The excluded protocols list needs to include the sslv2 setting.
>>>> >
>>>> > we actually overrode the jetty factory jetty engine and one other
>>>> > class to get access to the SSL context to configure the excluded
>>>> > protocols. Not pretty but we can't wait for 2.7.14.
>>>> >
>>>> > If you are interested I shall post our classes to my git repo.
>>>> >
>>>> > Let me know
>>>> > On 27/10/2014 8:14 PM, "Andrei Shakirin" <as...@talend.com>
>>>> wrote:
>>>> >
>>>> >> Hi,
>>>> >>
>>>> >> I guess you mean TLSClientParameters.secureSocketProtocol in Conduit.
>>>> >>
>>>> >> As far as I can see this parameter is used for creating
>>>> >> java.net.ssl.SSLContext:
>>>> >> String protocol = parameters.getSecureSocketProtocol()
>>>> >> !=
>>>> null ?
>>>> >> parameters
>>>> >> .getSecureSocketProtocol() : "TLS";
>>>> >>
>>>> >> The setting should work. How you apply conduit settings:
>>>> >> programmatically or via spring configuration?
>>>> >> Could you past the code snapshot?
>>>> >>
>>>> >> Regards,
>>>> >> Andrei.
>>>> >>
>>>> >> > -----Original Message-----
>>>> >> > From: David Roytenberg (Consultant)
>>>> >> > [mailto:David.Roytenberg@optimalpayments.com]
>>>> >> > Sent: Freitag, 24. Oktober 2014 17:46
>>>> >> > To: users@cxf.apache.org
>>>> >> > Subject: RE: How to Disable SSLv2 client hello in CXF?
>>>> >> >
>>>> >> > Hello again.
>>>> >> >
>>>> >> > I've dug further into the CXF documentation and found that it
>>>> >> > is
>>>> >> possible to
>>>> >> > programmatically set the SSL protocols on the TLSProperties
>>>> >> > object of
>>>> >> the
>>>> >> > Conduit.
>>>> >> >
>>>> >> > I've created the TLS properties and set the SSL protocols to
>>>> >> > TLS1, but
>>>> >> this does
>>>> >> > not change the SSL behavior, which still starts with TLSv1.2
>>>> >> > then sends
>>>> >> the hello
>>>> >> > with SSLv2 which is then dropped on the client end. Is there
>>>> >> > another
>>>> >> switch that
>>>> >> > has to be set to over-ride the default SSL behavior?
>>>> >> >
>>>> >> > David
>>>> >> >
>>>> >> > -----Original Message-----
>>>> >> > From: David Roytenberg (Consultant)
>>>> >> > [mailto:David.Roytenberg@optimalpayments.com]
>>>> >> > Sent: Thursday, October 23, 2014 4:57 PM
>>>> >> > To: users@cxf.apache.org
>>>> >> > Subject: How to Disable SSLv2 client hello in CXF?
>>>> >> >
>>>> >> > I'm having an SSL problem and I wonder if there is a way to
>>>> >> > fix it
>>>> >> within CXF
>>>> >> >
>>>> >> > We have our CXF 2.7.6 based integration deployed on Weblogic 11.
>>>> >> > We are using JDK 1.7_065
>>>> >> >
>>>> >> > When we connect to our remote client via SSL we get the
>>>> >> > following trace
>>>> >> with
>>>> >> > lots of SSL debugging turned on
>>>> >> >
>>>> >> > What appears to be happening is that the Hello message is sent
>>>> >> > with an
>>>> >> SSLV2
>>>> >> > protocol, which our partner's server does not like.
>>>> >> > Apparently sending
>>>> >> the
>>>> >> > Hello at this level is a common behavior and apparently it
>>>> >> > sometimes
>>>> >> causes
>>>> >> > the remote server to fail. I found a suggestion on line that
>>>> >> > this can
>>>> >> be fixed by
>>>> >> > removing the SSLv2 from the allowed protocols. I am wondering
>>>> >> > if I can
>>>> >> do that
>>>> >> > through CFX configuration?
>>>> >> >
>>>> >> > This is a reference to the article that suggests that removing
>>>> >> > the
>>>> >> protocol is the
>>>> >> > solution to this problem:
>>>> >> >
>>>> >> >
>>>> >>
>>>> http://stackoverflow.com/questions/4682957/why-does-javas-sslsocket
>>>> -s
>>>> >> end-a-
>>>> >> > version-2-client-hello
>>>> >> >
>>>> >> > The protocols are apparently set on the SSLContext in JSSE by
>>>> >> > calling setEnabledProtocols(String[] protocols)
>>>> >> >
>>>> >> > Is there a way to set the enabled protocols on the SSLContext
>>>> >> > via CXF configuration?
>>>> >> >
>>>> >> > If not, is there a way to get hold of the SSLContext
>>>> >> > programmatically
>>>> >> in a CXF
>>>> >> > interceptor?
>>>> >> >
>>>> >> > We can't fix this problem at the WebLogic level because of
>>>> >> > side-effects
>>>> >> on
>>>> >> > other apps. Thanks in advance for any suggestions or guidance!
>>>> >> >
>>>> >> > WebLogic SSL debug trace follows:
>>>> >> >
>>>> >> > %% No cached client session
>>>> >> > *** ClientHello, TLSv1.2
>>>> >> > RandomCookie: GMT: 1414096267 bytes = { 183, 209, 47, 148,
>>>> >> > 54, 202,
>>>> >> 98, 8,
>>>> >> > 191, 222, 122, 248, 80, 190, 53, 88, 128, 130, 126, 108, 100,
>>>> >> > 82, 100,
>>>> >> 197, 213,
>>>> >> > 31, 89, 96 } Session ID: {} Cipher Suites:
>>>> >> > [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
>>>> >> > TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
>>>> >> > TLS_RSA_WITH_AES_256_CBC_SHA256,
>>>> >> > TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
>>>> >> > TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
>>>> >> > TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS
>>>> >> > _WITH_AES_256_CBC_SHA256,
>>>> >> > TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
>>>> >> > TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
>>>> >> > TLS_RSA_WITH_AES_256_CBC_SHA,
>>>> >> > TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
>>>> >> > TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
>>>> >> > TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AE
>>>> >> > S_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
>>>> >> > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
>>>> >> > TLS_RSA_WITH_AES_128_CBC_SHA256,
>>>> >> > TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
>>>> >> > TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
>>>> >> > TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_
>>>> >> > WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
>>>> >> > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
>>>> >> > TLS_RSA_WITH_AES_128_CBC_SHA,
>>>> >> > TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
>>>> >> > TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
>>>> >> > TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES
>>>> >> > _128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
>>>> >> > TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA,
>>>> >> > TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
>>>> >> > TLS_ECDH_RSA_WITH_RC4_128_SHA,
>>>> >> > TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
>>>> >> > TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_W
>>>> >> > ITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
>>>> >> > TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
>>>> >> > SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
>>>> >> > SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5,
>>>> >> > TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
>>>> >> > Compression Methods: { 0 }
>>>> >> > Extension elliptic_curves, curve names: {secp256r1, sect163k1,
>>>> >> sect163r2,
>>>> >> > secp192r1, secp224r1, sect233k1, sect233r1, sect283k1,
>>>> >> > sect283r1,
>>>> >> secp384r1,
>>>> >> > sect409k1, sect409r1, secp521r1, sect571k1, sect571r1,
>>>> >> > secp160k1,
>>>> >> secp160r1,
>>>> >> > secp160r2, sect163r1, secp1 92k1, sect193r1, sect193r2,
>>>> >> > secp224k1,
>>>> >> sect239k1,
>>>> >> > secp256k1} Extension ec_point_formats, formats: [uncompressed]
>>>> >> > Extension signature_algorithms, signature_algorithms:
>>>> >> > SHA512withECDSA, SHA512withRSA, SHA384withECDSA,
>>>> >> > SHA384withRSA, SHA256withECDSA, SHA256withRSA,
>>>> >> > SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA,
>>>> >> > SHA1withDSA, MD5withRSA
>>>> >> > ***
>>>> >> > [write] MD5 and SHA1 hashes: len = 221
>>>> >> > 0000: 01 00 00 D9 03 03 54 49 66 8B B7 D1 2F 94 36 CA
>>>> >> ......TIf.../.6.
>>>> >> > 0010: 62 08 BF DE 7A F8 50 BE 35 58 80 82 7E 6C 64 52
>>>> >> b...z.P.5X...ldR
>>>> >> > 0020: 64 C5 D5 1F 59 60 00 00 54 C0 24 C0 28 00 3D C0
>>>> >> d...Y`..T.$.(.=.
>>>> >> > 0030: 26 C0 2A 00 6B 00 6A C0 0A C0 14 00 35 C0 05 C0
>>>> >> &.*.k.j.....5...
>>>> >> > 0040: 0F 00 39 00 38 C0 23 C0 27 00 3C C0 25 C0 29 00
>>>> >> ..9.8.#.'.<.%.).
>>>> >> > 0050: 67 00 40 C0 09 C0 13 00 2F C0 04 C0 0E 00 33 00 g.@
>>>> >> ...../.....3.
>>>> >> > 0060: 32 C0 07 C0 11 00 05 C0 02 C0 0C C0 08 C0 12 00
>>>> >> 2...............
>>>> >> > 0070: 0A C0 03 C0 0D 00 16 00 13 00 04 00 FF 01 00 00
>>>> >> ................
>>>> >> > 0080: 5C 00 0A 00 34 00 32 00 17 00 01 00 03 00 13 00
>>>> >> \...4.2.........
>>>> >> > 0090: 15 00 06 00 07 00 09 00 0A 00 18 00 0B 00 0C 00
>>>> >> ................
>>>> >> > 00A0: 19 00 0D 00 0E 00 0F 00 10 00 11 00 02 00 12 00
>>>> >> ................
>>>> >> > 00B0: 04 00 05 00 14 00 08 00 16 00 0B 00 02 01 00 00
>>>> >> ................
>>>> >> > 00C0: 0D 00 1A 00 18 06 03 06 01 05 03 05 01 04 03 04
>>>> >> ................
>>>> >> > 00D0: 01 03 03 03 01 02 03 02 01 02 02 01 01
>>>> .............
>>>> >> > [ACTIVE] ExecuteThread: '0' for queue:
>>>> >> > 'weblogic.kernel.Default
>>>> >> (self-tuning)',
>>>> >> > WRITE: TLSv1.2 Handshake, length = 221 [write] MD5 and SHA1 hashes:
>>>> >> len =
>>>> >> > 188
>>>> >> > 0000: 01 03 03 00 93 00 00 00 20 00 C0 24 00 C0 28 00 ........
>>>> >> ..$..(.
>>>> >> > 0010: 00 3D 00 C0 26 00 C0 2A 00 00 6B 00 00 6A 00 C0
>>>> >> .=..&..*..k..j..
>>>> >> > 0020: 0A 07 00 C0 00 C0 14 00 00 35 00 C0 05 00 C0 0F
>>>> >> .........5......
>>>> >> > 0030: 00 00 39 00 00 38 00 C0 23 00 C0 27 00 00 3C 00
>>>> >> ..9..8..#..'..<.
>>>> >> > 0040: C0 25 00 C0 29 00 00 67 00 00 40 00 C0 09 06 00
>>>> .%..)..g..@
>>>> >> .....
>>>> >> > 0050: 40 00 C0 13 00 00 2F 00 C0 04 01 00 80 00 C0 0E
>>>> >> @...../.........
>>>> >> > 0060: 00 00 33 00 00 32 00 C0 07 05 00 80 00 C0 11 00
>>>> >> ..3..2..........
>>>> >> > 0070: 00 05 00 C0 02 00 C0 0C 00 C0 08 00 C0 12 00 00
>>>> >> ................
>>>> >> > 0080: 0A 07 00 C0 00 C0 03 02 00 80 00 C0 0D 00 00 16
>>>> >> ................
>>>> >> > 0090: 00 00 13 00 00 04 01 00 80 00 00 FF 54 49 66 8B
>>>> >> ............TIf.
>>>> >> > 00A0: B7 D1 2F 94 36 CA 62 08 BF DE 7A F8 50 BE 35 58
>>>> >> ../.6.b...z.P.5X
>>>> >> > 00B0: 80 82 7E 6C 64 52 64 C5 D5 1F 59 60
>>>> ...ldRd...Y`
>>>> >> > [ACTIVE] ExecuteThread: '0' for queue:
>>>> >> > 'weblogic.kernel.Default
>>>> >> (self-tuning)',
>>>> >> > WRITE: SSLv2 client hello message, length = 188 [Raw write]:
>>>> >> > length =
>>>> >> 190
>>>> >> > 0000: 80 BC 01 03 03 00 93 00 00 00 20 00 C0 24 00 C0 ..........
>>>> >> ..$..
>>>> >> > 0010: 28 00 00 3D 00 C0 26 00 C0 2A 00 00 6B 00 00 6A
>>>> >> (..=..&..*..k..j
>>>> >> > 0020: 00 C0 0A 07 00 C0 00 C0 14 00 00 35 00 C0 05 00
>>>> >> ...........5....
>>>> >> > 0030: C0 0F 00 00 39 00 00 38 00 C0 23 00 C0 27 00 00
>>>> >> ....9..8..#..'..
>>>> >> > 0040: 3C 00 C0 25 00 C0 29 00 00 67 00 00 40 00 C0 09
>>>> <..%..)..g..@
>>>> >> ...
>>>> >> > 0050: 06 00 40 00 C0 13 00 00 2F 00 C0 04 01 00 80 00
>>>> >> ..@...../.......
>>>> >> > 0060: C0 0E 00 00 33 00 00 32 00 C0 07 05 00 80 00 C0
>>>> >> ....3..2........
>>>> >> > 0070: 11 00 00 05 00 C0 02 00 C0 0C 00 C0 08 00 C0 12
>>>> >> ................
>>>> >> > 0080: 00 00 0A 07 00 C0 00 C0 03 02 00 80 00 C0 0D 00
>>>> >> ................
>>>> >> > 0090: 00 16 00 00 13 00 00 04 01 00 80 00 00 FF 54 49
>>>> >> ..............TI
>>>> >> > 00A0: 66 8B B7 D1 2F 94 36 CA 62 08 BF DE 7A F8 50 BE
>>>> >> f.../.6.b...z.P.
>>>> >> > 00B0: 35 58 80 82 7E 6C 64 52 64 C5 D5 1F 59 60
>>>> 5X...ldRd...Y`
>>>> >> > <Oct 23, 2014 4:35:23 PM EDT> <Debug> <SecuritySSL>
>>>> >> > <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '0' for queue:
>>>> >> 'weblogic.kernel.Default (self-
>>>> >> > tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseadapter:
>>>> SSLENGINE:
>>>> >> > SSLEngine.wrap(ByteBuffer,ByteBuffer)
>>>> >> > called: result=Status = OK HandshakeStatus = NEED_UNWRAP
>>>> >> > bytesConsumed =
>>>> >> > 0 bytesProduced = 190.> <Oct 23, 2014 4:35:23 PM EDT> <Debug>
>>>> >> > <SecuritySSL> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread:
>>>> >> > '0' for
>>>> >> queue:
>>>> >> > 'weblogic.kernel.Default (self-tuning)',5,Pooled
>>>> >> > Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE:
>>>> >> > SSLEngine.unwrap(ByteBuffer,ByteBuffer
>>>> >> > []) called: result=Status = BUFFER_UNDERFLOW HandshakeStatus =
>>>> >> > NEED_UNWRAP bytesConsumed = 0 bytesProduced = 0.> [Raw read]:
>>>> length = 5
>>>> >> > 0000: 15 03 03 00 02 .....
>>>> >> > [Raw read]: length = 2
>>>> >> > 0000: 02 28 .(
>>>> >> > [ACTIVE] ExecuteThread: '0' for queue:
>>>> >> > 'weblogic.kernel.Default
>>>> >> (self-tuning)',
>>>> >> > READ: TLSv1.2 Alert, length = 2 [ACTIVE] ExecuteThread: '0'
>>>> >> > for
>>>> queue:
>>>> >> > 'weblogic.kernel.Default (self-tuning)', RECV TLSv1 ALERT:
>>>> >> > fatal, handshake_failure [ACTIVE] ExecuteThread: '0' for queue:
>>>> >> > 'weblogic.kernel.Default (self-tuning)', fatal: engine already
>>>> closed.
>>>> >> > Rethrowing javax.net.ssl.SSLException: Received fatal alert:
>>>> >> handshake_failure
>>>> >> > [ACTIVE] ExecuteThread: '0' for queue:
>>>> >> > 'weblogic.kernel.Default
>>>> >> (self-tuning)',
>>>> >> > fatal: engine already closed. Rethrowing
>>>> javax.net.ssl.SSLException:
>>>> >> Received
>>>> >> > fatal alert: handshake_failure <Oct 23, 2014 4:35:23 PM EDT>
>>>> >> > <Debug> <SecuritySSL> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread:
>>>> >> > '0' for
>>>> >> queue:
>>>> >> > 'weblogic.kernel.Default (self-tuning)',5,Pooled
>>>> >> > Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE:
>>>> >> > Exception
>>>> >> occurred
>>>> >> > during SSLEngine.un wrap(ByteBuffer,ByteBuffer[]).
>>>> >> > javax.net.ssl.SSLException: Received fatal alert: handshake_failure
>>>> >> > at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
>>>> >> > at
>>>> sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1619)
>>>> >> > at
>>>> sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1587)
>>>> >> > at
>>>> >> sun.security.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1756
>>>> >> )
>>>> >> > at
>>>> >> sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:106
>>>> >> 0)
>>>> >> > at
>>>> >> sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:
>>>> >> 884)
>>>> >> > at
>>>> sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:758)
>>>> >> > at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:664)
>>>> >> > at
>>>> >> >
>>>> >> weblogic.security.SSL.jsseadapter.JaSSLEngine$5.run(JaSSLEngine.java:
>>>> >> 134)
>>>> >> > at
>>>> >> >
>>>> >> weblogic.security.SSL.jsseadapter.JaSSLEngine.doAction(JaSSLEngi
>>>> >> ne.ja
>>>> >> va:732)
>>>> >> > at
>>>> >> >
>>>> >> weblogic.security.SSL.jsseadapter.JaSSLEngine.unwrap(JaSSLEngine
>>>> >> .java
>>>> >> :132)
>>>> >> > at
>>>> >> weblogic.socket.JSSEFilterImpl.unwrap(JSSEFilterImpl.java:505)
>>>> >> > at
>>>> >> >
>>>> >> weblogic.socket.JSSEFilterImpl.unwrapAndHandleResults(JSSEFilterImpl.
>>>> >> java:44
>>>> >> > 8)
>>>> >> > at
>>>> >> weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:8
>>>> >> 0)
>>>> >> > at
>>>> >> weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:6
>>>> >> 4)
>>>> >> > at
>>>> >> weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:5
>>>> >> 9)
>>>> >> > at
>>>> weblogic.socket.JSSEFilterImpl.write(JSSEFilterImpl.java:390)
>>>> >> > at
>>>> >> >
>>>> weblogic.socket.JSSESocket$JSSEOutputStream.write(JSSESocket.java:8
>>>> 9)
>>>> >> > at
>>>> >> >
>>>> java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:
>>>> 82)
>>>> >> > at
>>>> >> java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140
>>>> >> )
>>>> >> > at
>>>> java.io.FilterOutputStream.flush(FilterOutputStream.java:140)
>>>> >> > at
>>>> >> >
>>>> >> weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnect
>>>> >> ion.j
>>>> >> ava:1
>>>> >> > 86)
>>>> >> > at
>>>> >> >
>>>> >> weblogic.net.http.HttpURLConnection.getOutputStream(HttpURLConne
>>>> >> ction
>>>> >> .jav
>>>> >> > a:280)
>>>> >> > at
>>>> >> > org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConn
>>>> >> > ectio
>>>> >> > nWra
>>>> >> > ppedOutputStream.setupWrappedStream(URLConnectionHTTPConduit.j
>>>> >> > ava:1
>>>> >> > 68
>>>> >> > )
>>>> >> > at
>>>> >> > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.
>>>> >> > handl
>>>> >> > eHea
>>>> >> > dersTrustCaching(HTTPConduit.java:1278)
>>>> >> > at
>>>> >> >
>>>> >> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.on
>>>> >> First
>>>> >> Writ
>>>> >> > e(HTTPConduit.java:1234)
>>>> >> > at
>>>> >> > org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConn
>>>> >> > ectio
>>>> >> > nWra
>>>> >> > ppedOutputStream.onFirstWrite(URLConnectionHTTPConduit.java:195)
>>>> >> > at
>>>> >> > org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWr
>>>> >> > apped
>>>> >> > Outpu
>>>> >> > tStream.java:47)
>>>> >> > at
>>>> >> >
>>>> >> org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractTh
>>>> >> resho
>>>> >> ldOutp
>>>> >> > utStream.java:69)
>>>> >> > at
>>>> >> > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.
>>>> >> > close
>>>> >> > (HTTP
>>>> >> > Conduit.java:1291)
>>>> >> > at
>>>> >> org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.j
>>>> >> ava:5
>>>> >> 6)
>>>> >> > at
>>>> >> org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java
>>>> >> :623)
>>>> >> > at
>>>> >> > org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSen
>>>> >> > derEn
>>>> >> > dingI
>>>> >> > nterceptor.handleMessage(MessageSenderInterceptor.java:62)
>>>> >> > at
>>>> >> >
>>>> >> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInte
>>>> >> rcept
>>>> >> orChai
>>>> >> > n.java:271)
>>>> >> > at
>>>> >> org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:541)
>>>> >> > at
>>>> >> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:474)
>>>> >> > at
>>>> >> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:377)
>>>> >> > at
>>>> >> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:330)
>>>> >> > at
>>>> >> org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:
>>>> >> 96)
>>>> >> > at
>>>> >> >
>>>> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:
>>>> 134)
>>>> >> > at com.sun.proxy.$Proxy258.startTransaction(Unknown Source)
>>>> >> > at
>>>> >> >
>>>> >> com.optimal.identity.gateway.equifax.eidverify.VerifyClient.init
>>>> >> iateV
>>>> >> erification(
>>>> >> > VerifyClient.java:87)
>>>> >> > at
>>>> >> >
>>>> >> com.optimal.identity.gateway.equifax.eidverify.VerifyGateway.sub
>>>> >> mitIn
>>>> >> itial(Ve
>>>> >> > rifyGateway.java:24)
>>>> >> > at
>>>> >> >
>>>> >> com.optimal.identity.service.IdentificationServiceImpl.submitIni
>>>> >> tial(
>>>> >> Identificatio
>>>> >> > nServiceImpl.java:147)
>>>> >> > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
>>>> Method)
>>>> >> > at
>>>> >> >
>>>> >>
>>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:
>>>> >> > 57)
>>>> >> > at
>>>> >> >
>>>> >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethod
>>>> >> Acces
>>>> >> sorI
>>>> >> > mpl.java:43)
>>>> >> > at java.lang.reflect.Method.invoke(Method.java:606)
>>>> >> > at
>>>> >> >
>>>> >> org.springframework.aop.support.AopUtils.invokeJoinpointUsingRef
>>>> >> lecti
>>>> >> on(Aop
>>>> >> > Utils.java:317)
>>>> >> > at
>>>> >> >
>>>> >> org.springframework.aop.framework.ReflectiveMethodInvocation.inv
>>>> >> okeJo
>>>> >> inpo
>>>> >> > int(ReflectiveMethodInvocation.java:183)
>>>> >> > at
>>>> >> >
>>>> >> org.springframework.aop.framework.ReflectiveMethodInvocation.pro
>>>> >> ceed(
>>>> >> Refl
>>>> >> > ectiveMethodInvocation.java:150)
>>>> >> > at
>>>> >> >
>>>> >>
>>>> org.springframework.transaction.interceptor.TransactionInterceptor.
>>>> in
>>>> >> voke(Tra
>>>> >> > nsactionInterceptor.java:110)
>>>> >> > at
>>>> >> >
>>>> >> org.springframework.aop.framework.ReflectiveMethodInvocation.pro
>>>> >> ceed(
>>>> >> Refl
>>>> >> > ectiveMethodInvocation.java:172)
>>>> >> > at
>>>> >> > org.springframework.aop.framework.JdkDynamicAopProxy.invoke(Jd
>>>> >> > kDyna
>>>> >> > mic
>>>> >> > AopProxy.java:204)
>>>> >> > at com.sun.proxy.$Proxy211.submitInitial(Unknown Source)
>>>> >> > at
>>>> >> >
>>>> >> com.optimal.identity.web.rest.IdentificationController.create(Id
>>>> >> entif
>>>> >> icationCont
>>>> >> > roller.java:133)
>>>> >> > at
>>>> >> >
>>>> >> com.optimal.identity.web.rest.IdentificationController$$FastClas
>>>> >> sByCG
>>>> >> LIB$$95f
>>>> >> > 388d3.invoke(<generated>)
>>>> >> > at
>>>> >> >
>>>> org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java
>>>> :204)
>>>> >> > at
>>>> >> > org.springframework.aop.framework.CglibAopProxy$CglibMethodInv
>>>> >> > ocati
>>>> >> > on.in
>>>> >> > vokeJoinpoint(CglibAopProxy.java:698)
>>>> >> > at
>>>> >> >
>>>> >> org.springframework.aop.framework.ReflectiveMethodInvocation.pro
>>>> >> ceed(
>>>> >> Refl
>>>> >> > ectiveMethodInvocation.java:150)
>>>> >> > at
>>>> >> >
>>>> >> org.springframework.security.access.intercept.aopalliance.Method
>>>> >> Secur
>>>> >> ityInter
>>>> >> > ceptor.invoke(MethodSecurityInterceptor.java:64)
>>>> >> > at
>>>> >> >
>>>> >> org.springframework.aop.framework.ReflectiveMethodInvocation.pro
>>>> >> ceed(
>>>> >> Refl
>>>> >> > ectiveMethodInvocation.java:172)
>>>> >> > at
>>>> >> > org.springframework.aop.framework.CglibAopProxy$DynamicAdvised
>>>> >> > Inter
>>>> >> > cept
>>>> >> > or.intercept(CglibAopProxy.java:631)
>>>> >> > at
>>>> >> >
>>>> >> com.optimal.identity.web.rest.IdentificationController$$Enhancer
>>>> >> ByCGL
>>>> >> IB$$36
>>>> >> > b7b48f.create(<generated>)
>>>> >> > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
>>>> Method)
>>>> >> > at
>>>> >> >
>>>> >>
>>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:
>>>> >> > 57)
>>>> >> > at
>>>> >> >
>>>> >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethod
>>>> >> Acces
>>>> >> sorI
>>>> >> > mpl.java:43)
>>>> >> > at java.lang.reflect.Method.invoke(Method.java:606)
>>>> >> > at
>>>> >> > org.springframework.web.method.support.InvocableHandlerMethod.
>>>> >> > invok
>>>> >> > e(Inv
>>>> >> > ocableHandlerMethod.java:219)
>>>> >> > at
>>>> >> > org.springframework.web.method.support.InvocableHandlerMethod.
>>>> >> > invok
>>>> >> > eFor
>>>> >> > Request(InvocableHandlerMethod.java:132)
>>>> >> > at
>>>> >> >
>>>> >> org.springframework.web.servlet.mvc.method.annotation.ServletInv
>>>> >> ocabl
>>>> >> eHan
>>>> >> > dlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:104)
>>>> >> > at
>>>> >> > org.springframework.web.servlet.mvc.method.annotation.RequestM
>>>> >> > appin
>>>> >> > gHan
>>>> >> >
>>>> dlerAdapter.invokeHandleMethod(RequestMappingHandlerAdapter.java:74
>>>> 5)
>>>> >> > at
>>>> >> > org.springframework.web.servlet.mvc.method.annotation.RequestM
>>>> >> > appin
>>>> >> > gHan
>>>> >> > dlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:686)
>>>> >> > at
>>>> >> >
>>>> org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.
>>>> >> > handle(AbstractHandlerMethodAdapter.java:80)
>>>> >> > at
>>>> >> >
>>>> >> org.springframework.web.servlet.DispatcherServlet.doDispatch(Dis
>>>> >> patch
>>>> >> erServl
>>>> >> > et.java:925)
>>>> >> > at
>>>> >> >
>>>> >> org.springframework.web.servlet.DispatcherServlet.doService(Disp
>>>> >> atche
>>>> >> rServle
>>>> >> > t.java:856)
>>>> >> > at
>>>> >> > org.springframework.web.servlet.FrameworkServlet.processReques
>>>> >> > t(Fra
>>>> >> > mewor
>>>> >> > kServlet.java:920)
>>>> >> > at
>>>> >> >
>>>> >> org.springframework.web.servlet.FrameworkServlet.doPost(Framewor
>>>> >> kServ
>>>> >> let.j
>>>> >> > ava:827)
>>>> >> > at
>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
>>>> >> > at
>>>> >> >
>>>> >>
>>>> org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.
>>>> >> > java:801)
>>>> >> > at
>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
>>>> >> > at
>>>> >> >
>>>> >> weblogic.servlet.internal.StubSecurityHelper$ServletServiceActio
>>>> >> n.run
>>>> >> (StubSecu
>>>> >> > rityHelper.java:227)
>>>> >> > at
>>>> >> >
>>>> >> weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubS
>>>> >> ecuri
>>>> >> tyHelper.j
>>>> >> > ava:125)
>>>> >> > at
>>>> >> >
>>>> >> weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImp
>>>> >> l.jav
>>>> >> a:301)
>>>> >> > at
>>>> >> weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26
>>>> >> )
>>>> >> > at
>>>> >> >
>>>> >> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainIm
>>>> >> pl.ja
>>>> >> va:56)
>>>> >> > at
>>>> >> >
>>>> >> org.springframework.web.filter.ShallowEtagHeaderFilter.doFilterI
>>>> >> ntern
>>>> >> al(Shallo
>>>> >> > wEtagHeaderFilter.java:73)
>>>> >> > at
>>>> >> >
>>>> >> org.springframework.web.filter.OncePerRequestFilter.doFilter(Onc
>>>> >> ePerR
>>>> >> equest
>>>> >> > Filter.java:107)
>>>> >> > at
>>>> >> >
>>>> >> org.springframework.web.filter.DelegatingFilterProxy.invokeDeleg
>>>> >> ate(D
>>>> >> elegati
>>>> >> > ngFilterProxy.java:346)
>>>> >> > at
>>>> >> >
>>>> >> org.springframework.web.filter.DelegatingFilterProxy.doFilter(De
>>>> >> legat
>>>> >> ingFilter
>>>> >> > Proxy.java:259)
>>>> >> > at
>>>> >> >
>>>> >> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainIm
>>>> >> pl.ja
>>>> >> va:56)
>>>> >> > at
>>>> >> >
>>>> >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
>>>> >> doFilter(
>>>> >> > FilterChainProxy.java:330)
>>>> >> > at
>>>> >> >
>>>> >> org.springframework.security.web.access.intercept.FilterSecurity
>>>> >> Inter
>>>> >> ceptor.inv
>>>> >> > oke(FilterSecurityInterceptor.java:118)
>>>> >> > at
>>>> >> >
>>>> >> org.springframework.security.web.access.intercept.FilterSecurity
>>>> >> Inter
>>>> >> ceptor.do
>>>> >> > Filter(FilterSecurityInterceptor.java:84)
>>>> >> > at
>>>> >> >
>>>> >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
>>>> >> doFilter(
>>>> >> > FilterChainProxy.java:342)
>>>> >> > at
>>>> >> >
>>>> >>
>>>> org.springframework.security.web.access.ExceptionTranslationFilter.
>>>> do
>>>> >> Filter(Ex
>>>> >> > ceptionTranslationFilter.java:113)
>>>> >> > at
>>>> >> >
>>>> >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
>>>> >> doFilter(
>>>> >> > FilterChainProxy.java:342)
>>>> >> > at
>>>> >> >
>>>> >> org.springframework.security.web.authentication.AnonymousAuthent
>>>> >> icati
>>>> >> onFilt
>>>> >> > er.doFilter(AnonymousAuthenticationFilter.java:113)
>>>> >> > at
>>>> >> >
>>>> >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
>>>> >> doFilter(
>>>> >> > FilterChainProxy.java:342)
>>>> >> > at
>>>> >> >
>>>> >> org.springframework.security.web.servletapi.SecurityContextHolde
>>>> >> rAwar
>>>> >> eRequ
>>>> >> > estFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
>>>> >> > at
>>>> >> >
>>>> >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
>>>> >> doFilter(
>>>> >> > FilterChainProxy.java:342)
>>>> >> > at
>>>> >> >
>>>> >> org.springframework.security.web.authentication.www.BasicAuthent
>>>> >> icati
>>>> >> onFilt
>>>> >> > er.doFilter(BasicAuthenticationFilter.java:201)
>>>> >> > at
>>>> >> >
>>>> >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
>>>> >> doFilter(
>>>> >> > FilterChainProxy.java:342)
>>>> >> > at
>>>> >> >
>>>> >> org.springframework.security.web.context.SecurityContextPersiste
>>>> >> nceFi
>>>> >> lter.doF
>>>> >> > ilter(SecurityContextPersistenceFilter.java:87)
>>>> >> > at
>>>> >> >
>>>> >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
>>>> >> doFilter(
>>>> >> > FilterChainProxy.java:342)
>>>> >> > at
>>>> >> >
>>>> >> org.springframework.security.web.FilterChainProxy.doFilterIntern
>>>> >> al(Fi
>>>> >> lterChain
>>>> >> > Proxy.java:192)
>>>> >> > at
>>>> >> >
>>>> >> org.springframework.security.web.FilterChainProxy.doFilter(Filte
>>>> >> rChai
>>>> >> nProxy.ja
>>>> >> > va:160)
>>>> >> > at
>>>> >> >
>>>> >> org.springframework.web.filter.DelegatingFilterProxy.invokeDeleg
>>>> >> ate(D
>>>> >> elegati
>>>> >> > ngFilterProxy.java:346)
>>>> >> > at
>>>> >> >
>>>> >> org.springframework.web.filter.DelegatingFilterProxy.doFilter(De
>>>> >> legat
>>>> >> ingFilter
>>>> >> > Proxy.java:259)
>>>> >> > at
>>>> >> >
>>>> >> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainIm
>>>> >> pl.ja
>>>> >> va:56)
>>>> >> > at
>>>> >> >
>>>> >> com.optimal.rest.loggerfilter.LoggerFilter.doFilterInternal(Logg
>>>> >> erFil
>>>> >> ter.java:16
>>>> >> > 9)
>>>> >> > at
>>>> >> >
>>>> >> com.optimal.rest.loggerfilter.LoggerFilter.doFilter(LoggerFilter
>>>> >> .java
>>>> >> :123)
>>>> >> > at
>>>> >> >
>>>> >> org.springframework.web.filter.DelegatingFilterProxy.invokeDeleg
>>>> >> ate(D
>>>> >> elegati
>>>> >> > ngFilterProxy.java:346)
>>>> >> > at
>>>> >> >
>>>> >> org.springframework.web.filter.DelegatingFilterProxy.doFilter(De
>>>> >> legat
>>>> >> ingFilter
>>>> >> > Proxy.java:259)
>>>> >> > at
>>>> >> >
>>>> >> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainIm
>>>> >> pl.ja
>>>> >> va:56)
>>>> >> > at
>>>> >> >
>>>> >> com.optimal.web.spring.filter.ApplicationUidFilter.doFilterInter
>>>> >> nal(A
>>>> >> pplicationU
>>>> >> > idFilter.java:51)
>>>> >> > at
>>>> >> >
>>>> >> org.springframework.web.filter.OncePerRequestFilter.doFilter(Onc
>>>> >> ePerR
>>>> >> equest
>>>> >> > Filter.java:107)
>>>> >> > at
>>>> >> >
>>>> >> org.springframework.web.filter.DelegatingFilterProxy.invokeDeleg
>>>> >> ate(D
>>>> >> elegati
>>>> >> > ngFilterProxy.java:346)
>>>> >> > at
>>>> >> >
>>>> >> org.springframework.web.filter.DelegatingFilterProxy.doFilter(De
>>>> >> legat
>>>> >> ingFilter
>>>> >> > Proxy.java:259)
>>>> >> > at
>>>> >> >
>>>> >> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainIm
>>>> >> pl.ja
>>>> >> va:56)
>>>> >> > at
>>>> >> >
>>>> >> weblogic.servlet.internal.WebAppServletContext$ServletInvocation
>>>> >> Actio
>>>> >> n.wrap
>>>> >> > Run(WebAppServletContext.java:3730)
>>>> >> > at
>>>> >> >
>>>> >> weblogic.servlet.internal.WebAppServletContext$ServletInvocation
>>>> >> Actio
>>>> >> n.run(
>>>> >> > WebAppServletContext.java:3696)
>>>> >> > at
>>>> >> >
>>>> >> weblogic.security.acl.internal.AuthenticatedSubject.doAs(Authent
>>>> >> icate
>>>> >> dSubject.j
>>>> >> > ava:321)
>>>> >> > at
>>>> >> >
>>>> >> weblogic.security.service.SecurityManager.runAs(SecurityManager.java:
>>>> >> 120)
>>>> >> > at
>>>> >> >
>>>> >> weblogic.servlet.internal.WebAppServletContext.securedExecute(We
>>>> >> bAppS
>>>> >> ervl
>>>> >> > etContext.java:2273)
>>>> >> > at
>>>> >> >
>>>> >> weblogic.servlet.internal.WebAppServletContext.execute(WebAppSer
>>>> >> vletC
>>>> >> onte
>>>> >> > xt.java:2179)
>>>> >> > at
>>>> >> >
>>>> >> weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestI
>>>> >> mpl.j
>>>> >> ava:1490
>>>> >> > )
>>>> >> > at
>>>> weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
>>>> >> > at
>>>> >> > weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
>>>> >> > >
>>>> >> > AVIS IMPORTANT
>>>> >> >
>>>> >> > WARNING
>>>> >> >
>>>> >> >
>>>> >> > Ce message ?lectronique et ses pi?ces jointes peuvent contenir
>>>> >> > des renseignements confidentiels, exclusifs ou l?galement
>>>> >> > privil?gi?s
>>>> >> destin?s au
>>>> >> > seul usage du destinataire vis?. L'exp?diteur original ne renonce ?
>>>> >> aucun
>>>> >> > privil?ge ou ? aucun autre droit si le pr?sent message a ?t?
>>>> >> > transmis involontairement ou s'il est retransmis sans son
>>>> >> > autorisation. Si vous
>>>> >> n'?tes pas
>>>> >> > le destinataire vis? du pr?sent message ou si vous l'avez re?u
>>>> >> > par
>>>> >> erreur,
>>>> >> > veuillez cesser imm?diatement de le lire et le supprimer,
>>>> >> > ainsi que
>>>> >> toutes ses
>>>> >> > pi?ces jointes, de votre syst?me. La lecture, la distribution,
>>>> >> > la copie
>>>> >> ou tout
>>>> >> > autre usage du pr?sent message ou de ses pi?ces jointes par
>>>> >> > des
>>>> >> personnes
>>>> >> > autres que le destinataire vis? ne sont pas autoris?s et
>>>> >> > pourraient
>>>> >> ?tre ill?gaux.
>>>> >> > Si vous avez re?u ce courrier ?lectronique par erreur,
>>>> >> > veuillez en
>>>> >> aviser
>>>> >> > l'exp?diteur.
>>>> >> >
>>>> >> >
>>>> >> > This electronic message and its attachments may contain
>>>> >> > confidential, proprietary or legally privileged information,
>>>> >> > which is solely for the
>>>> >> use of the
>>>> >> > intended recipient. No privilege or other rights are waived by
>>>> >> > any
>>>> >> unintended
>>>> >> > transmission or unauthorized retransmission of this message.
>>>> >> > If you are
>>>> >> not the
>>>> >> > intended recipient of this message, or if you have received it
>>>> >> > in
>>>> >> error, you
>>>> >> > should immediately stop reading this message and delete it and
>>>> >> > all attachments from your system. The reading, distribution,
>>>> >> > copying or
>>>> >> other use
>>>> >> > of this message or its attachments by unintended recipients is
>>>> >> unauthorized and
>>>> >> > may be unlawful. If you have received this e-mail in error,
>>>> >> > please
>>>> >> notify the
>>>> >> > sender.
>>>> >> >
>>>> >> > --
>>>> >> > WARNING
>>>> >> > -------
>>>> >> > This electronic message and its attachments may contain
>>>> >> > confidential, proprietary or legally privileged information,
>>>> >> > which is solely for the
>>>> >> use of the
>>>> >> > intended recipient. No privilege or other rights are waived
>>>> >> > by any
>>>> >> unintended
>>>> >> > transmission or unauthorized retransmission of this message.
>>>> >> > If you
>>>> >> are not the
>>>> >> > intended recipient of this message, or if you have received it
>>>> >> > in
>>>> >> error, you
>>>> >> > should immediately stop reading this message and delete it and
>>>> >> > all attachments from your system. The reading, distribution,
>>>> >> > copying or
>>>> >> other use
>>>> >> > of this message or its attachments by unintended recipients is
>>>> >> unauthorized and
>>>> >> > may be unlawful. If you have received this e-mail in error,
>>>> >> > please
>>>> >> notify the
>>>> >> > sender.
>>>> >> >
>>>> >> > AVIS IMPORTANT
>>>> >> > --------------
>>>> >> > Ce message electronique et ses pieces jointes peuvent contenir
>>>> >> > des renseignements confidentiels, exclusifs ou legalement
>>>> >> > privilegies
>>>> >> destines au
>>>> >> > seul usage du destinataire vise. L'expediteur original ne
>>>> >> > renonce a
>>>> >> aucun
>>>> >> > privilege ou a aucun autre droit si le present message a ete
>>>> >> > transmis involontairement ou s'il est retransmis sans son
>>>> >> > autorisation. Si vous
>>>> >> n'etes pas
>>>> >> > le destinataire vise du present message ou si vous l'avez recu
>>>> >> > par
>>>> >> erreur,
>>>> >> > veuillez cesser immediatement de le lire et le supprimer,
>>>> >> > ainsi que
>>>> >> toutes ses
>>>> >> > pieces jointes, de votre systeme. La lecture, la
>>>> >> > distribution, la
>>>> >> copie ou tout
>>>> >> > autre usage du present message ou de ses pieces jointes par
>>>> >> > des
>>>> >> personnes
>>>> >> > autres que le destinataire vise ne sont pas autorises et
>>>> >> > pourraient
>>>> >> etre illegaux.
>>>> >> > Si vous avez recu ce courrier electronique par erreur,
>>>> >> > veuillez en
>>>> >> aviser
>>>> >> > l'expediteur.
>>>> >> >
>>>> >> >
>>>> >> > --
>>>> >> > WARNING
>>>> >> > -------
>>>> >> > This electronic message and its attachments may contain
>>>> >> > confidential, proprietary or legally privileged information,
>>>> >> > which is solely for the
>>>> >> use of the
>>>> >> > intended recipient. No privilege or other rights are waived
>>>> >> > by any
>>>> >> unintended
>>>> >> > transmission or unauthorized retransmission of this message.
>>>> >> > If you
>>>> >> are not the
>>>> >> > intended recipient of this message, or if you have received it
>>>> >> > in
>>>> >> error, you
>>>> >> > should immediately stop reading this message and delete it and
>>>> >> > all attachments from your system. The reading, distribution,
>>>> >> > copying or
>>>> >> other use
>>>> >> > of this message or its attachments by unintended recipients is
>>>> >> unauthorized and
>>>> >> > may be unlawful. If you have received this e-mail in error,
>>>> >> > please
>>>> >> notify the
>>>> >> > sender.
>>>> >> >
>>>> >> > AVIS IMPORTANT
>>>> >> > --------------
>>>> >> > Ce message ?lectronique et ses pi?ces jointes peuvent contenir
>>>> >> > des renseignements confidentiels, exclusifs ou l?galement
>>>> >> > privil?gi?s
>>>> >> destin?s au
>>>> >> > seul usage du destinataire vis?. L'exp?diteur original ne
>>>> >> > renonce
>>>> ?
>>>> >> aucun
>>>> >> > privil?ge ou ? aucun autre droit si le pr?sent message a ?t?
>>>> >> > transmis involontairement ou s'il est retransmis sans son
>>>> >> > autorisation. Si vous
>>>> >> n'?tes pas
>>>> >> > le destinataire vis? du pr?sent message ou si vous l'avez re?u
>>>> >> > par
>>>> >> erreur,
>>>> >> > veuillez cesser imm?diatement de le lire et le supprimer,
>>>> >> > ainsi que
>>>> >> toutes ses
>>>> >> > pi?ces jointes, de votre syst?me. La lecture, la
>>>> >> > distribution, la
>>>> >> copie ou tout
>>>> >> > autre usage du pr?sent message ou de ses pi?ces jointes par
>>>> >> > des
>>>> >> personnes
>>>> >> > autres que le destinataire vis? ne sont pas autoris?s et
>>>> >> > pourraient
>>>> >> ?tre ill?gaux.
>>>> >> > Si vous avez re?u ce courrier ?lectronique par erreur,
>>>> >> > veuillez en
>>>> >> aviser
>>>> >> > l'exp?diteur.
>>>> >> >
>>>> >> > --
>>>> >> > WARNING
>>>> >> > -------
>>>> >> > This electronic message and its attachments may contain
>>>> >> > confidential, proprietary or legally privileged information,
>>>> >> > which is solely for the
>>>> >> use of the
>>>> >> > intended recipient. No privilege or other rights are waived
>>>> >> > by any
>>>> >> unintended
>>>> >> > transmission or unauthorized retransmission of this message.
>>>> >> > If you
>>>> >> are not the
>>>> >> > intended recipient of this message, or if you have received it
>>>> >> > in
>>>> >> error, you
>>>> >> > should immediately stop reading this message and delete it and
>>>> >> > all attachments from your system. The reading, distribution,
>>>> >> > copying or
>>>> >> other use
>>>> >> > of this message or its attachments by unintended recipients is
>>>> >> unauthorized and
>>>> >> > may be unlawful. If you have received this e-mail in error,
>>>> >> > please
>>>> >> notify the
>>>> >> > sender.
>>>> >> >
>>>> >> > AVIS IMPORTANT
>>>> >> > --------------
>>>> >> > Ce message electronique et ses pieces jointes peuvent contenir
>>>> >> > des renseignements confidentiels, exclusifs ou legalement
>>>> >> > privilegies
>>>> >> destines au
>>>> >> > seul usage du destinataire vise. L'expediteur original ne
>>>> >> > renonce a
>>>> >> aucun
>>>> >> > privilege ou a aucun autre droit si le present message a ete
>>>> >> > transmis involontairement ou s'il est retransmis sans son
>>>> >> > autorisation. Si vous
>>>> >> n'etes pas
>>>> >> > le destinataire vise du present message ou si vous l'avez recu
>>>> >> > par
>>>> >> erreur,
>>>> >> > veuillez cesser immediatement de le lire et le supprimer,
>>>> >> > ainsi que
>>>> >> toutes ses
>>>> >> > pieces jointes, de votre systeme. La lecture, la
>>>> >> > distribution, la
>>>> >> copie ou tout
>>>> >> > autre usage du present message ou de ses pieces jointes par
>>>> >> > des
>>>> >> personnes
>>>> >> > autres que le destinataire vise ne sont pas autorises et
>>>> >> > pourraient
>>>> >> etre illegaux.
>>>> >> > Si vous avez recu ce courrier electronique par erreur,
>>>> >> > veuillez en
>>>> >> aviser
>>>> >> > l'expediteur.
>>>> >>
>>>> >>
>>>>
>>>> --
>>>> WARNING
>>>> -------
>>>> This electronic message and its attachments may contain
>>>> confidential, proprietary or legally privileged information, which
>>>> is solely for the use of the intended recipient. No privilege or
>>>> other rights are waived by any unintended transmission or
>>>> unauthorized retransmission of this message. If you are not the
>>>> intended recipient of this message, or if you have received it in
>>>> error, you should immediately stop reading this message and delete
>>>> it and all attachments from your system. The reading,
>>>> distribution, copying or other use of this message or its
>>>> attachments by unintended recipients is unauthorized and may be unlawful. If you have received this e-mail in error, please notify the sender.
>>>>
>>>> AVIS IMPORTANT
>>>> --------------
>>>> Ce message électronique et ses pièces jointes peuvent contenir des
>>>> renseignements confidentiels, exclusifs ou légalement privilégiés
>>>> destinés au seul usage du destinataire visé. L’expéditeur original
>>>> ne renonce à aucun privilège ou à aucun autre droit si le présent
>>>> message a été transmis involontairement ou s’il est retransmis sans
>>>> son autorisation. Si vous n’êtes pas le destinataire visé du
>>>> présent message ou si vous l’avez reçu par erreur, veuillez cesser
>>>> immédiatement de le lire et le supprimer, ainsi que toutes ses
>>>> pièces jointes, de votre système. La lecture, la distribution, la
>>>> copie ou tout autre usage du présent message ou de ses pièces
>>>> jointes par des personnes autres que le destinataire visé ne sont
>>>> pas autorisés et pourraient être illégaux. Si vous avez reçu ce courrier électronique par erreur, veuillez en aviser l’expéditeur.
>>>>
>>>>
>>>
>>
>
Re: How to Disable SSLv2 client hello in CXF?
Posted by Jason Pell <ja...@pellcorp.com>.
Here is the actual page which deals with the config for tls
http://cxf.apache.org/docs/tls-configuration.html
On Tue, Oct 28, 2014 at 5:06 AM, Jason Pell <ja...@pellcorp.com> wrote:
> See, but note that the secureSocketProtocol is missing from the examples.
> (Search in the page for Configuring SSL Support)
>
> http://cxf.apache.org/docs/client-http-transport-including-ssl-support.html
>
> On Tue, Oct 28, 2014 at 5:02 AM, Jason Pell <ja...@pellcorp.com> wrote:
>
>> So I did some digging to remind myself of how it works on the client and
>> I was dead wrong.
>>
>> I was thinking about how the server works (having just done the poodle
>> changes)
>>
>> Anyway, what Andrei was absolutely correct.
>>
>> You can see it applied in
>> org.apache.cxf.transport.https.SSLSocketFactoryWrapper. The
>> SSLSocketFactoryWrapper is called from the
>> org.apache.cxf.transport.https.HttpsURLConnectionFactory
>>
>> It results in the Socket Factory setEnabledProtocols to the actual
>> protocol you listed in the tls client parameters (see below)
>>
>> <http:tlsClientParameters disableCNCheck="true"
>> secureSocketProtocol="TLSv1">
>>
>> You need to make sure that your conduit configuration is being applied
>> correctly in web logic, perhaps its not being picked up.
>>
>>
>>
>>
>>
>>
>>
>> On Tue, Oct 28, 2014 at 4:36 AM, Jason Pell <ja...@pellcorp.com> wrote:
>>
>>> Hi,
>>>
>>> I run embedded jetty container
>>>
>>> Sorry I forgot that you were running weblogic when I responded. In that
>>> case do you even use the embedded jetty container? I am guessing no. If
>>> not, then you would need to use the standard weblogic ssl configuration.
>>>
>>> I don't believe CXF is responsible for any of the ssl config in that
>>> case. But then I am not very knowledgeable of cxf deployed to a j2ee
>>> container sorry.
>>>
>>> Sorry for the runaround and wasting your time
>>>
>>> Regards
>>> Jason
>>>
>>>
>>> On Tue, Oct 28, 2014 at 2:33 AM, David Roytenberg (Consultant) <
>>> David.Roytenberg@optimalpayments.com> wrote:
>>>
>>>> Hi Jason,
>>>>
>>>> Are you running on WebLogic by any chance? When I configured the
>>>> properties in the deployment to point to the WebLogic default key store and
>>>> trust store, I get a java.security.UnrecoverableKeyException while trying
>>>> to deploy my application. Did you encounter this problem?
>>>>
>>>> Here's my config:
>>>>
>>>> <constructor-arg>
>>>> <list>
>>>> <bean
>>>> class="com.pellcorp.server.jetty.JettyHttpEngineConfig">
>>>> <property name="uri" value="
>>>> https://localhost:7002" />
>>>> <property name="keyStoreFile"
>>>> value="/opt/weblogic_11/wlserver_10.3/server/lib/DemoIdentity.jks" />
>>>> <property
>>>> name="keyStorePassword" value="DemoIdentityKeyStorePassPhrase" />
>>>> <property name="trustStoreFile"
>>>> value="/opt/weblogic_11/wlserver_10.3/server/lib/DemoTrust.jks" />
>>>> <property
>>>> name="trustStorePassword" value="DemoTrustKeyStorePassPhrase" />
>>>> <property
>>>> name="secureSocketProtocol" value="TLSv1" />
>>>> </bean>
>>>>
>>>> <bean
>>>> class="com.pellcorp.server.jetty.JettyHttpEngineConfig">
>>>> <property name="uri" value="
>>>> https://localhost:7002" />
>>>> <property name="keyStoreFile"
>>>> value="/opt/weblogic_11/wlserver_10.3/server/lib/DemoIdentity.jks" />
>>>> <property
>>>> name="keyStorePassword" value="DemoIdentityKeyStorePassPhrase" />
>>>> <property
>>>> name="secureSocketProtocol" value="TLSv1" />
>>>> </bean>
>>>> </list>
>>>> </constructor-arg>
>>>>
>>>> David
>>>>
>>>> -----Original Message-----
>>>> From: jasonmpell@gmail.com [mailto:jasonmpell@gmail.com] On Behalf Of
>>>> Jason Pell
>>>> Sent: Monday, October 27, 2014 7:23 AM
>>>> To: users@cxf.apache.org
>>>> Subject: Re: How to Disable SSLv2 client hello in CXF?
>>>>
>>>> Hi,
>>>>
>>>> Here is a sample of using your own custom version of the jetty factory
>>>> in your spring context. It is pretty invasive, so its actually better to
>>>> wait for 2.7.14 and take advantage of the code already there. I use this
>>>> code for other reasons though, as it allows me to configure the trust / key
>>>> stores via spring properties.
>>>>
>>>>
>>>> https://github.com/pellcorp/cxf/tree/master/JavaFirst/src/main/java/com/pellcorp/server/jetty
>>>>
>>>>
>>>>
>>>> A sample spring context:
>>>>
>>>>
>>>> https://github.com/pellcorp/cxf/blob/master/JavaFirst/src/main/resources/META-INF/samlApplicationContext.xml
>>>>
>>>>
>>>>
>>>>
>>>> On Mon, Oct 27, 2014 at 9:44 PM, Jason Pell <ja...@pellcorp.com> wrote:
>>>>
>>>> > That setting won't actually control what protocols jetty will actually
>>>> > use. I think it just controls what the highest protocol is used.
>>>> >
>>>> > The excluded protocols list needs to include the sslv2 setting.
>>>> >
>>>> > we actually overrode the jetty factory jetty engine and one other
>>>> > class to get access to the SSL context to configure the excluded
>>>> > protocols. Not pretty but we can't wait for 2.7.14.
>>>> >
>>>> > If you are interested I shall post our classes to my git repo.
>>>> >
>>>> > Let me know
>>>> > On 27/10/2014 8:14 PM, "Andrei Shakirin" <as...@talend.com>
>>>> wrote:
>>>> >
>>>> >> Hi,
>>>> >>
>>>> >> I guess you mean TLSClientParameters.secureSocketProtocol in Conduit.
>>>> >>
>>>> >> As far as I can see this parameter is used for creating
>>>> >> java.net.ssl.SSLContext:
>>>> >> String protocol = parameters.getSecureSocketProtocol() !=
>>>> null ?
>>>> >> parameters
>>>> >> .getSecureSocketProtocol() : "TLS";
>>>> >>
>>>> >> The setting should work. How you apply conduit settings:
>>>> >> programmatically or via spring configuration?
>>>> >> Could you past the code snapshot?
>>>> >>
>>>> >> Regards,
>>>> >> Andrei.
>>>> >>
>>>> >> > -----Original Message-----
>>>> >> > From: David Roytenberg (Consultant)
>>>> >> > [mailto:David.Roytenberg@optimalpayments.com]
>>>> >> > Sent: Freitag, 24. Oktober 2014 17:46
>>>> >> > To: users@cxf.apache.org
>>>> >> > Subject: RE: How to Disable SSLv2 client hello in CXF?
>>>> >> >
>>>> >> > Hello again.
>>>> >> >
>>>> >> > I've dug further into the CXF documentation and found that it is
>>>> >> possible to
>>>> >> > programmatically set the SSL protocols on the TLSProperties object
>>>> >> > of
>>>> >> the
>>>> >> > Conduit.
>>>> >> >
>>>> >> > I've created the TLS properties and set the SSL protocols to TLS1,
>>>> >> > but
>>>> >> this does
>>>> >> > not change the SSL behavior, which still starts with TLSv1.2 then
>>>> >> > sends
>>>> >> the hello
>>>> >> > with SSLv2 which is then dropped on the client end. Is there
>>>> >> > another
>>>> >> switch that
>>>> >> > has to be set to over-ride the default SSL behavior?
>>>> >> >
>>>> >> > David
>>>> >> >
>>>> >> > -----Original Message-----
>>>> >> > From: David Roytenberg (Consultant)
>>>> >> > [mailto:David.Roytenberg@optimalpayments.com]
>>>> >> > Sent: Thursday, October 23, 2014 4:57 PM
>>>> >> > To: users@cxf.apache.org
>>>> >> > Subject: How to Disable SSLv2 client hello in CXF?
>>>> >> >
>>>> >> > I'm having an SSL problem and I wonder if there is a way to fix it
>>>> >> within CXF
>>>> >> >
>>>> >> > We have our CXF 2.7.6 based integration deployed on Weblogic 11.
>>>> >> > We are using JDK 1.7_065
>>>> >> >
>>>> >> > When we connect to our remote client via SSL we get the following
>>>> >> > trace
>>>> >> with
>>>> >> > lots of SSL debugging turned on
>>>> >> >
>>>> >> > What appears to be happening is that the Hello message is sent with
>>>> >> > an
>>>> >> SSLV2
>>>> >> > protocol, which our partner's server does not like. Apparently
>>>> >> > sending
>>>> >> the
>>>> >> > Hello at this level is a common behavior and apparently it
>>>> >> > sometimes
>>>> >> causes
>>>> >> > the remote server to fail. I found a suggestion on line that this
>>>> >> > can
>>>> >> be fixed by
>>>> >> > removing the SSLv2 from the allowed protocols. I am wondering if I
>>>> >> > can
>>>> >> do that
>>>> >> > through CFX configuration?
>>>> >> >
>>>> >> > This is a reference to the article that suggests that removing the
>>>> >> protocol is the
>>>> >> > solution to this problem:
>>>> >> >
>>>> >> >
>>>> >>
>>>> http://stackoverflow.com/questions/4682957/why-does-javas-sslsocket-s
>>>> >> end-a-
>>>> >> > version-2-client-hello
>>>> >> >
>>>> >> > The protocols are apparently set on the SSLContext in JSSE by
>>>> >> > calling setEnabledProtocols(String[] protocols)
>>>> >> >
>>>> >> > Is there a way to set the enabled protocols on the SSLContext via
>>>> >> > CXF configuration?
>>>> >> >
>>>> >> > If not, is there a way to get hold of the SSLContext
>>>> >> > programmatically
>>>> >> in a CXF
>>>> >> > interceptor?
>>>> >> >
>>>> >> > We can't fix this problem at the WebLogic level because of
>>>> >> > side-effects
>>>> >> on
>>>> >> > other apps. Thanks in advance for any suggestions or guidance!
>>>> >> >
>>>> >> > WebLogic SSL debug trace follows:
>>>> >> >
>>>> >> > %% No cached client session
>>>> >> > *** ClientHello, TLSv1.2
>>>> >> > RandomCookie: GMT: 1414096267 bytes = { 183, 209, 47, 148, 54,
>>>> >> > 202,
>>>> >> 98, 8,
>>>> >> > 191, 222, 122, 248, 80, 190, 53, 88, 128, 130, 126, 108, 100, 82,
>>>> >> > 100,
>>>> >> 197, 213,
>>>> >> > 31, 89, 96 } Session ID: {} Cipher Suites:
>>>> >> > [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
>>>> >> > TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
>>>> >> > TLS_RSA_WITH_AES_256_CBC_SHA256,
>>>> >> > TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
>>>> >> > TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
>>>> >> > TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS
>>>> >> > _WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
>>>> >> > TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
>>>> >> > TLS_RSA_WITH_AES_256_CBC_SHA,
>>>> >> > TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
>>>> >> > TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
>>>> >> > TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AE
>>>> >> > S_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
>>>> >> > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
>>>> >> > TLS_RSA_WITH_AES_128_CBC_SHA256,
>>>> >> > TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
>>>> >> > TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
>>>> >> > TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_
>>>> >> > WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
>>>> >> > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
>>>> >> > TLS_RSA_WITH_AES_128_CBC_SHA,
>>>> >> > TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
>>>> >> > TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
>>>> >> > TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES
>>>> >> > _128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
>>>> >> > TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA,
>>>> >> > TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA,
>>>> >> > TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
>>>> >> > TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_W
>>>> >> > ITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
>>>> >> > TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
>>>> >> > SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
>>>> >> > SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5,
>>>> >> > TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
>>>> >> > Compression Methods: { 0 }
>>>> >> > Extension elliptic_curves, curve names: {secp256r1, sect163k1,
>>>> >> sect163r2,
>>>> >> > secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1,
>>>> >> secp384r1,
>>>> >> > sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1,
>>>> >> secp160r1,
>>>> >> > secp160r2, sect163r1, secp1 92k1, sect193r1, sect193r2, secp224k1,
>>>> >> sect239k1,
>>>> >> > secp256k1} Extension ec_point_formats, formats: [uncompressed]
>>>> >> > Extension signature_algorithms, signature_algorithms:
>>>> >> > SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA,
>>>> >> > SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA,
>>>> >> > SHA1withECDSA, SHA1withRSA, SHA1withDSA, MD5withRSA
>>>> >> > ***
>>>> >> > [write] MD5 and SHA1 hashes: len = 221
>>>> >> > 0000: 01 00 00 D9 03 03 54 49 66 8B B7 D1 2F 94 36 CA
>>>> >> ......TIf.../.6.
>>>> >> > 0010: 62 08 BF DE 7A F8 50 BE 35 58 80 82 7E 6C 64 52
>>>> >> b...z.P.5X...ldR
>>>> >> > 0020: 64 C5 D5 1F 59 60 00 00 54 C0 24 C0 28 00 3D C0
>>>> >> d...Y`..T.$.(.=.
>>>> >> > 0030: 26 C0 2A 00 6B 00 6A C0 0A C0 14 00 35 C0 05 C0
>>>> >> &.*.k.j.....5...
>>>> >> > 0040: 0F 00 39 00 38 C0 23 C0 27 00 3C C0 25 C0 29 00
>>>> >> ..9.8.#.'.<.%.).
>>>> >> > 0050: 67 00 40 C0 09 C0 13 00 2F C0 04 C0 0E 00 33 00 g.@
>>>> >> ...../.....3.
>>>> >> > 0060: 32 C0 07 C0 11 00 05 C0 02 C0 0C C0 08 C0 12 00
>>>> >> 2...............
>>>> >> > 0070: 0A C0 03 C0 0D 00 16 00 13 00 04 00 FF 01 00 00
>>>> >> ................
>>>> >> > 0080: 5C 00 0A 00 34 00 32 00 17 00 01 00 03 00 13 00
>>>> >> \...4.2.........
>>>> >> > 0090: 15 00 06 00 07 00 09 00 0A 00 18 00 0B 00 0C 00
>>>> >> ................
>>>> >> > 00A0: 19 00 0D 00 0E 00 0F 00 10 00 11 00 02 00 12 00
>>>> >> ................
>>>> >> > 00B0: 04 00 05 00 14 00 08 00 16 00 0B 00 02 01 00 00
>>>> >> ................
>>>> >> > 00C0: 0D 00 1A 00 18 06 03 06 01 05 03 05 01 04 03 04
>>>> >> ................
>>>> >> > 00D0: 01 03 03 03 01 02 03 02 01 02 02 01 01
>>>> .............
>>>> >> > [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default
>>>> >> (self-tuning)',
>>>> >> > WRITE: TLSv1.2 Handshake, length = 221 [write] MD5 and SHA1 hashes:
>>>> >> len =
>>>> >> > 188
>>>> >> > 0000: 01 03 03 00 93 00 00 00 20 00 C0 24 00 C0 28 00 ........
>>>> >> ..$..(.
>>>> >> > 0010: 00 3D 00 C0 26 00 C0 2A 00 00 6B 00 00 6A 00 C0
>>>> >> .=..&..*..k..j..
>>>> >> > 0020: 0A 07 00 C0 00 C0 14 00 00 35 00 C0 05 00 C0 0F
>>>> >> .........5......
>>>> >> > 0030: 00 00 39 00 00 38 00 C0 23 00 C0 27 00 00 3C 00
>>>> >> ..9..8..#..'..<.
>>>> >> > 0040: C0 25 00 C0 29 00 00 67 00 00 40 00 C0 09 06 00
>>>> .%..)..g..@
>>>> >> .....
>>>> >> > 0050: 40 00 C0 13 00 00 2F 00 C0 04 01 00 80 00 C0 0E
>>>> >> @...../.........
>>>> >> > 0060: 00 00 33 00 00 32 00 C0 07 05 00 80 00 C0 11 00
>>>> >> ..3..2..........
>>>> >> > 0070: 00 05 00 C0 02 00 C0 0C 00 C0 08 00 C0 12 00 00
>>>> >> ................
>>>> >> > 0080: 0A 07 00 C0 00 C0 03 02 00 80 00 C0 0D 00 00 16
>>>> >> ................
>>>> >> > 0090: 00 00 13 00 00 04 01 00 80 00 00 FF 54 49 66 8B
>>>> >> ............TIf.
>>>> >> > 00A0: B7 D1 2F 94 36 CA 62 08 BF DE 7A F8 50 BE 35 58
>>>> >> ../.6.b...z.P.5X
>>>> >> > 00B0: 80 82 7E 6C 64 52 64 C5 D5 1F 59 60
>>>> ...ldRd...Y`
>>>> >> > [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default
>>>> >> (self-tuning)',
>>>> >> > WRITE: SSLv2 client hello message, length = 188 [Raw write]: length
>>>> >> > =
>>>> >> 190
>>>> >> > 0000: 80 BC 01 03 03 00 93 00 00 00 20 00 C0 24 00 C0 ..........
>>>> >> ..$..
>>>> >> > 0010: 28 00 00 3D 00 C0 26 00 C0 2A 00 00 6B 00 00 6A
>>>> >> (..=..&..*..k..j
>>>> >> > 0020: 00 C0 0A 07 00 C0 00 C0 14 00 00 35 00 C0 05 00
>>>> >> ...........5....
>>>> >> > 0030: C0 0F 00 00 39 00 00 38 00 C0 23 00 C0 27 00 00
>>>> >> ....9..8..#..'..
>>>> >> > 0040: 3C 00 C0 25 00 C0 29 00 00 67 00 00 40 00 C0 09
>>>> <..%..)..g..@
>>>> >> ...
>>>> >> > 0050: 06 00 40 00 C0 13 00 00 2F 00 C0 04 01 00 80 00
>>>> >> ..@...../.......
>>>> >> > 0060: C0 0E 00 00 33 00 00 32 00 C0 07 05 00 80 00 C0
>>>> >> ....3..2........
>>>> >> > 0070: 11 00 00 05 00 C0 02 00 C0 0C 00 C0 08 00 C0 12
>>>> >> ................
>>>> >> > 0080: 00 00 0A 07 00 C0 00 C0 03 02 00 80 00 C0 0D 00
>>>> >> ................
>>>> >> > 0090: 00 16 00 00 13 00 00 04 01 00 80 00 00 FF 54 49
>>>> >> ..............TI
>>>> >> > 00A0: 66 8B B7 D1 2F 94 36 CA 62 08 BF DE 7A F8 50 BE
>>>> >> f.../.6.b...z.P.
>>>> >> > 00B0: 35 58 80 82 7E 6C 64 52 64 C5 D5 1F 59 60
>>>> 5X...ldRd...Y`
>>>> >> > <Oct 23, 2014 4:35:23 PM EDT> <Debug> <SecuritySSL> <BEA-000000>
>>>> >> > <[Thread[[ACTIVE] ExecuteThread: '0' for queue:
>>>> >> 'weblogic.kernel.Default (self-
>>>> >> > tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseadapter:
>>>> SSLENGINE:
>>>> >> > SSLEngine.wrap(ByteBuffer,ByteBuffer)
>>>> >> > called: result=Status = OK HandshakeStatus = NEED_UNWRAP
>>>> >> > bytesConsumed =
>>>> >> > 0 bytesProduced = 190.> <Oct 23, 2014 4:35:23 PM EDT> <Debug>
>>>> >> > <SecuritySSL> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '0' for
>>>> >> queue:
>>>> >> > 'weblogic.kernel.Default (self-tuning)',5,Pooled
>>>> >> > Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE:
>>>> >> > SSLEngine.unwrap(ByteBuffer,ByteBuffer
>>>> >> > []) called: result=Status = BUFFER_UNDERFLOW HandshakeStatus =
>>>> >> > NEED_UNWRAP bytesConsumed = 0 bytesProduced = 0.> [Raw read]:
>>>> length = 5
>>>> >> > 0000: 15 03 03 00 02 .....
>>>> >> > [Raw read]: length = 2
>>>> >> > 0000: 02 28 .(
>>>> >> > [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default
>>>> >> (self-tuning)',
>>>> >> > READ: TLSv1.2 Alert, length = 2 [ACTIVE] ExecuteThread: '0' for
>>>> queue:
>>>> >> > 'weblogic.kernel.Default (self-tuning)', RECV TLSv1 ALERT: fatal,
>>>> >> > handshake_failure [ACTIVE] ExecuteThread: '0' for queue:
>>>> >> > 'weblogic.kernel.Default (self-tuning)', fatal: engine already
>>>> closed.
>>>> >> > Rethrowing javax.net.ssl.SSLException: Received fatal alert:
>>>> >> handshake_failure
>>>> >> > [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default
>>>> >> (self-tuning)',
>>>> >> > fatal: engine already closed. Rethrowing
>>>> javax.net.ssl.SSLException:
>>>> >> Received
>>>> >> > fatal alert: handshake_failure <Oct 23, 2014 4:35:23 PM EDT>
>>>> >> > <Debug> <SecuritySSL> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread:
>>>> >> > '0' for
>>>> >> queue:
>>>> >> > 'weblogic.kernel.Default (self-tuning)',5,Pooled
>>>> >> > Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE: Exception
>>>> >> occurred
>>>> >> > during SSLEngine.un wrap(ByteBuffer,ByteBuffer[]).
>>>> >> > javax.net.ssl.SSLException: Received fatal alert: handshake_failure
>>>> >> > at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
>>>> >> > at
>>>> sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1619)
>>>> >> > at
>>>> sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1587)
>>>> >> > at
>>>> >> sun.security.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1756)
>>>> >> > at
>>>> >> sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1060)
>>>> >> > at
>>>> >> sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:884)
>>>> >> > at
>>>> sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:758)
>>>> >> > at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:664)
>>>> >> > at
>>>> >> >
>>>> >> weblogic.security.SSL.jsseadapter.JaSSLEngine$5.run(JaSSLEngine.java:
>>>> >> 134)
>>>> >> > at
>>>> >> >
>>>> >> weblogic.security.SSL.jsseadapter.JaSSLEngine.doAction(JaSSLEngine.ja
>>>> >> va:732)
>>>> >> > at
>>>> >> >
>>>> >> weblogic.security.SSL.jsseadapter.JaSSLEngine.unwrap(JaSSLEngine.java
>>>> >> :132)
>>>> >> > at
>>>> >> weblogic.socket.JSSEFilterImpl.unwrap(JSSEFilterImpl.java:505)
>>>> >> > at
>>>> >> >
>>>> >> weblogic.socket.JSSEFilterImpl.unwrapAndHandleResults(JSSEFilterImpl.
>>>> >> java:44
>>>> >> > 8)
>>>> >> > at
>>>> >> weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:80)
>>>> >> > at
>>>> >> weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:64)
>>>> >> > at
>>>> >> weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:59)
>>>> >> > at
>>>> weblogic.socket.JSSEFilterImpl.write(JSSEFilterImpl.java:390)
>>>> >> > at
>>>> >> >
>>>> weblogic.socket.JSSESocket$JSSEOutputStream.write(JSSESocket.java:89)
>>>> >> > at
>>>> >> >
>>>> java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
>>>> >> > at
>>>> >> java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
>>>> >> > at
>>>> java.io.FilterOutputStream.flush(FilterOutputStream.java:140)
>>>> >> > at
>>>> >> >
>>>> >> weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.j
>>>> >> ava:1
>>>> >> > 86)
>>>> >> > at
>>>> >> >
>>>> >> weblogic.net.http.HttpURLConnection.getOutputStream(HttpURLConnection
>>>> >> .jav
>>>> >> > a:280)
>>>> >> > at
>>>> >> > org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectio
>>>> >> > nWra
>>>> >> > ppedOutputStream.setupWrappedStream(URLConnectionHTTPConduit.java:1
>>>> >> > 68
>>>> >> > )
>>>> >> > at
>>>> >> > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handl
>>>> >> > eHea
>>>> >> > dersTrustCaching(HTTPConduit.java:1278)
>>>> >> > at
>>>> >> >
>>>> >> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirst
>>>> >> Writ
>>>> >> > e(HTTPConduit.java:1234)
>>>> >> > at
>>>> >> > org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectio
>>>> >> > nWra
>>>> >> > ppedOutputStream.onFirstWrite(URLConnectionHTTPConduit.java:195)
>>>> >> > at
>>>> >> > org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrapped
>>>> >> > Outpu
>>>> >> > tStream.java:47)
>>>> >> > at
>>>> >> >
>>>> >> org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThresho
>>>> >> ldOutp
>>>> >> > utStream.java:69)
>>>> >> > at
>>>> >> > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close
>>>> >> > (HTTP
>>>> >> > Conduit.java:1291)
>>>> >> > at
>>>> >> org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:5
>>>> >> 6)
>>>> >> > at
>>>> >> org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:623)
>>>> >> > at
>>>> >> > org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEn
>>>> >> > dingI
>>>> >> > nterceptor.handleMessage(MessageSenderInterceptor.java:62)
>>>> >> > at
>>>> >> >
>>>> >> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseIntercept
>>>> >> orChai
>>>> >> > n.java:271)
>>>> >> > at
>>>> >> org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:541)
>>>> >> > at
>>>> >> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:474)
>>>> >> > at
>>>> >> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:377)
>>>> >> > at
>>>> >> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:330)
>>>> >> > at
>>>> >> org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
>>>> >> > at
>>>> >> >
>>>> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:134)
>>>> >> > at com.sun.proxy.$Proxy258.startTransaction(Unknown Source)
>>>> >> > at
>>>> >> >
>>>> >> com.optimal.identity.gateway.equifax.eidverify.VerifyClient.initiateV
>>>> >> erification(
>>>> >> > VerifyClient.java:87)
>>>> >> > at
>>>> >> >
>>>> >> com.optimal.identity.gateway.equifax.eidverify.VerifyGateway.submitIn
>>>> >> itial(Ve
>>>> >> > rifyGateway.java:24)
>>>> >> > at
>>>> >> >
>>>> >> com.optimal.identity.service.IdentificationServiceImpl.submitInitial(
>>>> >> Identificatio
>>>> >> > nServiceImpl.java:147)
>>>> >> > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
>>>> Method)
>>>> >> > at
>>>> >> >
>>>> >>
>>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:
>>>> >> > 57)
>>>> >> > at
>>>> >> >
>>>> >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
>>>> >> sorI
>>>> >> > mpl.java:43)
>>>> >> > at java.lang.reflect.Method.invoke(Method.java:606)
>>>> >> > at
>>>> >> >
>>>> >> org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflecti
>>>> >> on(Aop
>>>> >> > Utils.java:317)
>>>> >> > at
>>>> >> >
>>>> >> org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJo
>>>> >> inpo
>>>> >> > int(ReflectiveMethodInvocation.java:183)
>>>> >> > at
>>>> >> >
>>>> >> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(
>>>> >> Refl
>>>> >> > ectiveMethodInvocation.java:150)
>>>> >> > at
>>>> >> >
>>>> >>
>>>> org.springframework.transaction.interceptor.TransactionInterceptor.in
>>>> >> voke(Tra
>>>> >> > nsactionInterceptor.java:110)
>>>> >> > at
>>>> >> >
>>>> >> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(
>>>> >> Refl
>>>> >> > ectiveMethodInvocation.java:172)
>>>> >> > at
>>>> >> > org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDyna
>>>> >> > mic
>>>> >> > AopProxy.java:204)
>>>> >> > at com.sun.proxy.$Proxy211.submitInitial(Unknown Source)
>>>> >> > at
>>>> >> >
>>>> >> com.optimal.identity.web.rest.IdentificationController.create(Identif
>>>> >> icationCont
>>>> >> > roller.java:133)
>>>> >> > at
>>>> >> >
>>>> >> com.optimal.identity.web.rest.IdentificationController$$FastClassByCG
>>>> >> LIB$$95f
>>>> >> > 388d3.invoke(<generated>)
>>>> >> > at
>>>> >> >
>>>> org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
>>>> >> > at
>>>> >> > org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocati
>>>> >> > on.in
>>>> >> > vokeJoinpoint(CglibAopProxy.java:698)
>>>> >> > at
>>>> >> >
>>>> >> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(
>>>> >> Refl
>>>> >> > ectiveMethodInvocation.java:150)
>>>> >> > at
>>>> >> >
>>>> >> org.springframework.security.access.intercept.aopalliance.MethodSecur
>>>> >> ityInter
>>>> >> > ceptor.invoke(MethodSecurityInterceptor.java:64)
>>>> >> > at
>>>> >> >
>>>> >> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(
>>>> >> Refl
>>>> >> > ectiveMethodInvocation.java:172)
>>>> >> > at
>>>> >> > org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInter
>>>> >> > cept
>>>> >> > or.intercept(CglibAopProxy.java:631)
>>>> >> > at
>>>> >> >
>>>> >> com.optimal.identity.web.rest.IdentificationController$$EnhancerByCGL
>>>> >> IB$$36
>>>> >> > b7b48f.create(<generated>)
>>>> >> > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
>>>> Method)
>>>> >> > at
>>>> >> >
>>>> >>
>>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:
>>>> >> > 57)
>>>> >> > at
>>>> >> >
>>>> >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
>>>> >> sorI
>>>> >> > mpl.java:43)
>>>> >> > at java.lang.reflect.Method.invoke(Method.java:606)
>>>> >> > at
>>>> >> > org.springframework.web.method.support.InvocableHandlerMethod.invok
>>>> >> > e(Inv
>>>> >> > ocableHandlerMethod.java:219)
>>>> >> > at
>>>> >> > org.springframework.web.method.support.InvocableHandlerMethod.invok
>>>> >> > eFor
>>>> >> > Request(InvocableHandlerMethod.java:132)
>>>> >> > at
>>>> >> >
>>>> >> org.springframework.web.servlet.mvc.method.annotation.ServletInvocabl
>>>> >> eHan
>>>> >> > dlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:104)
>>>> >> > at
>>>> >> > org.springframework.web.servlet.mvc.method.annotation.RequestMappin
>>>> >> > gHan
>>>> >> >
>>>> dlerAdapter.invokeHandleMethod(RequestMappingHandlerAdapter.java:745)
>>>> >> > at
>>>> >> > org.springframework.web.servlet.mvc.method.annotation.RequestMappin
>>>> >> > gHan
>>>> >> > dlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:686)
>>>> >> > at
>>>> >> >
>>>> org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.
>>>> >> > handle(AbstractHandlerMethodAdapter.java:80)
>>>> >> > at
>>>> >> >
>>>> >> org.springframework.web.servlet.DispatcherServlet.doDispatch(Dispatch
>>>> >> erServl
>>>> >> > et.java:925)
>>>> >> > at
>>>> >> >
>>>> >> org.springframework.web.servlet.DispatcherServlet.doService(Dispatche
>>>> >> rServle
>>>> >> > t.java:856)
>>>> >> > at
>>>> >> > org.springframework.web.servlet.FrameworkServlet.processRequest(Fra
>>>> >> > mewor
>>>> >> > kServlet.java:920)
>>>> >> > at
>>>> >> >
>>>> >> org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServ
>>>> >> let.j
>>>> >> > ava:827)
>>>> >> > at
>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
>>>> >> > at
>>>> >> >
>>>> >>
>>>> org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.
>>>> >> > java:801)
>>>> >> > at
>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
>>>> >> > at
>>>> >> >
>>>> >> weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run
>>>> >> (StubSecu
>>>> >> > rityHelper.java:227)
>>>> >> > at
>>>> >> >
>>>> >> weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecuri
>>>> >> tyHelper.j
>>>> >> > ava:125)
>>>> >> > at
>>>> >> >
>>>> >> weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.jav
>>>> >> a:301)
>>>> >> > at
>>>> >> weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
>>>> >> > at
>>>> >> >
>>>> >> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.ja
>>>> >> va:56)
>>>> >> > at
>>>> >> >
>>>> >> org.springframework.web.filter.ShallowEtagHeaderFilter.doFilterIntern
>>>> >> al(Shallo
>>>> >> > wEtagHeaderFilter.java:73)
>>>> >> > at
>>>> >> >
>>>> >> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerR
>>>> >> equest
>>>> >> > Filter.java:107)
>>>> >> > at
>>>> >> >
>>>> >> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(D
>>>> >> elegati
>>>> >> > ngFilterProxy.java:346)
>>>> >> > at
>>>> >> >
>>>> >> org.springframework.web.filter.DelegatingFilterProxy.doFilter(Delegat
>>>> >> ingFilter
>>>> >> > Proxy.java:259)
>>>> >> > at
>>>> >> >
>>>> >> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.ja
>>>> >> va:56)
>>>> >> > at
>>>> >> >
>>>> >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
>>>> >> doFilter(
>>>> >> > FilterChainProxy.java:330)
>>>> >> > at
>>>> >> >
>>>> >> org.springframework.security.web.access.intercept.FilterSecurityInter
>>>> >> ceptor.inv
>>>> >> > oke(FilterSecurityInterceptor.java:118)
>>>> >> > at
>>>> >> >
>>>> >> org.springframework.security.web.access.intercept.FilterSecurityInter
>>>> >> ceptor.do
>>>> >> > Filter(FilterSecurityInterceptor.java:84)
>>>> >> > at
>>>> >> >
>>>> >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
>>>> >> doFilter(
>>>> >> > FilterChainProxy.java:342)
>>>> >> > at
>>>> >> >
>>>> >>
>>>> org.springframework.security.web.access.ExceptionTranslationFilter.do
>>>> >> Filter(Ex
>>>> >> > ceptionTranslationFilter.java:113)
>>>> >> > at
>>>> >> >
>>>> >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
>>>> >> doFilter(
>>>> >> > FilterChainProxy.java:342)
>>>> >> > at
>>>> >> >
>>>> >> org.springframework.security.web.authentication.AnonymousAuthenticati
>>>> >> onFilt
>>>> >> > er.doFilter(AnonymousAuthenticationFilter.java:113)
>>>> >> > at
>>>> >> >
>>>> >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
>>>> >> doFilter(
>>>> >> > FilterChainProxy.java:342)
>>>> >> > at
>>>> >> >
>>>> >> org.springframework.security.web.servletapi.SecurityContextHolderAwar
>>>> >> eRequ
>>>> >> > estFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
>>>> >> > at
>>>> >> >
>>>> >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
>>>> >> doFilter(
>>>> >> > FilterChainProxy.java:342)
>>>> >> > at
>>>> >> >
>>>> >> org.springframework.security.web.authentication.www.BasicAuthenticati
>>>> >> onFilt
>>>> >> > er.doFilter(BasicAuthenticationFilter.java:201)
>>>> >> > at
>>>> >> >
>>>> >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
>>>> >> doFilter(
>>>> >> > FilterChainProxy.java:342)
>>>> >> > at
>>>> >> >
>>>> >> org.springframework.security.web.context.SecurityContextPersistenceFi
>>>> >> lter.doF
>>>> >> > ilter(SecurityContextPersistenceFilter.java:87)
>>>> >> > at
>>>> >> >
>>>> >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
>>>> >> doFilter(
>>>> >> > FilterChainProxy.java:342)
>>>> >> > at
>>>> >> >
>>>> >> org.springframework.security.web.FilterChainProxy.doFilterInternal(Fi
>>>> >> lterChain
>>>> >> > Proxy.java:192)
>>>> >> > at
>>>> >> >
>>>> >> org.springframework.security.web.FilterChainProxy.doFilter(FilterChai
>>>> >> nProxy.ja
>>>> >> > va:160)
>>>> >> > at
>>>> >> >
>>>> >> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(D
>>>> >> elegati
>>>> >> > ngFilterProxy.java:346)
>>>> >> > at
>>>> >> >
>>>> >> org.springframework.web.filter.DelegatingFilterProxy.doFilter(Delegat
>>>> >> ingFilter
>>>> >> > Proxy.java:259)
>>>> >> > at
>>>> >> >
>>>> >> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.ja
>>>> >> va:56)
>>>> >> > at
>>>> >> >
>>>> >> com.optimal.rest.loggerfilter.LoggerFilter.doFilterInternal(LoggerFil
>>>> >> ter.java:16
>>>> >> > 9)
>>>> >> > at
>>>> >> >
>>>> >> com.optimal.rest.loggerfilter.LoggerFilter.doFilter(LoggerFilter.java
>>>> >> :123)
>>>> >> > at
>>>> >> >
>>>> >> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(D
>>>> >> elegati
>>>> >> > ngFilterProxy.java:346)
>>>> >> > at
>>>> >> >
>>>> >> org.springframework.web.filter.DelegatingFilterProxy.doFilter(Delegat
>>>> >> ingFilter
>>>> >> > Proxy.java:259)
>>>> >> > at
>>>> >> >
>>>> >> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.ja
>>>> >> va:56)
>>>> >> > at
>>>> >> >
>>>> >> com.optimal.web.spring.filter.ApplicationUidFilter.doFilterInternal(A
>>>> >> pplicationU
>>>> >> > idFilter.java:51)
>>>> >> > at
>>>> >> >
>>>> >> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerR
>>>> >> equest
>>>> >> > Filter.java:107)
>>>> >> > at
>>>> >> >
>>>> >> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(D
>>>> >> elegati
>>>> >> > ngFilterProxy.java:346)
>>>> >> > at
>>>> >> >
>>>> >> org.springframework.web.filter.DelegatingFilterProxy.doFilter(Delegat
>>>> >> ingFilter
>>>> >> > Proxy.java:259)
>>>> >> > at
>>>> >> >
>>>> >> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.ja
>>>> >> va:56)
>>>> >> > at
>>>> >> >
>>>> >> weblogic.servlet.internal.WebAppServletContext$ServletInvocationActio
>>>> >> n.wrap
>>>> >> > Run(WebAppServletContext.java:3730)
>>>> >> > at
>>>> >> >
>>>> >> weblogic.servlet.internal.WebAppServletContext$ServletInvocationActio
>>>> >> n.run(
>>>> >> > WebAppServletContext.java:3696)
>>>> >> > at
>>>> >> >
>>>> >> weblogic.security.acl.internal.AuthenticatedSubject.doAs(Authenticate
>>>> >> dSubject.j
>>>> >> > ava:321)
>>>> >> > at
>>>> >> >
>>>> >> weblogic.security.service.SecurityManager.runAs(SecurityManager.java:
>>>> >> 120)
>>>> >> > at
>>>> >> >
>>>> >> weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppS
>>>> >> ervl
>>>> >> > etContext.java:2273)
>>>> >> > at
>>>> >> >
>>>> >> weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletC
>>>> >> onte
>>>> >> > xt.java:2179)
>>>> >> > at
>>>> >> >
>>>> >> weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.j
>>>> >> ava:1490
>>>> >> > )
>>>> >> > at
>>>> weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
>>>> >> > at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
>>>> >> > >
>>>> >> > AVIS IMPORTANT
>>>> >> >
>>>> >> > WARNING
>>>> >> >
>>>> >> >
>>>> >> > Ce message ?lectronique et ses pi?ces jointes peuvent contenir des
>>>> >> > renseignements confidentiels, exclusifs ou l?galement privil?gi?s
>>>> >> destin?s au
>>>> >> > seul usage du destinataire vis?. L'exp?diteur original ne renonce ?
>>>> >> aucun
>>>> >> > privil?ge ou ? aucun autre droit si le pr?sent message a ?t?
>>>> >> > transmis involontairement ou s'il est retransmis sans son
>>>> >> > autorisation. Si vous
>>>> >> n'?tes pas
>>>> >> > le destinataire vis? du pr?sent message ou si vous l'avez re?u par
>>>> >> erreur,
>>>> >> > veuillez cesser imm?diatement de le lire et le supprimer, ainsi que
>>>> >> toutes ses
>>>> >> > pi?ces jointes, de votre syst?me. La lecture, la distribution, la
>>>> >> > copie
>>>> >> ou tout
>>>> >> > autre usage du pr?sent message ou de ses pi?ces jointes par des
>>>> >> personnes
>>>> >> > autres que le destinataire vis? ne sont pas autoris?s et pourraient
>>>> >> ?tre ill?gaux.
>>>> >> > Si vous avez re?u ce courrier ?lectronique par erreur, veuillez en
>>>> >> aviser
>>>> >> > l'exp?diteur.
>>>> >> >
>>>> >> >
>>>> >> > This electronic message and its attachments may contain
>>>> >> > confidential, proprietary or legally privileged information, which
>>>> >> > is solely for the
>>>> >> use of the
>>>> >> > intended recipient. No privilege or other rights are waived by any
>>>> >> unintended
>>>> >> > transmission or unauthorized retransmission of this message. If you
>>>> >> > are
>>>> >> not the
>>>> >> > intended recipient of this message, or if you have received it in
>>>> >> error, you
>>>> >> > should immediately stop reading this message and delete it and all
>>>> >> > attachments from your system. The reading, distribution, copying or
>>>> >> other use
>>>> >> > of this message or its attachments by unintended recipients is
>>>> >> unauthorized and
>>>> >> > may be unlawful. If you have received this e-mail in error, please
>>>> >> notify the
>>>> >> > sender.
>>>> >> >
>>>> >> > --
>>>> >> > WARNING
>>>> >> > -------
>>>> >> > This electronic message and its attachments may contain
>>>> >> > confidential, proprietary or legally privileged information, which
>>>> >> > is solely for the
>>>> >> use of the
>>>> >> > intended recipient. No privilege or other rights are waived by any
>>>> >> unintended
>>>> >> > transmission or unauthorized retransmission of this message. If
>>>> >> > you
>>>> >> are not the
>>>> >> > intended recipient of this message, or if you have received it in
>>>> >> error, you
>>>> >> > should immediately stop reading this message and delete it and all
>>>> >> > attachments from your system. The reading, distribution, copying
>>>> >> > or
>>>> >> other use
>>>> >> > of this message or its attachments by unintended recipients is
>>>> >> unauthorized and
>>>> >> > may be unlawful. If you have received this e-mail in error, please
>>>> >> notify the
>>>> >> > sender.
>>>> >> >
>>>> >> > AVIS IMPORTANT
>>>> >> > --------------
>>>> >> > Ce message electronique et ses pieces jointes peuvent contenir des
>>>> >> > renseignements confidentiels, exclusifs ou legalement privilegies
>>>> >> destines au
>>>> >> > seul usage du destinataire vise. L'expediteur original ne renonce
>>>> >> > a
>>>> >> aucun
>>>> >> > privilege ou a aucun autre droit si le present message a ete
>>>> >> > transmis involontairement ou s'il est retransmis sans son
>>>> >> > autorisation. Si vous
>>>> >> n'etes pas
>>>> >> > le destinataire vise du present message ou si vous l'avez recu par
>>>> >> erreur,
>>>> >> > veuillez cesser immediatement de le lire et le supprimer, ainsi que
>>>> >> toutes ses
>>>> >> > pieces jointes, de votre systeme. La lecture, la distribution, la
>>>> >> copie ou tout
>>>> >> > autre usage du present message ou de ses pieces jointes par des
>>>> >> personnes
>>>> >> > autres que le destinataire vise ne sont pas autorises et pourraient
>>>> >> etre illegaux.
>>>> >> > Si vous avez recu ce courrier electronique par erreur, veuillez en
>>>> >> aviser
>>>> >> > l'expediteur.
>>>> >> >
>>>> >> >
>>>> >> > --
>>>> >> > WARNING
>>>> >> > -------
>>>> >> > This electronic message and its attachments may contain
>>>> >> > confidential, proprietary or legally privileged information, which
>>>> >> > is solely for the
>>>> >> use of the
>>>> >> > intended recipient. No privilege or other rights are waived by any
>>>> >> unintended
>>>> >> > transmission or unauthorized retransmission of this message. If
>>>> >> > you
>>>> >> are not the
>>>> >> > intended recipient of this message, or if you have received it in
>>>> >> error, you
>>>> >> > should immediately stop reading this message and delete it and all
>>>> >> > attachments from your system. The reading, distribution, copying
>>>> >> > or
>>>> >> other use
>>>> >> > of this message or its attachments by unintended recipients is
>>>> >> unauthorized and
>>>> >> > may be unlawful. If you have received this e-mail in error, please
>>>> >> notify the
>>>> >> > sender.
>>>> >> >
>>>> >> > AVIS IMPORTANT
>>>> >> > --------------
>>>> >> > Ce message ?lectronique et ses pi?ces jointes peuvent contenir des
>>>> >> > renseignements confidentiels, exclusifs ou l?galement privil?gi?s
>>>> >> destin?s au
>>>> >> > seul usage du destinataire vis?. L'exp?diteur original ne renonce
>>>> ?
>>>> >> aucun
>>>> >> > privil?ge ou ? aucun autre droit si le pr?sent message a ?t?
>>>> >> > transmis involontairement ou s'il est retransmis sans son
>>>> >> > autorisation. Si vous
>>>> >> n'?tes pas
>>>> >> > le destinataire vis? du pr?sent message ou si vous l'avez re?u par
>>>> >> erreur,
>>>> >> > veuillez cesser imm?diatement de le lire et le supprimer, ainsi que
>>>> >> toutes ses
>>>> >> > pi?ces jointes, de votre syst?me. La lecture, la distribution, la
>>>> >> copie ou tout
>>>> >> > autre usage du pr?sent message ou de ses pi?ces jointes par des
>>>> >> personnes
>>>> >> > autres que le destinataire vis? ne sont pas autoris?s et pourraient
>>>> >> ?tre ill?gaux.
>>>> >> > Si vous avez re?u ce courrier ?lectronique par erreur, veuillez en
>>>> >> aviser
>>>> >> > l'exp?diteur.
>>>> >> >
>>>> >> > --
>>>> >> > WARNING
>>>> >> > -------
>>>> >> > This electronic message and its attachments may contain
>>>> >> > confidential, proprietary or legally privileged information, which
>>>> >> > is solely for the
>>>> >> use of the
>>>> >> > intended recipient. No privilege or other rights are waived by any
>>>> >> unintended
>>>> >> > transmission or unauthorized retransmission of this message. If
>>>> >> > you
>>>> >> are not the
>>>> >> > intended recipient of this message, or if you have received it in
>>>> >> error, you
>>>> >> > should immediately stop reading this message and delete it and all
>>>> >> > attachments from your system. The reading, distribution, copying
>>>> >> > or
>>>> >> other use
>>>> >> > of this message or its attachments by unintended recipients is
>>>> >> unauthorized and
>>>> >> > may be unlawful. If you have received this e-mail in error, please
>>>> >> notify the
>>>> >> > sender.
>>>> >> >
>>>> >> > AVIS IMPORTANT
>>>> >> > --------------
>>>> >> > Ce message electronique et ses pieces jointes peuvent contenir des
>>>> >> > renseignements confidentiels, exclusifs ou legalement privilegies
>>>> >> destines au
>>>> >> > seul usage du destinataire vise. L'expediteur original ne renonce
>>>> >> > a
>>>> >> aucun
>>>> >> > privilege ou a aucun autre droit si le present message a ete
>>>> >> > transmis involontairement ou s'il est retransmis sans son
>>>> >> > autorisation. Si vous
>>>> >> n'etes pas
>>>> >> > le destinataire vise du present message ou si vous l'avez recu par
>>>> >> erreur,
>>>> >> > veuillez cesser immediatement de le lire et le supprimer, ainsi que
>>>> >> toutes ses
>>>> >> > pieces jointes, de votre systeme. La lecture, la distribution, la
>>>> >> copie ou tout
>>>> >> > autre usage du present message ou de ses pieces jointes par des
>>>> >> personnes
>>>> >> > autres que le destinataire vise ne sont pas autorises et pourraient
>>>> >> etre illegaux.
>>>> >> > Si vous avez recu ce courrier electronique par erreur, veuillez en
>>>> >> aviser
>>>> >> > l'expediteur.
>>>> >>
>>>> >>
>>>>
>>>> --
>>>> WARNING
>>>> -------
>>>> This electronic message and its attachments may contain confidential,
>>>> proprietary or legally privileged information, which is solely for the use
>>>> of the intended recipient. No privilege or other rights are waived by any
>>>> unintended transmission or unauthorized retransmission of this message. If
>>>> you are not the intended recipient of this message, or if you have received
>>>> it in error, you should immediately stop reading this message and delete it
>>>> and all attachments from your system. The reading, distribution, copying
>>>> or other use of this message or its attachments by unintended recipients is
>>>> unauthorized and may be unlawful. If you have received this e-mail in
>>>> error, please notify the sender.
>>>>
>>>> AVIS IMPORTANT
>>>> --------------
>>>> Ce message électronique et ses pièces jointes peuvent contenir des
>>>> renseignements confidentiels, exclusifs ou légalement privilégiés destinés
>>>> au seul usage du destinataire visé. L’expéditeur original ne renonce à
>>>> aucun privilège ou à aucun autre droit si le présent message a été transmis
>>>> involontairement ou s’il est retransmis sans son autorisation. Si vous
>>>> n’êtes pas le destinataire visé du présent message ou si vous l’avez reçu
>>>> par erreur, veuillez cesser immédiatement de le lire et le supprimer, ainsi
>>>> que toutes ses pièces jointes, de votre système. La lecture, la
>>>> distribution, la copie ou tout autre usage du présent message ou de ses
>>>> pièces jointes par des personnes autres que le destinataire visé ne sont
>>>> pas autorisés et pourraient être illégaux. Si vous avez reçu ce courrier
>>>> électronique par erreur, veuillez en aviser l’expéditeur.
>>>>
>>>>
>>>
>>
>
Re: How to Disable SSLv2 client hello in CXF?
Posted by Jason Pell <ja...@pellcorp.com>.
See, but note that the secureSocketProtocol is missing from the examples.
(Search in the page for Configuring SSL Support)
http://cxf.apache.org/docs/client-http-transport-including-ssl-support.html
On Tue, Oct 28, 2014 at 5:02 AM, Jason Pell <ja...@pellcorp.com> wrote:
> So I did some digging to remind myself of how it works on the client and I
> was dead wrong.
>
> I was thinking about how the server works (having just done the poodle
> changes)
>
> Anyway, what Andrei was absolutely correct.
>
> You can see it applied in
> org.apache.cxf.transport.https.SSLSocketFactoryWrapper. The
> SSLSocketFactoryWrapper is called from the
> org.apache.cxf.transport.https.HttpsURLConnectionFactory
>
> It results in the Socket Factory setEnabledProtocols to the actual
> protocol you listed in the tls client parameters (see below)
>
> <http:tlsClientParameters disableCNCheck="true"
> secureSocketProtocol="TLSv1">
>
> You need to make sure that your conduit configuration is being applied
> correctly in web logic, perhaps its not being picked up.
>
>
>
>
>
>
>
> On Tue, Oct 28, 2014 at 4:36 AM, Jason Pell <ja...@pellcorp.com> wrote:
>
>> Hi,
>>
>> I run embedded jetty container
>>
>> Sorry I forgot that you were running weblogic when I responded. In that
>> case do you even use the embedded jetty container? I am guessing no. If
>> not, then you would need to use the standard weblogic ssl configuration.
>>
>> I don't believe CXF is responsible for any of the ssl config in that
>> case. But then I am not very knowledgeable of cxf deployed to a j2ee
>> container sorry.
>>
>> Sorry for the runaround and wasting your time
>>
>> Regards
>> Jason
>>
>>
>> On Tue, Oct 28, 2014 at 2:33 AM, David Roytenberg (Consultant) <
>> David.Roytenberg@optimalpayments.com> wrote:
>>
>>> Hi Jason,
>>>
>>> Are you running on WebLogic by any chance? When I configured the
>>> properties in the deployment to point to the WebLogic default key store and
>>> trust store, I get a java.security.UnrecoverableKeyException while trying
>>> to deploy my application. Did you encounter this problem?
>>>
>>> Here's my config:
>>>
>>> <constructor-arg>
>>> <list>
>>> <bean
>>> class="com.pellcorp.server.jetty.JettyHttpEngineConfig">
>>> <property name="uri" value="
>>> https://localhost:7002" />
>>> <property name="keyStoreFile"
>>> value="/opt/weblogic_11/wlserver_10.3/server/lib/DemoIdentity.jks" />
>>> <property
>>> name="keyStorePassword" value="DemoIdentityKeyStorePassPhrase" />
>>> <property name="trustStoreFile"
>>> value="/opt/weblogic_11/wlserver_10.3/server/lib/DemoTrust.jks" />
>>> <property
>>> name="trustStorePassword" value="DemoTrustKeyStorePassPhrase" />
>>> <property
>>> name="secureSocketProtocol" value="TLSv1" />
>>> </bean>
>>>
>>> <bean
>>> class="com.pellcorp.server.jetty.JettyHttpEngineConfig">
>>> <property name="uri" value="
>>> https://localhost:7002" />
>>> <property name="keyStoreFile"
>>> value="/opt/weblogic_11/wlserver_10.3/server/lib/DemoIdentity.jks" />
>>> <property
>>> name="keyStorePassword" value="DemoIdentityKeyStorePassPhrase" />
>>> <property
>>> name="secureSocketProtocol" value="TLSv1" />
>>> </bean>
>>> </list>
>>> </constructor-arg>
>>>
>>> David
>>>
>>> -----Original Message-----
>>> From: jasonmpell@gmail.com [mailto:jasonmpell@gmail.com] On Behalf Of
>>> Jason Pell
>>> Sent: Monday, October 27, 2014 7:23 AM
>>> To: users@cxf.apache.org
>>> Subject: Re: How to Disable SSLv2 client hello in CXF?
>>>
>>> Hi,
>>>
>>> Here is a sample of using your own custom version of the jetty factory
>>> in your spring context. It is pretty invasive, so its actually better to
>>> wait for 2.7.14 and take advantage of the code already there. I use this
>>> code for other reasons though, as it allows me to configure the trust / key
>>> stores via spring properties.
>>>
>>>
>>> https://github.com/pellcorp/cxf/tree/master/JavaFirst/src/main/java/com/pellcorp/server/jetty
>>>
>>>
>>>
>>> A sample spring context:
>>>
>>>
>>> https://github.com/pellcorp/cxf/blob/master/JavaFirst/src/main/resources/META-INF/samlApplicationContext.xml
>>>
>>>
>>>
>>>
>>> On Mon, Oct 27, 2014 at 9:44 PM, Jason Pell <ja...@pellcorp.com> wrote:
>>>
>>> > That setting won't actually control what protocols jetty will actually
>>> > use. I think it just controls what the highest protocol is used.
>>> >
>>> > The excluded protocols list needs to include the sslv2 setting.
>>> >
>>> > we actually overrode the jetty factory jetty engine and one other
>>> > class to get access to the SSL context to configure the excluded
>>> > protocols. Not pretty but we can't wait for 2.7.14.
>>> >
>>> > If you are interested I shall post our classes to my git repo.
>>> >
>>> > Let me know
>>> > On 27/10/2014 8:14 PM, "Andrei Shakirin" <as...@talend.com> wrote:
>>> >
>>> >> Hi,
>>> >>
>>> >> I guess you mean TLSClientParameters.secureSocketProtocol in Conduit.
>>> >>
>>> >> As far as I can see this parameter is used for creating
>>> >> java.net.ssl.SSLContext:
>>> >> String protocol = parameters.getSecureSocketProtocol() !=
>>> null ?
>>> >> parameters
>>> >> .getSecureSocketProtocol() : "TLS";
>>> >>
>>> >> The setting should work. How you apply conduit settings:
>>> >> programmatically or via spring configuration?
>>> >> Could you past the code snapshot?
>>> >>
>>> >> Regards,
>>> >> Andrei.
>>> >>
>>> >> > -----Original Message-----
>>> >> > From: David Roytenberg (Consultant)
>>> >> > [mailto:David.Roytenberg@optimalpayments.com]
>>> >> > Sent: Freitag, 24. Oktober 2014 17:46
>>> >> > To: users@cxf.apache.org
>>> >> > Subject: RE: How to Disable SSLv2 client hello in CXF?
>>> >> >
>>> >> > Hello again.
>>> >> >
>>> >> > I've dug further into the CXF documentation and found that it is
>>> >> possible to
>>> >> > programmatically set the SSL protocols on the TLSProperties object
>>> >> > of
>>> >> the
>>> >> > Conduit.
>>> >> >
>>> >> > I've created the TLS properties and set the SSL protocols to TLS1,
>>> >> > but
>>> >> this does
>>> >> > not change the SSL behavior, which still starts with TLSv1.2 then
>>> >> > sends
>>> >> the hello
>>> >> > with SSLv2 which is then dropped on the client end. Is there
>>> >> > another
>>> >> switch that
>>> >> > has to be set to over-ride the default SSL behavior?
>>> >> >
>>> >> > David
>>> >> >
>>> >> > -----Original Message-----
>>> >> > From: David Roytenberg (Consultant)
>>> >> > [mailto:David.Roytenberg@optimalpayments.com]
>>> >> > Sent: Thursday, October 23, 2014 4:57 PM
>>> >> > To: users@cxf.apache.org
>>> >> > Subject: How to Disable SSLv2 client hello in CXF?
>>> >> >
>>> >> > I'm having an SSL problem and I wonder if there is a way to fix it
>>> >> within CXF
>>> >> >
>>> >> > We have our CXF 2.7.6 based integration deployed on Weblogic 11.
>>> >> > We are using JDK 1.7_065
>>> >> >
>>> >> > When we connect to our remote client via SSL we get the following
>>> >> > trace
>>> >> with
>>> >> > lots of SSL debugging turned on
>>> >> >
>>> >> > What appears to be happening is that the Hello message is sent with
>>> >> > an
>>> >> SSLV2
>>> >> > protocol, which our partner's server does not like. Apparently
>>> >> > sending
>>> >> the
>>> >> > Hello at this level is a common behavior and apparently it
>>> >> > sometimes
>>> >> causes
>>> >> > the remote server to fail. I found a suggestion on line that this
>>> >> > can
>>> >> be fixed by
>>> >> > removing the SSLv2 from the allowed protocols. I am wondering if I
>>> >> > can
>>> >> do that
>>> >> > through CFX configuration?
>>> >> >
>>> >> > This is a reference to the article that suggests that removing the
>>> >> protocol is the
>>> >> > solution to this problem:
>>> >> >
>>> >> >
>>> >> http://stackoverflow.com/questions/4682957/why-does-javas-sslsocket-s
>>> >> end-a-
>>> >> > version-2-client-hello
>>> >> >
>>> >> > The protocols are apparently set on the SSLContext in JSSE by
>>> >> > calling setEnabledProtocols(String[] protocols)
>>> >> >
>>> >> > Is there a way to set the enabled protocols on the SSLContext via
>>> >> > CXF configuration?
>>> >> >
>>> >> > If not, is there a way to get hold of the SSLContext
>>> >> > programmatically
>>> >> in a CXF
>>> >> > interceptor?
>>> >> >
>>> >> > We can't fix this problem at the WebLogic level because of
>>> >> > side-effects
>>> >> on
>>> >> > other apps. Thanks in advance for any suggestions or guidance!
>>> >> >
>>> >> > WebLogic SSL debug trace follows:
>>> >> >
>>> >> > %% No cached client session
>>> >> > *** ClientHello, TLSv1.2
>>> >> > RandomCookie: GMT: 1414096267 bytes = { 183, 209, 47, 148, 54,
>>> >> > 202,
>>> >> 98, 8,
>>> >> > 191, 222, 122, 248, 80, 190, 53, 88, 128, 130, 126, 108, 100, 82,
>>> >> > 100,
>>> >> 197, 213,
>>> >> > 31, 89, 96 } Session ID: {} Cipher Suites:
>>> >> > [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
>>> >> > TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
>>> >> > TLS_RSA_WITH_AES_256_CBC_SHA256,
>>> >> > TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
>>> >> > TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
>>> >> > TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS
>>> >> > _WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
>>> >> > TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
>>> >> > TLS_RSA_WITH_AES_256_CBC_SHA,
>>> >> > TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
>>> >> > TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
>>> >> > TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AE
>>> >> > S_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
>>> >> > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
>>> >> > TLS_RSA_WITH_AES_128_CBC_SHA256,
>>> >> > TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
>>> >> > TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
>>> >> > TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_
>>> >> > WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
>>> >> > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
>>> >> > TLS_RSA_WITH_AES_128_CBC_SHA,
>>> >> > TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
>>> >> > TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
>>> >> > TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES
>>> >> > _128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
>>> >> > TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA,
>>> >> > TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA,
>>> >> > TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
>>> >> > TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_W
>>> >> > ITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
>>> >> > TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
>>> >> > SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
>>> >> > SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5,
>>> >> > TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
>>> >> > Compression Methods: { 0 }
>>> >> > Extension elliptic_curves, curve names: {secp256r1, sect163k1,
>>> >> sect163r2,
>>> >> > secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1,
>>> >> secp384r1,
>>> >> > sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1,
>>> >> secp160r1,
>>> >> > secp160r2, sect163r1, secp1 92k1, sect193r1, sect193r2, secp224k1,
>>> >> sect239k1,
>>> >> > secp256k1} Extension ec_point_formats, formats: [uncompressed]
>>> >> > Extension signature_algorithms, signature_algorithms:
>>> >> > SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA,
>>> >> > SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA,
>>> >> > SHA1withECDSA, SHA1withRSA, SHA1withDSA, MD5withRSA
>>> >> > ***
>>> >> > [write] MD5 and SHA1 hashes: len = 221
>>> >> > 0000: 01 00 00 D9 03 03 54 49 66 8B B7 D1 2F 94 36 CA
>>> >> ......TIf.../.6.
>>> >> > 0010: 62 08 BF DE 7A F8 50 BE 35 58 80 82 7E 6C 64 52
>>> >> b...z.P.5X...ldR
>>> >> > 0020: 64 C5 D5 1F 59 60 00 00 54 C0 24 C0 28 00 3D C0
>>> >> d...Y`..T.$.(.=.
>>> >> > 0030: 26 C0 2A 00 6B 00 6A C0 0A C0 14 00 35 C0 05 C0
>>> >> &.*.k.j.....5...
>>> >> > 0040: 0F 00 39 00 38 C0 23 C0 27 00 3C C0 25 C0 29 00
>>> >> ..9.8.#.'.<.%.).
>>> >> > 0050: 67 00 40 C0 09 C0 13 00 2F C0 04 C0 0E 00 33 00 g.@
>>> >> ...../.....3.
>>> >> > 0060: 32 C0 07 C0 11 00 05 C0 02 C0 0C C0 08 C0 12 00
>>> >> 2...............
>>> >> > 0070: 0A C0 03 C0 0D 00 16 00 13 00 04 00 FF 01 00 00
>>> >> ................
>>> >> > 0080: 5C 00 0A 00 34 00 32 00 17 00 01 00 03 00 13 00
>>> >> \...4.2.........
>>> >> > 0090: 15 00 06 00 07 00 09 00 0A 00 18 00 0B 00 0C 00
>>> >> ................
>>> >> > 00A0: 19 00 0D 00 0E 00 0F 00 10 00 11 00 02 00 12 00
>>> >> ................
>>> >> > 00B0: 04 00 05 00 14 00 08 00 16 00 0B 00 02 01 00 00
>>> >> ................
>>> >> > 00C0: 0D 00 1A 00 18 06 03 06 01 05 03 05 01 04 03 04
>>> >> ................
>>> >> > 00D0: 01 03 03 03 01 02 03 02 01 02 02 01 01
>>> .............
>>> >> > [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default
>>> >> (self-tuning)',
>>> >> > WRITE: TLSv1.2 Handshake, length = 221 [write] MD5 and SHA1 hashes:
>>> >> len =
>>> >> > 188
>>> >> > 0000: 01 03 03 00 93 00 00 00 20 00 C0 24 00 C0 28 00 ........
>>> >> ..$..(.
>>> >> > 0010: 00 3D 00 C0 26 00 C0 2A 00 00 6B 00 00 6A 00 C0
>>> >> .=..&..*..k..j..
>>> >> > 0020: 0A 07 00 C0 00 C0 14 00 00 35 00 C0 05 00 C0 0F
>>> >> .........5......
>>> >> > 0030: 00 00 39 00 00 38 00 C0 23 00 C0 27 00 00 3C 00
>>> >> ..9..8..#..'..<.
>>> >> > 0040: C0 25 00 C0 29 00 00 67 00 00 40 00 C0 09 06 00 .%..)..g..@
>>> >> .....
>>> >> > 0050: 40 00 C0 13 00 00 2F 00 C0 04 01 00 80 00 C0 0E
>>> >> @...../.........
>>> >> > 0060: 00 00 33 00 00 32 00 C0 07 05 00 80 00 C0 11 00
>>> >> ..3..2..........
>>> >> > 0070: 00 05 00 C0 02 00 C0 0C 00 C0 08 00 C0 12 00 00
>>> >> ................
>>> >> > 0080: 0A 07 00 C0 00 C0 03 02 00 80 00 C0 0D 00 00 16
>>> >> ................
>>> >> > 0090: 00 00 13 00 00 04 01 00 80 00 00 FF 54 49 66 8B
>>> >> ............TIf.
>>> >> > 00A0: B7 D1 2F 94 36 CA 62 08 BF DE 7A F8 50 BE 35 58
>>> >> ../.6.b...z.P.5X
>>> >> > 00B0: 80 82 7E 6C 64 52 64 C5 D5 1F 59 60
>>> ...ldRd...Y`
>>> >> > [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default
>>> >> (self-tuning)',
>>> >> > WRITE: SSLv2 client hello message, length = 188 [Raw write]: length
>>> >> > =
>>> >> 190
>>> >> > 0000: 80 BC 01 03 03 00 93 00 00 00 20 00 C0 24 00 C0 ..........
>>> >> ..$..
>>> >> > 0010: 28 00 00 3D 00 C0 26 00 C0 2A 00 00 6B 00 00 6A
>>> >> (..=..&..*..k..j
>>> >> > 0020: 00 C0 0A 07 00 C0 00 C0 14 00 00 35 00 C0 05 00
>>> >> ...........5....
>>> >> > 0030: C0 0F 00 00 39 00 00 38 00 C0 23 00 C0 27 00 00
>>> >> ....9..8..#..'..
>>> >> > 0040: 3C 00 C0 25 00 C0 29 00 00 67 00 00 40 00 C0 09
>>> <..%..)..g..@
>>> >> ...
>>> >> > 0050: 06 00 40 00 C0 13 00 00 2F 00 C0 04 01 00 80 00
>>> >> ..@...../.......
>>> >> > 0060: C0 0E 00 00 33 00 00 32 00 C0 07 05 00 80 00 C0
>>> >> ....3..2........
>>> >> > 0070: 11 00 00 05 00 C0 02 00 C0 0C 00 C0 08 00 C0 12
>>> >> ................
>>> >> > 0080: 00 00 0A 07 00 C0 00 C0 03 02 00 80 00 C0 0D 00
>>> >> ................
>>> >> > 0090: 00 16 00 00 13 00 00 04 01 00 80 00 00 FF 54 49
>>> >> ..............TI
>>> >> > 00A0: 66 8B B7 D1 2F 94 36 CA 62 08 BF DE 7A F8 50 BE
>>> >> f.../.6.b...z.P.
>>> >> > 00B0: 35 58 80 82 7E 6C 64 52 64 C5 D5 1F 59 60
>>> 5X...ldRd...Y`
>>> >> > <Oct 23, 2014 4:35:23 PM EDT> <Debug> <SecuritySSL> <BEA-000000>
>>> >> > <[Thread[[ACTIVE] ExecuteThread: '0' for queue:
>>> >> 'weblogic.kernel.Default (self-
>>> >> > tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseadapter:
>>> SSLENGINE:
>>> >> > SSLEngine.wrap(ByteBuffer,ByteBuffer)
>>> >> > called: result=Status = OK HandshakeStatus = NEED_UNWRAP
>>> >> > bytesConsumed =
>>> >> > 0 bytesProduced = 190.> <Oct 23, 2014 4:35:23 PM EDT> <Debug>
>>> >> > <SecuritySSL> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '0' for
>>> >> queue:
>>> >> > 'weblogic.kernel.Default (self-tuning)',5,Pooled
>>> >> > Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE:
>>> >> > SSLEngine.unwrap(ByteBuffer,ByteBuffer
>>> >> > []) called: result=Status = BUFFER_UNDERFLOW HandshakeStatus =
>>> >> > NEED_UNWRAP bytesConsumed = 0 bytesProduced = 0.> [Raw read]:
>>> length = 5
>>> >> > 0000: 15 03 03 00 02 .....
>>> >> > [Raw read]: length = 2
>>> >> > 0000: 02 28 .(
>>> >> > [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default
>>> >> (self-tuning)',
>>> >> > READ: TLSv1.2 Alert, length = 2 [ACTIVE] ExecuteThread: '0' for
>>> queue:
>>> >> > 'weblogic.kernel.Default (self-tuning)', RECV TLSv1 ALERT: fatal,
>>> >> > handshake_failure [ACTIVE] ExecuteThread: '0' for queue:
>>> >> > 'weblogic.kernel.Default (self-tuning)', fatal: engine already
>>> closed.
>>> >> > Rethrowing javax.net.ssl.SSLException: Received fatal alert:
>>> >> handshake_failure
>>> >> > [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default
>>> >> (self-tuning)',
>>> >> > fatal: engine already closed. Rethrowing
>>> javax.net.ssl.SSLException:
>>> >> Received
>>> >> > fatal alert: handshake_failure <Oct 23, 2014 4:35:23 PM EDT>
>>> >> > <Debug> <SecuritySSL> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread:
>>> >> > '0' for
>>> >> queue:
>>> >> > 'weblogic.kernel.Default (self-tuning)',5,Pooled
>>> >> > Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE: Exception
>>> >> occurred
>>> >> > during SSLEngine.un wrap(ByteBuffer,ByteBuffer[]).
>>> >> > javax.net.ssl.SSLException: Received fatal alert: handshake_failure
>>> >> > at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
>>> >> > at
>>> sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1619)
>>> >> > at
>>> sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1587)
>>> >> > at
>>> >> sun.security.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1756)
>>> >> > at
>>> >> sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1060)
>>> >> > at
>>> >> sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:884)
>>> >> > at
>>> sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:758)
>>> >> > at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:664)
>>> >> > at
>>> >> >
>>> >> weblogic.security.SSL.jsseadapter.JaSSLEngine$5.run(JaSSLEngine.java:
>>> >> 134)
>>> >> > at
>>> >> >
>>> >> weblogic.security.SSL.jsseadapter.JaSSLEngine.doAction(JaSSLEngine.ja
>>> >> va:732)
>>> >> > at
>>> >> >
>>> >> weblogic.security.SSL.jsseadapter.JaSSLEngine.unwrap(JaSSLEngine.java
>>> >> :132)
>>> >> > at
>>> >> weblogic.socket.JSSEFilterImpl.unwrap(JSSEFilterImpl.java:505)
>>> >> > at
>>> >> >
>>> >> weblogic.socket.JSSEFilterImpl.unwrapAndHandleResults(JSSEFilterImpl.
>>> >> java:44
>>> >> > 8)
>>> >> > at
>>> >> weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:80)
>>> >> > at
>>> >> weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:64)
>>> >> > at
>>> >> weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:59)
>>> >> > at
>>> weblogic.socket.JSSEFilterImpl.write(JSSEFilterImpl.java:390)
>>> >> > at
>>> >> >
>>> weblogic.socket.JSSESocket$JSSEOutputStream.write(JSSESocket.java:89)
>>> >> > at
>>> >> >
>>> java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
>>> >> > at
>>> >> java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
>>> >> > at
>>> java.io.FilterOutputStream.flush(FilterOutputStream.java:140)
>>> >> > at
>>> >> >
>>> >> weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.j
>>> >> ava:1
>>> >> > 86)
>>> >> > at
>>> >> >
>>> >> weblogic.net.http.HttpURLConnection.getOutputStream(HttpURLConnection
>>> >> .jav
>>> >> > a:280)
>>> >> > at
>>> >> > org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectio
>>> >> > nWra
>>> >> > ppedOutputStream.setupWrappedStream(URLConnectionHTTPConduit.java:1
>>> >> > 68
>>> >> > )
>>> >> > at
>>> >> > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handl
>>> >> > eHea
>>> >> > dersTrustCaching(HTTPConduit.java:1278)
>>> >> > at
>>> >> >
>>> >> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirst
>>> >> Writ
>>> >> > e(HTTPConduit.java:1234)
>>> >> > at
>>> >> > org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectio
>>> >> > nWra
>>> >> > ppedOutputStream.onFirstWrite(URLConnectionHTTPConduit.java:195)
>>> >> > at
>>> >> > org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrapped
>>> >> > Outpu
>>> >> > tStream.java:47)
>>> >> > at
>>> >> >
>>> >> org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThresho
>>> >> ldOutp
>>> >> > utStream.java:69)
>>> >> > at
>>> >> > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close
>>> >> > (HTTP
>>> >> > Conduit.java:1291)
>>> >> > at
>>> >> org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:5
>>> >> 6)
>>> >> > at
>>> >> org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:623)
>>> >> > at
>>> >> > org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEn
>>> >> > dingI
>>> >> > nterceptor.handleMessage(MessageSenderInterceptor.java:62)
>>> >> > at
>>> >> >
>>> >> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseIntercept
>>> >> orChai
>>> >> > n.java:271)
>>> >> > at
>>> >> org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:541)
>>> >> > at
>>> >> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:474)
>>> >> > at
>>> >> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:377)
>>> >> > at
>>> >> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:330)
>>> >> > at
>>> >> org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
>>> >> > at
>>> >> >
>>> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:134)
>>> >> > at com.sun.proxy.$Proxy258.startTransaction(Unknown Source)
>>> >> > at
>>> >> >
>>> >> com.optimal.identity.gateway.equifax.eidverify.VerifyClient.initiateV
>>> >> erification(
>>> >> > VerifyClient.java:87)
>>> >> > at
>>> >> >
>>> >> com.optimal.identity.gateway.equifax.eidverify.VerifyGateway.submitIn
>>> >> itial(Ve
>>> >> > rifyGateway.java:24)
>>> >> > at
>>> >> >
>>> >> com.optimal.identity.service.IdentificationServiceImpl.submitInitial(
>>> >> Identificatio
>>> >> > nServiceImpl.java:147)
>>> >> > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
>>> Method)
>>> >> > at
>>> >> >
>>> >>
>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:
>>> >> > 57)
>>> >> > at
>>> >> >
>>> >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
>>> >> sorI
>>> >> > mpl.java:43)
>>> >> > at java.lang.reflect.Method.invoke(Method.java:606)
>>> >> > at
>>> >> >
>>> >> org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflecti
>>> >> on(Aop
>>> >> > Utils.java:317)
>>> >> > at
>>> >> >
>>> >> org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJo
>>> >> inpo
>>> >> > int(ReflectiveMethodInvocation.java:183)
>>> >> > at
>>> >> >
>>> >> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(
>>> >> Refl
>>> >> > ectiveMethodInvocation.java:150)
>>> >> > at
>>> >> >
>>> >> org.springframework.transaction.interceptor.TransactionInterceptor.in
>>> >> voke(Tra
>>> >> > nsactionInterceptor.java:110)
>>> >> > at
>>> >> >
>>> >> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(
>>> >> Refl
>>> >> > ectiveMethodInvocation.java:172)
>>> >> > at
>>> >> > org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDyna
>>> >> > mic
>>> >> > AopProxy.java:204)
>>> >> > at com.sun.proxy.$Proxy211.submitInitial(Unknown Source)
>>> >> > at
>>> >> >
>>> >> com.optimal.identity.web.rest.IdentificationController.create(Identif
>>> >> icationCont
>>> >> > roller.java:133)
>>> >> > at
>>> >> >
>>> >> com.optimal.identity.web.rest.IdentificationController$$FastClassByCG
>>> >> LIB$$95f
>>> >> > 388d3.invoke(<generated>)
>>> >> > at
>>> >> >
>>> org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
>>> >> > at
>>> >> > org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocati
>>> >> > on.in
>>> >> > vokeJoinpoint(CglibAopProxy.java:698)
>>> >> > at
>>> >> >
>>> >> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(
>>> >> Refl
>>> >> > ectiveMethodInvocation.java:150)
>>> >> > at
>>> >> >
>>> >> org.springframework.security.access.intercept.aopalliance.MethodSecur
>>> >> ityInter
>>> >> > ceptor.invoke(MethodSecurityInterceptor.java:64)
>>> >> > at
>>> >> >
>>> >> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(
>>> >> Refl
>>> >> > ectiveMethodInvocation.java:172)
>>> >> > at
>>> >> > org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInter
>>> >> > cept
>>> >> > or.intercept(CglibAopProxy.java:631)
>>> >> > at
>>> >> >
>>> >> com.optimal.identity.web.rest.IdentificationController$$EnhancerByCGL
>>> >> IB$$36
>>> >> > b7b48f.create(<generated>)
>>> >> > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
>>> Method)
>>> >> > at
>>> >> >
>>> >>
>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:
>>> >> > 57)
>>> >> > at
>>> >> >
>>> >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
>>> >> sorI
>>> >> > mpl.java:43)
>>> >> > at java.lang.reflect.Method.invoke(Method.java:606)
>>> >> > at
>>> >> > org.springframework.web.method.support.InvocableHandlerMethod.invok
>>> >> > e(Inv
>>> >> > ocableHandlerMethod.java:219)
>>> >> > at
>>> >> > org.springframework.web.method.support.InvocableHandlerMethod.invok
>>> >> > eFor
>>> >> > Request(InvocableHandlerMethod.java:132)
>>> >> > at
>>> >> >
>>> >> org.springframework.web.servlet.mvc.method.annotation.ServletInvocabl
>>> >> eHan
>>> >> > dlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:104)
>>> >> > at
>>> >> > org.springframework.web.servlet.mvc.method.annotation.RequestMappin
>>> >> > gHan
>>> >> >
>>> dlerAdapter.invokeHandleMethod(RequestMappingHandlerAdapter.java:745)
>>> >> > at
>>> >> > org.springframework.web.servlet.mvc.method.annotation.RequestMappin
>>> >> > gHan
>>> >> > dlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:686)
>>> >> > at
>>> >> >
>>> org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.
>>> >> > handle(AbstractHandlerMethodAdapter.java:80)
>>> >> > at
>>> >> >
>>> >> org.springframework.web.servlet.DispatcherServlet.doDispatch(Dispatch
>>> >> erServl
>>> >> > et.java:925)
>>> >> > at
>>> >> >
>>> >> org.springframework.web.servlet.DispatcherServlet.doService(Dispatche
>>> >> rServle
>>> >> > t.java:856)
>>> >> > at
>>> >> > org.springframework.web.servlet.FrameworkServlet.processRequest(Fra
>>> >> > mewor
>>> >> > kServlet.java:920)
>>> >> > at
>>> >> >
>>> >> org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServ
>>> >> let.j
>>> >> > ava:827)
>>> >> > at
>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
>>> >> > at
>>> >> >
>>> >>
>>> org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.
>>> >> > java:801)
>>> >> > at
>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
>>> >> > at
>>> >> >
>>> >> weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run
>>> >> (StubSecu
>>> >> > rityHelper.java:227)
>>> >> > at
>>> >> >
>>> >> weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecuri
>>> >> tyHelper.j
>>> >> > ava:125)
>>> >> > at
>>> >> >
>>> >> weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.jav
>>> >> a:301)
>>> >> > at
>>> >> weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
>>> >> > at
>>> >> >
>>> >> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.ja
>>> >> va:56)
>>> >> > at
>>> >> >
>>> >> org.springframework.web.filter.ShallowEtagHeaderFilter.doFilterIntern
>>> >> al(Shallo
>>> >> > wEtagHeaderFilter.java:73)
>>> >> > at
>>> >> >
>>> >> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerR
>>> >> equest
>>> >> > Filter.java:107)
>>> >> > at
>>> >> >
>>> >> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(D
>>> >> elegati
>>> >> > ngFilterProxy.java:346)
>>> >> > at
>>> >> >
>>> >> org.springframework.web.filter.DelegatingFilterProxy.doFilter(Delegat
>>> >> ingFilter
>>> >> > Proxy.java:259)
>>> >> > at
>>> >> >
>>> >> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.ja
>>> >> va:56)
>>> >> > at
>>> >> >
>>> >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
>>> >> doFilter(
>>> >> > FilterChainProxy.java:330)
>>> >> > at
>>> >> >
>>> >> org.springframework.security.web.access.intercept.FilterSecurityInter
>>> >> ceptor.inv
>>> >> > oke(FilterSecurityInterceptor.java:118)
>>> >> > at
>>> >> >
>>> >> org.springframework.security.web.access.intercept.FilterSecurityInter
>>> >> ceptor.do
>>> >> > Filter(FilterSecurityInterceptor.java:84)
>>> >> > at
>>> >> >
>>> >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
>>> >> doFilter(
>>> >> > FilterChainProxy.java:342)
>>> >> > at
>>> >> >
>>> >> org.springframework.security.web.access.ExceptionTranslationFilter.do
>>> >> Filter(Ex
>>> >> > ceptionTranslationFilter.java:113)
>>> >> > at
>>> >> >
>>> >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
>>> >> doFilter(
>>> >> > FilterChainProxy.java:342)
>>> >> > at
>>> >> >
>>> >> org.springframework.security.web.authentication.AnonymousAuthenticati
>>> >> onFilt
>>> >> > er.doFilter(AnonymousAuthenticationFilter.java:113)
>>> >> > at
>>> >> >
>>> >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
>>> >> doFilter(
>>> >> > FilterChainProxy.java:342)
>>> >> > at
>>> >> >
>>> >> org.springframework.security.web.servletapi.SecurityContextHolderAwar
>>> >> eRequ
>>> >> > estFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
>>> >> > at
>>> >> >
>>> >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
>>> >> doFilter(
>>> >> > FilterChainProxy.java:342)
>>> >> > at
>>> >> >
>>> >> org.springframework.security.web.authentication.www.BasicAuthenticati
>>> >> onFilt
>>> >> > er.doFilter(BasicAuthenticationFilter.java:201)
>>> >> > at
>>> >> >
>>> >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
>>> >> doFilter(
>>> >> > FilterChainProxy.java:342)
>>> >> > at
>>> >> >
>>> >> org.springframework.security.web.context.SecurityContextPersistenceFi
>>> >> lter.doF
>>> >> > ilter(SecurityContextPersistenceFilter.java:87)
>>> >> > at
>>> >> >
>>> >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
>>> >> doFilter(
>>> >> > FilterChainProxy.java:342)
>>> >> > at
>>> >> >
>>> >> org.springframework.security.web.FilterChainProxy.doFilterInternal(Fi
>>> >> lterChain
>>> >> > Proxy.java:192)
>>> >> > at
>>> >> >
>>> >> org.springframework.security.web.FilterChainProxy.doFilter(FilterChai
>>> >> nProxy.ja
>>> >> > va:160)
>>> >> > at
>>> >> >
>>> >> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(D
>>> >> elegati
>>> >> > ngFilterProxy.java:346)
>>> >> > at
>>> >> >
>>> >> org.springframework.web.filter.DelegatingFilterProxy.doFilter(Delegat
>>> >> ingFilter
>>> >> > Proxy.java:259)
>>> >> > at
>>> >> >
>>> >> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.ja
>>> >> va:56)
>>> >> > at
>>> >> >
>>> >> com.optimal.rest.loggerfilter.LoggerFilter.doFilterInternal(LoggerFil
>>> >> ter.java:16
>>> >> > 9)
>>> >> > at
>>> >> >
>>> >> com.optimal.rest.loggerfilter.LoggerFilter.doFilter(LoggerFilter.java
>>> >> :123)
>>> >> > at
>>> >> >
>>> >> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(D
>>> >> elegati
>>> >> > ngFilterProxy.java:346)
>>> >> > at
>>> >> >
>>> >> org.springframework.web.filter.DelegatingFilterProxy.doFilter(Delegat
>>> >> ingFilter
>>> >> > Proxy.java:259)
>>> >> > at
>>> >> >
>>> >> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.ja
>>> >> va:56)
>>> >> > at
>>> >> >
>>> >> com.optimal.web.spring.filter.ApplicationUidFilter.doFilterInternal(A
>>> >> pplicationU
>>> >> > idFilter.java:51)
>>> >> > at
>>> >> >
>>> >> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerR
>>> >> equest
>>> >> > Filter.java:107)
>>> >> > at
>>> >> >
>>> >> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(D
>>> >> elegati
>>> >> > ngFilterProxy.java:346)
>>> >> > at
>>> >> >
>>> >> org.springframework.web.filter.DelegatingFilterProxy.doFilter(Delegat
>>> >> ingFilter
>>> >> > Proxy.java:259)
>>> >> > at
>>> >> >
>>> >> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.ja
>>> >> va:56)
>>> >> > at
>>> >> >
>>> >> weblogic.servlet.internal.WebAppServletContext$ServletInvocationActio
>>> >> n.wrap
>>> >> > Run(WebAppServletContext.java:3730)
>>> >> > at
>>> >> >
>>> >> weblogic.servlet.internal.WebAppServletContext$ServletInvocationActio
>>> >> n.run(
>>> >> > WebAppServletContext.java:3696)
>>> >> > at
>>> >> >
>>> >> weblogic.security.acl.internal.AuthenticatedSubject.doAs(Authenticate
>>> >> dSubject.j
>>> >> > ava:321)
>>> >> > at
>>> >> >
>>> >> weblogic.security.service.SecurityManager.runAs(SecurityManager.java:
>>> >> 120)
>>> >> > at
>>> >> >
>>> >> weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppS
>>> >> ervl
>>> >> > etContext.java:2273)
>>> >> > at
>>> >> >
>>> >> weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletC
>>> >> onte
>>> >> > xt.java:2179)
>>> >> > at
>>> >> >
>>> >> weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.j
>>> >> ava:1490
>>> >> > )
>>> >> > at
>>> weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
>>> >> > at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
>>> >> > >
>>> >> > AVIS IMPORTANT
>>> >> >
>>> >> > WARNING
>>> >> >
>>> >> >
>>> >> > Ce message ?lectronique et ses pi?ces jointes peuvent contenir des
>>> >> > renseignements confidentiels, exclusifs ou l?galement privil?gi?s
>>> >> destin?s au
>>> >> > seul usage du destinataire vis?. L'exp?diteur original ne renonce ?
>>> >> aucun
>>> >> > privil?ge ou ? aucun autre droit si le pr?sent message a ?t?
>>> >> > transmis involontairement ou s'il est retransmis sans son
>>> >> > autorisation. Si vous
>>> >> n'?tes pas
>>> >> > le destinataire vis? du pr?sent message ou si vous l'avez re?u par
>>> >> erreur,
>>> >> > veuillez cesser imm?diatement de le lire et le supprimer, ainsi que
>>> >> toutes ses
>>> >> > pi?ces jointes, de votre syst?me. La lecture, la distribution, la
>>> >> > copie
>>> >> ou tout
>>> >> > autre usage du pr?sent message ou de ses pi?ces jointes par des
>>> >> personnes
>>> >> > autres que le destinataire vis? ne sont pas autoris?s et pourraient
>>> >> ?tre ill?gaux.
>>> >> > Si vous avez re?u ce courrier ?lectronique par erreur, veuillez en
>>> >> aviser
>>> >> > l'exp?diteur.
>>> >> >
>>> >> >
>>> >> > This electronic message and its attachments may contain
>>> >> > confidential, proprietary or legally privileged information, which
>>> >> > is solely for the
>>> >> use of the
>>> >> > intended recipient. No privilege or other rights are waived by any
>>> >> unintended
>>> >> > transmission or unauthorized retransmission of this message. If you
>>> >> > are
>>> >> not the
>>> >> > intended recipient of this message, or if you have received it in
>>> >> error, you
>>> >> > should immediately stop reading this message and delete it and all
>>> >> > attachments from your system. The reading, distribution, copying or
>>> >> other use
>>> >> > of this message or its attachments by unintended recipients is
>>> >> unauthorized and
>>> >> > may be unlawful. If you have received this e-mail in error, please
>>> >> notify the
>>> >> > sender.
>>> >> >
>>> >> > --
>>> >> > WARNING
>>> >> > -------
>>> >> > This electronic message and its attachments may contain
>>> >> > confidential, proprietary or legally privileged information, which
>>> >> > is solely for the
>>> >> use of the
>>> >> > intended recipient. No privilege or other rights are waived by any
>>> >> unintended
>>> >> > transmission or unauthorized retransmission of this message. If
>>> >> > you
>>> >> are not the
>>> >> > intended recipient of this message, or if you have received it in
>>> >> error, you
>>> >> > should immediately stop reading this message and delete it and all
>>> >> > attachments from your system. The reading, distribution, copying
>>> >> > or
>>> >> other use
>>> >> > of this message or its attachments by unintended recipients is
>>> >> unauthorized and
>>> >> > may be unlawful. If you have received this e-mail in error, please
>>> >> notify the
>>> >> > sender.
>>> >> >
>>> >> > AVIS IMPORTANT
>>> >> > --------------
>>> >> > Ce message electronique et ses pieces jointes peuvent contenir des
>>> >> > renseignements confidentiels, exclusifs ou legalement privilegies
>>> >> destines au
>>> >> > seul usage du destinataire vise. L'expediteur original ne renonce
>>> >> > a
>>> >> aucun
>>> >> > privilege ou a aucun autre droit si le present message a ete
>>> >> > transmis involontairement ou s'il est retransmis sans son
>>> >> > autorisation. Si vous
>>> >> n'etes pas
>>> >> > le destinataire vise du present message ou si vous l'avez recu par
>>> >> erreur,
>>> >> > veuillez cesser immediatement de le lire et le supprimer, ainsi que
>>> >> toutes ses
>>> >> > pieces jointes, de votre systeme. La lecture, la distribution, la
>>> >> copie ou tout
>>> >> > autre usage du present message ou de ses pieces jointes par des
>>> >> personnes
>>> >> > autres que le destinataire vise ne sont pas autorises et pourraient
>>> >> etre illegaux.
>>> >> > Si vous avez recu ce courrier electronique par erreur, veuillez en
>>> >> aviser
>>> >> > l'expediteur.
>>> >> >
>>> >> >
>>> >> > --
>>> >> > WARNING
>>> >> > -------
>>> >> > This electronic message and its attachments may contain
>>> >> > confidential, proprietary or legally privileged information, which
>>> >> > is solely for the
>>> >> use of the
>>> >> > intended recipient. No privilege or other rights are waived by any
>>> >> unintended
>>> >> > transmission or unauthorized retransmission of this message. If
>>> >> > you
>>> >> are not the
>>> >> > intended recipient of this message, or if you have received it in
>>> >> error, you
>>> >> > should immediately stop reading this message and delete it and all
>>> >> > attachments from your system. The reading, distribution, copying
>>> >> > or
>>> >> other use
>>> >> > of this message or its attachments by unintended recipients is
>>> >> unauthorized and
>>> >> > may be unlawful. If you have received this e-mail in error, please
>>> >> notify the
>>> >> > sender.
>>> >> >
>>> >> > AVIS IMPORTANT
>>> >> > --------------
>>> >> > Ce message ?lectronique et ses pi?ces jointes peuvent contenir des
>>> >> > renseignements confidentiels, exclusifs ou l?galement privil?gi?s
>>> >> destin?s au
>>> >> > seul usage du destinataire vis?. L'exp?diteur original ne renonce ?
>>> >> aucun
>>> >> > privil?ge ou ? aucun autre droit si le pr?sent message a ?t?
>>> >> > transmis involontairement ou s'il est retransmis sans son
>>> >> > autorisation. Si vous
>>> >> n'?tes pas
>>> >> > le destinataire vis? du pr?sent message ou si vous l'avez re?u par
>>> >> erreur,
>>> >> > veuillez cesser imm?diatement de le lire et le supprimer, ainsi que
>>> >> toutes ses
>>> >> > pi?ces jointes, de votre syst?me. La lecture, la distribution, la
>>> >> copie ou tout
>>> >> > autre usage du pr?sent message ou de ses pi?ces jointes par des
>>> >> personnes
>>> >> > autres que le destinataire vis? ne sont pas autoris?s et pourraient
>>> >> ?tre ill?gaux.
>>> >> > Si vous avez re?u ce courrier ?lectronique par erreur, veuillez en
>>> >> aviser
>>> >> > l'exp?diteur.
>>> >> >
>>> >> > --
>>> >> > WARNING
>>> >> > -------
>>> >> > This electronic message and its attachments may contain
>>> >> > confidential, proprietary or legally privileged information, which
>>> >> > is solely for the
>>> >> use of the
>>> >> > intended recipient. No privilege or other rights are waived by any
>>> >> unintended
>>> >> > transmission or unauthorized retransmission of this message. If
>>> >> > you
>>> >> are not the
>>> >> > intended recipient of this message, or if you have received it in
>>> >> error, you
>>> >> > should immediately stop reading this message and delete it and all
>>> >> > attachments from your system. The reading, distribution, copying
>>> >> > or
>>> >> other use
>>> >> > of this message or its attachments by unintended recipients is
>>> >> unauthorized and
>>> >> > may be unlawful. If you have received this e-mail in error, please
>>> >> notify the
>>> >> > sender.
>>> >> >
>>> >> > AVIS IMPORTANT
>>> >> > --------------
>>> >> > Ce message electronique et ses pieces jointes peuvent contenir des
>>> >> > renseignements confidentiels, exclusifs ou legalement privilegies
>>> >> destines au
>>> >> > seul usage du destinataire vise. L'expediteur original ne renonce
>>> >> > a
>>> >> aucun
>>> >> > privilege ou a aucun autre droit si le present message a ete
>>> >> > transmis involontairement ou s'il est retransmis sans son
>>> >> > autorisation. Si vous
>>> >> n'etes pas
>>> >> > le destinataire vise du present message ou si vous l'avez recu par
>>> >> erreur,
>>> >> > veuillez cesser immediatement de le lire et le supprimer, ainsi que
>>> >> toutes ses
>>> >> > pieces jointes, de votre systeme. La lecture, la distribution, la
>>> >> copie ou tout
>>> >> > autre usage du present message ou de ses pieces jointes par des
>>> >> personnes
>>> >> > autres que le destinataire vise ne sont pas autorises et pourraient
>>> >> etre illegaux.
>>> >> > Si vous avez recu ce courrier electronique par erreur, veuillez en
>>> >> aviser
>>> >> > l'expediteur.
>>> >>
>>> >>
>>>
>>> --
>>> WARNING
>>> -------
>>> This electronic message and its attachments may contain confidential,
>>> proprietary or legally privileged information, which is solely for the use
>>> of the intended recipient. No privilege or other rights are waived by any
>>> unintended transmission or unauthorized retransmission of this message. If
>>> you are not the intended recipient of this message, or if you have received
>>> it in error, you should immediately stop reading this message and delete it
>>> and all attachments from your system. The reading, distribution, copying
>>> or other use of this message or its attachments by unintended recipients is
>>> unauthorized and may be unlawful. If you have received this e-mail in
>>> error, please notify the sender.
>>>
>>> AVIS IMPORTANT
>>> --------------
>>> Ce message électronique et ses pièces jointes peuvent contenir des
>>> renseignements confidentiels, exclusifs ou légalement privilégiés destinés
>>> au seul usage du destinataire visé. L’expéditeur original ne renonce à
>>> aucun privilège ou à aucun autre droit si le présent message a été transmis
>>> involontairement ou s’il est retransmis sans son autorisation. Si vous
>>> n’êtes pas le destinataire visé du présent message ou si vous l’avez reçu
>>> par erreur, veuillez cesser immédiatement de le lire et le supprimer, ainsi
>>> que toutes ses pièces jointes, de votre système. La lecture, la
>>> distribution, la copie ou tout autre usage du présent message ou de ses
>>> pièces jointes par des personnes autres que le destinataire visé ne sont
>>> pas autorisés et pourraient être illégaux. Si vous avez reçu ce courrier
>>> électronique par erreur, veuillez en aviser l’expéditeur.
>>>
>>>
>>
>
Re: How to Disable SSLv2 client hello in CXF?
Posted by Jason Pell <ja...@pellcorp.com>.
So I did some digging to remind myself of how it works on the client and I
was dead wrong.
I was thinking about how the server works (having just done the poodle
changes)
Anyway, what Andrei was absolutely correct.
You can see it applied in
org.apache.cxf.transport.https.SSLSocketFactoryWrapper. The
SSLSocketFactoryWrapper is called from the
org.apache.cxf.transport.https.HttpsURLConnectionFactory
It results in the Socket Factory setEnabledProtocols to the actual protocol
you listed in the tls client parameters (see below)
<http:tlsClientParameters disableCNCheck="true"
secureSocketProtocol="TLSv1">
You need to make sure that your conduit configuration is being applied
correctly in web logic, perhaps its not being picked up.
On Tue, Oct 28, 2014 at 4:36 AM, Jason Pell <ja...@pellcorp.com> wrote:
> Hi,
>
> I run embedded jetty container
>
> Sorry I forgot that you were running weblogic when I responded. In that
> case do you even use the embedded jetty container? I am guessing no. If
> not, then you would need to use the standard weblogic ssl configuration.
>
> I don't believe CXF is responsible for any of the ssl config in that
> case. But then I am not very knowledgeable of cxf deployed to a j2ee
> container sorry.
>
> Sorry for the runaround and wasting your time
>
> Regards
> Jason
>
>
> On Tue, Oct 28, 2014 at 2:33 AM, David Roytenberg (Consultant) <
> David.Roytenberg@optimalpayments.com> wrote:
>
>> Hi Jason,
>>
>> Are you running on WebLogic by any chance? When I configured the
>> properties in the deployment to point to the WebLogic default key store and
>> trust store, I get a java.security.UnrecoverableKeyException while trying
>> to deploy my application. Did you encounter this problem?
>>
>> Here's my config:
>>
>> <constructor-arg>
>> <list>
>> <bean
>> class="com.pellcorp.server.jetty.JettyHttpEngineConfig">
>> <property name="uri" value="
>> https://localhost:7002" />
>> <property name="keyStoreFile"
>> value="/opt/weblogic_11/wlserver_10.3/server/lib/DemoIdentity.jks" />
>> <property name="keyStorePassword"
>> value="DemoIdentityKeyStorePassPhrase" />
>> <property name="trustStoreFile"
>> value="/opt/weblogic_11/wlserver_10.3/server/lib/DemoTrust.jks" />
>> <property
>> name="trustStorePassword" value="DemoTrustKeyStorePassPhrase" />
>> <property
>> name="secureSocketProtocol" value="TLSv1" />
>> </bean>
>>
>> <bean
>> class="com.pellcorp.server.jetty.JettyHttpEngineConfig">
>> <property name="uri" value="
>> https://localhost:7002" />
>> <property name="keyStoreFile"
>> value="/opt/weblogic_11/wlserver_10.3/server/lib/DemoIdentity.jks" />
>> <property name="keyStorePassword"
>> value="DemoIdentityKeyStorePassPhrase" />
>> <property
>> name="secureSocketProtocol" value="TLSv1" />
>> </bean>
>> </list>
>> </constructor-arg>
>>
>> David
>>
>> -----Original Message-----
>> From: jasonmpell@gmail.com [mailto:jasonmpell@gmail.com] On Behalf Of
>> Jason Pell
>> Sent: Monday, October 27, 2014 7:23 AM
>> To: users@cxf.apache.org
>> Subject: Re: How to Disable SSLv2 client hello in CXF?
>>
>> Hi,
>>
>> Here is a sample of using your own custom version of the jetty factory in
>> your spring context. It is pretty invasive, so its actually better to wait
>> for 2.7.14 and take advantage of the code already there. I use this code
>> for other reasons though, as it allows me to configure the trust / key
>> stores via spring properties.
>>
>>
>> https://github.com/pellcorp/cxf/tree/master/JavaFirst/src/main/java/com/pellcorp/server/jetty
>>
>>
>>
>> A sample spring context:
>>
>>
>> https://github.com/pellcorp/cxf/blob/master/JavaFirst/src/main/resources/META-INF/samlApplicationContext.xml
>>
>>
>>
>>
>> On Mon, Oct 27, 2014 at 9:44 PM, Jason Pell <ja...@pellcorp.com> wrote:
>>
>> > That setting won't actually control what protocols jetty will actually
>> > use. I think it just controls what the highest protocol is used.
>> >
>> > The excluded protocols list needs to include the sslv2 setting.
>> >
>> > we actually overrode the jetty factory jetty engine and one other
>> > class to get access to the SSL context to configure the excluded
>> > protocols. Not pretty but we can't wait for 2.7.14.
>> >
>> > If you are interested I shall post our classes to my git repo.
>> >
>> > Let me know
>> > On 27/10/2014 8:14 PM, "Andrei Shakirin" <as...@talend.com> wrote:
>> >
>> >> Hi,
>> >>
>> >> I guess you mean TLSClientParameters.secureSocketProtocol in Conduit.
>> >>
>> >> As far as I can see this parameter is used for creating
>> >> java.net.ssl.SSLContext:
>> >> String protocol = parameters.getSecureSocketProtocol() != null
>> ?
>> >> parameters
>> >> .getSecureSocketProtocol() : "TLS";
>> >>
>> >> The setting should work. How you apply conduit settings:
>> >> programmatically or via spring configuration?
>> >> Could you past the code snapshot?
>> >>
>> >> Regards,
>> >> Andrei.
>> >>
>> >> > -----Original Message-----
>> >> > From: David Roytenberg (Consultant)
>> >> > [mailto:David.Roytenberg@optimalpayments.com]
>> >> > Sent: Freitag, 24. Oktober 2014 17:46
>> >> > To: users@cxf.apache.org
>> >> > Subject: RE: How to Disable SSLv2 client hello in CXF?
>> >> >
>> >> > Hello again.
>> >> >
>> >> > I've dug further into the CXF documentation and found that it is
>> >> possible to
>> >> > programmatically set the SSL protocols on the TLSProperties object
>> >> > of
>> >> the
>> >> > Conduit.
>> >> >
>> >> > I've created the TLS properties and set the SSL protocols to TLS1,
>> >> > but
>> >> this does
>> >> > not change the SSL behavior, which still starts with TLSv1.2 then
>> >> > sends
>> >> the hello
>> >> > with SSLv2 which is then dropped on the client end. Is there
>> >> > another
>> >> switch that
>> >> > has to be set to over-ride the default SSL behavior?
>> >> >
>> >> > David
>> >> >
>> >> > -----Original Message-----
>> >> > From: David Roytenberg (Consultant)
>> >> > [mailto:David.Roytenberg@optimalpayments.com]
>> >> > Sent: Thursday, October 23, 2014 4:57 PM
>> >> > To: users@cxf.apache.org
>> >> > Subject: How to Disable SSLv2 client hello in CXF?
>> >> >
>> >> > I'm having an SSL problem and I wonder if there is a way to fix it
>> >> within CXF
>> >> >
>> >> > We have our CXF 2.7.6 based integration deployed on Weblogic 11.
>> >> > We are using JDK 1.7_065
>> >> >
>> >> > When we connect to our remote client via SSL we get the following
>> >> > trace
>> >> with
>> >> > lots of SSL debugging turned on
>> >> >
>> >> > What appears to be happening is that the Hello message is sent with
>> >> > an
>> >> SSLV2
>> >> > protocol, which our partner's server does not like. Apparently
>> >> > sending
>> >> the
>> >> > Hello at this level is a common behavior and apparently it
>> >> > sometimes
>> >> causes
>> >> > the remote server to fail. I found a suggestion on line that this
>> >> > can
>> >> be fixed by
>> >> > removing the SSLv2 from the allowed protocols. I am wondering if I
>> >> > can
>> >> do that
>> >> > through CFX configuration?
>> >> >
>> >> > This is a reference to the article that suggests that removing the
>> >> protocol is the
>> >> > solution to this problem:
>> >> >
>> >> >
>> >> http://stackoverflow.com/questions/4682957/why-does-javas-sslsocket-s
>> >> end-a-
>> >> > version-2-client-hello
>> >> >
>> >> > The protocols are apparently set on the SSLContext in JSSE by
>> >> > calling setEnabledProtocols(String[] protocols)
>> >> >
>> >> > Is there a way to set the enabled protocols on the SSLContext via
>> >> > CXF configuration?
>> >> >
>> >> > If not, is there a way to get hold of the SSLContext
>> >> > programmatically
>> >> in a CXF
>> >> > interceptor?
>> >> >
>> >> > We can't fix this problem at the WebLogic level because of
>> >> > side-effects
>> >> on
>> >> > other apps. Thanks in advance for any suggestions or guidance!
>> >> >
>> >> > WebLogic SSL debug trace follows:
>> >> >
>> >> > %% No cached client session
>> >> > *** ClientHello, TLSv1.2
>> >> > RandomCookie: GMT: 1414096267 bytes = { 183, 209, 47, 148, 54,
>> >> > 202,
>> >> 98, 8,
>> >> > 191, 222, 122, 248, 80, 190, 53, 88, 128, 130, 126, 108, 100, 82,
>> >> > 100,
>> >> 197, 213,
>> >> > 31, 89, 96 } Session ID: {} Cipher Suites:
>> >> > [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
>> >> > TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
>> >> > TLS_RSA_WITH_AES_256_CBC_SHA256,
>> >> > TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
>> >> > TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
>> >> > TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS
>> >> > _WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
>> >> > TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
>> >> > TLS_RSA_WITH_AES_256_CBC_SHA,
>> >> > TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
>> >> > TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
>> >> > TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AE
>> >> > S_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
>> >> > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
>> >> > TLS_RSA_WITH_AES_128_CBC_SHA256,
>> >> > TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
>> >> > TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
>> >> > TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_
>> >> > WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
>> >> > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
>> >> > TLS_RSA_WITH_AES_128_CBC_SHA,
>> >> > TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
>> >> > TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
>> >> > TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES
>> >> > _128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
>> >> > TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA,
>> >> > TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA,
>> >> > TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
>> >> > TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_W
>> >> > ITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
>> >> > TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
>> >> > SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
>> >> > SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5,
>> >> > TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
>> >> > Compression Methods: { 0 }
>> >> > Extension elliptic_curves, curve names: {secp256r1, sect163k1,
>> >> sect163r2,
>> >> > secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1,
>> >> secp384r1,
>> >> > sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1,
>> >> secp160r1,
>> >> > secp160r2, sect163r1, secp1 92k1, sect193r1, sect193r2, secp224k1,
>> >> sect239k1,
>> >> > secp256k1} Extension ec_point_formats, formats: [uncompressed]
>> >> > Extension signature_algorithms, signature_algorithms:
>> >> > SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA,
>> >> > SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA,
>> >> > SHA1withECDSA, SHA1withRSA, SHA1withDSA, MD5withRSA
>> >> > ***
>> >> > [write] MD5 and SHA1 hashes: len = 221
>> >> > 0000: 01 00 00 D9 03 03 54 49 66 8B B7 D1 2F 94 36 CA
>> >> ......TIf.../.6.
>> >> > 0010: 62 08 BF DE 7A F8 50 BE 35 58 80 82 7E 6C 64 52
>> >> b...z.P.5X...ldR
>> >> > 0020: 64 C5 D5 1F 59 60 00 00 54 C0 24 C0 28 00 3D C0
>> >> d...Y`..T.$.(.=.
>> >> > 0030: 26 C0 2A 00 6B 00 6A C0 0A C0 14 00 35 C0 05 C0
>> >> &.*.k.j.....5...
>> >> > 0040: 0F 00 39 00 38 C0 23 C0 27 00 3C C0 25 C0 29 00
>> >> ..9.8.#.'.<.%.).
>> >> > 0050: 67 00 40 C0 09 C0 13 00 2F C0 04 C0 0E 00 33 00 g.@
>> >> ...../.....3.
>> >> > 0060: 32 C0 07 C0 11 00 05 C0 02 C0 0C C0 08 C0 12 00
>> >> 2...............
>> >> > 0070: 0A C0 03 C0 0D 00 16 00 13 00 04 00 FF 01 00 00
>> >> ................
>> >> > 0080: 5C 00 0A 00 34 00 32 00 17 00 01 00 03 00 13 00
>> >> \...4.2.........
>> >> > 0090: 15 00 06 00 07 00 09 00 0A 00 18 00 0B 00 0C 00
>> >> ................
>> >> > 00A0: 19 00 0D 00 0E 00 0F 00 10 00 11 00 02 00 12 00
>> >> ................
>> >> > 00B0: 04 00 05 00 14 00 08 00 16 00 0B 00 02 01 00 00
>> >> ................
>> >> > 00C0: 0D 00 1A 00 18 06 03 06 01 05 03 05 01 04 03 04
>> >> ................
>> >> > 00D0: 01 03 03 03 01 02 03 02 01 02 02 01 01
>> .............
>> >> > [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default
>> >> (self-tuning)',
>> >> > WRITE: TLSv1.2 Handshake, length = 221 [write] MD5 and SHA1 hashes:
>> >> len =
>> >> > 188
>> >> > 0000: 01 03 03 00 93 00 00 00 20 00 C0 24 00 C0 28 00 ........
>> >> ..$..(.
>> >> > 0010: 00 3D 00 C0 26 00 C0 2A 00 00 6B 00 00 6A 00 C0
>> >> .=..&..*..k..j..
>> >> > 0020: 0A 07 00 C0 00 C0 14 00 00 35 00 C0 05 00 C0 0F
>> >> .........5......
>> >> > 0030: 00 00 39 00 00 38 00 C0 23 00 C0 27 00 00 3C 00
>> >> ..9..8..#..'..<.
>> >> > 0040: C0 25 00 C0 29 00 00 67 00 00 40 00 C0 09 06 00 .%..)..g..@
>> >> .....
>> >> > 0050: 40 00 C0 13 00 00 2F 00 C0 04 01 00 80 00 C0 0E
>> >> @...../.........
>> >> > 0060: 00 00 33 00 00 32 00 C0 07 05 00 80 00 C0 11 00
>> >> ..3..2..........
>> >> > 0070: 00 05 00 C0 02 00 C0 0C 00 C0 08 00 C0 12 00 00
>> >> ................
>> >> > 0080: 0A 07 00 C0 00 C0 03 02 00 80 00 C0 0D 00 00 16
>> >> ................
>> >> > 0090: 00 00 13 00 00 04 01 00 80 00 00 FF 54 49 66 8B
>> >> ............TIf.
>> >> > 00A0: B7 D1 2F 94 36 CA 62 08 BF DE 7A F8 50 BE 35 58
>> >> ../.6.b...z.P.5X
>> >> > 00B0: 80 82 7E 6C 64 52 64 C5 D5 1F 59 60 ...ldRd...Y`
>> >> > [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default
>> >> (self-tuning)',
>> >> > WRITE: SSLv2 client hello message, length = 188 [Raw write]: length
>> >> > =
>> >> 190
>> >> > 0000: 80 BC 01 03 03 00 93 00 00 00 20 00 C0 24 00 C0 ..........
>> >> ..$..
>> >> > 0010: 28 00 00 3D 00 C0 26 00 C0 2A 00 00 6B 00 00 6A
>> >> (..=..&..*..k..j
>> >> > 0020: 00 C0 0A 07 00 C0 00 C0 14 00 00 35 00 C0 05 00
>> >> ...........5....
>> >> > 0030: C0 0F 00 00 39 00 00 38 00 C0 23 00 C0 27 00 00
>> >> ....9..8..#..'..
>> >> > 0040: 3C 00 C0 25 00 C0 29 00 00 67 00 00 40 00 C0 09
>> <..%..)..g..@
>> >> ...
>> >> > 0050: 06 00 40 00 C0 13 00 00 2F 00 C0 04 01 00 80 00
>> >> ..@...../.......
>> >> > 0060: C0 0E 00 00 33 00 00 32 00 C0 07 05 00 80 00 C0
>> >> ....3..2........
>> >> > 0070: 11 00 00 05 00 C0 02 00 C0 0C 00 C0 08 00 C0 12
>> >> ................
>> >> > 0080: 00 00 0A 07 00 C0 00 C0 03 02 00 80 00 C0 0D 00
>> >> ................
>> >> > 0090: 00 16 00 00 13 00 00 04 01 00 80 00 00 FF 54 49
>> >> ..............TI
>> >> > 00A0: 66 8B B7 D1 2F 94 36 CA 62 08 BF DE 7A F8 50 BE
>> >> f.../.6.b...z.P.
>> >> > 00B0: 35 58 80 82 7E 6C 64 52 64 C5 D5 1F 59 60
>> 5X...ldRd...Y`
>> >> > <Oct 23, 2014 4:35:23 PM EDT> <Debug> <SecuritySSL> <BEA-000000>
>> >> > <[Thread[[ACTIVE] ExecuteThread: '0' for queue:
>> >> 'weblogic.kernel.Default (self-
>> >> > tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseadapter:
>> SSLENGINE:
>> >> > SSLEngine.wrap(ByteBuffer,ByteBuffer)
>> >> > called: result=Status = OK HandshakeStatus = NEED_UNWRAP
>> >> > bytesConsumed =
>> >> > 0 bytesProduced = 190.> <Oct 23, 2014 4:35:23 PM EDT> <Debug>
>> >> > <SecuritySSL> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '0' for
>> >> queue:
>> >> > 'weblogic.kernel.Default (self-tuning)',5,Pooled
>> >> > Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE:
>> >> > SSLEngine.unwrap(ByteBuffer,ByteBuffer
>> >> > []) called: result=Status = BUFFER_UNDERFLOW HandshakeStatus =
>> >> > NEED_UNWRAP bytesConsumed = 0 bytesProduced = 0.> [Raw read]: length
>> = 5
>> >> > 0000: 15 03 03 00 02 .....
>> >> > [Raw read]: length = 2
>> >> > 0000: 02 28 .(
>> >> > [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default
>> >> (self-tuning)',
>> >> > READ: TLSv1.2 Alert, length = 2 [ACTIVE] ExecuteThread: '0' for
>> queue:
>> >> > 'weblogic.kernel.Default (self-tuning)', RECV TLSv1 ALERT: fatal,
>> >> > handshake_failure [ACTIVE] ExecuteThread: '0' for queue:
>> >> > 'weblogic.kernel.Default (self-tuning)', fatal: engine already
>> closed.
>> >> > Rethrowing javax.net.ssl.SSLException: Received fatal alert:
>> >> handshake_failure
>> >> > [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default
>> >> (self-tuning)',
>> >> > fatal: engine already closed. Rethrowing javax.net.ssl.SSLException:
>> >> Received
>> >> > fatal alert: handshake_failure <Oct 23, 2014 4:35:23 PM EDT>
>> >> > <Debug> <SecuritySSL> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread:
>> >> > '0' for
>> >> queue:
>> >> > 'weblogic.kernel.Default (self-tuning)',5,Pooled
>> >> > Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE: Exception
>> >> occurred
>> >> > during SSLEngine.un wrap(ByteBuffer,ByteBuffer[]).
>> >> > javax.net.ssl.SSLException: Received fatal alert: handshake_failure
>> >> > at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
>> >> > at
>> sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1619)
>> >> > at
>> sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1587)
>> >> > at
>> >> sun.security.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1756)
>> >> > at
>> >> sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1060)
>> >> > at
>> >> sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:884)
>> >> > at
>> sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:758)
>> >> > at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:664)
>> >> > at
>> >> >
>> >> weblogic.security.SSL.jsseadapter.JaSSLEngine$5.run(JaSSLEngine.java:
>> >> 134)
>> >> > at
>> >> >
>> >> weblogic.security.SSL.jsseadapter.JaSSLEngine.doAction(JaSSLEngine.ja
>> >> va:732)
>> >> > at
>> >> >
>> >> weblogic.security.SSL.jsseadapter.JaSSLEngine.unwrap(JaSSLEngine.java
>> >> :132)
>> >> > at
>> >> weblogic.socket.JSSEFilterImpl.unwrap(JSSEFilterImpl.java:505)
>> >> > at
>> >> >
>> >> weblogic.socket.JSSEFilterImpl.unwrapAndHandleResults(JSSEFilterImpl.
>> >> java:44
>> >> > 8)
>> >> > at
>> >> weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:80)
>> >> > at
>> >> weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:64)
>> >> > at
>> >> weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:59)
>> >> > at
>> weblogic.socket.JSSEFilterImpl.write(JSSEFilterImpl.java:390)
>> >> > at
>> >> > weblogic.socket.JSSESocket$JSSEOutputStream.write(JSSESocket.java:89)
>> >> > at
>> >> >
>> java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
>> >> > at
>> >> java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
>> >> > at
>> java.io.FilterOutputStream.flush(FilterOutputStream.java:140)
>> >> > at
>> >> >
>> >> weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.j
>> >> ava:1
>> >> > 86)
>> >> > at
>> >> >
>> >> weblogic.net.http.HttpURLConnection.getOutputStream(HttpURLConnection
>> >> .jav
>> >> > a:280)
>> >> > at
>> >> > org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectio
>> >> > nWra
>> >> > ppedOutputStream.setupWrappedStream(URLConnectionHTTPConduit.java:1
>> >> > 68
>> >> > )
>> >> > at
>> >> > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handl
>> >> > eHea
>> >> > dersTrustCaching(HTTPConduit.java:1278)
>> >> > at
>> >> >
>> >> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirst
>> >> Writ
>> >> > e(HTTPConduit.java:1234)
>> >> > at
>> >> > org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectio
>> >> > nWra
>> >> > ppedOutputStream.onFirstWrite(URLConnectionHTTPConduit.java:195)
>> >> > at
>> >> > org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrapped
>> >> > Outpu
>> >> > tStream.java:47)
>> >> > at
>> >> >
>> >> org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThresho
>> >> ldOutp
>> >> > utStream.java:69)
>> >> > at
>> >> > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close
>> >> > (HTTP
>> >> > Conduit.java:1291)
>> >> > at
>> >> org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:5
>> >> 6)
>> >> > at
>> >> org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:623)
>> >> > at
>> >> > org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEn
>> >> > dingI
>> >> > nterceptor.handleMessage(MessageSenderInterceptor.java:62)
>> >> > at
>> >> >
>> >> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseIntercept
>> >> orChai
>> >> > n.java:271)
>> >> > at
>> >> org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:541)
>> >> > at
>> >> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:474)
>> >> > at
>> >> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:377)
>> >> > at
>> >> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:330)
>> >> > at
>> >> org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
>> >> > at
>> >> >
>> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:134)
>> >> > at com.sun.proxy.$Proxy258.startTransaction(Unknown Source)
>> >> > at
>> >> >
>> >> com.optimal.identity.gateway.equifax.eidverify.VerifyClient.initiateV
>> >> erification(
>> >> > VerifyClient.java:87)
>> >> > at
>> >> >
>> >> com.optimal.identity.gateway.equifax.eidverify.VerifyGateway.submitIn
>> >> itial(Ve
>> >> > rifyGateway.java:24)
>> >> > at
>> >> >
>> >> com.optimal.identity.service.IdentificationServiceImpl.submitInitial(
>> >> Identificatio
>> >> > nServiceImpl.java:147)
>> >> > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
>> Method)
>> >> > at
>> >> >
>> >>
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:
>> >> > 57)
>> >> > at
>> >> >
>> >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
>> >> sorI
>> >> > mpl.java:43)
>> >> > at java.lang.reflect.Method.invoke(Method.java:606)
>> >> > at
>> >> >
>> >> org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflecti
>> >> on(Aop
>> >> > Utils.java:317)
>> >> > at
>> >> >
>> >> org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJo
>> >> inpo
>> >> > int(ReflectiveMethodInvocation.java:183)
>> >> > at
>> >> >
>> >> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(
>> >> Refl
>> >> > ectiveMethodInvocation.java:150)
>> >> > at
>> >> >
>> >> org.springframework.transaction.interceptor.TransactionInterceptor.in
>> >> voke(Tra
>> >> > nsactionInterceptor.java:110)
>> >> > at
>> >> >
>> >> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(
>> >> Refl
>> >> > ectiveMethodInvocation.java:172)
>> >> > at
>> >> > org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDyna
>> >> > mic
>> >> > AopProxy.java:204)
>> >> > at com.sun.proxy.$Proxy211.submitInitial(Unknown Source)
>> >> > at
>> >> >
>> >> com.optimal.identity.web.rest.IdentificationController.create(Identif
>> >> icationCont
>> >> > roller.java:133)
>> >> > at
>> >> >
>> >> com.optimal.identity.web.rest.IdentificationController$$FastClassByCG
>> >> LIB$$95f
>> >> > 388d3.invoke(<generated>)
>> >> > at
>> >> >
>> org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
>> >> > at
>> >> > org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocati
>> >> > on.in
>> >> > vokeJoinpoint(CglibAopProxy.java:698)
>> >> > at
>> >> >
>> >> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(
>> >> Refl
>> >> > ectiveMethodInvocation.java:150)
>> >> > at
>> >> >
>> >> org.springframework.security.access.intercept.aopalliance.MethodSecur
>> >> ityInter
>> >> > ceptor.invoke(MethodSecurityInterceptor.java:64)
>> >> > at
>> >> >
>> >> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(
>> >> Refl
>> >> > ectiveMethodInvocation.java:172)
>> >> > at
>> >> > org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInter
>> >> > cept
>> >> > or.intercept(CglibAopProxy.java:631)
>> >> > at
>> >> >
>> >> com.optimal.identity.web.rest.IdentificationController$$EnhancerByCGL
>> >> IB$$36
>> >> > b7b48f.create(<generated>)
>> >> > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
>> Method)
>> >> > at
>> >> >
>> >>
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:
>> >> > 57)
>> >> > at
>> >> >
>> >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
>> >> sorI
>> >> > mpl.java:43)
>> >> > at java.lang.reflect.Method.invoke(Method.java:606)
>> >> > at
>> >> > org.springframework.web.method.support.InvocableHandlerMethod.invok
>> >> > e(Inv
>> >> > ocableHandlerMethod.java:219)
>> >> > at
>> >> > org.springframework.web.method.support.InvocableHandlerMethod.invok
>> >> > eFor
>> >> > Request(InvocableHandlerMethod.java:132)
>> >> > at
>> >> >
>> >> org.springframework.web.servlet.mvc.method.annotation.ServletInvocabl
>> >> eHan
>> >> > dlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:104)
>> >> > at
>> >> > org.springframework.web.servlet.mvc.method.annotation.RequestMappin
>> >> > gHan
>> >> > dlerAdapter.invokeHandleMethod(RequestMappingHandlerAdapter.java:745)
>> >> > at
>> >> > org.springframework.web.servlet.mvc.method.annotation.RequestMappin
>> >> > gHan
>> >> > dlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:686)
>> >> > at
>> >> >
>> org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.
>> >> > handle(AbstractHandlerMethodAdapter.java:80)
>> >> > at
>> >> >
>> >> org.springframework.web.servlet.DispatcherServlet.doDispatch(Dispatch
>> >> erServl
>> >> > et.java:925)
>> >> > at
>> >> >
>> >> org.springframework.web.servlet.DispatcherServlet.doService(Dispatche
>> >> rServle
>> >> > t.java:856)
>> >> > at
>> >> > org.springframework.web.servlet.FrameworkServlet.processRequest(Fra
>> >> > mewor
>> >> > kServlet.java:920)
>> >> > at
>> >> >
>> >> org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServ
>> >> let.j
>> >> > ava:827)
>> >> > at
>> javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
>> >> > at
>> >> >
>> >>
>> org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.
>> >> > java:801)
>> >> > at
>> javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
>> >> > at
>> >> >
>> >> weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run
>> >> (StubSecu
>> >> > rityHelper.java:227)
>> >> > at
>> >> >
>> >> weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecuri
>> >> tyHelper.j
>> >> > ava:125)
>> >> > at
>> >> >
>> >> weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.jav
>> >> a:301)
>> >> > at
>> >> weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
>> >> > at
>> >> >
>> >> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.ja
>> >> va:56)
>> >> > at
>> >> >
>> >> org.springframework.web.filter.ShallowEtagHeaderFilter.doFilterIntern
>> >> al(Shallo
>> >> > wEtagHeaderFilter.java:73)
>> >> > at
>> >> >
>> >> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerR
>> >> equest
>> >> > Filter.java:107)
>> >> > at
>> >> >
>> >> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(D
>> >> elegati
>> >> > ngFilterProxy.java:346)
>> >> > at
>> >> >
>> >> org.springframework.web.filter.DelegatingFilterProxy.doFilter(Delegat
>> >> ingFilter
>> >> > Proxy.java:259)
>> >> > at
>> >> >
>> >> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.ja
>> >> va:56)
>> >> > at
>> >> >
>> >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
>> >> doFilter(
>> >> > FilterChainProxy.java:330)
>> >> > at
>> >> >
>> >> org.springframework.security.web.access.intercept.FilterSecurityInter
>> >> ceptor.inv
>> >> > oke(FilterSecurityInterceptor.java:118)
>> >> > at
>> >> >
>> >> org.springframework.security.web.access.intercept.FilterSecurityInter
>> >> ceptor.do
>> >> > Filter(FilterSecurityInterceptor.java:84)
>> >> > at
>> >> >
>> >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
>> >> doFilter(
>> >> > FilterChainProxy.java:342)
>> >> > at
>> >> >
>> >> org.springframework.security.web.access.ExceptionTranslationFilter.do
>> >> Filter(Ex
>> >> > ceptionTranslationFilter.java:113)
>> >> > at
>> >> >
>> >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
>> >> doFilter(
>> >> > FilterChainProxy.java:342)
>> >> > at
>> >> >
>> >> org.springframework.security.web.authentication.AnonymousAuthenticati
>> >> onFilt
>> >> > er.doFilter(AnonymousAuthenticationFilter.java:113)
>> >> > at
>> >> >
>> >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
>> >> doFilter(
>> >> > FilterChainProxy.java:342)
>> >> > at
>> >> >
>> >> org.springframework.security.web.servletapi.SecurityContextHolderAwar
>> >> eRequ
>> >> > estFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
>> >> > at
>> >> >
>> >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
>> >> doFilter(
>> >> > FilterChainProxy.java:342)
>> >> > at
>> >> >
>> >> org.springframework.security.web.authentication.www.BasicAuthenticati
>> >> onFilt
>> >> > er.doFilter(BasicAuthenticationFilter.java:201)
>> >> > at
>> >> >
>> >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
>> >> doFilter(
>> >> > FilterChainProxy.java:342)
>> >> > at
>> >> >
>> >> org.springframework.security.web.context.SecurityContextPersistenceFi
>> >> lter.doF
>> >> > ilter(SecurityContextPersistenceFilter.java:87)
>> >> > at
>> >> >
>> >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
>> >> doFilter(
>> >> > FilterChainProxy.java:342)
>> >> > at
>> >> >
>> >> org.springframework.security.web.FilterChainProxy.doFilterInternal(Fi
>> >> lterChain
>> >> > Proxy.java:192)
>> >> > at
>> >> >
>> >> org.springframework.security.web.FilterChainProxy.doFilter(FilterChai
>> >> nProxy.ja
>> >> > va:160)
>> >> > at
>> >> >
>> >> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(D
>> >> elegati
>> >> > ngFilterProxy.java:346)
>> >> > at
>> >> >
>> >> org.springframework.web.filter.DelegatingFilterProxy.doFilter(Delegat
>> >> ingFilter
>> >> > Proxy.java:259)
>> >> > at
>> >> >
>> >> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.ja
>> >> va:56)
>> >> > at
>> >> >
>> >> com.optimal.rest.loggerfilter.LoggerFilter.doFilterInternal(LoggerFil
>> >> ter.java:16
>> >> > 9)
>> >> > at
>> >> >
>> >> com.optimal.rest.loggerfilter.LoggerFilter.doFilter(LoggerFilter.java
>> >> :123)
>> >> > at
>> >> >
>> >> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(D
>> >> elegati
>> >> > ngFilterProxy.java:346)
>> >> > at
>> >> >
>> >> org.springframework.web.filter.DelegatingFilterProxy.doFilter(Delegat
>> >> ingFilter
>> >> > Proxy.java:259)
>> >> > at
>> >> >
>> >> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.ja
>> >> va:56)
>> >> > at
>> >> >
>> >> com.optimal.web.spring.filter.ApplicationUidFilter.doFilterInternal(A
>> >> pplicationU
>> >> > idFilter.java:51)
>> >> > at
>> >> >
>> >> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerR
>> >> equest
>> >> > Filter.java:107)
>> >> > at
>> >> >
>> >> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(D
>> >> elegati
>> >> > ngFilterProxy.java:346)
>> >> > at
>> >> >
>> >> org.springframework.web.filter.DelegatingFilterProxy.doFilter(Delegat
>> >> ingFilter
>> >> > Proxy.java:259)
>> >> > at
>> >> >
>> >> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.ja
>> >> va:56)
>> >> > at
>> >> >
>> >> weblogic.servlet.internal.WebAppServletContext$ServletInvocationActio
>> >> n.wrap
>> >> > Run(WebAppServletContext.java:3730)
>> >> > at
>> >> >
>> >> weblogic.servlet.internal.WebAppServletContext$ServletInvocationActio
>> >> n.run(
>> >> > WebAppServletContext.java:3696)
>> >> > at
>> >> >
>> >> weblogic.security.acl.internal.AuthenticatedSubject.doAs(Authenticate
>> >> dSubject.j
>> >> > ava:321)
>> >> > at
>> >> >
>> >> weblogic.security.service.SecurityManager.runAs(SecurityManager.java:
>> >> 120)
>> >> > at
>> >> >
>> >> weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppS
>> >> ervl
>> >> > etContext.java:2273)
>> >> > at
>> >> >
>> >> weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletC
>> >> onte
>> >> > xt.java:2179)
>> >> > at
>> >> >
>> >> weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.j
>> >> ava:1490
>> >> > )
>> >> > at
>> weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
>> >> > at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
>> >> > >
>> >> > AVIS IMPORTANT
>> >> >
>> >> > WARNING
>> >> >
>> >> >
>> >> > Ce message ?lectronique et ses pi?ces jointes peuvent contenir des
>> >> > renseignements confidentiels, exclusifs ou l?galement privil?gi?s
>> >> destin?s au
>> >> > seul usage du destinataire vis?. L'exp?diteur original ne renonce ?
>> >> aucun
>> >> > privil?ge ou ? aucun autre droit si le pr?sent message a ?t?
>> >> > transmis involontairement ou s'il est retransmis sans son
>> >> > autorisation. Si vous
>> >> n'?tes pas
>> >> > le destinataire vis? du pr?sent message ou si vous l'avez re?u par
>> >> erreur,
>> >> > veuillez cesser imm?diatement de le lire et le supprimer, ainsi que
>> >> toutes ses
>> >> > pi?ces jointes, de votre syst?me. La lecture, la distribution, la
>> >> > copie
>> >> ou tout
>> >> > autre usage du pr?sent message ou de ses pi?ces jointes par des
>> >> personnes
>> >> > autres que le destinataire vis? ne sont pas autoris?s et pourraient
>> >> ?tre ill?gaux.
>> >> > Si vous avez re?u ce courrier ?lectronique par erreur, veuillez en
>> >> aviser
>> >> > l'exp?diteur.
>> >> >
>> >> >
>> >> > This electronic message and its attachments may contain
>> >> > confidential, proprietary or legally privileged information, which
>> >> > is solely for the
>> >> use of the
>> >> > intended recipient. No privilege or other rights are waived by any
>> >> unintended
>> >> > transmission or unauthorized retransmission of this message. If you
>> >> > are
>> >> not the
>> >> > intended recipient of this message, or if you have received it in
>> >> error, you
>> >> > should immediately stop reading this message and delete it and all
>> >> > attachments from your system. The reading, distribution, copying or
>> >> other use
>> >> > of this message or its attachments by unintended recipients is
>> >> unauthorized and
>> >> > may be unlawful. If you have received this e-mail in error, please
>> >> notify the
>> >> > sender.
>> >> >
>> >> > --
>> >> > WARNING
>> >> > -------
>> >> > This electronic message and its attachments may contain
>> >> > confidential, proprietary or legally privileged information, which
>> >> > is solely for the
>> >> use of the
>> >> > intended recipient. No privilege or other rights are waived by any
>> >> unintended
>> >> > transmission or unauthorized retransmission of this message. If
>> >> > you
>> >> are not the
>> >> > intended recipient of this message, or if you have received it in
>> >> error, you
>> >> > should immediately stop reading this message and delete it and all
>> >> > attachments from your system. The reading, distribution, copying
>> >> > or
>> >> other use
>> >> > of this message or its attachments by unintended recipients is
>> >> unauthorized and
>> >> > may be unlawful. If you have received this e-mail in error, please
>> >> notify the
>> >> > sender.
>> >> >
>> >> > AVIS IMPORTANT
>> >> > --------------
>> >> > Ce message electronique et ses pieces jointes peuvent contenir des
>> >> > renseignements confidentiels, exclusifs ou legalement privilegies
>> >> destines au
>> >> > seul usage du destinataire vise. L'expediteur original ne renonce
>> >> > a
>> >> aucun
>> >> > privilege ou a aucun autre droit si le present message a ete
>> >> > transmis involontairement ou s'il est retransmis sans son
>> >> > autorisation. Si vous
>> >> n'etes pas
>> >> > le destinataire vise du present message ou si vous l'avez recu par
>> >> erreur,
>> >> > veuillez cesser immediatement de le lire et le supprimer, ainsi que
>> >> toutes ses
>> >> > pieces jointes, de votre systeme. La lecture, la distribution, la
>> >> copie ou tout
>> >> > autre usage du present message ou de ses pieces jointes par des
>> >> personnes
>> >> > autres que le destinataire vise ne sont pas autorises et pourraient
>> >> etre illegaux.
>> >> > Si vous avez recu ce courrier electronique par erreur, veuillez en
>> >> aviser
>> >> > l'expediteur.
>> >> >
>> >> >
>> >> > --
>> >> > WARNING
>> >> > -------
>> >> > This electronic message and its attachments may contain
>> >> > confidential, proprietary or legally privileged information, which
>> >> > is solely for the
>> >> use of the
>> >> > intended recipient. No privilege or other rights are waived by any
>> >> unintended
>> >> > transmission or unauthorized retransmission of this message. If
>> >> > you
>> >> are not the
>> >> > intended recipient of this message, or if you have received it in
>> >> error, you
>> >> > should immediately stop reading this message and delete it and all
>> >> > attachments from your system. The reading, distribution, copying
>> >> > or
>> >> other use
>> >> > of this message or its attachments by unintended recipients is
>> >> unauthorized and
>> >> > may be unlawful. If you have received this e-mail in error, please
>> >> notify the
>> >> > sender.
>> >> >
>> >> > AVIS IMPORTANT
>> >> > --------------
>> >> > Ce message ?lectronique et ses pi?ces jointes peuvent contenir des
>> >> > renseignements confidentiels, exclusifs ou l?galement privil?gi?s
>> >> destin?s au
>> >> > seul usage du destinataire vis?. L'exp?diteur original ne renonce ?
>> >> aucun
>> >> > privil?ge ou ? aucun autre droit si le pr?sent message a ?t?
>> >> > transmis involontairement ou s'il est retransmis sans son
>> >> > autorisation. Si vous
>> >> n'?tes pas
>> >> > le destinataire vis? du pr?sent message ou si vous l'avez re?u par
>> >> erreur,
>> >> > veuillez cesser imm?diatement de le lire et le supprimer, ainsi que
>> >> toutes ses
>> >> > pi?ces jointes, de votre syst?me. La lecture, la distribution, la
>> >> copie ou tout
>> >> > autre usage du pr?sent message ou de ses pi?ces jointes par des
>> >> personnes
>> >> > autres que le destinataire vis? ne sont pas autoris?s et pourraient
>> >> ?tre ill?gaux.
>> >> > Si vous avez re?u ce courrier ?lectronique par erreur, veuillez en
>> >> aviser
>> >> > l'exp?diteur.
>> >> >
>> >> > --
>> >> > WARNING
>> >> > -------
>> >> > This electronic message and its attachments may contain
>> >> > confidential, proprietary or legally privileged information, which
>> >> > is solely for the
>> >> use of the
>> >> > intended recipient. No privilege or other rights are waived by any
>> >> unintended
>> >> > transmission or unauthorized retransmission of this message. If
>> >> > you
>> >> are not the
>> >> > intended recipient of this message, or if you have received it in
>> >> error, you
>> >> > should immediately stop reading this message and delete it and all
>> >> > attachments from your system. The reading, distribution, copying
>> >> > or
>> >> other use
>> >> > of this message or its attachments by unintended recipients is
>> >> unauthorized and
>> >> > may be unlawful. If you have received this e-mail in error, please
>> >> notify the
>> >> > sender.
>> >> >
>> >> > AVIS IMPORTANT
>> >> > --------------
>> >> > Ce message electronique et ses pieces jointes peuvent contenir des
>> >> > renseignements confidentiels, exclusifs ou legalement privilegies
>> >> destines au
>> >> > seul usage du destinataire vise. L'expediteur original ne renonce
>> >> > a
>> >> aucun
>> >> > privilege ou a aucun autre droit si le present message a ete
>> >> > transmis involontairement ou s'il est retransmis sans son
>> >> > autorisation. Si vous
>> >> n'etes pas
>> >> > le destinataire vise du present message ou si vous l'avez recu par
>> >> erreur,
>> >> > veuillez cesser immediatement de le lire et le supprimer, ainsi que
>> >> toutes ses
>> >> > pieces jointes, de votre systeme. La lecture, la distribution, la
>> >> copie ou tout
>> >> > autre usage du present message ou de ses pieces jointes par des
>> >> personnes
>> >> > autres que le destinataire vise ne sont pas autorises et pourraient
>> >> etre illegaux.
>> >> > Si vous avez recu ce courrier electronique par erreur, veuillez en
>> >> aviser
>> >> > l'expediteur.
>> >>
>> >>
>>
>> --
>> WARNING
>> -------
>> This electronic message and its attachments may contain confidential,
>> proprietary or legally privileged information, which is solely for the use
>> of the intended recipient. No privilege or other rights are waived by any
>> unintended transmission or unauthorized retransmission of this message. If
>> you are not the intended recipient of this message, or if you have received
>> it in error, you should immediately stop reading this message and delete it
>> and all attachments from your system. The reading, distribution, copying
>> or other use of this message or its attachments by unintended recipients is
>> unauthorized and may be unlawful. If you have received this e-mail in
>> error, please notify the sender.
>>
>> AVIS IMPORTANT
>> --------------
>> Ce message électronique et ses pièces jointes peuvent contenir des
>> renseignements confidentiels, exclusifs ou légalement privilégiés destinés
>> au seul usage du destinataire visé. L’expéditeur original ne renonce à
>> aucun privilège ou à aucun autre droit si le présent message a été transmis
>> involontairement ou s’il est retransmis sans son autorisation. Si vous
>> n’êtes pas le destinataire visé du présent message ou si vous l’avez reçu
>> par erreur, veuillez cesser immédiatement de le lire et le supprimer, ainsi
>> que toutes ses pièces jointes, de votre système. La lecture, la
>> distribution, la copie ou tout autre usage du présent message ou de ses
>> pièces jointes par des personnes autres que le destinataire visé ne sont
>> pas autorisés et pourraient être illégaux. Si vous avez reçu ce courrier
>> électronique par erreur, veuillez en aviser l’expéditeur.
>>
>>
>
Re: How to Disable SSLv2 client hello in CXF?
Posted by Jason Pell <ja...@pellcorp.com>.
Hi,
I run embedded jetty container
Sorry I forgot that you were running weblogic when I responded. In that
case do you even use the embedded jetty container? I am guessing no. If
not, then you would need to use the standard weblogic ssl configuration.
I don't believe CXF is responsible for any of the ssl config in that case.
But then I am not very knowledgeable of cxf deployed to a j2ee container
sorry.
Sorry for the runaround and wasting your time
Regards
Jason
On Tue, Oct 28, 2014 at 2:33 AM, David Roytenberg (Consultant) <
David.Roytenberg@optimalpayments.com> wrote:
> Hi Jason,
>
> Are you running on WebLogic by any chance? When I configured the
> properties in the deployment to point to the WebLogic default key store and
> trust store, I get a java.security.UnrecoverableKeyException while trying
> to deploy my application. Did you encounter this problem?
>
> Here's my config:
>
> <constructor-arg>
> <list>
> <bean
> class="com.pellcorp.server.jetty.JettyHttpEngineConfig">
> <property name="uri" value="
> https://localhost:7002" />
> <property name="keyStoreFile"
> value="/opt/weblogic_11/wlserver_10.3/server/lib/DemoIdentity.jks" />
> <property name="keyStorePassword"
> value="DemoIdentityKeyStorePassPhrase" />
> <property name="trustStoreFile"
> value="/opt/weblogic_11/wlserver_10.3/server/lib/DemoTrust.jks" />
> <property
> name="trustStorePassword" value="DemoTrustKeyStorePassPhrase" />
> <property
> name="secureSocketProtocol" value="TLSv1" />
> </bean>
>
> <bean
> class="com.pellcorp.server.jetty.JettyHttpEngineConfig">
> <property name="uri" value="
> https://localhost:7002" />
> <property name="keyStoreFile"
> value="/opt/weblogic_11/wlserver_10.3/server/lib/DemoIdentity.jks" />
> <property name="keyStorePassword"
> value="DemoIdentityKeyStorePassPhrase" />
> <property
> name="secureSocketProtocol" value="TLSv1" />
> </bean>
> </list>
> </constructor-arg>
>
> David
>
> -----Original Message-----
> From: jasonmpell@gmail.com [mailto:jasonmpell@gmail.com] On Behalf Of
> Jason Pell
> Sent: Monday, October 27, 2014 7:23 AM
> To: users@cxf.apache.org
> Subject: Re: How to Disable SSLv2 client hello in CXF?
>
> Hi,
>
> Here is a sample of using your own custom version of the jetty factory in
> your spring context. It is pretty invasive, so its actually better to wait
> for 2.7.14 and take advantage of the code already there. I use this code
> for other reasons though, as it allows me to configure the trust / key
> stores via spring properties.
>
>
> https://github.com/pellcorp/cxf/tree/master/JavaFirst/src/main/java/com/pellcorp/server/jetty
>
>
>
> A sample spring context:
>
>
> https://github.com/pellcorp/cxf/blob/master/JavaFirst/src/main/resources/META-INF/samlApplicationContext.xml
>
>
>
>
> On Mon, Oct 27, 2014 at 9:44 PM, Jason Pell <ja...@pellcorp.com> wrote:
>
> > That setting won't actually control what protocols jetty will actually
> > use. I think it just controls what the highest protocol is used.
> >
> > The excluded protocols list needs to include the sslv2 setting.
> >
> > we actually overrode the jetty factory jetty engine and one other
> > class to get access to the SSL context to configure the excluded
> > protocols. Not pretty but we can't wait for 2.7.14.
> >
> > If you are interested I shall post our classes to my git repo.
> >
> > Let me know
> > On 27/10/2014 8:14 PM, "Andrei Shakirin" <as...@talend.com> wrote:
> >
> >> Hi,
> >>
> >> I guess you mean TLSClientParameters.secureSocketProtocol in Conduit.
> >>
> >> As far as I can see this parameter is used for creating
> >> java.net.ssl.SSLContext:
> >> String protocol = parameters.getSecureSocketProtocol() != null ?
> >> parameters
> >> .getSecureSocketProtocol() : "TLS";
> >>
> >> The setting should work. How you apply conduit settings:
> >> programmatically or via spring configuration?
> >> Could you past the code snapshot?
> >>
> >> Regards,
> >> Andrei.
> >>
> >> > -----Original Message-----
> >> > From: David Roytenberg (Consultant)
> >> > [mailto:David.Roytenberg@optimalpayments.com]
> >> > Sent: Freitag, 24. Oktober 2014 17:46
> >> > To: users@cxf.apache.org
> >> > Subject: RE: How to Disable SSLv2 client hello in CXF?
> >> >
> >> > Hello again.
> >> >
> >> > I've dug further into the CXF documentation and found that it is
> >> possible to
> >> > programmatically set the SSL protocols on the TLSProperties object
> >> > of
> >> the
> >> > Conduit.
> >> >
> >> > I've created the TLS properties and set the SSL protocols to TLS1,
> >> > but
> >> this does
> >> > not change the SSL behavior, which still starts with TLSv1.2 then
> >> > sends
> >> the hello
> >> > with SSLv2 which is then dropped on the client end. Is there
> >> > another
> >> switch that
> >> > has to be set to over-ride the default SSL behavior?
> >> >
> >> > David
> >> >
> >> > -----Original Message-----
> >> > From: David Roytenberg (Consultant)
> >> > [mailto:David.Roytenberg@optimalpayments.com]
> >> > Sent: Thursday, October 23, 2014 4:57 PM
> >> > To: users@cxf.apache.org
> >> > Subject: How to Disable SSLv2 client hello in CXF?
> >> >
> >> > I'm having an SSL problem and I wonder if there is a way to fix it
> >> within CXF
> >> >
> >> > We have our CXF 2.7.6 based integration deployed on Weblogic 11.
> >> > We are using JDK 1.7_065
> >> >
> >> > When we connect to our remote client via SSL we get the following
> >> > trace
> >> with
> >> > lots of SSL debugging turned on
> >> >
> >> > What appears to be happening is that the Hello message is sent with
> >> > an
> >> SSLV2
> >> > protocol, which our partner's server does not like. Apparently
> >> > sending
> >> the
> >> > Hello at this level is a common behavior and apparently it
> >> > sometimes
> >> causes
> >> > the remote server to fail. I found a suggestion on line that this
> >> > can
> >> be fixed by
> >> > removing the SSLv2 from the allowed protocols. I am wondering if I
> >> > can
> >> do that
> >> > through CFX configuration?
> >> >
> >> > This is a reference to the article that suggests that removing the
> >> protocol is the
> >> > solution to this problem:
> >> >
> >> >
> >> http://stackoverflow.com/questions/4682957/why-does-javas-sslsocket-s
> >> end-a-
> >> > version-2-client-hello
> >> >
> >> > The protocols are apparently set on the SSLContext in JSSE by
> >> > calling setEnabledProtocols(String[] protocols)
> >> >
> >> > Is there a way to set the enabled protocols on the SSLContext via
> >> > CXF configuration?
> >> >
> >> > If not, is there a way to get hold of the SSLContext
> >> > programmatically
> >> in a CXF
> >> > interceptor?
> >> >
> >> > We can't fix this problem at the WebLogic level because of
> >> > side-effects
> >> on
> >> > other apps. Thanks in advance for any suggestions or guidance!
> >> >
> >> > WebLogic SSL debug trace follows:
> >> >
> >> > %% No cached client session
> >> > *** ClientHello, TLSv1.2
> >> > RandomCookie: GMT: 1414096267 bytes = { 183, 209, 47, 148, 54,
> >> > 202,
> >> 98, 8,
> >> > 191, 222, 122, 248, 80, 190, 53, 88, 128, 130, 126, 108, 100, 82,
> >> > 100,
> >> 197, 213,
> >> > 31, 89, 96 } Session ID: {} Cipher Suites:
> >> > [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
> >> > TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
> >> > TLS_RSA_WITH_AES_256_CBC_SHA256,
> >> > TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
> >> > TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
> >> > TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS
> >> > _WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
> >> > TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
> >> > TLS_RSA_WITH_AES_256_CBC_SHA,
> >> > TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
> >> > TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
> >> > TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AE
> >> > S_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
> >> > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
> >> > TLS_RSA_WITH_AES_128_CBC_SHA256,
> >> > TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
> >> > TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
> >> > TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_
> >> > WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
> >> > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
> >> > TLS_RSA_WITH_AES_128_CBC_SHA,
> >> > TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
> >> > TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
> >> > TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES
> >> > _128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
> >> > TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA,
> >> > TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA,
> >> > TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
> >> > TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_W
> >> > ITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
> >> > TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
> >> > SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
> >> > SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5,
> >> > TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
> >> > Compression Methods: { 0 }
> >> > Extension elliptic_curves, curve names: {secp256r1, sect163k1,
> >> sect163r2,
> >> > secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1,
> >> secp384r1,
> >> > sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1,
> >> secp160r1,
> >> > secp160r2, sect163r1, secp1 92k1, sect193r1, sect193r2, secp224k1,
> >> sect239k1,
> >> > secp256k1} Extension ec_point_formats, formats: [uncompressed]
> >> > Extension signature_algorithms, signature_algorithms:
> >> > SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA,
> >> > SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA,
> >> > SHA1withECDSA, SHA1withRSA, SHA1withDSA, MD5withRSA
> >> > ***
> >> > [write] MD5 and SHA1 hashes: len = 221
> >> > 0000: 01 00 00 D9 03 03 54 49 66 8B B7 D1 2F 94 36 CA
> >> ......TIf.../.6.
> >> > 0010: 62 08 BF DE 7A F8 50 BE 35 58 80 82 7E 6C 64 52
> >> b...z.P.5X...ldR
> >> > 0020: 64 C5 D5 1F 59 60 00 00 54 C0 24 C0 28 00 3D C0
> >> d...Y`..T.$.(.=.
> >> > 0030: 26 C0 2A 00 6B 00 6A C0 0A C0 14 00 35 C0 05 C0
> >> &.*.k.j.....5...
> >> > 0040: 0F 00 39 00 38 C0 23 C0 27 00 3C C0 25 C0 29 00
> >> ..9.8.#.'.<.%.).
> >> > 0050: 67 00 40 C0 09 C0 13 00 2F C0 04 C0 0E 00 33 00 g.@
> >> ...../.....3.
> >> > 0060: 32 C0 07 C0 11 00 05 C0 02 C0 0C C0 08 C0 12 00
> >> 2...............
> >> > 0070: 0A C0 03 C0 0D 00 16 00 13 00 04 00 FF 01 00 00
> >> ................
> >> > 0080: 5C 00 0A 00 34 00 32 00 17 00 01 00 03 00 13 00
> >> \...4.2.........
> >> > 0090: 15 00 06 00 07 00 09 00 0A 00 18 00 0B 00 0C 00
> >> ................
> >> > 00A0: 19 00 0D 00 0E 00 0F 00 10 00 11 00 02 00 12 00
> >> ................
> >> > 00B0: 04 00 05 00 14 00 08 00 16 00 0B 00 02 01 00 00
> >> ................
> >> > 00C0: 0D 00 1A 00 18 06 03 06 01 05 03 05 01 04 03 04
> >> ................
> >> > 00D0: 01 03 03 03 01 02 03 02 01 02 02 01 01 .............
> >> > [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default
> >> (self-tuning)',
> >> > WRITE: TLSv1.2 Handshake, length = 221 [write] MD5 and SHA1 hashes:
> >> len =
> >> > 188
> >> > 0000: 01 03 03 00 93 00 00 00 20 00 C0 24 00 C0 28 00 ........
> >> ..$..(.
> >> > 0010: 00 3D 00 C0 26 00 C0 2A 00 00 6B 00 00 6A 00 C0
> >> .=..&..*..k..j..
> >> > 0020: 0A 07 00 C0 00 C0 14 00 00 35 00 C0 05 00 C0 0F
> >> .........5......
> >> > 0030: 00 00 39 00 00 38 00 C0 23 00 C0 27 00 00 3C 00
> >> ..9..8..#..'..<.
> >> > 0040: C0 25 00 C0 29 00 00 67 00 00 40 00 C0 09 06 00 .%..)..g..@
> >> .....
> >> > 0050: 40 00 C0 13 00 00 2F 00 C0 04 01 00 80 00 C0 0E
> >> @...../.........
> >> > 0060: 00 00 33 00 00 32 00 C0 07 05 00 80 00 C0 11 00
> >> ..3..2..........
> >> > 0070: 00 05 00 C0 02 00 C0 0C 00 C0 08 00 C0 12 00 00
> >> ................
> >> > 0080: 0A 07 00 C0 00 C0 03 02 00 80 00 C0 0D 00 00 16
> >> ................
> >> > 0090: 00 00 13 00 00 04 01 00 80 00 00 FF 54 49 66 8B
> >> ............TIf.
> >> > 00A0: B7 D1 2F 94 36 CA 62 08 BF DE 7A F8 50 BE 35 58
> >> ../.6.b...z.P.5X
> >> > 00B0: 80 82 7E 6C 64 52 64 C5 D5 1F 59 60 ...ldRd...Y`
> >> > [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default
> >> (self-tuning)',
> >> > WRITE: SSLv2 client hello message, length = 188 [Raw write]: length
> >> > =
> >> 190
> >> > 0000: 80 BC 01 03 03 00 93 00 00 00 20 00 C0 24 00 C0 ..........
> >> ..$..
> >> > 0010: 28 00 00 3D 00 C0 26 00 C0 2A 00 00 6B 00 00 6A
> >> (..=..&..*..k..j
> >> > 0020: 00 C0 0A 07 00 C0 00 C0 14 00 00 35 00 C0 05 00
> >> ...........5....
> >> > 0030: C0 0F 00 00 39 00 00 38 00 C0 23 00 C0 27 00 00
> >> ....9..8..#..'..
> >> > 0040: 3C 00 C0 25 00 C0 29 00 00 67 00 00 40 00 C0 09 <..%..)..g..@
> >> ...
> >> > 0050: 06 00 40 00 C0 13 00 00 2F 00 C0 04 01 00 80 00
> >> ..@...../.......
> >> > 0060: C0 0E 00 00 33 00 00 32 00 C0 07 05 00 80 00 C0
> >> ....3..2........
> >> > 0070: 11 00 00 05 00 C0 02 00 C0 0C 00 C0 08 00 C0 12
> >> ................
> >> > 0080: 00 00 0A 07 00 C0 00 C0 03 02 00 80 00 C0 0D 00
> >> ................
> >> > 0090: 00 16 00 00 13 00 00 04 01 00 80 00 00 FF 54 49
> >> ..............TI
> >> > 00A0: 66 8B B7 D1 2F 94 36 CA 62 08 BF DE 7A F8 50 BE
> >> f.../.6.b...z.P.
> >> > 00B0: 35 58 80 82 7E 6C 64 52 64 C5 D5 1F 59 60
> 5X...ldRd...Y`
> >> > <Oct 23, 2014 4:35:23 PM EDT> <Debug> <SecuritySSL> <BEA-000000>
> >> > <[Thread[[ACTIVE] ExecuteThread: '0' for queue:
> >> 'weblogic.kernel.Default (self-
> >> > tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseadapter:
> SSLENGINE:
> >> > SSLEngine.wrap(ByteBuffer,ByteBuffer)
> >> > called: result=Status = OK HandshakeStatus = NEED_UNWRAP
> >> > bytesConsumed =
> >> > 0 bytesProduced = 190.> <Oct 23, 2014 4:35:23 PM EDT> <Debug>
> >> > <SecuritySSL> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '0' for
> >> queue:
> >> > 'weblogic.kernel.Default (self-tuning)',5,Pooled
> >> > Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE:
> >> > SSLEngine.unwrap(ByteBuffer,ByteBuffer
> >> > []) called: result=Status = BUFFER_UNDERFLOW HandshakeStatus =
> >> > NEED_UNWRAP bytesConsumed = 0 bytesProduced = 0.> [Raw read]: length
> = 5
> >> > 0000: 15 03 03 00 02 .....
> >> > [Raw read]: length = 2
> >> > 0000: 02 28 .(
> >> > [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default
> >> (self-tuning)',
> >> > READ: TLSv1.2 Alert, length = 2 [ACTIVE] ExecuteThread: '0' for queue:
> >> > 'weblogic.kernel.Default (self-tuning)', RECV TLSv1 ALERT: fatal,
> >> > handshake_failure [ACTIVE] ExecuteThread: '0' for queue:
> >> > 'weblogic.kernel.Default (self-tuning)', fatal: engine already closed.
> >> > Rethrowing javax.net.ssl.SSLException: Received fatal alert:
> >> handshake_failure
> >> > [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default
> >> (self-tuning)',
> >> > fatal: engine already closed. Rethrowing javax.net.ssl.SSLException:
> >> Received
> >> > fatal alert: handshake_failure <Oct 23, 2014 4:35:23 PM EDT>
> >> > <Debug> <SecuritySSL> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread:
> >> > '0' for
> >> queue:
> >> > 'weblogic.kernel.Default (self-tuning)',5,Pooled
> >> > Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE: Exception
> >> occurred
> >> > during SSLEngine.un wrap(ByteBuffer,ByteBuffer[]).
> >> > javax.net.ssl.SSLException: Received fatal alert: handshake_failure
> >> > at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
> >> > at
> sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1619)
> >> > at
> sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1587)
> >> > at
> >> sun.security.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1756)
> >> > at
> >> sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1060)
> >> > at
> >> sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:884)
> >> > at
> sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:758)
> >> > at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:664)
> >> > at
> >> >
> >> weblogic.security.SSL.jsseadapter.JaSSLEngine$5.run(JaSSLEngine.java:
> >> 134)
> >> > at
> >> >
> >> weblogic.security.SSL.jsseadapter.JaSSLEngine.doAction(JaSSLEngine.ja
> >> va:732)
> >> > at
> >> >
> >> weblogic.security.SSL.jsseadapter.JaSSLEngine.unwrap(JaSSLEngine.java
> >> :132)
> >> > at
> >> weblogic.socket.JSSEFilterImpl.unwrap(JSSEFilterImpl.java:505)
> >> > at
> >> >
> >> weblogic.socket.JSSEFilterImpl.unwrapAndHandleResults(JSSEFilterImpl.
> >> java:44
> >> > 8)
> >> > at
> >> weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:80)
> >> > at
> >> weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:64)
> >> > at
> >> weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:59)
> >> > at
> weblogic.socket.JSSEFilterImpl.write(JSSEFilterImpl.java:390)
> >> > at
> >> > weblogic.socket.JSSESocket$JSSEOutputStream.write(JSSESocket.java:89)
> >> > at
> >> > java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
> >> > at
> >> java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
> >> > at
> java.io.FilterOutputStream.flush(FilterOutputStream.java:140)
> >> > at
> >> >
> >> weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.j
> >> ava:1
> >> > 86)
> >> > at
> >> >
> >> weblogic.net.http.HttpURLConnection.getOutputStream(HttpURLConnection
> >> .jav
> >> > a:280)
> >> > at
> >> > org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectio
> >> > nWra
> >> > ppedOutputStream.setupWrappedStream(URLConnectionHTTPConduit.java:1
> >> > 68
> >> > )
> >> > at
> >> > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handl
> >> > eHea
> >> > dersTrustCaching(HTTPConduit.java:1278)
> >> > at
> >> >
> >> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirst
> >> Writ
> >> > e(HTTPConduit.java:1234)
> >> > at
> >> > org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectio
> >> > nWra
> >> > ppedOutputStream.onFirstWrite(URLConnectionHTTPConduit.java:195)
> >> > at
> >> > org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrapped
> >> > Outpu
> >> > tStream.java:47)
> >> > at
> >> >
> >> org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThresho
> >> ldOutp
> >> > utStream.java:69)
> >> > at
> >> > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close
> >> > (HTTP
> >> > Conduit.java:1291)
> >> > at
> >> org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:5
> >> 6)
> >> > at
> >> org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:623)
> >> > at
> >> > org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEn
> >> > dingI
> >> > nterceptor.handleMessage(MessageSenderInterceptor.java:62)
> >> > at
> >> >
> >> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseIntercept
> >> orChai
> >> > n.java:271)
> >> > at
> >> org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:541)
> >> > at
> >> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:474)
> >> > at
> >> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:377)
> >> > at
> >> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:330)
> >> > at
> >> org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
> >> > at
> >> >
> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:134)
> >> > at com.sun.proxy.$Proxy258.startTransaction(Unknown Source)
> >> > at
> >> >
> >> com.optimal.identity.gateway.equifax.eidverify.VerifyClient.initiateV
> >> erification(
> >> > VerifyClient.java:87)
> >> > at
> >> >
> >> com.optimal.identity.gateway.equifax.eidverify.VerifyGateway.submitIn
> >> itial(Ve
> >> > rifyGateway.java:24)
> >> > at
> >> >
> >> com.optimal.identity.service.IdentificationServiceImpl.submitInitial(
> >> Identificatio
> >> > nServiceImpl.java:147)
> >> > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> >> > at
> >> >
> >>
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:
> >> > 57)
> >> > at
> >> >
> >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
> >> sorI
> >> > mpl.java:43)
> >> > at java.lang.reflect.Method.invoke(Method.java:606)
> >> > at
> >> >
> >> org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflecti
> >> on(Aop
> >> > Utils.java:317)
> >> > at
> >> >
> >> org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJo
> >> inpo
> >> > int(ReflectiveMethodInvocation.java:183)
> >> > at
> >> >
> >> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(
> >> Refl
> >> > ectiveMethodInvocation.java:150)
> >> > at
> >> >
> >> org.springframework.transaction.interceptor.TransactionInterceptor.in
> >> voke(Tra
> >> > nsactionInterceptor.java:110)
> >> > at
> >> >
> >> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(
> >> Refl
> >> > ectiveMethodInvocation.java:172)
> >> > at
> >> > org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDyna
> >> > mic
> >> > AopProxy.java:204)
> >> > at com.sun.proxy.$Proxy211.submitInitial(Unknown Source)
> >> > at
> >> >
> >> com.optimal.identity.web.rest.IdentificationController.create(Identif
> >> icationCont
> >> > roller.java:133)
> >> > at
> >> >
> >> com.optimal.identity.web.rest.IdentificationController$$FastClassByCG
> >> LIB$$95f
> >> > 388d3.invoke(<generated>)
> >> > at
> >> >
> org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
> >> > at
> >> > org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocati
> >> > on.in
> >> > vokeJoinpoint(CglibAopProxy.java:698)
> >> > at
> >> >
> >> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(
> >> Refl
> >> > ectiveMethodInvocation.java:150)
> >> > at
> >> >
> >> org.springframework.security.access.intercept.aopalliance.MethodSecur
> >> ityInter
> >> > ceptor.invoke(MethodSecurityInterceptor.java:64)
> >> > at
> >> >
> >> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(
> >> Refl
> >> > ectiveMethodInvocation.java:172)
> >> > at
> >> > org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInter
> >> > cept
> >> > or.intercept(CglibAopProxy.java:631)
> >> > at
> >> >
> >> com.optimal.identity.web.rest.IdentificationController$$EnhancerByCGL
> >> IB$$36
> >> > b7b48f.create(<generated>)
> >> > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> >> > at
> >> >
> >>
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:
> >> > 57)
> >> > at
> >> >
> >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
> >> sorI
> >> > mpl.java:43)
> >> > at java.lang.reflect.Method.invoke(Method.java:606)
> >> > at
> >> > org.springframework.web.method.support.InvocableHandlerMethod.invok
> >> > e(Inv
> >> > ocableHandlerMethod.java:219)
> >> > at
> >> > org.springframework.web.method.support.InvocableHandlerMethod.invok
> >> > eFor
> >> > Request(InvocableHandlerMethod.java:132)
> >> > at
> >> >
> >> org.springframework.web.servlet.mvc.method.annotation.ServletInvocabl
> >> eHan
> >> > dlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:104)
> >> > at
> >> > org.springframework.web.servlet.mvc.method.annotation.RequestMappin
> >> > gHan
> >> > dlerAdapter.invokeHandleMethod(RequestMappingHandlerAdapter.java:745)
> >> > at
> >> > org.springframework.web.servlet.mvc.method.annotation.RequestMappin
> >> > gHan
> >> > dlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:686)
> >> > at
> >> >
> org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.
> >> > handle(AbstractHandlerMethodAdapter.java:80)
> >> > at
> >> >
> >> org.springframework.web.servlet.DispatcherServlet.doDispatch(Dispatch
> >> erServl
> >> > et.java:925)
> >> > at
> >> >
> >> org.springframework.web.servlet.DispatcherServlet.doService(Dispatche
> >> rServle
> >> > t.java:856)
> >> > at
> >> > org.springframework.web.servlet.FrameworkServlet.processRequest(Fra
> >> > mewor
> >> > kServlet.java:920)
> >> > at
> >> >
> >> org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServ
> >> let.j
> >> > ava:827)
> >> > at
> javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
> >> > at
> >> >
> >>
> org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.
> >> > java:801)
> >> > at
> javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
> >> > at
> >> >
> >> weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run
> >> (StubSecu
> >> > rityHelper.java:227)
> >> > at
> >> >
> >> weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecuri
> >> tyHelper.j
> >> > ava:125)
> >> > at
> >> >
> >> weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.jav
> >> a:301)
> >> > at
> >> weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
> >> > at
> >> >
> >> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.ja
> >> va:56)
> >> > at
> >> >
> >> org.springframework.web.filter.ShallowEtagHeaderFilter.doFilterIntern
> >> al(Shallo
> >> > wEtagHeaderFilter.java:73)
> >> > at
> >> >
> >> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerR
> >> equest
> >> > Filter.java:107)
> >> > at
> >> >
> >> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(D
> >> elegati
> >> > ngFilterProxy.java:346)
> >> > at
> >> >
> >> org.springframework.web.filter.DelegatingFilterProxy.doFilter(Delegat
> >> ingFilter
> >> > Proxy.java:259)
> >> > at
> >> >
> >> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.ja
> >> va:56)
> >> > at
> >> >
> >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
> >> doFilter(
> >> > FilterChainProxy.java:330)
> >> > at
> >> >
> >> org.springframework.security.web.access.intercept.FilterSecurityInter
> >> ceptor.inv
> >> > oke(FilterSecurityInterceptor.java:118)
> >> > at
> >> >
> >> org.springframework.security.web.access.intercept.FilterSecurityInter
> >> ceptor.do
> >> > Filter(FilterSecurityInterceptor.java:84)
> >> > at
> >> >
> >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
> >> doFilter(
> >> > FilterChainProxy.java:342)
> >> > at
> >> >
> >> org.springframework.security.web.access.ExceptionTranslationFilter.do
> >> Filter(Ex
> >> > ceptionTranslationFilter.java:113)
> >> > at
> >> >
> >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
> >> doFilter(
> >> > FilterChainProxy.java:342)
> >> > at
> >> >
> >> org.springframework.security.web.authentication.AnonymousAuthenticati
> >> onFilt
> >> > er.doFilter(AnonymousAuthenticationFilter.java:113)
> >> > at
> >> >
> >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
> >> doFilter(
> >> > FilterChainProxy.java:342)
> >> > at
> >> >
> >> org.springframework.security.web.servletapi.SecurityContextHolderAwar
> >> eRequ
> >> > estFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
> >> > at
> >> >
> >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
> >> doFilter(
> >> > FilterChainProxy.java:342)
> >> > at
> >> >
> >> org.springframework.security.web.authentication.www.BasicAuthenticati
> >> onFilt
> >> > er.doFilter(BasicAuthenticationFilter.java:201)
> >> > at
> >> >
> >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
> >> doFilter(
> >> > FilterChainProxy.java:342)
> >> > at
> >> >
> >> org.springframework.security.web.context.SecurityContextPersistenceFi
> >> lter.doF
> >> > ilter(SecurityContextPersistenceFilter.java:87)
> >> > at
> >> >
> >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
> >> doFilter(
> >> > FilterChainProxy.java:342)
> >> > at
> >> >
> >> org.springframework.security.web.FilterChainProxy.doFilterInternal(Fi
> >> lterChain
> >> > Proxy.java:192)
> >> > at
> >> >
> >> org.springframework.security.web.FilterChainProxy.doFilter(FilterChai
> >> nProxy.ja
> >> > va:160)
> >> > at
> >> >
> >> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(D
> >> elegati
> >> > ngFilterProxy.java:346)
> >> > at
> >> >
> >> org.springframework.web.filter.DelegatingFilterProxy.doFilter(Delegat
> >> ingFilter
> >> > Proxy.java:259)
> >> > at
> >> >
> >> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.ja
> >> va:56)
> >> > at
> >> >
> >> com.optimal.rest.loggerfilter.LoggerFilter.doFilterInternal(LoggerFil
> >> ter.java:16
> >> > 9)
> >> > at
> >> >
> >> com.optimal.rest.loggerfilter.LoggerFilter.doFilter(LoggerFilter.java
> >> :123)
> >> > at
> >> >
> >> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(D
> >> elegati
> >> > ngFilterProxy.java:346)
> >> > at
> >> >
> >> org.springframework.web.filter.DelegatingFilterProxy.doFilter(Delegat
> >> ingFilter
> >> > Proxy.java:259)
> >> > at
> >> >
> >> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.ja
> >> va:56)
> >> > at
> >> >
> >> com.optimal.web.spring.filter.ApplicationUidFilter.doFilterInternal(A
> >> pplicationU
> >> > idFilter.java:51)
> >> > at
> >> >
> >> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerR
> >> equest
> >> > Filter.java:107)
> >> > at
> >> >
> >> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(D
> >> elegati
> >> > ngFilterProxy.java:346)
> >> > at
> >> >
> >> org.springframework.web.filter.DelegatingFilterProxy.doFilter(Delegat
> >> ingFilter
> >> > Proxy.java:259)
> >> > at
> >> >
> >> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.ja
> >> va:56)
> >> > at
> >> >
> >> weblogic.servlet.internal.WebAppServletContext$ServletInvocationActio
> >> n.wrap
> >> > Run(WebAppServletContext.java:3730)
> >> > at
> >> >
> >> weblogic.servlet.internal.WebAppServletContext$ServletInvocationActio
> >> n.run(
> >> > WebAppServletContext.java:3696)
> >> > at
> >> >
> >> weblogic.security.acl.internal.AuthenticatedSubject.doAs(Authenticate
> >> dSubject.j
> >> > ava:321)
> >> > at
> >> >
> >> weblogic.security.service.SecurityManager.runAs(SecurityManager.java:
> >> 120)
> >> > at
> >> >
> >> weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppS
> >> ervl
> >> > etContext.java:2273)
> >> > at
> >> >
> >> weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletC
> >> onte
> >> > xt.java:2179)
> >> > at
> >> >
> >> weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.j
> >> ava:1490
> >> > )
> >> > at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
> >> > at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
> >> > >
> >> > AVIS IMPORTANT
> >> >
> >> > WARNING
> >> >
> >> >
> >> > Ce message ?lectronique et ses pi?ces jointes peuvent contenir des
> >> > renseignements confidentiels, exclusifs ou l?galement privil?gi?s
> >> destin?s au
> >> > seul usage du destinataire vis?. L'exp?diteur original ne renonce ?
> >> aucun
> >> > privil?ge ou ? aucun autre droit si le pr?sent message a ?t?
> >> > transmis involontairement ou s'il est retransmis sans son
> >> > autorisation. Si vous
> >> n'?tes pas
> >> > le destinataire vis? du pr?sent message ou si vous l'avez re?u par
> >> erreur,
> >> > veuillez cesser imm?diatement de le lire et le supprimer, ainsi que
> >> toutes ses
> >> > pi?ces jointes, de votre syst?me. La lecture, la distribution, la
> >> > copie
> >> ou tout
> >> > autre usage du pr?sent message ou de ses pi?ces jointes par des
> >> personnes
> >> > autres que le destinataire vis? ne sont pas autoris?s et pourraient
> >> ?tre ill?gaux.
> >> > Si vous avez re?u ce courrier ?lectronique par erreur, veuillez en
> >> aviser
> >> > l'exp?diteur.
> >> >
> >> >
> >> > This electronic message and its attachments may contain
> >> > confidential, proprietary or legally privileged information, which
> >> > is solely for the
> >> use of the
> >> > intended recipient. No privilege or other rights are waived by any
> >> unintended
> >> > transmission or unauthorized retransmission of this message. If you
> >> > are
> >> not the
> >> > intended recipient of this message, or if you have received it in
> >> error, you
> >> > should immediately stop reading this message and delete it and all
> >> > attachments from your system. The reading, distribution, copying or
> >> other use
> >> > of this message or its attachments by unintended recipients is
> >> unauthorized and
> >> > may be unlawful. If you have received this e-mail in error, please
> >> notify the
> >> > sender.
> >> >
> >> > --
> >> > WARNING
> >> > -------
> >> > This electronic message and its attachments may contain
> >> > confidential, proprietary or legally privileged information, which
> >> > is solely for the
> >> use of the
> >> > intended recipient. No privilege or other rights are waived by any
> >> unintended
> >> > transmission or unauthorized retransmission of this message. If
> >> > you
> >> are not the
> >> > intended recipient of this message, or if you have received it in
> >> error, you
> >> > should immediately stop reading this message and delete it and all
> >> > attachments from your system. The reading, distribution, copying
> >> > or
> >> other use
> >> > of this message or its attachments by unintended recipients is
> >> unauthorized and
> >> > may be unlawful. If you have received this e-mail in error, please
> >> notify the
> >> > sender.
> >> >
> >> > AVIS IMPORTANT
> >> > --------------
> >> > Ce message electronique et ses pieces jointes peuvent contenir des
> >> > renseignements confidentiels, exclusifs ou legalement privilegies
> >> destines au
> >> > seul usage du destinataire vise. L'expediteur original ne renonce
> >> > a
> >> aucun
> >> > privilege ou a aucun autre droit si le present message a ete
> >> > transmis involontairement ou s'il est retransmis sans son
> >> > autorisation. Si vous
> >> n'etes pas
> >> > le destinataire vise du present message ou si vous l'avez recu par
> >> erreur,
> >> > veuillez cesser immediatement de le lire et le supprimer, ainsi que
> >> toutes ses
> >> > pieces jointes, de votre systeme. La lecture, la distribution, la
> >> copie ou tout
> >> > autre usage du present message ou de ses pieces jointes par des
> >> personnes
> >> > autres que le destinataire vise ne sont pas autorises et pourraient
> >> etre illegaux.
> >> > Si vous avez recu ce courrier electronique par erreur, veuillez en
> >> aviser
> >> > l'expediteur.
> >> >
> >> >
> >> > --
> >> > WARNING
> >> > -------
> >> > This electronic message and its attachments may contain
> >> > confidential, proprietary or legally privileged information, which
> >> > is solely for the
> >> use of the
> >> > intended recipient. No privilege or other rights are waived by any
> >> unintended
> >> > transmission or unauthorized retransmission of this message. If
> >> > you
> >> are not the
> >> > intended recipient of this message, or if you have received it in
> >> error, you
> >> > should immediately stop reading this message and delete it and all
> >> > attachments from your system. The reading, distribution, copying
> >> > or
> >> other use
> >> > of this message or its attachments by unintended recipients is
> >> unauthorized and
> >> > may be unlawful. If you have received this e-mail in error, please
> >> notify the
> >> > sender.
> >> >
> >> > AVIS IMPORTANT
> >> > --------------
> >> > Ce message ?lectronique et ses pi?ces jointes peuvent contenir des
> >> > renseignements confidentiels, exclusifs ou l?galement privil?gi?s
> >> destin?s au
> >> > seul usage du destinataire vis?. L'exp?diteur original ne renonce ?
> >> aucun
> >> > privil?ge ou ? aucun autre droit si le pr?sent message a ?t?
> >> > transmis involontairement ou s'il est retransmis sans son
> >> > autorisation. Si vous
> >> n'?tes pas
> >> > le destinataire vis? du pr?sent message ou si vous l'avez re?u par
> >> erreur,
> >> > veuillez cesser imm?diatement de le lire et le supprimer, ainsi que
> >> toutes ses
> >> > pi?ces jointes, de votre syst?me. La lecture, la distribution, la
> >> copie ou tout
> >> > autre usage du pr?sent message ou de ses pi?ces jointes par des
> >> personnes
> >> > autres que le destinataire vis? ne sont pas autoris?s et pourraient
> >> ?tre ill?gaux.
> >> > Si vous avez re?u ce courrier ?lectronique par erreur, veuillez en
> >> aviser
> >> > l'exp?diteur.
> >> >
> >> > --
> >> > WARNING
> >> > -------
> >> > This electronic message and its attachments may contain
> >> > confidential, proprietary or legally privileged information, which
> >> > is solely for the
> >> use of the
> >> > intended recipient. No privilege or other rights are waived by any
> >> unintended
> >> > transmission or unauthorized retransmission of this message. If
> >> > you
> >> are not the
> >> > intended recipient of this message, or if you have received it in
> >> error, you
> >> > should immediately stop reading this message and delete it and all
> >> > attachments from your system. The reading, distribution, copying
> >> > or
> >> other use
> >> > of this message or its attachments by unintended recipients is
> >> unauthorized and
> >> > may be unlawful. If you have received this e-mail in error, please
> >> notify the
> >> > sender.
> >> >
> >> > AVIS IMPORTANT
> >> > --------------
> >> > Ce message electronique et ses pieces jointes peuvent contenir des
> >> > renseignements confidentiels, exclusifs ou legalement privilegies
> >> destines au
> >> > seul usage du destinataire vise. L'expediteur original ne renonce
> >> > a
> >> aucun
> >> > privilege ou a aucun autre droit si le present message a ete
> >> > transmis involontairement ou s'il est retransmis sans son
> >> > autorisation. Si vous
> >> n'etes pas
> >> > le destinataire vise du present message ou si vous l'avez recu par
> >> erreur,
> >> > veuillez cesser immediatement de le lire et le supprimer, ainsi que
> >> toutes ses
> >> > pieces jointes, de votre systeme. La lecture, la distribution, la
> >> copie ou tout
> >> > autre usage du present message ou de ses pieces jointes par des
> >> personnes
> >> > autres que le destinataire vise ne sont pas autorises et pourraient
> >> etre illegaux.
> >> > Si vous avez recu ce courrier electronique par erreur, veuillez en
> >> aviser
> >> > l'expediteur.
> >>
> >>
>
> --
> WARNING
> -------
> This electronic message and its attachments may contain confidential,
> proprietary or legally privileged information, which is solely for the use
> of the intended recipient. No privilege or other rights are waived by any
> unintended transmission or unauthorized retransmission of this message. If
> you are not the intended recipient of this message, or if you have received
> it in error, you should immediately stop reading this message and delete it
> and all attachments from your system. The reading, distribution, copying
> or other use of this message or its attachments by unintended recipients is
> unauthorized and may be unlawful. If you have received this e-mail in
> error, please notify the sender.
>
> AVIS IMPORTANT
> --------------
> Ce message électronique et ses pièces jointes peuvent contenir des
> renseignements confidentiels, exclusifs ou légalement privilégiés destinés
> au seul usage du destinataire visé. L’expéditeur original ne renonce à
> aucun privilège ou à aucun autre droit si le présent message a été transmis
> involontairement ou s’il est retransmis sans son autorisation. Si vous
> n’êtes pas le destinataire visé du présent message ou si vous l’avez reçu
> par erreur, veuillez cesser immédiatement de le lire et le supprimer, ainsi
> que toutes ses pièces jointes, de votre système. La lecture, la
> distribution, la copie ou tout autre usage du présent message ou de ses
> pièces jointes par des personnes autres que le destinataire visé ne sont
> pas autorisés et pourraient être illégaux. Si vous avez reçu ce courrier
> électronique par erreur, veuillez en aviser l’expéditeur.
>
>
RE: How to Disable SSLv2 client hello in CXF?
Posted by "David Roytenberg (Consultant)" <Da...@optimalpayments.com>.
Hi Jason,
Are you running on WebLogic by any chance? When I configured the properties in the deployment to point to the WebLogic default key store and trust store, I get a java.security.UnrecoverableKeyException while trying to deploy my application. Did you encounter this problem?
Here's my config:
<constructor-arg>
<list>
<bean class="com.pellcorp.server.jetty.JettyHttpEngineConfig">
<property name="uri" value="https://localhost:7002" />
<property name="keyStoreFile" value="/opt/weblogic_11/wlserver_10.3/server/lib/DemoIdentity.jks" />
<property name="keyStorePassword" value="DemoIdentityKeyStorePassPhrase" />
<property name="trustStoreFile" value="/opt/weblogic_11/wlserver_10.3/server/lib/DemoTrust.jks" />
<property name="trustStorePassword" value="DemoTrustKeyStorePassPhrase" />
<property name="secureSocketProtocol" value="TLSv1" />
</bean>
<bean class="com.pellcorp.server.jetty.JettyHttpEngineConfig">
<property name="uri" value="https://localhost:7002" />
<property name="keyStoreFile" value="/opt/weblogic_11/wlserver_10.3/server/lib/DemoIdentity.jks" />
<property name="keyStorePassword" value="DemoIdentityKeyStorePassPhrase" />
<property name="secureSocketProtocol" value="TLSv1" />
</bean>
</list>
</constructor-arg>
David
-----Original Message-----
From: jasonmpell@gmail.com [mailto:jasonmpell@gmail.com] On Behalf Of Jason Pell
Sent: Monday, October 27, 2014 7:23 AM
To: users@cxf.apache.org
Subject: Re: How to Disable SSLv2 client hello in CXF?
Hi,
Here is a sample of using your own custom version of the jetty factory in your spring context. It is pretty invasive, so its actually better to wait for 2.7.14 and take advantage of the code already there. I use this code for other reasons though, as it allows me to configure the trust / key stores via spring properties.
https://github.com/pellcorp/cxf/tree/master/JavaFirst/src/main/java/com/pellcorp/server/jetty
A sample spring context:
https://github.com/pellcorp/cxf/blob/master/JavaFirst/src/main/resources/META-INF/samlApplicationContext.xml
On Mon, Oct 27, 2014 at 9:44 PM, Jason Pell <ja...@pellcorp.com> wrote:
> That setting won't actually control what protocols jetty will actually
> use. I think it just controls what the highest protocol is used.
>
> The excluded protocols list needs to include the sslv2 setting.
>
> we actually overrode the jetty factory jetty engine and one other
> class to get access to the SSL context to configure the excluded
> protocols. Not pretty but we can't wait for 2.7.14.
>
> If you are interested I shall post our classes to my git repo.
>
> Let me know
> On 27/10/2014 8:14 PM, "Andrei Shakirin" <as...@talend.com> wrote:
>
>> Hi,
>>
>> I guess you mean TLSClientParameters.secureSocketProtocol in Conduit.
>>
>> As far as I can see this parameter is used for creating
>> java.net.ssl.SSLContext:
>> String protocol = parameters.getSecureSocketProtocol() != null ?
>> parameters
>> .getSecureSocketProtocol() : "TLS";
>>
>> The setting should work. How you apply conduit settings:
>> programmatically or via spring configuration?
>> Could you past the code snapshot?
>>
>> Regards,
>> Andrei.
>>
>> > -----Original Message-----
>> > From: David Roytenberg (Consultant)
>> > [mailto:David.Roytenberg@optimalpayments.com]
>> > Sent: Freitag, 24. Oktober 2014 17:46
>> > To: users@cxf.apache.org
>> > Subject: RE: How to Disable SSLv2 client hello in CXF?
>> >
>> > Hello again.
>> >
>> > I've dug further into the CXF documentation and found that it is
>> possible to
>> > programmatically set the SSL protocols on the TLSProperties object
>> > of
>> the
>> > Conduit.
>> >
>> > I've created the TLS properties and set the SSL protocols to TLS1,
>> > but
>> this does
>> > not change the SSL behavior, which still starts with TLSv1.2 then
>> > sends
>> the hello
>> > with SSLv2 which is then dropped on the client end. Is there
>> > another
>> switch that
>> > has to be set to over-ride the default SSL behavior?
>> >
>> > David
>> >
>> > -----Original Message-----
>> > From: David Roytenberg (Consultant)
>> > [mailto:David.Roytenberg@optimalpayments.com]
>> > Sent: Thursday, October 23, 2014 4:57 PM
>> > To: users@cxf.apache.org
>> > Subject: How to Disable SSLv2 client hello in CXF?
>> >
>> > I'm having an SSL problem and I wonder if there is a way to fix it
>> within CXF
>> >
>> > We have our CXF 2.7.6 based integration deployed on Weblogic 11.
>> > We are using JDK 1.7_065
>> >
>> > When we connect to our remote client via SSL we get the following
>> > trace
>> with
>> > lots of SSL debugging turned on
>> >
>> > What appears to be happening is that the Hello message is sent with
>> > an
>> SSLV2
>> > protocol, which our partner's server does not like. Apparently
>> > sending
>> the
>> > Hello at this level is a common behavior and apparently it
>> > sometimes
>> causes
>> > the remote server to fail. I found a suggestion on line that this
>> > can
>> be fixed by
>> > removing the SSLv2 from the allowed protocols. I am wondering if I
>> > can
>> do that
>> > through CFX configuration?
>> >
>> > This is a reference to the article that suggests that removing the
>> protocol is the
>> > solution to this problem:
>> >
>> >
>> http://stackoverflow.com/questions/4682957/why-does-javas-sslsocket-s
>> end-a-
>> > version-2-client-hello
>> >
>> > The protocols are apparently set on the SSLContext in JSSE by
>> > calling setEnabledProtocols(String[] protocols)
>> >
>> > Is there a way to set the enabled protocols on the SSLContext via
>> > CXF configuration?
>> >
>> > If not, is there a way to get hold of the SSLContext
>> > programmatically
>> in a CXF
>> > interceptor?
>> >
>> > We can't fix this problem at the WebLogic level because of
>> > side-effects
>> on
>> > other apps. Thanks in advance for any suggestions or guidance!
>> >
>> > WebLogic SSL debug trace follows:
>> >
>> > %% No cached client session
>> > *** ClientHello, TLSv1.2
>> > RandomCookie: GMT: 1414096267 bytes = { 183, 209, 47, 148, 54,
>> > 202,
>> 98, 8,
>> > 191, 222, 122, 248, 80, 190, 53, 88, 128, 130, 126, 108, 100, 82,
>> > 100,
>> 197, 213,
>> > 31, 89, 96 } Session ID: {} Cipher Suites:
>> > [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
>> > TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
>> > TLS_RSA_WITH_AES_256_CBC_SHA256,
>> > TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
>> > TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
>> > TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS
>> > _WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
>> > TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
>> > TLS_RSA_WITH_AES_256_CBC_SHA,
>> > TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
>> > TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
>> > TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AE
>> > S_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
>> > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
>> > TLS_RSA_WITH_AES_128_CBC_SHA256,
>> > TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
>> > TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
>> > TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_
>> > WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
>> > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
>> > TLS_RSA_WITH_AES_128_CBC_SHA,
>> > TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
>> > TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
>> > TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES
>> > _128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
>> > TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA,
>> > TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA,
>> > TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
>> > TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_W
>> > ITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
>> > TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
>> > SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
>> > SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5,
>> > TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
>> > Compression Methods: { 0 }
>> > Extension elliptic_curves, curve names: {secp256r1, sect163k1,
>> sect163r2,
>> > secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1,
>> secp384r1,
>> > sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1,
>> secp160r1,
>> > secp160r2, sect163r1, secp1 92k1, sect193r1, sect193r2, secp224k1,
>> sect239k1,
>> > secp256k1} Extension ec_point_formats, formats: [uncompressed]
>> > Extension signature_algorithms, signature_algorithms:
>> > SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA,
>> > SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA,
>> > SHA1withECDSA, SHA1withRSA, SHA1withDSA, MD5withRSA
>> > ***
>> > [write] MD5 and SHA1 hashes: len = 221
>> > 0000: 01 00 00 D9 03 03 54 49 66 8B B7 D1 2F 94 36 CA
>> ......TIf.../.6.
>> > 0010: 62 08 BF DE 7A F8 50 BE 35 58 80 82 7E 6C 64 52
>> b...z.P.5X...ldR
>> > 0020: 64 C5 D5 1F 59 60 00 00 54 C0 24 C0 28 00 3D C0
>> d...Y`..T.$.(.=.
>> > 0030: 26 C0 2A 00 6B 00 6A C0 0A C0 14 00 35 C0 05 C0
>> &.*.k.j.....5...
>> > 0040: 0F 00 39 00 38 C0 23 C0 27 00 3C C0 25 C0 29 00
>> ..9.8.#.'.<.%.).
>> > 0050: 67 00 40 C0 09 C0 13 00 2F C0 04 C0 0E 00 33 00 g.@
>> ...../.....3.
>> > 0060: 32 C0 07 C0 11 00 05 C0 02 C0 0C C0 08 C0 12 00
>> 2...............
>> > 0070: 0A C0 03 C0 0D 00 16 00 13 00 04 00 FF 01 00 00
>> ................
>> > 0080: 5C 00 0A 00 34 00 32 00 17 00 01 00 03 00 13 00
>> \...4.2.........
>> > 0090: 15 00 06 00 07 00 09 00 0A 00 18 00 0B 00 0C 00
>> ................
>> > 00A0: 19 00 0D 00 0E 00 0F 00 10 00 11 00 02 00 12 00
>> ................
>> > 00B0: 04 00 05 00 14 00 08 00 16 00 0B 00 02 01 00 00
>> ................
>> > 00C0: 0D 00 1A 00 18 06 03 06 01 05 03 05 01 04 03 04
>> ................
>> > 00D0: 01 03 03 03 01 02 03 02 01 02 02 01 01 .............
>> > [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default
>> (self-tuning)',
>> > WRITE: TLSv1.2 Handshake, length = 221 [write] MD5 and SHA1 hashes:
>> len =
>> > 188
>> > 0000: 01 03 03 00 93 00 00 00 20 00 C0 24 00 C0 28 00 ........
>> ..$..(.
>> > 0010: 00 3D 00 C0 26 00 C0 2A 00 00 6B 00 00 6A 00 C0
>> .=..&..*..k..j..
>> > 0020: 0A 07 00 C0 00 C0 14 00 00 35 00 C0 05 00 C0 0F
>> .........5......
>> > 0030: 00 00 39 00 00 38 00 C0 23 00 C0 27 00 00 3C 00
>> ..9..8..#..'..<.
>> > 0040: C0 25 00 C0 29 00 00 67 00 00 40 00 C0 09 06 00 .%..)..g..@
>> .....
>> > 0050: 40 00 C0 13 00 00 2F 00 C0 04 01 00 80 00 C0 0E
>> @...../.........
>> > 0060: 00 00 33 00 00 32 00 C0 07 05 00 80 00 C0 11 00
>> ..3..2..........
>> > 0070: 00 05 00 C0 02 00 C0 0C 00 C0 08 00 C0 12 00 00
>> ................
>> > 0080: 0A 07 00 C0 00 C0 03 02 00 80 00 C0 0D 00 00 16
>> ................
>> > 0090: 00 00 13 00 00 04 01 00 80 00 00 FF 54 49 66 8B
>> ............TIf.
>> > 00A0: B7 D1 2F 94 36 CA 62 08 BF DE 7A F8 50 BE 35 58
>> ../.6.b...z.P.5X
>> > 00B0: 80 82 7E 6C 64 52 64 C5 D5 1F 59 60 ...ldRd...Y`
>> > [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default
>> (self-tuning)',
>> > WRITE: SSLv2 client hello message, length = 188 [Raw write]: length
>> > =
>> 190
>> > 0000: 80 BC 01 03 03 00 93 00 00 00 20 00 C0 24 00 C0 ..........
>> ..$..
>> > 0010: 28 00 00 3D 00 C0 26 00 C0 2A 00 00 6B 00 00 6A
>> (..=..&..*..k..j
>> > 0020: 00 C0 0A 07 00 C0 00 C0 14 00 00 35 00 C0 05 00
>> ...........5....
>> > 0030: C0 0F 00 00 39 00 00 38 00 C0 23 00 C0 27 00 00
>> ....9..8..#..'..
>> > 0040: 3C 00 C0 25 00 C0 29 00 00 67 00 00 40 00 C0 09 <..%..)..g..@
>> ...
>> > 0050: 06 00 40 00 C0 13 00 00 2F 00 C0 04 01 00 80 00
>> ..@...../.......
>> > 0060: C0 0E 00 00 33 00 00 32 00 C0 07 05 00 80 00 C0
>> ....3..2........
>> > 0070: 11 00 00 05 00 C0 02 00 C0 0C 00 C0 08 00 C0 12
>> ................
>> > 0080: 00 00 0A 07 00 C0 00 C0 03 02 00 80 00 C0 0D 00
>> ................
>> > 0090: 00 16 00 00 13 00 00 04 01 00 80 00 00 FF 54 49
>> ..............TI
>> > 00A0: 66 8B B7 D1 2F 94 36 CA 62 08 BF DE 7A F8 50 BE
>> f.../.6.b...z.P.
>> > 00B0: 35 58 80 82 7E 6C 64 52 64 C5 D5 1F 59 60 5X...ldRd...Y`
>> > <Oct 23, 2014 4:35:23 PM EDT> <Debug> <SecuritySSL> <BEA-000000>
>> > <[Thread[[ACTIVE] ExecuteThread: '0' for queue:
>> 'weblogic.kernel.Default (self-
>> > tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE:
>> > SSLEngine.wrap(ByteBuffer,ByteBuffer)
>> > called: result=Status = OK HandshakeStatus = NEED_UNWRAP
>> > bytesConsumed =
>> > 0 bytesProduced = 190.> <Oct 23, 2014 4:35:23 PM EDT> <Debug>
>> > <SecuritySSL> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '0' for
>> queue:
>> > 'weblogic.kernel.Default (self-tuning)',5,Pooled
>> > Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE:
>> > SSLEngine.unwrap(ByteBuffer,ByteBuffer
>> > []) called: result=Status = BUFFER_UNDERFLOW HandshakeStatus =
>> > NEED_UNWRAP bytesConsumed = 0 bytesProduced = 0.> [Raw read]: length = 5
>> > 0000: 15 03 03 00 02 .....
>> > [Raw read]: length = 2
>> > 0000: 02 28 .(
>> > [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default
>> (self-tuning)',
>> > READ: TLSv1.2 Alert, length = 2 [ACTIVE] ExecuteThread: '0' for queue:
>> > 'weblogic.kernel.Default (self-tuning)', RECV TLSv1 ALERT: fatal,
>> > handshake_failure [ACTIVE] ExecuteThread: '0' for queue:
>> > 'weblogic.kernel.Default (self-tuning)', fatal: engine already closed.
>> > Rethrowing javax.net.ssl.SSLException: Received fatal alert:
>> handshake_failure
>> > [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default
>> (self-tuning)',
>> > fatal: engine already closed. Rethrowing javax.net.ssl.SSLException:
>> Received
>> > fatal alert: handshake_failure <Oct 23, 2014 4:35:23 PM EDT>
>> > <Debug> <SecuritySSL> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread:
>> > '0' for
>> queue:
>> > 'weblogic.kernel.Default (self-tuning)',5,Pooled
>> > Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE: Exception
>> occurred
>> > during SSLEngine.un wrap(ByteBuffer,ByteBuffer[]).
>> > javax.net.ssl.SSLException: Received fatal alert: handshake_failure
>> > at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
>> > at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1619)
>> > at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1587)
>> > at
>> sun.security.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1756)
>> > at
>> sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1060)
>> > at
>> sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:884)
>> > at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:758)
>> > at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:664)
>> > at
>> >
>> weblogic.security.SSL.jsseadapter.JaSSLEngine$5.run(JaSSLEngine.java:
>> 134)
>> > at
>> >
>> weblogic.security.SSL.jsseadapter.JaSSLEngine.doAction(JaSSLEngine.ja
>> va:732)
>> > at
>> >
>> weblogic.security.SSL.jsseadapter.JaSSLEngine.unwrap(JaSSLEngine.java
>> :132)
>> > at
>> weblogic.socket.JSSEFilterImpl.unwrap(JSSEFilterImpl.java:505)
>> > at
>> >
>> weblogic.socket.JSSEFilterImpl.unwrapAndHandleResults(JSSEFilterImpl.
>> java:44
>> > 8)
>> > at
>> weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:80)
>> > at
>> weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:64)
>> > at
>> weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:59)
>> > at weblogic.socket.JSSEFilterImpl.write(JSSEFilterImpl.java:390)
>> > at
>> > weblogic.socket.JSSESocket$JSSEOutputStream.write(JSSESocket.java:89)
>> > at
>> > java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
>> > at
>> java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
>> > at java.io.FilterOutputStream.flush(FilterOutputStream.java:140)
>> > at
>> >
>> weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.j
>> ava:1
>> > 86)
>> > at
>> >
>> weblogic.net.http.HttpURLConnection.getOutputStream(HttpURLConnection
>> .jav
>> > a:280)
>> > at
>> > org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectio
>> > nWra
>> > ppedOutputStream.setupWrappedStream(URLConnectionHTTPConduit.java:1
>> > 68
>> > )
>> > at
>> > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handl
>> > eHea
>> > dersTrustCaching(HTTPConduit.java:1278)
>> > at
>> >
>> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirst
>> Writ
>> > e(HTTPConduit.java:1234)
>> > at
>> > org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectio
>> > nWra
>> > ppedOutputStream.onFirstWrite(URLConnectionHTTPConduit.java:195)
>> > at
>> > org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrapped
>> > Outpu
>> > tStream.java:47)
>> > at
>> >
>> org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThresho
>> ldOutp
>> > utStream.java:69)
>> > at
>> > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close
>> > (HTTP
>> > Conduit.java:1291)
>> > at
>> org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:5
>> 6)
>> > at
>> org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:623)
>> > at
>> > org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEn
>> > dingI
>> > nterceptor.handleMessage(MessageSenderInterceptor.java:62)
>> > at
>> >
>> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseIntercept
>> orChai
>> > n.java:271)
>> > at
>> org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:541)
>> > at
>> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:474)
>> > at
>> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:377)
>> > at
>> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:330)
>> > at
>> org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
>> > at
>> > org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:134)
>> > at com.sun.proxy.$Proxy258.startTransaction(Unknown Source)
>> > at
>> >
>> com.optimal.identity.gateway.equifax.eidverify.VerifyClient.initiateV
>> erification(
>> > VerifyClient.java:87)
>> > at
>> >
>> com.optimal.identity.gateway.equifax.eidverify.VerifyGateway.submitIn
>> itial(Ve
>> > rifyGateway.java:24)
>> > at
>> >
>> com.optimal.identity.service.IdentificationServiceImpl.submitInitial(
>> Identificatio
>> > nServiceImpl.java:147)
>> > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> > at
>> >
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:
>> > 57)
>> > at
>> >
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
>> sorI
>> > mpl.java:43)
>> > at java.lang.reflect.Method.invoke(Method.java:606)
>> > at
>> >
>> org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflecti
>> on(Aop
>> > Utils.java:317)
>> > at
>> >
>> org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJo
>> inpo
>> > int(ReflectiveMethodInvocation.java:183)
>> > at
>> >
>> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(
>> Refl
>> > ectiveMethodInvocation.java:150)
>> > at
>> >
>> org.springframework.transaction.interceptor.TransactionInterceptor.in
>> voke(Tra
>> > nsactionInterceptor.java:110)
>> > at
>> >
>> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(
>> Refl
>> > ectiveMethodInvocation.java:172)
>> > at
>> > org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDyna
>> > mic
>> > AopProxy.java:204)
>> > at com.sun.proxy.$Proxy211.submitInitial(Unknown Source)
>> > at
>> >
>> com.optimal.identity.web.rest.IdentificationController.create(Identif
>> icationCont
>> > roller.java:133)
>> > at
>> >
>> com.optimal.identity.web.rest.IdentificationController$$FastClassByCG
>> LIB$$95f
>> > 388d3.invoke(<generated>)
>> > at
>> > org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
>> > at
>> > org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocati
>> > on.in
>> > vokeJoinpoint(CglibAopProxy.java:698)
>> > at
>> >
>> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(
>> Refl
>> > ectiveMethodInvocation.java:150)
>> > at
>> >
>> org.springframework.security.access.intercept.aopalliance.MethodSecur
>> ityInter
>> > ceptor.invoke(MethodSecurityInterceptor.java:64)
>> > at
>> >
>> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(
>> Refl
>> > ectiveMethodInvocation.java:172)
>> > at
>> > org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInter
>> > cept
>> > or.intercept(CglibAopProxy.java:631)
>> > at
>> >
>> com.optimal.identity.web.rest.IdentificationController$$EnhancerByCGL
>> IB$$36
>> > b7b48f.create(<generated>)
>> > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> > at
>> >
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:
>> > 57)
>> > at
>> >
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
>> sorI
>> > mpl.java:43)
>> > at java.lang.reflect.Method.invoke(Method.java:606)
>> > at
>> > org.springframework.web.method.support.InvocableHandlerMethod.invok
>> > e(Inv
>> > ocableHandlerMethod.java:219)
>> > at
>> > org.springframework.web.method.support.InvocableHandlerMethod.invok
>> > eFor
>> > Request(InvocableHandlerMethod.java:132)
>> > at
>> >
>> org.springframework.web.servlet.mvc.method.annotation.ServletInvocabl
>> eHan
>> > dlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:104)
>> > at
>> > org.springframework.web.servlet.mvc.method.annotation.RequestMappin
>> > gHan
>> > dlerAdapter.invokeHandleMethod(RequestMappingHandlerAdapter.java:745)
>> > at
>> > org.springframework.web.servlet.mvc.method.annotation.RequestMappin
>> > gHan
>> > dlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:686)
>> > at
>> > org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.
>> > handle(AbstractHandlerMethodAdapter.java:80)
>> > at
>> >
>> org.springframework.web.servlet.DispatcherServlet.doDispatch(Dispatch
>> erServl
>> > et.java:925)
>> > at
>> >
>> org.springframework.web.servlet.DispatcherServlet.doService(Dispatche
>> rServle
>> > t.java:856)
>> > at
>> > org.springframework.web.servlet.FrameworkServlet.processRequest(Fra
>> > mewor
>> > kServlet.java:920)
>> > at
>> >
>> org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServ
>> let.j
>> > ava:827)
>> > at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
>> > at
>> >
>> org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.
>> > java:801)
>> > at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
>> > at
>> >
>> weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run
>> (StubSecu
>> > rityHelper.java:227)
>> > at
>> >
>> weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecuri
>> tyHelper.j
>> > ava:125)
>> > at
>> >
>> weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.jav
>> a:301)
>> > at
>> weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
>> > at
>> >
>> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.ja
>> va:56)
>> > at
>> >
>> org.springframework.web.filter.ShallowEtagHeaderFilter.doFilterIntern
>> al(Shallo
>> > wEtagHeaderFilter.java:73)
>> > at
>> >
>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerR
>> equest
>> > Filter.java:107)
>> > at
>> >
>> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(D
>> elegati
>> > ngFilterProxy.java:346)
>> > at
>> >
>> org.springframework.web.filter.DelegatingFilterProxy.doFilter(Delegat
>> ingFilter
>> > Proxy.java:259)
>> > at
>> >
>> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.ja
>> va:56)
>> > at
>> >
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
>> doFilter(
>> > FilterChainProxy.java:330)
>> > at
>> >
>> org.springframework.security.web.access.intercept.FilterSecurityInter
>> ceptor.inv
>> > oke(FilterSecurityInterceptor.java:118)
>> > at
>> >
>> org.springframework.security.web.access.intercept.FilterSecurityInter
>> ceptor.do
>> > Filter(FilterSecurityInterceptor.java:84)
>> > at
>> >
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
>> doFilter(
>> > FilterChainProxy.java:342)
>> > at
>> >
>> org.springframework.security.web.access.ExceptionTranslationFilter.do
>> Filter(Ex
>> > ceptionTranslationFilter.java:113)
>> > at
>> >
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
>> doFilter(
>> > FilterChainProxy.java:342)
>> > at
>> >
>> org.springframework.security.web.authentication.AnonymousAuthenticati
>> onFilt
>> > er.doFilter(AnonymousAuthenticationFilter.java:113)
>> > at
>> >
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
>> doFilter(
>> > FilterChainProxy.java:342)
>> > at
>> >
>> org.springframework.security.web.servletapi.SecurityContextHolderAwar
>> eRequ
>> > estFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
>> > at
>> >
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
>> doFilter(
>> > FilterChainProxy.java:342)
>> > at
>> >
>> org.springframework.security.web.authentication.www.BasicAuthenticati
>> onFilt
>> > er.doFilter(BasicAuthenticationFilter.java:201)
>> > at
>> >
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
>> doFilter(
>> > FilterChainProxy.java:342)
>> > at
>> >
>> org.springframework.security.web.context.SecurityContextPersistenceFi
>> lter.doF
>> > ilter(SecurityContextPersistenceFilter.java:87)
>> > at
>> >
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
>> doFilter(
>> > FilterChainProxy.java:342)
>> > at
>> >
>> org.springframework.security.web.FilterChainProxy.doFilterInternal(Fi
>> lterChain
>> > Proxy.java:192)
>> > at
>> >
>> org.springframework.security.web.FilterChainProxy.doFilter(FilterChai
>> nProxy.ja
>> > va:160)
>> > at
>> >
>> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(D
>> elegati
>> > ngFilterProxy.java:346)
>> > at
>> >
>> org.springframework.web.filter.DelegatingFilterProxy.doFilter(Delegat
>> ingFilter
>> > Proxy.java:259)
>> > at
>> >
>> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.ja
>> va:56)
>> > at
>> >
>> com.optimal.rest.loggerfilter.LoggerFilter.doFilterInternal(LoggerFil
>> ter.java:16
>> > 9)
>> > at
>> >
>> com.optimal.rest.loggerfilter.LoggerFilter.doFilter(LoggerFilter.java
>> :123)
>> > at
>> >
>> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(D
>> elegati
>> > ngFilterProxy.java:346)
>> > at
>> >
>> org.springframework.web.filter.DelegatingFilterProxy.doFilter(Delegat
>> ingFilter
>> > Proxy.java:259)
>> > at
>> >
>> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.ja
>> va:56)
>> > at
>> >
>> com.optimal.web.spring.filter.ApplicationUidFilter.doFilterInternal(A
>> pplicationU
>> > idFilter.java:51)
>> > at
>> >
>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerR
>> equest
>> > Filter.java:107)
>> > at
>> >
>> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(D
>> elegati
>> > ngFilterProxy.java:346)
>> > at
>> >
>> org.springframework.web.filter.DelegatingFilterProxy.doFilter(Delegat
>> ingFilter
>> > Proxy.java:259)
>> > at
>> >
>> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.ja
>> va:56)
>> > at
>> >
>> weblogic.servlet.internal.WebAppServletContext$ServletInvocationActio
>> n.wrap
>> > Run(WebAppServletContext.java:3730)
>> > at
>> >
>> weblogic.servlet.internal.WebAppServletContext$ServletInvocationActio
>> n.run(
>> > WebAppServletContext.java:3696)
>> > at
>> >
>> weblogic.security.acl.internal.AuthenticatedSubject.doAs(Authenticate
>> dSubject.j
>> > ava:321)
>> > at
>> >
>> weblogic.security.service.SecurityManager.runAs(SecurityManager.java:
>> 120)
>> > at
>> >
>> weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppS
>> ervl
>> > etContext.java:2273)
>> > at
>> >
>> weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletC
>> onte
>> > xt.java:2179)
>> > at
>> >
>> weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.j
>> ava:1490
>> > )
>> > at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
>> > at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
>> > >
>> > AVIS IMPORTANT
>> >
>> > WARNING
>> >
>> >
>> > Ce message ?lectronique et ses pi?ces jointes peuvent contenir des
>> > renseignements confidentiels, exclusifs ou l?galement privil?gi?s
>> destin?s au
>> > seul usage du destinataire vis?. L'exp?diteur original ne renonce ?
>> aucun
>> > privil?ge ou ? aucun autre droit si le pr?sent message a ?t?
>> > transmis involontairement ou s'il est retransmis sans son
>> > autorisation. Si vous
>> n'?tes pas
>> > le destinataire vis? du pr?sent message ou si vous l'avez re?u par
>> erreur,
>> > veuillez cesser imm?diatement de le lire et le supprimer, ainsi que
>> toutes ses
>> > pi?ces jointes, de votre syst?me. La lecture, la distribution, la
>> > copie
>> ou tout
>> > autre usage du pr?sent message ou de ses pi?ces jointes par des
>> personnes
>> > autres que le destinataire vis? ne sont pas autoris?s et pourraient
>> ?tre ill?gaux.
>> > Si vous avez re?u ce courrier ?lectronique par erreur, veuillez en
>> aviser
>> > l'exp?diteur.
>> >
>> >
>> > This electronic message and its attachments may contain
>> > confidential, proprietary or legally privileged information, which
>> > is solely for the
>> use of the
>> > intended recipient. No privilege or other rights are waived by any
>> unintended
>> > transmission or unauthorized retransmission of this message. If you
>> > are
>> not the
>> > intended recipient of this message, or if you have received it in
>> error, you
>> > should immediately stop reading this message and delete it and all
>> > attachments from your system. The reading, distribution, copying or
>> other use
>> > of this message or its attachments by unintended recipients is
>> unauthorized and
>> > may be unlawful. If you have received this e-mail in error, please
>> notify the
>> > sender.
>> >
>> > --
>> > WARNING
>> > -------
>> > This electronic message and its attachments may contain
>> > confidential, proprietary or legally privileged information, which
>> > is solely for the
>> use of the
>> > intended recipient. No privilege or other rights are waived by any
>> unintended
>> > transmission or unauthorized retransmission of this message. If
>> > you
>> are not the
>> > intended recipient of this message, or if you have received it in
>> error, you
>> > should immediately stop reading this message and delete it and all
>> > attachments from your system. The reading, distribution, copying
>> > or
>> other use
>> > of this message or its attachments by unintended recipients is
>> unauthorized and
>> > may be unlawful. If you have received this e-mail in error, please
>> notify the
>> > sender.
>> >
>> > AVIS IMPORTANT
>> > --------------
>> > Ce message electronique et ses pieces jointes peuvent contenir des
>> > renseignements confidentiels, exclusifs ou legalement privilegies
>> destines au
>> > seul usage du destinataire vise. L'expediteur original ne renonce
>> > a
>> aucun
>> > privilege ou a aucun autre droit si le present message a ete
>> > transmis involontairement ou s'il est retransmis sans son
>> > autorisation. Si vous
>> n'etes pas
>> > le destinataire vise du present message ou si vous l'avez recu par
>> erreur,
>> > veuillez cesser immediatement de le lire et le supprimer, ainsi que
>> toutes ses
>> > pieces jointes, de votre systeme. La lecture, la distribution, la
>> copie ou tout
>> > autre usage du present message ou de ses pieces jointes par des
>> personnes
>> > autres que le destinataire vise ne sont pas autorises et pourraient
>> etre illegaux.
>> > Si vous avez recu ce courrier electronique par erreur, veuillez en
>> aviser
>> > l'expediteur.
>> >
>> >
>> > --
>> > WARNING
>> > -------
>> > This electronic message and its attachments may contain
>> > confidential, proprietary or legally privileged information, which
>> > is solely for the
>> use of the
>> > intended recipient. No privilege or other rights are waived by any
>> unintended
>> > transmission or unauthorized retransmission of this message. If
>> > you
>> are not the
>> > intended recipient of this message, or if you have received it in
>> error, you
>> > should immediately stop reading this message and delete it and all
>> > attachments from your system. The reading, distribution, copying
>> > or
>> other use
>> > of this message or its attachments by unintended recipients is
>> unauthorized and
>> > may be unlawful. If you have received this e-mail in error, please
>> notify the
>> > sender.
>> >
>> > AVIS IMPORTANT
>> > --------------
>> > Ce message ?lectronique et ses pi?ces jointes peuvent contenir des
>> > renseignements confidentiels, exclusifs ou l?galement privil?gi?s
>> destin?s au
>> > seul usage du destinataire vis?. L'exp?diteur original ne renonce ?
>> aucun
>> > privil?ge ou ? aucun autre droit si le pr?sent message a ?t?
>> > transmis involontairement ou s'il est retransmis sans son
>> > autorisation. Si vous
>> n'?tes pas
>> > le destinataire vis? du pr?sent message ou si vous l'avez re?u par
>> erreur,
>> > veuillez cesser imm?diatement de le lire et le supprimer, ainsi que
>> toutes ses
>> > pi?ces jointes, de votre syst?me. La lecture, la distribution, la
>> copie ou tout
>> > autre usage du pr?sent message ou de ses pi?ces jointes par des
>> personnes
>> > autres que le destinataire vis? ne sont pas autoris?s et pourraient
>> ?tre ill?gaux.
>> > Si vous avez re?u ce courrier ?lectronique par erreur, veuillez en
>> aviser
>> > l'exp?diteur.
>> >
>> > --
>> > WARNING
>> > -------
>> > This electronic message and its attachments may contain
>> > confidential, proprietary or legally privileged information, which
>> > is solely for the
>> use of the
>> > intended recipient. No privilege or other rights are waived by any
>> unintended
>> > transmission or unauthorized retransmission of this message. If
>> > you
>> are not the
>> > intended recipient of this message, or if you have received it in
>> error, you
>> > should immediately stop reading this message and delete it and all
>> > attachments from your system. The reading, distribution, copying
>> > or
>> other use
>> > of this message or its attachments by unintended recipients is
>> unauthorized and
>> > may be unlawful. If you have received this e-mail in error, please
>> notify the
>> > sender.
>> >
>> > AVIS IMPORTANT
>> > --------------
>> > Ce message electronique et ses pieces jointes peuvent contenir des
>> > renseignements confidentiels, exclusifs ou legalement privilegies
>> destines au
>> > seul usage du destinataire vise. L'expediteur original ne renonce
>> > a
>> aucun
>> > privilege ou a aucun autre droit si le present message a ete
>> > transmis involontairement ou s'il est retransmis sans son
>> > autorisation. Si vous
>> n'etes pas
>> > le destinataire vise du present message ou si vous l'avez recu par
>> erreur,
>> > veuillez cesser immediatement de le lire et le supprimer, ainsi que
>> toutes ses
>> > pieces jointes, de votre systeme. La lecture, la distribution, la
>> copie ou tout
>> > autre usage du present message ou de ses pieces jointes par des
>> personnes
>> > autres que le destinataire vise ne sont pas autorises et pourraient
>> etre illegaux.
>> > Si vous avez recu ce courrier electronique par erreur, veuillez en
>> aviser
>> > l'expediteur.
>>
>>
--
WARNING
-------
This electronic message and its attachments may contain confidential, proprietary or legally privileged information, which is solely for the use of the intended recipient. No privilege or other rights are waived by any unintended transmission or unauthorized retransmission of this message. If you are not the intended recipient of this message, or if you have received it in error, you should immediately stop reading this message and delete it and all attachments from your system. The reading, distribution, copying or other use of this message or its attachments by unintended recipients is unauthorized and may be unlawful. If you have received this e-mail in error, please notify the sender.
AVIS IMPORTANT
--------------
Ce message électronique et ses pièces jointes peuvent contenir des renseignements confidentiels, exclusifs ou légalement privilégiés destinés au seul usage du destinataire visé. L’expéditeur original ne renonce à aucun privilège ou à aucun autre droit si le présent message a été transmis involontairement ou s’il est retransmis sans son autorisation. Si vous n’êtes pas le destinataire visé du présent message ou si vous l’avez reçu par erreur, veuillez cesser immédiatement de le lire et le supprimer, ainsi que toutes ses pièces jointes, de votre système. La lecture, la distribution, la copie ou tout autre usage du présent message ou de ses pièces jointes par des personnes autres que le destinataire visé ne sont pas autorisés et pourraient être illégaux. Si vous avez reçu ce courrier électronique par erreur, veuillez en aviser l’expéditeur.
Re: How to Disable SSLv2 client hello in CXF?
Posted by Jason Pell <ja...@pellcorp.com>.
Hi,
Here is a sample of using your own custom version of the jetty factory in
your spring context. It is pretty invasive, so its actually better to wait
for 2.7.14 and take advantage of the code already there. I use this code
for other reasons though, as it allows me to configure the trust / key
stores via spring properties.
https://github.com/pellcorp/cxf/tree/master/JavaFirst/src/main/java/com/pellcorp/server/jetty
A sample spring context:
https://github.com/pellcorp/cxf/blob/master/JavaFirst/src/main/resources/META-INF/samlApplicationContext.xml
On Mon, Oct 27, 2014 at 9:44 PM, Jason Pell <ja...@pellcorp.com> wrote:
> That setting won't actually control what protocols jetty will actually
> use. I think it just controls what the highest protocol is used.
>
> The excluded protocols list needs to include the sslv2 setting.
>
> we actually overrode the jetty factory jetty engine and one other class to
> get access to the SSL context to configure the excluded protocols. Not
> pretty but we can't wait for 2.7.14.
>
> If you are interested I shall post our classes to my git repo.
>
> Let me know
> On 27/10/2014 8:14 PM, "Andrei Shakirin" <as...@talend.com> wrote:
>
>> Hi,
>>
>> I guess you mean TLSClientParameters.secureSocketProtocol in Conduit.
>>
>> As far as I can see this parameter is used for creating
>> java.net.ssl.SSLContext:
>> String protocol = parameters.getSecureSocketProtocol() != null ?
>> parameters
>> .getSecureSocketProtocol() : "TLS";
>>
>> The setting should work. How you apply conduit settings: programmatically
>> or via spring configuration?
>> Could you past the code snapshot?
>>
>> Regards,
>> Andrei.
>>
>> > -----Original Message-----
>> > From: David Roytenberg (Consultant)
>> > [mailto:David.Roytenberg@optimalpayments.com]
>> > Sent: Freitag, 24. Oktober 2014 17:46
>> > To: users@cxf.apache.org
>> > Subject: RE: How to Disable SSLv2 client hello in CXF?
>> >
>> > Hello again.
>> >
>> > I've dug further into the CXF documentation and found that it is
>> possible to
>> > programmatically set the SSL protocols on the TLSProperties object of
>> the
>> > Conduit.
>> >
>> > I've created the TLS properties and set the SSL protocols to TLS1, but
>> this does
>> > not change the SSL behavior, which still starts with TLSv1.2 then sends
>> the hello
>> > with SSLv2 which is then dropped on the client end. Is there another
>> switch that
>> > has to be set to over-ride the default SSL behavior?
>> >
>> > David
>> >
>> > -----Original Message-----
>> > From: David Roytenberg (Consultant)
>> > [mailto:David.Roytenberg@optimalpayments.com]
>> > Sent: Thursday, October 23, 2014 4:57 PM
>> > To: users@cxf.apache.org
>> > Subject: How to Disable SSLv2 client hello in CXF?
>> >
>> > I'm having an SSL problem and I wonder if there is a way to fix it
>> within CXF
>> >
>> > We have our CXF 2.7.6 based integration deployed on Weblogic 11. We are
>> > using JDK 1.7_065
>> >
>> > When we connect to our remote client via SSL we get the following trace
>> with
>> > lots of SSL debugging turned on
>> >
>> > What appears to be happening is that the Hello message is sent with an
>> SSLV2
>> > protocol, which our partner's server does not like. Apparently sending
>> the
>> > Hello at this level is a common behavior and apparently it sometimes
>> causes
>> > the remote server to fail. I found a suggestion on line that this can
>> be fixed by
>> > removing the SSLv2 from the allowed protocols. I am wondering if I can
>> do that
>> > through CFX configuration?
>> >
>> > This is a reference to the article that suggests that removing the
>> protocol is the
>> > solution to this problem:
>> >
>> >
>> http://stackoverflow.com/questions/4682957/why-does-javas-sslsocket-send-a-
>> > version-2-client-hello
>> >
>> > The protocols are apparently set on the SSLContext in JSSE by calling
>> > setEnabledProtocols(String[] protocols)
>> >
>> > Is there a way to set the enabled protocols on the SSLContext via CXF
>> > configuration?
>> >
>> > If not, is there a way to get hold of the SSLContext programmatically
>> in a CXF
>> > interceptor?
>> >
>> > We can't fix this problem at the WebLogic level because of side-effects
>> on
>> > other apps. Thanks in advance for any suggestions or guidance!
>> >
>> > WebLogic SSL debug trace follows:
>> >
>> > %% No cached client session
>> > *** ClientHello, TLSv1.2
>> > RandomCookie: GMT: 1414096267 bytes = { 183, 209, 47, 148, 54, 202,
>> 98, 8,
>> > 191, 222, 122, 248, 80, 190, 53, 88, 128, 130, 126, 108, 100, 82, 100,
>> 197, 213,
>> > 31, 89, 96 } Session ID: {} Cipher Suites:
>> > [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
>> > TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
>> > TLS_RSA_WITH_AES_256_CBC_SHA256,
>> > TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
>> > TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
>> > TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS
>> > _WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
>> > TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
>> > TLS_RSA_WITH_AES_256_CBC_SHA,
>> > TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
>> > TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
>> > TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AE
>> > S_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
>> > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
>> > TLS_RSA_WITH_AES_128_CBC_SHA256,
>> > TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
>> > TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
>> > TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_
>> > WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
>> > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
>> > TLS_RSA_WITH_AES_128_CBC_SHA,
>> > TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
>> > TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
>> > TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES
>> > _128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
>> > TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA,
>> > TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA,
>> > TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
>> > TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_W
>> > ITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
>> > TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
>> > SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
>> > SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5,
>> > TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
>> > Compression Methods: { 0 }
>> > Extension elliptic_curves, curve names: {secp256r1, sect163k1,
>> sect163r2,
>> > secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1,
>> secp384r1,
>> > sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1,
>> secp160r1,
>> > secp160r2, sect163r1, secp1 92k1, sect193r1, sect193r2, secp224k1,
>> sect239k1,
>> > secp256k1} Extension ec_point_formats, formats: [uncompressed] Extension
>> > signature_algorithms, signature_algorithms: SHA512withECDSA,
>> > SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA,
>> > SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA,
>> > SHA1withRSA, SHA1withDSA, MD5withRSA
>> > ***
>> > [write] MD5 and SHA1 hashes: len = 221
>> > 0000: 01 00 00 D9 03 03 54 49 66 8B B7 D1 2F 94 36 CA
>> ......TIf.../.6.
>> > 0010: 62 08 BF DE 7A F8 50 BE 35 58 80 82 7E 6C 64 52
>> b...z.P.5X...ldR
>> > 0020: 64 C5 D5 1F 59 60 00 00 54 C0 24 C0 28 00 3D C0
>> d...Y`..T.$.(.=.
>> > 0030: 26 C0 2A 00 6B 00 6A C0 0A C0 14 00 35 C0 05 C0
>> &.*.k.j.....5...
>> > 0040: 0F 00 39 00 38 C0 23 C0 27 00 3C C0 25 C0 29 00
>> ..9.8.#.'.<.%.).
>> > 0050: 67 00 40 C0 09 C0 13 00 2F C0 04 C0 0E 00 33 00 g.@
>> ...../.....3.
>> > 0060: 32 C0 07 C0 11 00 05 C0 02 C0 0C C0 08 C0 12 00
>> 2...............
>> > 0070: 0A C0 03 C0 0D 00 16 00 13 00 04 00 FF 01 00 00
>> ................
>> > 0080: 5C 00 0A 00 34 00 32 00 17 00 01 00 03 00 13 00
>> \...4.2.........
>> > 0090: 15 00 06 00 07 00 09 00 0A 00 18 00 0B 00 0C 00
>> ................
>> > 00A0: 19 00 0D 00 0E 00 0F 00 10 00 11 00 02 00 12 00
>> ................
>> > 00B0: 04 00 05 00 14 00 08 00 16 00 0B 00 02 01 00 00
>> ................
>> > 00C0: 0D 00 1A 00 18 06 03 06 01 05 03 05 01 04 03 04
>> ................
>> > 00D0: 01 03 03 03 01 02 03 02 01 02 02 01 01 .............
>> > [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default
>> (self-tuning)',
>> > WRITE: TLSv1.2 Handshake, length = 221 [write] MD5 and SHA1 hashes:
>> len =
>> > 188
>> > 0000: 01 03 03 00 93 00 00 00 20 00 C0 24 00 C0 28 00 ........
>> ..$..(.
>> > 0010: 00 3D 00 C0 26 00 C0 2A 00 00 6B 00 00 6A 00 C0
>> .=..&..*..k..j..
>> > 0020: 0A 07 00 C0 00 C0 14 00 00 35 00 C0 05 00 C0 0F
>> .........5......
>> > 0030: 00 00 39 00 00 38 00 C0 23 00 C0 27 00 00 3C 00
>> ..9..8..#..'..<.
>> > 0040: C0 25 00 C0 29 00 00 67 00 00 40 00 C0 09 06 00 .%..)..g..@
>> .....
>> > 0050: 40 00 C0 13 00 00 2F 00 C0 04 01 00 80 00 C0 0E
>> @...../.........
>> > 0060: 00 00 33 00 00 32 00 C0 07 05 00 80 00 C0 11 00
>> ..3..2..........
>> > 0070: 00 05 00 C0 02 00 C0 0C 00 C0 08 00 C0 12 00 00
>> ................
>> > 0080: 0A 07 00 C0 00 C0 03 02 00 80 00 C0 0D 00 00 16
>> ................
>> > 0090: 00 00 13 00 00 04 01 00 80 00 00 FF 54 49 66 8B
>> ............TIf.
>> > 00A0: B7 D1 2F 94 36 CA 62 08 BF DE 7A F8 50 BE 35 58
>> ../.6.b...z.P.5X
>> > 00B0: 80 82 7E 6C 64 52 64 C5 D5 1F 59 60 ...ldRd...Y`
>> > [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default
>> (self-tuning)',
>> > WRITE: SSLv2 client hello message, length = 188 [Raw write]: length =
>> 190
>> > 0000: 80 BC 01 03 03 00 93 00 00 00 20 00 C0 24 00 C0 ..........
>> ..$..
>> > 0010: 28 00 00 3D 00 C0 26 00 C0 2A 00 00 6B 00 00 6A
>> (..=..&..*..k..j
>> > 0020: 00 C0 0A 07 00 C0 00 C0 14 00 00 35 00 C0 05 00
>> ...........5....
>> > 0030: C0 0F 00 00 39 00 00 38 00 C0 23 00 C0 27 00 00
>> ....9..8..#..'..
>> > 0040: 3C 00 C0 25 00 C0 29 00 00 67 00 00 40 00 C0 09 <..%..)..g..@
>> ...
>> > 0050: 06 00 40 00 C0 13 00 00 2F 00 C0 04 01 00 80 00
>> ..@...../.......
>> > 0060: C0 0E 00 00 33 00 00 32 00 C0 07 05 00 80 00 C0
>> ....3..2........
>> > 0070: 11 00 00 05 00 C0 02 00 C0 0C 00 C0 08 00 C0 12
>> ................
>> > 0080: 00 00 0A 07 00 C0 00 C0 03 02 00 80 00 C0 0D 00
>> ................
>> > 0090: 00 16 00 00 13 00 00 04 01 00 80 00 00 FF 54 49
>> ..............TI
>> > 00A0: 66 8B B7 D1 2F 94 36 CA 62 08 BF DE 7A F8 50 BE
>> f.../.6.b...z.P.
>> > 00B0: 35 58 80 82 7E 6C 64 52 64 C5 D5 1F 59 60 5X...ldRd...Y`
>> > <Oct 23, 2014 4:35:23 PM EDT> <Debug> <SecuritySSL> <BEA-000000>
>> > <[Thread[[ACTIVE] ExecuteThread: '0' for queue:
>> 'weblogic.kernel.Default (self-
>> > tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE:
>> > SSLEngine.wrap(ByteBuffer,ByteBuffer)
>> > called: result=Status = OK HandshakeStatus = NEED_UNWRAP bytesConsumed =
>> > 0 bytesProduced = 190.> <Oct 23, 2014 4:35:23 PM EDT> <Debug>
>> > <SecuritySSL> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '0' for
>> queue:
>> > 'weblogic.kernel.Default (self-tuning)',5,Pooled
>> > Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE:
>> > SSLEngine.unwrap(ByteBuffer,ByteBuffer
>> > []) called: result=Status = BUFFER_UNDERFLOW HandshakeStatus =
>> > NEED_UNWRAP bytesConsumed = 0 bytesProduced = 0.> [Raw read]: length = 5
>> > 0000: 15 03 03 00 02 .....
>> > [Raw read]: length = 2
>> > 0000: 02 28 .(
>> > [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default
>> (self-tuning)',
>> > READ: TLSv1.2 Alert, length = 2 [ACTIVE] ExecuteThread: '0' for queue:
>> > 'weblogic.kernel.Default (self-tuning)', RECV TLSv1 ALERT: fatal,
>> > handshake_failure [ACTIVE] ExecuteThread: '0' for queue:
>> > 'weblogic.kernel.Default (self-tuning)', fatal: engine already closed.
>> > Rethrowing javax.net.ssl.SSLException: Received fatal alert:
>> handshake_failure
>> > [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default
>> (self-tuning)',
>> > fatal: engine already closed. Rethrowing javax.net.ssl.SSLException:
>> Received
>> > fatal alert: handshake_failure <Oct 23, 2014 4:35:23 PM EDT> <Debug>
>> > <SecuritySSL> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '0' for
>> queue:
>> > 'weblogic.kernel.Default (self-tuning)',5,Pooled
>> > Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE: Exception
>> occurred
>> > during SSLEngine.un wrap(ByteBuffer,ByteBuffer[]).
>> > javax.net.ssl.SSLException: Received fatal alert: handshake_failure
>> > at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
>> > at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1619)
>> > at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1587)
>> > at
>> sun.security.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1756)
>> > at
>> sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1060)
>> > at
>> sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:884)
>> > at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:758)
>> > at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:664)
>> > at
>> >
>> weblogic.security.SSL.jsseadapter.JaSSLEngine$5.run(JaSSLEngine.java:134)
>> > at
>> >
>> weblogic.security.SSL.jsseadapter.JaSSLEngine.doAction(JaSSLEngine.java:732)
>> > at
>> >
>> weblogic.security.SSL.jsseadapter.JaSSLEngine.unwrap(JaSSLEngine.java:132)
>> > at
>> weblogic.socket.JSSEFilterImpl.unwrap(JSSEFilterImpl.java:505)
>> > at
>> >
>> weblogic.socket.JSSEFilterImpl.unwrapAndHandleResults(JSSEFilterImpl.java:44
>> > 8)
>> > at
>> weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:80)
>> > at
>> weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:64)
>> > at
>> weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:59)
>> > at weblogic.socket.JSSEFilterImpl.write(JSSEFilterImpl.java:390)
>> > at
>> > weblogic.socket.JSSESocket$JSSEOutputStream.write(JSSESocket.java:89)
>> > at
>> > java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
>> > at
>> java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
>> > at java.io.FilterOutputStream.flush(FilterOutputStream.java:140)
>> > at
>> >
>> weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:1
>> > 86)
>> > at
>> >
>> weblogic.net.http.HttpURLConnection.getOutputStream(HttpURLConnection.jav
>> > a:280)
>> > at
>> > org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWra
>> > ppedOutputStream.setupWrappedStream(URLConnectionHTTPConduit.java:168
>> > )
>> > at
>> > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHea
>> > dersTrustCaching(HTTPConduit.java:1278)
>> > at
>> >
>> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWrit
>> > e(HTTPConduit.java:1234)
>> > at
>> > org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWra
>> > ppedOutputStream.onFirstWrite(URLConnectionHTTPConduit.java:195)
>> > at
>> > org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutpu
>> > tStream.java:47)
>> > at
>> >
>> org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThresholdOutp
>> > utStream.java:69)
>> > at
>> > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTP
>> > Conduit.java:1291)
>> > at
>> org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
>> > at
>> org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:623)
>> > at
>> > org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingI
>> > nterceptor.handleMessage(MessageSenderInterceptor.java:62)
>> > at
>> >
>> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChai
>> > n.java:271)
>> > at
>> org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:541)
>> > at
>> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:474)
>> > at
>> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:377)
>> > at
>> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:330)
>> > at
>> org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
>> > at
>> > org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:134)
>> > at com.sun.proxy.$Proxy258.startTransaction(Unknown Source)
>> > at
>> >
>> com.optimal.identity.gateway.equifax.eidverify.VerifyClient.initiateVerification(
>> > VerifyClient.java:87)
>> > at
>> >
>> com.optimal.identity.gateway.equifax.eidverify.VerifyGateway.submitInitial(Ve
>> > rifyGateway.java:24)
>> > at
>> >
>> com.optimal.identity.service.IdentificationServiceImpl.submitInitial(Identificatio
>> > nServiceImpl.java:147)
>> > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> > at
>> >
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:
>> > 57)
>> > at
>> >
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorI
>> > mpl.java:43)
>> > at java.lang.reflect.Method.invoke(Method.java:606)
>> > at
>> >
>> org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(Aop
>> > Utils.java:317)
>> > at
>> >
>> org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpo
>> > int(ReflectiveMethodInvocation.java:183)
>> > at
>> >
>> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(Refl
>> > ectiveMethodInvocation.java:150)
>> > at
>> >
>> org.springframework.transaction.interceptor.TransactionInterceptor.invoke(Tra
>> > nsactionInterceptor.java:110)
>> > at
>> >
>> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(Refl
>> > ectiveMethodInvocation.java:172)
>> > at
>> > org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamic
>> > AopProxy.java:204)
>> > at com.sun.proxy.$Proxy211.submitInitial(Unknown Source)
>> > at
>> >
>> com.optimal.identity.web.rest.IdentificationController.create(IdentificationCont
>> > roller.java:133)
>> > at
>> >
>> com.optimal.identity.web.rest.IdentificationController$$FastClassByCGLIB$$95f
>> > 388d3.invoke(<generated>)
>> > at
>> > org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
>> > at
>> > org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.in
>> > vokeJoinpoint(CglibAopProxy.java:698)
>> > at
>> >
>> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(Refl
>> > ectiveMethodInvocation.java:150)
>> > at
>> >
>> org.springframework.security.access.intercept.aopalliance.MethodSecurityInter
>> > ceptor.invoke(MethodSecurityInterceptor.java:64)
>> > at
>> >
>> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(Refl
>> > ectiveMethodInvocation.java:172)
>> > at
>> > org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedIntercept
>> > or.intercept(CglibAopProxy.java:631)
>> > at
>> >
>> com.optimal.identity.web.rest.IdentificationController$$EnhancerByCGLIB$$36
>> > b7b48f.create(<generated>)
>> > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> > at
>> >
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:
>> > 57)
>> > at
>> >
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorI
>> > mpl.java:43)
>> > at java.lang.reflect.Method.invoke(Method.java:606)
>> > at
>> > org.springframework.web.method.support.InvocableHandlerMethod.invoke(Inv
>> > ocableHandlerMethod.java:219)
>> > at
>> > org.springframework.web.method.support.InvocableHandlerMethod.invokeFor
>> > Request(InvocableHandlerMethod.java:132)
>> > at
>> >
>> org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHan
>> > dlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:104)
>> > at
>> > org.springframework.web.servlet.mvc.method.annotation.RequestMappingHan
>> > dlerAdapter.invokeHandleMethod(RequestMappingHandlerAdapter.java:745)
>> > at
>> > org.springframework.web.servlet.mvc.method.annotation.RequestMappingHan
>> > dlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:686)
>> > at
>> > org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.
>> > handle(AbstractHandlerMethodAdapter.java:80)
>> > at
>> >
>> org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServl
>> > et.java:925)
>> > at
>> >
>> org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServle
>> > t.java:856)
>> > at
>> > org.springframework.web.servlet.FrameworkServlet.processRequest(Framewor
>> > kServlet.java:920)
>> > at
>> >
>> org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.j
>> > ava:827)
>> > at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
>> > at
>> >
>> org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.
>> > java:801)
>> > at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
>> > at
>> >
>> weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecu
>> > rityHelper.java:227)
>> > at
>> >
>> weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.j
>> > ava:125)
>> > at
>> >
>> weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
>> > at
>> weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
>> > at
>> >
>> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
>> > at
>> >
>> org.springframework.web.filter.ShallowEtagHeaderFilter.doFilterInternal(Shallo
>> > wEtagHeaderFilter.java:73)
>> > at
>> >
>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequest
>> > Filter.java:107)
>> > at
>> >
>> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(Delegati
>> > ngFilterProxy.java:346)
>> > at
>> >
>> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilter
>> > Proxy.java:259)
>> > at
>> >
>> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
>> > at
>> >
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(
>> > FilterChainProxy.java:330)
>> > at
>> >
>> org.springframework.security.web.access.intercept.FilterSecurityInterceptor.inv
>> > oke(FilterSecurityInterceptor.java:118)
>> > at
>> >
>> org.springframework.security.web.access.intercept.FilterSecurityInterceptor.do
>> > Filter(FilterSecurityInterceptor.java:84)
>> > at
>> >
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(
>> > FilterChainProxy.java:342)
>> > at
>> >
>> org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(Ex
>> > ceptionTranslationFilter.java:113)
>> > at
>> >
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(
>> > FilterChainProxy.java:342)
>> > at
>> >
>> org.springframework.security.web.authentication.AnonymousAuthenticationFilt
>> > er.doFilter(AnonymousAuthenticationFilter.java:113)
>> > at
>> >
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(
>> > FilterChainProxy.java:342)
>> > at
>> >
>> org.springframework.security.web.servletapi.SecurityContextHolderAwareRequ
>> > estFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
>> > at
>> >
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(
>> > FilterChainProxy.java:342)
>> > at
>> >
>> org.springframework.security.web.authentication.www.BasicAuthenticationFilt
>> > er.doFilter(BasicAuthenticationFilter.java:201)
>> > at
>> >
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(
>> > FilterChainProxy.java:342)
>> > at
>> >
>> org.springframework.security.web.context.SecurityContextPersistenceFilter.doF
>> > ilter(SecurityContextPersistenceFilter.java:87)
>> > at
>> >
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(
>> > FilterChainProxy.java:342)
>> > at
>> >
>> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChain
>> > Proxy.java:192)
>> > at
>> >
>> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.ja
>> > va:160)
>> > at
>> >
>> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(Delegati
>> > ngFilterProxy.java:346)
>> > at
>> >
>> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilter
>> > Proxy.java:259)
>> > at
>> >
>> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
>> > at
>> >
>> com.optimal.rest.loggerfilter.LoggerFilter.doFilterInternal(LoggerFilter.java:16
>> > 9)
>> > at
>> >
>> com.optimal.rest.loggerfilter.LoggerFilter.doFilter(LoggerFilter.java:123)
>> > at
>> >
>> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(Delegati
>> > ngFilterProxy.java:346)
>> > at
>> >
>> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilter
>> > Proxy.java:259)
>> > at
>> >
>> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
>> > at
>> >
>> com.optimal.web.spring.filter.ApplicationUidFilter.doFilterInternal(ApplicationU
>> > idFilter.java:51)
>> > at
>> >
>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequest
>> > Filter.java:107)
>> > at
>> >
>> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(Delegati
>> > ngFilterProxy.java:346)
>> > at
>> >
>> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilter
>> > Proxy.java:259)
>> > at
>> >
>> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
>> > at
>> >
>> weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrap
>> > Run(WebAppServletContext.java:3730)
>> > at
>> >
>> weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(
>> > WebAppServletContext.java:3696)
>> > at
>> >
>> weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.j
>> > ava:321)
>> > at
>> >
>> weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
>> > at
>> >
>> weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServl
>> > etContext.java:2273)
>> > at
>> >
>> weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletConte
>> > xt.java:2179)
>> > at
>> >
>> weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1490
>> > )
>> > at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
>> > at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
>> > >
>> > AVIS IMPORTANT
>> >
>> > WARNING
>> >
>> >
>> > Ce message ?lectronique et ses pi?ces jointes peuvent contenir des
>> > renseignements confidentiels, exclusifs ou l?galement privil?gi?s
>> destin?s au
>> > seul usage du destinataire vis?. L'exp?diteur original ne renonce ?
>> aucun
>> > privil?ge ou ? aucun autre droit si le pr?sent message a ?t? transmis
>> > involontairement ou s'il est retransmis sans son autorisation. Si vous
>> n'?tes pas
>> > le destinataire vis? du pr?sent message ou si vous l'avez re?u par
>> erreur,
>> > veuillez cesser imm?diatement de le lire et le supprimer, ainsi que
>> toutes ses
>> > pi?ces jointes, de votre syst?me. La lecture, la distribution, la copie
>> ou tout
>> > autre usage du pr?sent message ou de ses pi?ces jointes par des
>> personnes
>> > autres que le destinataire vis? ne sont pas autoris?s et pourraient
>> ?tre ill?gaux.
>> > Si vous avez re?u ce courrier ?lectronique par erreur, veuillez en
>> aviser
>> > l'exp?diteur.
>> >
>> >
>> > This electronic message and its attachments may contain confidential,
>> > proprietary or legally privileged information, which is solely for the
>> use of the
>> > intended recipient. No privilege or other rights are waived by any
>> unintended
>> > transmission or unauthorized retransmission of this message. If you are
>> not the
>> > intended recipient of this message, or if you have received it in
>> error, you
>> > should immediately stop reading this message and delete it and all
>> > attachments from your system. The reading, distribution, copying or
>> other use
>> > of this message or its attachments by unintended recipients is
>> unauthorized and
>> > may be unlawful. If you have received this e-mail in error, please
>> notify the
>> > sender.
>> >
>> > --
>> > WARNING
>> > -------
>> > This electronic message and its attachments may contain confidential,
>> > proprietary or legally privileged information, which is solely for the
>> use of the
>> > intended recipient. No privilege or other rights are waived by any
>> unintended
>> > transmission or unauthorized retransmission of this message. If you
>> are not the
>> > intended recipient of this message, or if you have received it in
>> error, you
>> > should immediately stop reading this message and delete it and all
>> > attachments from your system. The reading, distribution, copying or
>> other use
>> > of this message or its attachments by unintended recipients is
>> unauthorized and
>> > may be unlawful. If you have received this e-mail in error, please
>> notify the
>> > sender.
>> >
>> > AVIS IMPORTANT
>> > --------------
>> > Ce message electronique et ses pieces jointes peuvent contenir des
>> > renseignements confidentiels, exclusifs ou legalement privilegies
>> destines au
>> > seul usage du destinataire vise. L'expediteur original ne renonce a
>> aucun
>> > privilege ou a aucun autre droit si le present message a ete transmis
>> > involontairement ou s'il est retransmis sans son autorisation. Si vous
>> n'etes pas
>> > le destinataire vise du present message ou si vous l'avez recu par
>> erreur,
>> > veuillez cesser immediatement de le lire et le supprimer, ainsi que
>> toutes ses
>> > pieces jointes, de votre systeme. La lecture, la distribution, la
>> copie ou tout
>> > autre usage du present message ou de ses pieces jointes par des
>> personnes
>> > autres que le destinataire vise ne sont pas autorises et pourraient
>> etre illegaux.
>> > Si vous avez recu ce courrier electronique par erreur, veuillez en
>> aviser
>> > l'expediteur.
>> >
>> >
>> > --
>> > WARNING
>> > -------
>> > This electronic message and its attachments may contain confidential,
>> > proprietary or legally privileged information, which is solely for the
>> use of the
>> > intended recipient. No privilege or other rights are waived by any
>> unintended
>> > transmission or unauthorized retransmission of this message. If you
>> are not the
>> > intended recipient of this message, or if you have received it in
>> error, you
>> > should immediately stop reading this message and delete it and all
>> > attachments from your system. The reading, distribution, copying or
>> other use
>> > of this message or its attachments by unintended recipients is
>> unauthorized and
>> > may be unlawful. If you have received this e-mail in error, please
>> notify the
>> > sender.
>> >
>> > AVIS IMPORTANT
>> > --------------
>> > Ce message ?lectronique et ses pi?ces jointes peuvent contenir des
>> > renseignements confidentiels, exclusifs ou l?galement privil?gi?s
>> destin?s au
>> > seul usage du destinataire vis?. L'exp?diteur original ne renonce ?
>> aucun
>> > privil?ge ou ? aucun autre droit si le pr?sent message a ?t? transmis
>> > involontairement ou s'il est retransmis sans son autorisation. Si vous
>> n'?tes pas
>> > le destinataire vis? du pr?sent message ou si vous l'avez re?u par
>> erreur,
>> > veuillez cesser imm?diatement de le lire et le supprimer, ainsi que
>> toutes ses
>> > pi?ces jointes, de votre syst?me. La lecture, la distribution, la
>> copie ou tout
>> > autre usage du pr?sent message ou de ses pi?ces jointes par des
>> personnes
>> > autres que le destinataire vis? ne sont pas autoris?s et pourraient
>> ?tre ill?gaux.
>> > Si vous avez re?u ce courrier ?lectronique par erreur, veuillez en
>> aviser
>> > l'exp?diteur.
>> >
>> > --
>> > WARNING
>> > -------
>> > This electronic message and its attachments may contain confidential,
>> > proprietary or legally privileged information, which is solely for the
>> use of the
>> > intended recipient. No privilege or other rights are waived by any
>> unintended
>> > transmission or unauthorized retransmission of this message. If you
>> are not the
>> > intended recipient of this message, or if you have received it in
>> error, you
>> > should immediately stop reading this message and delete it and all
>> > attachments from your system. The reading, distribution, copying or
>> other use
>> > of this message or its attachments by unintended recipients is
>> unauthorized and
>> > may be unlawful. If you have received this e-mail in error, please
>> notify the
>> > sender.
>> >
>> > AVIS IMPORTANT
>> > --------------
>> > Ce message electronique et ses pieces jointes peuvent contenir des
>> > renseignements confidentiels, exclusifs ou legalement privilegies
>> destines au
>> > seul usage du destinataire vise. L'expediteur original ne renonce a
>> aucun
>> > privilege ou a aucun autre droit si le present message a ete transmis
>> > involontairement ou s'il est retransmis sans son autorisation. Si vous
>> n'etes pas
>> > le destinataire vise du present message ou si vous l'avez recu par
>> erreur,
>> > veuillez cesser immediatement de le lire et le supprimer, ainsi que
>> toutes ses
>> > pieces jointes, de votre systeme. La lecture, la distribution, la
>> copie ou tout
>> > autre usage du present message ou de ses pieces jointes par des
>> personnes
>> > autres que le destinataire vise ne sont pas autorises et pourraient
>> etre illegaux.
>> > Si vous avez recu ce courrier electronique par erreur, veuillez en
>> aviser
>> > l'expediteur.
>>
>>
RE: How to Disable SSLv2 client hello in CXF?
Posted by Jason Pell <ja...@pellcorp.com>.
That setting won't actually control what protocols jetty will actually use.
I think it just controls what the highest protocol is used.
The excluded protocols list needs to include the sslv2 setting.
we actually overrode the jetty factory jetty engine and one other class to
get access to the SSL context to configure the excluded protocols. Not
pretty but we can't wait for 2.7.14.
If you are interested I shall post our classes to my git repo.
Let me know
On 27/10/2014 8:14 PM, "Andrei Shakirin" <as...@talend.com> wrote:
> Hi,
>
> I guess you mean TLSClientParameters.secureSocketProtocol in Conduit.
>
> As far as I can see this parameter is used for creating
> java.net.ssl.SSLContext:
> String protocol = parameters.getSecureSocketProtocol() != null ?
> parameters
> .getSecureSocketProtocol() : "TLS";
>
> The setting should work. How you apply conduit settings: programmatically
> or via spring configuration?
> Could you past the code snapshot?
>
> Regards,
> Andrei.
>
> > -----Original Message-----
> > From: David Roytenberg (Consultant)
> > [mailto:David.Roytenberg@optimalpayments.com]
> > Sent: Freitag, 24. Oktober 2014 17:46
> > To: users@cxf.apache.org
> > Subject: RE: How to Disable SSLv2 client hello in CXF?
> >
> > Hello again.
> >
> > I've dug further into the CXF documentation and found that it is
> possible to
> > programmatically set the SSL protocols on the TLSProperties object of the
> > Conduit.
> >
> > I've created the TLS properties and set the SSL protocols to TLS1, but
> this does
> > not change the SSL behavior, which still starts with TLSv1.2 then sends
> the hello
> > with SSLv2 which is then dropped on the client end. Is there another
> switch that
> > has to be set to over-ride the default SSL behavior?
> >
> > David
> >
> > -----Original Message-----
> > From: David Roytenberg (Consultant)
> > [mailto:David.Roytenberg@optimalpayments.com]
> > Sent: Thursday, October 23, 2014 4:57 PM
> > To: users@cxf.apache.org
> > Subject: How to Disable SSLv2 client hello in CXF?
> >
> > I'm having an SSL problem and I wonder if there is a way to fix it
> within CXF
> >
> > We have our CXF 2.7.6 based integration deployed on Weblogic 11. We are
> > using JDK 1.7_065
> >
> > When we connect to our remote client via SSL we get the following trace
> with
> > lots of SSL debugging turned on
> >
> > What appears to be happening is that the Hello message is sent with an
> SSLV2
> > protocol, which our partner's server does not like. Apparently sending
> the
> > Hello at this level is a common behavior and apparently it sometimes
> causes
> > the remote server to fail. I found a suggestion on line that this can
> be fixed by
> > removing the SSLv2 from the allowed protocols. I am wondering if I can
> do that
> > through CFX configuration?
> >
> > This is a reference to the article that suggests that removing the
> protocol is the
> > solution to this problem:
> >
> >
> http://stackoverflow.com/questions/4682957/why-does-javas-sslsocket-send-a-
> > version-2-client-hello
> >
> > The protocols are apparently set on the SSLContext in JSSE by calling
> > setEnabledProtocols(String[] protocols)
> >
> > Is there a way to set the enabled protocols on the SSLContext via CXF
> > configuration?
> >
> > If not, is there a way to get hold of the SSLContext programmatically in
> a CXF
> > interceptor?
> >
> > We can't fix this problem at the WebLogic level because of side-effects
> on
> > other apps. Thanks in advance for any suggestions or guidance!
> >
> > WebLogic SSL debug trace follows:
> >
> > %% No cached client session
> > *** ClientHello, TLSv1.2
> > RandomCookie: GMT: 1414096267 bytes = { 183, 209, 47, 148, 54, 202, 98,
> 8,
> > 191, 222, 122, 248, 80, 190, 53, 88, 128, 130, 126, 108, 100, 82, 100,
> 197, 213,
> > 31, 89, 96 } Session ID: {} Cipher Suites:
> > [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
> > TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
> > TLS_RSA_WITH_AES_256_CBC_SHA256,
> > TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
> > TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
> > TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS
> > _WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
> > TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
> > TLS_RSA_WITH_AES_256_CBC_SHA,
> > TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
> > TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
> > TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AE
> > S_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
> > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
> > TLS_RSA_WITH_AES_128_CBC_SHA256,
> > TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
> > TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
> > TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_
> > WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
> > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
> > TLS_RSA_WITH_AES_128_CBC_SHA,
> > TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
> > TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
> > TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES
> > _128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
> > TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA,
> > TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA,
> > TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
> > TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_W
> > ITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
> > TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
> > SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
> > SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5,
> > TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
> > Compression Methods: { 0 }
> > Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2,
> > secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1,
> secp384r1,
> > sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1,
> secp160r1,
> > secp160r2, sect163r1, secp1 92k1, sect193r1, sect193r2, secp224k1,
> sect239k1,
> > secp256k1} Extension ec_point_formats, formats: [uncompressed] Extension
> > signature_algorithms, signature_algorithms: SHA512withECDSA,
> > SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA,
> > SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA,
> > SHA1withRSA, SHA1withDSA, MD5withRSA
> > ***
> > [write] MD5 and SHA1 hashes: len = 221
> > 0000: 01 00 00 D9 03 03 54 49 66 8B B7 D1 2F 94 36 CA ......TIf.../.6.
> > 0010: 62 08 BF DE 7A F8 50 BE 35 58 80 82 7E 6C 64 52 b...z.P.5X...ldR
> > 0020: 64 C5 D5 1F 59 60 00 00 54 C0 24 C0 28 00 3D C0 d...Y`..T.$.(.=.
> > 0030: 26 C0 2A 00 6B 00 6A C0 0A C0 14 00 35 C0 05 C0 &.*.k.j.....5...
> > 0040: 0F 00 39 00 38 C0 23 C0 27 00 3C C0 25 C0 29 00 ..9.8.#.'.<.%.).
> > 0050: 67 00 40 C0 09 C0 13 00 2F C0 04 C0 0E 00 33 00 g.@
> ...../.....3.
> > 0060: 32 C0 07 C0 11 00 05 C0 02 C0 0C C0 08 C0 12 00 2...............
> > 0070: 0A C0 03 C0 0D 00 16 00 13 00 04 00 FF 01 00 00 ................
> > 0080: 5C 00 0A 00 34 00 32 00 17 00 01 00 03 00 13 00 \...4.2.........
> > 0090: 15 00 06 00 07 00 09 00 0A 00 18 00 0B 00 0C 00 ................
> > 00A0: 19 00 0D 00 0E 00 0F 00 10 00 11 00 02 00 12 00 ................
> > 00B0: 04 00 05 00 14 00 08 00 16 00 0B 00 02 01 00 00 ................
> > 00C0: 0D 00 1A 00 18 06 03 06 01 05 03 05 01 04 03 04 ................
> > 00D0: 01 03 03 03 01 02 03 02 01 02 02 01 01 .............
> > [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default
> (self-tuning)',
> > WRITE: TLSv1.2 Handshake, length = 221 [write] MD5 and SHA1 hashes: len
> =
> > 188
> > 0000: 01 03 03 00 93 00 00 00 20 00 C0 24 00 C0 28 00 ........ ..$..(.
> > 0010: 00 3D 00 C0 26 00 C0 2A 00 00 6B 00 00 6A 00 C0 .=..&..*..k..j..
> > 0020: 0A 07 00 C0 00 C0 14 00 00 35 00 C0 05 00 C0 0F .........5......
> > 0030: 00 00 39 00 00 38 00 C0 23 00 C0 27 00 00 3C 00 ..9..8..#..'..<.
> > 0040: C0 25 00 C0 29 00 00 67 00 00 40 00 C0 09 06 00 .%..)..g..@
> .....
> > 0050: 40 00 C0 13 00 00 2F 00 C0 04 01 00 80 00 C0 0E @...../.........
> > 0060: 00 00 33 00 00 32 00 C0 07 05 00 80 00 C0 11 00 ..3..2..........
> > 0070: 00 05 00 C0 02 00 C0 0C 00 C0 08 00 C0 12 00 00 ................
> > 0080: 0A 07 00 C0 00 C0 03 02 00 80 00 C0 0D 00 00 16 ................
> > 0090: 00 00 13 00 00 04 01 00 80 00 00 FF 54 49 66 8B ............TIf.
> > 00A0: B7 D1 2F 94 36 CA 62 08 BF DE 7A F8 50 BE 35 58 ../.6.b...z.P.5X
> > 00B0: 80 82 7E 6C 64 52 64 C5 D5 1F 59 60 ...ldRd...Y`
> > [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default
> (self-tuning)',
> > WRITE: SSLv2 client hello message, length = 188 [Raw write]: length = 190
> > 0000: 80 BC 01 03 03 00 93 00 00 00 20 00 C0 24 00 C0 .......... ..$..
> > 0010: 28 00 00 3D 00 C0 26 00 C0 2A 00 00 6B 00 00 6A (..=..&..*..k..j
> > 0020: 00 C0 0A 07 00 C0 00 C0 14 00 00 35 00 C0 05 00 ...........5....
> > 0030: C0 0F 00 00 39 00 00 38 00 C0 23 00 C0 27 00 00 ....9..8..#..'..
> > 0040: 3C 00 C0 25 00 C0 29 00 00 67 00 00 40 00 C0 09 <..%..)..g..@
> ...
> > 0050: 06 00 40 00 C0 13 00 00 2F 00 C0 04 01 00 80 00 ..@...../.......
> > 0060: C0 0E 00 00 33 00 00 32 00 C0 07 05 00 80 00 C0 ....3..2........
> > 0070: 11 00 00 05 00 C0 02 00 C0 0C 00 C0 08 00 C0 12 ................
> > 0080: 00 00 0A 07 00 C0 00 C0 03 02 00 80 00 C0 0D 00 ................
> > 0090: 00 16 00 00 13 00 00 04 01 00 80 00 00 FF 54 49 ..............TI
> > 00A0: 66 8B B7 D1 2F 94 36 CA 62 08 BF DE 7A F8 50 BE f.../.6.b...z.P.
> > 00B0: 35 58 80 82 7E 6C 64 52 64 C5 D5 1F 59 60 5X...ldRd...Y`
> > <Oct 23, 2014 4:35:23 PM EDT> <Debug> <SecuritySSL> <BEA-000000>
> > <[Thread[[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default
> (self-
> > tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE:
> > SSLEngine.wrap(ByteBuffer,ByteBuffer)
> > called: result=Status = OK HandshakeStatus = NEED_UNWRAP bytesConsumed =
> > 0 bytesProduced = 190.> <Oct 23, 2014 4:35:23 PM EDT> <Debug>
> > <SecuritySSL> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '0' for
> queue:
> > 'weblogic.kernel.Default (self-tuning)',5,Pooled
> > Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE:
> > SSLEngine.unwrap(ByteBuffer,ByteBuffer
> > []) called: result=Status = BUFFER_UNDERFLOW HandshakeStatus =
> > NEED_UNWRAP bytesConsumed = 0 bytesProduced = 0.> [Raw read]: length = 5
> > 0000: 15 03 03 00 02 .....
> > [Raw read]: length = 2
> > 0000: 02 28 .(
> > [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default
> (self-tuning)',
> > READ: TLSv1.2 Alert, length = 2 [ACTIVE] ExecuteThread: '0' for queue:
> > 'weblogic.kernel.Default (self-tuning)', RECV TLSv1 ALERT: fatal,
> > handshake_failure [ACTIVE] ExecuteThread: '0' for queue:
> > 'weblogic.kernel.Default (self-tuning)', fatal: engine already closed.
> > Rethrowing javax.net.ssl.SSLException: Received fatal alert:
> handshake_failure
> > [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default
> (self-tuning)',
> > fatal: engine already closed. Rethrowing javax.net.ssl.SSLException:
> Received
> > fatal alert: handshake_failure <Oct 23, 2014 4:35:23 PM EDT> <Debug>
> > <SecuritySSL> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '0' for
> queue:
> > 'weblogic.kernel.Default (self-tuning)',5,Pooled
> > Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE: Exception occurred
> > during SSLEngine.un wrap(ByteBuffer,ByteBuffer[]).
> > javax.net.ssl.SSLException: Received fatal alert: handshake_failure
> > at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
> > at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1619)
> > at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1587)
> > at
> sun.security.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1756)
> > at
> sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1060)
> > at
> sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:884)
> > at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:758)
> > at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:664)
> > at
> > weblogic.security.SSL.jsseadapter.JaSSLEngine$5.run(JaSSLEngine.java:134)
> > at
> >
> weblogic.security.SSL.jsseadapter.JaSSLEngine.doAction(JaSSLEngine.java:732)
> > at
> >
> weblogic.security.SSL.jsseadapter.JaSSLEngine.unwrap(JaSSLEngine.java:132)
> > at weblogic.socket.JSSEFilterImpl.unwrap(JSSEFilterImpl.java:505)
> > at
> >
> weblogic.socket.JSSEFilterImpl.unwrapAndHandleResults(JSSEFilterImpl.java:44
> > 8)
> > at
> weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:80)
> > at
> weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:64)
> > at
> weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:59)
> > at weblogic.socket.JSSEFilterImpl.write(JSSEFilterImpl.java:390)
> > at
> > weblogic.socket.JSSESocket$JSSEOutputStream.write(JSSESocket.java:89)
> > at
> > java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
> > at
> java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
> > at java.io.FilterOutputStream.flush(FilterOutputStream.java:140)
> > at
> >
> weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:1
> > 86)
> > at
> > weblogic.net.http.HttpURLConnection.getOutputStream(HttpURLConnection.jav
> > a:280)
> > at
> > org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWra
> > ppedOutputStream.setupWrappedStream(URLConnectionHTTPConduit.java:168
> > )
> > at
> > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHea
> > dersTrustCaching(HTTPConduit.java:1278)
> > at
> > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWrit
> > e(HTTPConduit.java:1234)
> > at
> > org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWra
> > ppedOutputStream.onFirstWrite(URLConnectionHTTPConduit.java:195)
> > at
> > org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutpu
> > tStream.java:47)
> > at
> >
> org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThresholdOutp
> > utStream.java:69)
> > at
> > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTP
> > Conduit.java:1291)
> > at
> org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
> > at
> org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:623)
> > at
> > org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingI
> > nterceptor.handleMessage(MessageSenderInterceptor.java:62)
> > at
> >
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChai
> > n.java:271)
> > at
> org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:541)
> > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:474)
> > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:377)
> > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:330)
> > at
> org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
> > at
> > org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:134)
> > at com.sun.proxy.$Proxy258.startTransaction(Unknown Source)
> > at
> >
> com.optimal.identity.gateway.equifax.eidverify.VerifyClient.initiateVerification(
> > VerifyClient.java:87)
> > at
> >
> com.optimal.identity.gateway.equifax.eidverify.VerifyGateway.submitInitial(Ve
> > rifyGateway.java:24)
> > at
> >
> com.optimal.identity.service.IdentificationServiceImpl.submitInitial(Identificatio
> > nServiceImpl.java:147)
> > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> > at
> >
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:
> > 57)
> > at
> > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorI
> > mpl.java:43)
> > at java.lang.reflect.Method.invoke(Method.java:606)
> > at
> >
> org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(Aop
> > Utils.java:317)
> > at
> > org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpo
> > int(ReflectiveMethodInvocation.java:183)
> > at
> > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(Refl
> > ectiveMethodInvocation.java:150)
> > at
> >
> org.springframework.transaction.interceptor.TransactionInterceptor.invoke(Tra
> > nsactionInterceptor.java:110)
> > at
> > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(Refl
> > ectiveMethodInvocation.java:172)
> > at
> > org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamic
> > AopProxy.java:204)
> > at com.sun.proxy.$Proxy211.submitInitial(Unknown Source)
> > at
> >
> com.optimal.identity.web.rest.IdentificationController.create(IdentificationCont
> > roller.java:133)
> > at
> >
> com.optimal.identity.web.rest.IdentificationController$$FastClassByCGLIB$$95f
> > 388d3.invoke(<generated>)
> > at
> > org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
> > at
> > org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.in
> > vokeJoinpoint(CglibAopProxy.java:698)
> > at
> > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(Refl
> > ectiveMethodInvocation.java:150)
> > at
> >
> org.springframework.security.access.intercept.aopalliance.MethodSecurityInter
> > ceptor.invoke(MethodSecurityInterceptor.java:64)
> > at
> > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(Refl
> > ectiveMethodInvocation.java:172)
> > at
> > org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedIntercept
> > or.intercept(CglibAopProxy.java:631)
> > at
> >
> com.optimal.identity.web.rest.IdentificationController$$EnhancerByCGLIB$$36
> > b7b48f.create(<generated>)
> > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> > at
> >
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:
> > 57)
> > at
> > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorI
> > mpl.java:43)
> > at java.lang.reflect.Method.invoke(Method.java:606)
> > at
> > org.springframework.web.method.support.InvocableHandlerMethod.invoke(Inv
> > ocableHandlerMethod.java:219)
> > at
> > org.springframework.web.method.support.InvocableHandlerMethod.invokeFor
> > Request(InvocableHandlerMethod.java:132)
> > at
> > org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHan
> > dlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:104)
> > at
> > org.springframework.web.servlet.mvc.method.annotation.RequestMappingHan
> > dlerAdapter.invokeHandleMethod(RequestMappingHandlerAdapter.java:745)
> > at
> > org.springframework.web.servlet.mvc.method.annotation.RequestMappingHan
> > dlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:686)
> > at
> > org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.
> > handle(AbstractHandlerMethodAdapter.java:80)
> > at
> >
> org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServl
> > et.java:925)
> > at
> >
> org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServle
> > t.java:856)
> > at
> > org.springframework.web.servlet.FrameworkServlet.processRequest(Framewor
> > kServlet.java:920)
> > at
> >
> org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.j
> > ava:827)
> > at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
> > at
> >
> org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.
> > java:801)
> > at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
> > at
> >
> weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecu
> > rityHelper.java:227)
> > at
> >
> weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.j
> > ava:125)
> > at
> >
> weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
> > at
> weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
> > at
> >
> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
> > at
> >
> org.springframework.web.filter.ShallowEtagHeaderFilter.doFilterInternal(Shallo
> > wEtagHeaderFilter.java:73)
> > at
> >
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequest
> > Filter.java:107)
> > at
> >
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(Delegati
> > ngFilterProxy.java:346)
> > at
> >
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilter
> > Proxy.java:259)
> > at
> >
> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
> > at
> >
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(
> > FilterChainProxy.java:330)
> > at
> >
> org.springframework.security.web.access.intercept.FilterSecurityInterceptor.inv
> > oke(FilterSecurityInterceptor.java:118)
> > at
> >
> org.springframework.security.web.access.intercept.FilterSecurityInterceptor.do
> > Filter(FilterSecurityInterceptor.java:84)
> > at
> >
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(
> > FilterChainProxy.java:342)
> > at
> >
> org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(Ex
> > ceptionTranslationFilter.java:113)
> > at
> >
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(
> > FilterChainProxy.java:342)
> > at
> >
> org.springframework.security.web.authentication.AnonymousAuthenticationFilt
> > er.doFilter(AnonymousAuthenticationFilter.java:113)
> > at
> >
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(
> > FilterChainProxy.java:342)
> > at
> >
> org.springframework.security.web.servletapi.SecurityContextHolderAwareRequ
> > estFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
> > at
> >
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(
> > FilterChainProxy.java:342)
> > at
> >
> org.springframework.security.web.authentication.www.BasicAuthenticationFilt
> > er.doFilter(BasicAuthenticationFilter.java:201)
> > at
> >
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(
> > FilterChainProxy.java:342)
> > at
> >
> org.springframework.security.web.context.SecurityContextPersistenceFilter.doF
> > ilter(SecurityContextPersistenceFilter.java:87)
> > at
> >
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(
> > FilterChainProxy.java:342)
> > at
> >
> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChain
> > Proxy.java:192)
> > at
> >
> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.ja
> > va:160)
> > at
> >
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(Delegati
> > ngFilterProxy.java:346)
> > at
> >
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilter
> > Proxy.java:259)
> > at
> >
> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
> > at
> >
> com.optimal.rest.loggerfilter.LoggerFilter.doFilterInternal(LoggerFilter.java:16
> > 9)
> > at
> >
> com.optimal.rest.loggerfilter.LoggerFilter.doFilter(LoggerFilter.java:123)
> > at
> >
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(Delegati
> > ngFilterProxy.java:346)
> > at
> >
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilter
> > Proxy.java:259)
> > at
> >
> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
> > at
> >
> com.optimal.web.spring.filter.ApplicationUidFilter.doFilterInternal(ApplicationU
> > idFilter.java:51)
> > at
> >
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequest
> > Filter.java:107)
> > at
> >
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(Delegati
> > ngFilterProxy.java:346)
> > at
> >
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilter
> > Proxy.java:259)
> > at
> >
> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
> > at
> >
> weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrap
> > Run(WebAppServletContext.java:3730)
> > at
> >
> weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(
> > WebAppServletContext.java:3696)
> > at
> >
> weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.j
> > ava:321)
> > at
> > weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
> > at
> > weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServl
> > etContext.java:2273)
> > at
> > weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletConte
> > xt.java:2179)
> > at
> >
> weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1490
> > )
> > at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
> > at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
> > >
> > AVIS IMPORTANT
> >
> > WARNING
> >
> >
> > Ce message ?lectronique et ses pi?ces jointes peuvent contenir des
> > renseignements confidentiels, exclusifs ou l?galement privil?gi?s
> destin?s au
> > seul usage du destinataire vis?. L'exp?diteur original ne renonce ? aucun
> > privil?ge ou ? aucun autre droit si le pr?sent message a ?t? transmis
> > involontairement ou s'il est retransmis sans son autorisation. Si vous
> n'?tes pas
> > le destinataire vis? du pr?sent message ou si vous l'avez re?u par
> erreur,
> > veuillez cesser imm?diatement de le lire et le supprimer, ainsi que
> toutes ses
> > pi?ces jointes, de votre syst?me. La lecture, la distribution, la copie
> ou tout
> > autre usage du pr?sent message ou de ses pi?ces jointes par des personnes
> > autres que le destinataire vis? ne sont pas autoris?s et pourraient ?tre
> ill?gaux.
> > Si vous avez re?u ce courrier ?lectronique par erreur, veuillez en aviser
> > l'exp?diteur.
> >
> >
> > This electronic message and its attachments may contain confidential,
> > proprietary or legally privileged information, which is solely for the
> use of the
> > intended recipient. No privilege or other rights are waived by any
> unintended
> > transmission or unauthorized retransmission of this message. If you are
> not the
> > intended recipient of this message, or if you have received it in error,
> you
> > should immediately stop reading this message and delete it and all
> > attachments from your system. The reading, distribution, copying or
> other use
> > of this message or its attachments by unintended recipients is
> unauthorized and
> > may be unlawful. If you have received this e-mail in error, please
> notify the
> > sender.
> >
> > --
> > WARNING
> > -------
> > This electronic message and its attachments may contain confidential,
> > proprietary or legally privileged information, which is solely for the
> use of the
> > intended recipient. No privilege or other rights are waived by any
> unintended
> > transmission or unauthorized retransmission of this message. If you are
> not the
> > intended recipient of this message, or if you have received it in error,
> you
> > should immediately stop reading this message and delete it and all
> > attachments from your system. The reading, distribution, copying or
> other use
> > of this message or its attachments by unintended recipients is
> unauthorized and
> > may be unlawful. If you have received this e-mail in error, please
> notify the
> > sender.
> >
> > AVIS IMPORTANT
> > --------------
> > Ce message electronique et ses pieces jointes peuvent contenir des
> > renseignements confidentiels, exclusifs ou legalement privilegies
> destines au
> > seul usage du destinataire vise. L'expediteur original ne renonce a
> aucun
> > privilege ou a aucun autre droit si le present message a ete transmis
> > involontairement ou s'il est retransmis sans son autorisation. Si vous
> n'etes pas
> > le destinataire vise du present message ou si vous l'avez recu par
> erreur,
> > veuillez cesser immediatement de le lire et le supprimer, ainsi que
> toutes ses
> > pieces jointes, de votre systeme. La lecture, la distribution, la copie
> ou tout
> > autre usage du present message ou de ses pieces jointes par des personnes
> > autres que le destinataire vise ne sont pas autorises et pourraient etre
> illegaux.
> > Si vous avez recu ce courrier electronique par erreur, veuillez en aviser
> > l'expediteur.
> >
> >
> > --
> > WARNING
> > -------
> > This electronic message and its attachments may contain confidential,
> > proprietary or legally privileged information, which is solely for the
> use of the
> > intended recipient. No privilege or other rights are waived by any
> unintended
> > transmission or unauthorized retransmission of this message. If you are
> not the
> > intended recipient of this message, or if you have received it in error,
> you
> > should immediately stop reading this message and delete it and all
> > attachments from your system. The reading, distribution, copying or
> other use
> > of this message or its attachments by unintended recipients is
> unauthorized and
> > may be unlawful. If you have received this e-mail in error, please
> notify the
> > sender.
> >
> > AVIS IMPORTANT
> > --------------
> > Ce message ?lectronique et ses pi?ces jointes peuvent contenir des
> > renseignements confidentiels, exclusifs ou l?galement privil?gi?s
> destin?s au
> > seul usage du destinataire vis?. L'exp?diteur original ne renonce ?
> aucun
> > privil?ge ou ? aucun autre droit si le pr?sent message a ?t? transmis
> > involontairement ou s'il est retransmis sans son autorisation. Si vous
> n'?tes pas
> > le destinataire vis? du pr?sent message ou si vous l'avez re?u par
> erreur,
> > veuillez cesser imm?diatement de le lire et le supprimer, ainsi que
> toutes ses
> > pi?ces jointes, de votre syst?me. La lecture, la distribution, la copie
> ou tout
> > autre usage du pr?sent message ou de ses pi?ces jointes par des personnes
> > autres que le destinataire vis? ne sont pas autoris?s et pourraient ?tre
> ill?gaux.
> > Si vous avez re?u ce courrier ?lectronique par erreur, veuillez en aviser
> > l'exp?diteur.
> >
> > --
> > WARNING
> > -------
> > This electronic message and its attachments may contain confidential,
> > proprietary or legally privileged information, which is solely for the
> use of the
> > intended recipient. No privilege or other rights are waived by any
> unintended
> > transmission or unauthorized retransmission of this message. If you are
> not the
> > intended recipient of this message, or if you have received it in error,
> you
> > should immediately stop reading this message and delete it and all
> > attachments from your system. The reading, distribution, copying or
> other use
> > of this message or its attachments by unintended recipients is
> unauthorized and
> > may be unlawful. If you have received this e-mail in error, please
> notify the
> > sender.
> >
> > AVIS IMPORTANT
> > --------------
> > Ce message electronique et ses pieces jointes peuvent contenir des
> > renseignements confidentiels, exclusifs ou legalement privilegies
> destines au
> > seul usage du destinataire vise. L'expediteur original ne renonce a
> aucun
> > privilege ou a aucun autre droit si le present message a ete transmis
> > involontairement ou s'il est retransmis sans son autorisation. Si vous
> n'etes pas
> > le destinataire vise du present message ou si vous l'avez recu par
> erreur,
> > veuillez cesser immediatement de le lire et le supprimer, ainsi que
> toutes ses
> > pieces jointes, de votre systeme. La lecture, la distribution, la copie
> ou tout
> > autre usage du present message ou de ses pieces jointes par des personnes
> > autres que le destinataire vise ne sont pas autorises et pourraient etre
> illegaux.
> > Si vous avez recu ce courrier electronique par erreur, veuillez en aviser
> > l'expediteur.
>
>
RE: How to Disable SSLv2 client hello in CXF?
Posted by Andrei Shakirin <as...@talend.com>.
Hi,
I guess you mean TLSClientParameters.secureSocketProtocol in Conduit.
As far as I can see this parameter is used for creating java.net.ssl.SSLContext:
String protocol = parameters.getSecureSocketProtocol() != null ? parameters
.getSecureSocketProtocol() : "TLS";
The setting should work. How you apply conduit settings: programmatically or via spring configuration?
Could you past the code snapshot?
Regards,
Andrei.
> -----Original Message-----
> From: David Roytenberg (Consultant)
> [mailto:David.Roytenberg@optimalpayments.com]
> Sent: Freitag, 24. Oktober 2014 17:46
> To: users@cxf.apache.org
> Subject: RE: How to Disable SSLv2 client hello in CXF?
>
> Hello again.
>
> I've dug further into the CXF documentation and found that it is possible to
> programmatically set the SSL protocols on the TLSProperties object of the
> Conduit.
>
> I've created the TLS properties and set the SSL protocols to TLS1, but this does
> not change the SSL behavior, which still starts with TLSv1.2 then sends the hello
> with SSLv2 which is then dropped on the client end. Is there another switch that
> has to be set to over-ride the default SSL behavior?
>
> David
>
> -----Original Message-----
> From: David Roytenberg (Consultant)
> [mailto:David.Roytenberg@optimalpayments.com]
> Sent: Thursday, October 23, 2014 4:57 PM
> To: users@cxf.apache.org
> Subject: How to Disable SSLv2 client hello in CXF?
>
> I'm having an SSL problem and I wonder if there is a way to fix it within CXF
>
> We have our CXF 2.7.6 based integration deployed on Weblogic 11. We are
> using JDK 1.7_065
>
> When we connect to our remote client via SSL we get the following trace with
> lots of SSL debugging turned on
>
> What appears to be happening is that the Hello message is sent with an SSLV2
> protocol, which our partner's server does not like. Apparently sending the
> Hello at this level is a common behavior and apparently it sometimes causes
> the remote server to fail. I found a suggestion on line that this can be fixed by
> removing the SSLv2 from the allowed protocols. I am wondering if I can do that
> through CFX configuration?
>
> This is a reference to the article that suggests that removing the protocol is the
> solution to this problem:
>
> http://stackoverflow.com/questions/4682957/why-does-javas-sslsocket-send-a-
> version-2-client-hello
>
> The protocols are apparently set on the SSLContext in JSSE by calling
> setEnabledProtocols(String[] protocols)
>
> Is there a way to set the enabled protocols on the SSLContext via CXF
> configuration?
>
> If not, is there a way to get hold of the SSLContext programmatically in a CXF
> interceptor?
>
> We can't fix this problem at the WebLogic level because of side-effects on
> other apps. Thanks in advance for any suggestions or guidance!
>
> WebLogic SSL debug trace follows:
>
> %% No cached client session
> *** ClientHello, TLSv1.2
> RandomCookie: GMT: 1414096267 bytes = { 183, 209, 47, 148, 54, 202, 98, 8,
> 191, 222, 122, 248, 80, 190, 53, 88, 128, 130, 126, 108, 100, 82, 100, 197, 213,
> 31, 89, 96 } Session ID: {} Cipher Suites:
> [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
> TLS_RSA_WITH_AES_256_CBC_SHA256,
> TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
> TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
> TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS
> _WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
> TLS_RSA_WITH_AES_256_CBC_SHA,
> TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
> TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
> TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AE
> S_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
> TLS_RSA_WITH_AES_128_CBC_SHA256,
> TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
> TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_
> WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
> TLS_RSA_WITH_AES_128_CBC_SHA,
> TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
> TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES
> _128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
> TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA,
> TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA,
> TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
> TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_W
> ITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
> TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
> SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
> SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5,
> TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
> Compression Methods: { 0 }
> Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2,
> secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1,
> sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1,
> secp160r2, sect163r1, secp1 92k1, sect193r1, sect193r2, secp224k1, sect239k1,
> secp256k1} Extension ec_point_formats, formats: [uncompressed] Extension
> signature_algorithms, signature_algorithms: SHA512withECDSA,
> SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA,
> SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA,
> SHA1withRSA, SHA1withDSA, MD5withRSA
> ***
> [write] MD5 and SHA1 hashes: len = 221
> 0000: 01 00 00 D9 03 03 54 49 66 8B B7 D1 2F 94 36 CA ......TIf.../.6.
> 0010: 62 08 BF DE 7A F8 50 BE 35 58 80 82 7E 6C 64 52 b...z.P.5X...ldR
> 0020: 64 C5 D5 1F 59 60 00 00 54 C0 24 C0 28 00 3D C0 d...Y`..T.$.(.=.
> 0030: 26 C0 2A 00 6B 00 6A C0 0A C0 14 00 35 C0 05 C0 &.*.k.j.....5...
> 0040: 0F 00 39 00 38 C0 23 C0 27 00 3C C0 25 C0 29 00 ..9.8.#.'.<.%.).
> 0050: 67 00 40 C0 09 C0 13 00 2F C0 04 C0 0E 00 33 00 g.@...../.....3.
> 0060: 32 C0 07 C0 11 00 05 C0 02 C0 0C C0 08 C0 12 00 2...............
> 0070: 0A C0 03 C0 0D 00 16 00 13 00 04 00 FF 01 00 00 ................
> 0080: 5C 00 0A 00 34 00 32 00 17 00 01 00 03 00 13 00 \...4.2.........
> 0090: 15 00 06 00 07 00 09 00 0A 00 18 00 0B 00 0C 00 ................
> 00A0: 19 00 0D 00 0E 00 0F 00 10 00 11 00 02 00 12 00 ................
> 00B0: 04 00 05 00 14 00 08 00 16 00 0B 00 02 01 00 00 ................
> 00C0: 0D 00 1A 00 18 06 03 06 01 05 03 05 01 04 03 04 ................
> 00D0: 01 03 03 03 01 02 03 02 01 02 02 01 01 .............
> [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)',
> WRITE: TLSv1.2 Handshake, length = 221 [write] MD5 and SHA1 hashes: len =
> 188
> 0000: 01 03 03 00 93 00 00 00 20 00 C0 24 00 C0 28 00 ........ ..$..(.
> 0010: 00 3D 00 C0 26 00 C0 2A 00 00 6B 00 00 6A 00 C0 .=..&..*..k..j..
> 0020: 0A 07 00 C0 00 C0 14 00 00 35 00 C0 05 00 C0 0F .........5......
> 0030: 00 00 39 00 00 38 00 C0 23 00 C0 27 00 00 3C 00 ..9..8..#..'..<.
> 0040: C0 25 00 C0 29 00 00 67 00 00 40 00 C0 09 06 00 .%..)..g..@.....
> 0050: 40 00 C0 13 00 00 2F 00 C0 04 01 00 80 00 C0 0E @...../.........
> 0060: 00 00 33 00 00 32 00 C0 07 05 00 80 00 C0 11 00 ..3..2..........
> 0070: 00 05 00 C0 02 00 C0 0C 00 C0 08 00 C0 12 00 00 ................
> 0080: 0A 07 00 C0 00 C0 03 02 00 80 00 C0 0D 00 00 16 ................
> 0090: 00 00 13 00 00 04 01 00 80 00 00 FF 54 49 66 8B ............TIf.
> 00A0: B7 D1 2F 94 36 CA 62 08 BF DE 7A F8 50 BE 35 58 ../.6.b...z.P.5X
> 00B0: 80 82 7E 6C 64 52 64 C5 D5 1F 59 60 ...ldRd...Y`
> [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)',
> WRITE: SSLv2 client hello message, length = 188 [Raw write]: length = 190
> 0000: 80 BC 01 03 03 00 93 00 00 00 20 00 C0 24 00 C0 .......... ..$..
> 0010: 28 00 00 3D 00 C0 26 00 C0 2A 00 00 6B 00 00 6A (..=..&..*..k..j
> 0020: 00 C0 0A 07 00 C0 00 C0 14 00 00 35 00 C0 05 00 ...........5....
> 0030: C0 0F 00 00 39 00 00 38 00 C0 23 00 C0 27 00 00 ....9..8..#..'..
> 0040: 3C 00 C0 25 00 C0 29 00 00 67 00 00 40 00 C0 09 <..%..)..g..@...
> 0050: 06 00 40 00 C0 13 00 00 2F 00 C0 04 01 00 80 00 ..@...../.......
> 0060: C0 0E 00 00 33 00 00 32 00 C0 07 05 00 80 00 C0 ....3..2........
> 0070: 11 00 00 05 00 C0 02 00 C0 0C 00 C0 08 00 C0 12 ................
> 0080: 00 00 0A 07 00 C0 00 C0 03 02 00 80 00 C0 0D 00 ................
> 0090: 00 16 00 00 13 00 00 04 01 00 80 00 00 FF 54 49 ..............TI
> 00A0: 66 8B B7 D1 2F 94 36 CA 62 08 BF DE 7A F8 50 BE f.../.6.b...z.P.
> 00B0: 35 58 80 82 7E 6C 64 52 64 C5 D5 1F 59 60 5X...ldRd...Y`
> <Oct 23, 2014 4:35:23 PM EDT> <Debug> <SecuritySSL> <BEA-000000>
> <[Thread[[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-
> tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE:
> SSLEngine.wrap(ByteBuffer,ByteBuffer)
> called: result=Status = OK HandshakeStatus = NEED_UNWRAP bytesConsumed =
> 0 bytesProduced = 190.> <Oct 23, 2014 4:35:23 PM EDT> <Debug>
> <SecuritySSL> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '0' for queue:
> 'weblogic.kernel.Default (self-tuning)',5,Pooled
> Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE:
> SSLEngine.unwrap(ByteBuffer,ByteBuffer
> []) called: result=Status = BUFFER_UNDERFLOW HandshakeStatus =
> NEED_UNWRAP bytesConsumed = 0 bytesProduced = 0.> [Raw read]: length = 5
> 0000: 15 03 03 00 02 .....
> [Raw read]: length = 2
> 0000: 02 28 .(
> [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)',
> READ: TLSv1.2 Alert, length = 2 [ACTIVE] ExecuteThread: '0' for queue:
> 'weblogic.kernel.Default (self-tuning)', RECV TLSv1 ALERT: fatal,
> handshake_failure [ACTIVE] ExecuteThread: '0' for queue:
> 'weblogic.kernel.Default (self-tuning)', fatal: engine already closed.
> Rethrowing javax.net.ssl.SSLException: Received fatal alert: handshake_failure
> [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)',
> fatal: engine already closed. Rethrowing javax.net.ssl.SSLException: Received
> fatal alert: handshake_failure <Oct 23, 2014 4:35:23 PM EDT> <Debug>
> <SecuritySSL> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '0' for queue:
> 'weblogic.kernel.Default (self-tuning)',5,Pooled
> Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE: Exception occurred
> during SSLEngine.un wrap(ByteBuffer,ByteBuffer[]).
> javax.net.ssl.SSLException: Received fatal alert: handshake_failure
> at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
> at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1619)
> at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1587)
> at sun.security.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1756)
> at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1060)
> at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:884)
> at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:758)
> at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:664)
> at
> weblogic.security.SSL.jsseadapter.JaSSLEngine$5.run(JaSSLEngine.java:134)
> at
> weblogic.security.SSL.jsseadapter.JaSSLEngine.doAction(JaSSLEngine.java:732)
> at
> weblogic.security.SSL.jsseadapter.JaSSLEngine.unwrap(JaSSLEngine.java:132)
> at weblogic.socket.JSSEFilterImpl.unwrap(JSSEFilterImpl.java:505)
> at
> weblogic.socket.JSSEFilterImpl.unwrapAndHandleResults(JSSEFilterImpl.java:44
> 8)
> at weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:80)
> at weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:64)
> at weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:59)
> at weblogic.socket.JSSEFilterImpl.write(JSSEFilterImpl.java:390)
> at
> weblogic.socket.JSSESocket$JSSEOutputStream.write(JSSESocket.java:89)
> at
> java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
> at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
> at java.io.FilterOutputStream.flush(FilterOutputStream.java:140)
> at
> weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:1
> 86)
> at
> weblogic.net.http.HttpURLConnection.getOutputStream(HttpURLConnection.jav
> a:280)
> at
> org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWra
> ppedOutputStream.setupWrappedStream(URLConnectionHTTPConduit.java:168
> )
> at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHea
> dersTrustCaching(HTTPConduit.java:1278)
> at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWrit
> e(HTTPConduit.java:1234)
> at
> org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWra
> ppedOutputStream.onFirstWrite(URLConnectionHTTPConduit.java:195)
> at
> org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutpu
> tStream.java:47)
> at
> org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThresholdOutp
> utStream.java:69)
> at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTP
> Conduit.java:1291)
> at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
> at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:623)
> at
> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingI
> nterceptor.handleMessage(MessageSenderInterceptor.java:62)
> at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChai
> n.java:271)
> at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:541)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:474)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:377)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:330)
> at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
> at
> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:134)
> at com.sun.proxy.$Proxy258.startTransaction(Unknown Source)
> at
> com.optimal.identity.gateway.equifax.eidverify.VerifyClient.initiateVerification(
> VerifyClient.java:87)
> at
> com.optimal.identity.gateway.equifax.eidverify.VerifyGateway.submitInitial(Ve
> rifyGateway.java:24)
> at
> com.optimal.identity.service.IdentificationServiceImpl.submitInitial(Identificatio
> nServiceImpl.java:147)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:
> 57)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorI
> mpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:606)
> at
> org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(Aop
> Utils.java:317)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpo
> int(ReflectiveMethodInvocation.java:183)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(Refl
> ectiveMethodInvocation.java:150)
> at
> org.springframework.transaction.interceptor.TransactionInterceptor.invoke(Tra
> nsactionInterceptor.java:110)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(Refl
> ectiveMethodInvocation.java:172)
> at
> org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamic
> AopProxy.java:204)
> at com.sun.proxy.$Proxy211.submitInitial(Unknown Source)
> at
> com.optimal.identity.web.rest.IdentificationController.create(IdentificationCont
> roller.java:133)
> at
> com.optimal.identity.web.rest.IdentificationController$$FastClassByCGLIB$$95f
> 388d3.invoke(<generated>)
> at
> org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
> at
> org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.in
> vokeJoinpoint(CglibAopProxy.java:698)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(Refl
> ectiveMethodInvocation.java:150)
> at
> org.springframework.security.access.intercept.aopalliance.MethodSecurityInter
> ceptor.invoke(MethodSecurityInterceptor.java:64)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(Refl
> ectiveMethodInvocation.java:172)
> at
> org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedIntercept
> or.intercept(CglibAopProxy.java:631)
> at
> com.optimal.identity.web.rest.IdentificationController$$EnhancerByCGLIB$$36
> b7b48f.create(<generated>)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:
> 57)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorI
> mpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:606)
> at
> org.springframework.web.method.support.InvocableHandlerMethod.invoke(Inv
> ocableHandlerMethod.java:219)
> at
> org.springframework.web.method.support.InvocableHandlerMethod.invokeFor
> Request(InvocableHandlerMethod.java:132)
> at
> org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHan
> dlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:104)
> at
> org.springframework.web.servlet.mvc.method.annotation.RequestMappingHan
> dlerAdapter.invokeHandleMethod(RequestMappingHandlerAdapter.java:745)
> at
> org.springframework.web.servlet.mvc.method.annotation.RequestMappingHan
> dlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:686)
> at
> org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.
> handle(AbstractHandlerMethodAdapter.java:80)
> at
> org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServl
> et.java:925)
> at
> org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServle
> t.java:856)
> at
> org.springframework.web.servlet.FrameworkServlet.processRequest(Framewor
> kServlet.java:920)
> at
> org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.j
> ava:827)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
> at
> org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.
> java:801)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
> at
> weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecu
> rityHelper.java:227)
> at
> weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.j
> ava:125)
> at
> weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
> at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
> at
> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
> at
> org.springframework.web.filter.ShallowEtagHeaderFilter.doFilterInternal(Shallo
> wEtagHeaderFilter.java:73)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequest
> Filter.java:107)
> at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(Delegati
> ngFilterProxy.java:346)
> at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilter
> Proxy.java:259)
> at
> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(
> FilterChainProxy.java:330)
> at
> org.springframework.security.web.access.intercept.FilterSecurityInterceptor.inv
> oke(FilterSecurityInterceptor.java:118)
> at
> org.springframework.security.web.access.intercept.FilterSecurityInterceptor.do
> Filter(FilterSecurityInterceptor.java:84)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(
> FilterChainProxy.java:342)
> at
> org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(Ex
> ceptionTranslationFilter.java:113)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(
> FilterChainProxy.java:342)
> at
> org.springframework.security.web.authentication.AnonymousAuthenticationFilt
> er.doFilter(AnonymousAuthenticationFilter.java:113)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(
> FilterChainProxy.java:342)
> at
> org.springframework.security.web.servletapi.SecurityContextHolderAwareRequ
> estFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(
> FilterChainProxy.java:342)
> at
> org.springframework.security.web.authentication.www.BasicAuthenticationFilt
> er.doFilter(BasicAuthenticationFilter.java:201)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(
> FilterChainProxy.java:342)
> at
> org.springframework.security.web.context.SecurityContextPersistenceFilter.doF
> ilter(SecurityContextPersistenceFilter.java:87)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(
> FilterChainProxy.java:342)
> at
> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChain
> Proxy.java:192)
> at
> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.ja
> va:160)
> at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(Delegati
> ngFilterProxy.java:346)
> at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilter
> Proxy.java:259)
> at
> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
> at
> com.optimal.rest.loggerfilter.LoggerFilter.doFilterInternal(LoggerFilter.java:16
> 9)
> at
> com.optimal.rest.loggerfilter.LoggerFilter.doFilter(LoggerFilter.java:123)
> at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(Delegati
> ngFilterProxy.java:346)
> at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilter
> Proxy.java:259)
> at
> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
> at
> com.optimal.web.spring.filter.ApplicationUidFilter.doFilterInternal(ApplicationU
> idFilter.java:51)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequest
> Filter.java:107)
> at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(Delegati
> ngFilterProxy.java:346)
> at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilter
> Proxy.java:259)
> at
> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
> at
> weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrap
> Run(WebAppServletContext.java:3730)
> at
> weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(
> WebAppServletContext.java:3696)
> at
> weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.j
> ava:321)
> at
> weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
> at
> weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServl
> etContext.java:2273)
> at
> weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletConte
> xt.java:2179)
> at
> weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1490
> )
> at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
> at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
> >
> AVIS IMPORTANT
>
> WARNING
>
>
> Ce message ?lectronique et ses pi?ces jointes peuvent contenir des
> renseignements confidentiels, exclusifs ou l?galement privil?gi?s destin?s au
> seul usage du destinataire vis?. L'exp?diteur original ne renonce ? aucun
> privil?ge ou ? aucun autre droit si le pr?sent message a ?t? transmis
> involontairement ou s'il est retransmis sans son autorisation. Si vous n'?tes pas
> le destinataire vis? du pr?sent message ou si vous l'avez re?u par erreur,
> veuillez cesser imm?diatement de le lire et le supprimer, ainsi que toutes ses
> pi?ces jointes, de votre syst?me. La lecture, la distribution, la copie ou tout
> autre usage du pr?sent message ou de ses pi?ces jointes par des personnes
> autres que le destinataire vis? ne sont pas autoris?s et pourraient ?tre ill?gaux.
> Si vous avez re?u ce courrier ?lectronique par erreur, veuillez en aviser
> l'exp?diteur.
>
>
> This electronic message and its attachments may contain confidential,
> proprietary or legally privileged information, which is solely for the use of the
> intended recipient. No privilege or other rights are waived by any unintended
> transmission or unauthorized retransmission of this message. If you are not the
> intended recipient of this message, or if you have received it in error, you
> should immediately stop reading this message and delete it and all
> attachments from your system. The reading, distribution, copying or other use
> of this message or its attachments by unintended recipients is unauthorized and
> may be unlawful. If you have received this e-mail in error, please notify the
> sender.
>
> --
> WARNING
> -------
> This electronic message and its attachments may contain confidential,
> proprietary or legally privileged information, which is solely for the use of the
> intended recipient. No privilege or other rights are waived by any unintended
> transmission or unauthorized retransmission of this message. If you are not the
> intended recipient of this message, or if you have received it in error, you
> should immediately stop reading this message and delete it and all
> attachments from your system. The reading, distribution, copying or other use
> of this message or its attachments by unintended recipients is unauthorized and
> may be unlawful. If you have received this e-mail in error, please notify the
> sender.
>
> AVIS IMPORTANT
> --------------
> Ce message electronique et ses pieces jointes peuvent contenir des
> renseignements confidentiels, exclusifs ou legalement privilegies destines au
> seul usage du destinataire vise. L'expediteur original ne renonce a aucun
> privilege ou a aucun autre droit si le present message a ete transmis
> involontairement ou s'il est retransmis sans son autorisation. Si vous n'etes pas
> le destinataire vise du present message ou si vous l'avez recu par erreur,
> veuillez cesser immediatement de le lire et le supprimer, ainsi que toutes ses
> pieces jointes, de votre systeme. La lecture, la distribution, la copie ou tout
> autre usage du present message ou de ses pieces jointes par des personnes
> autres que le destinataire vise ne sont pas autorises et pourraient etre illegaux.
> Si vous avez recu ce courrier electronique par erreur, veuillez en aviser
> l'expediteur.
>
>
> --
> WARNING
> -------
> This electronic message and its attachments may contain confidential,
> proprietary or legally privileged information, which is solely for the use of the
> intended recipient. No privilege or other rights are waived by any unintended
> transmission or unauthorized retransmission of this message. If you are not the
> intended recipient of this message, or if you have received it in error, you
> should immediately stop reading this message and delete it and all
> attachments from your system. The reading, distribution, copying or other use
> of this message or its attachments by unintended recipients is unauthorized and
> may be unlawful. If you have received this e-mail in error, please notify the
> sender.
>
> AVIS IMPORTANT
> --------------
> Ce message ?lectronique et ses pi?ces jointes peuvent contenir des
> renseignements confidentiels, exclusifs ou l?galement privil?gi?s destin?s au
> seul usage du destinataire vis?. L'exp?diteur original ne renonce ? aucun
> privil?ge ou ? aucun autre droit si le pr?sent message a ?t? transmis
> involontairement ou s'il est retransmis sans son autorisation. Si vous n'?tes pas
> le destinataire vis? du pr?sent message ou si vous l'avez re?u par erreur,
> veuillez cesser imm?diatement de le lire et le supprimer, ainsi que toutes ses
> pi?ces jointes, de votre syst?me. La lecture, la distribution, la copie ou tout
> autre usage du pr?sent message ou de ses pi?ces jointes par des personnes
> autres que le destinataire vis? ne sont pas autoris?s et pourraient ?tre ill?gaux.
> Si vous avez re?u ce courrier ?lectronique par erreur, veuillez en aviser
> l'exp?diteur.
>
> --
> WARNING
> -------
> This electronic message and its attachments may contain confidential,
> proprietary or legally privileged information, which is solely for the use of the
> intended recipient. No privilege or other rights are waived by any unintended
> transmission or unauthorized retransmission of this message. If you are not the
> intended recipient of this message, or if you have received it in error, you
> should immediately stop reading this message and delete it and all
> attachments from your system. The reading, distribution, copying or other use
> of this message or its attachments by unintended recipients is unauthorized and
> may be unlawful. If you have received this e-mail in error, please notify the
> sender.
>
> AVIS IMPORTANT
> --------------
> Ce message electronique et ses pieces jointes peuvent contenir des
> renseignements confidentiels, exclusifs ou legalement privilegies destines au
> seul usage du destinataire vise. L'expediteur original ne renonce a aucun
> privilege ou a aucun autre droit si le present message a ete transmis
> involontairement ou s'il est retransmis sans son autorisation. Si vous n'etes pas
> le destinataire vise du present message ou si vous l'avez recu par erreur,
> veuillez cesser immediatement de le lire et le supprimer, ainsi que toutes ses
> pieces jointes, de votre systeme. La lecture, la distribution, la copie ou tout
> autre usage du present message ou de ses pieces jointes par des personnes
> autres que le destinataire vise ne sont pas autorises et pourraient etre illegaux.
> Si vous avez recu ce courrier electronique par erreur, veuillez en aviser
> l'expediteur.
RE: How to Disable SSLv2 client hello in CXF?
Posted by "David Roytenberg (Consultant)" <Da...@optimalpayments.com>.
Hello again.
I've dug further into the CXF documentation and found that it is possible to programmatically set the SSL protocols on the TLSProperties object of the Conduit.
I've created the TLS properties and set the SSL protocols to TLS1, but this does not change the SSL behavior, which still starts with TLSv1.2 then sends the hello with SSLv2 which is then dropped on the client end. Is there another switch that has to be set to over-ride the default SSL behavior?
David
-----Original Message-----
From: David Roytenberg (Consultant) [mailto:David.Roytenberg@optimalpayments.com]
Sent: Thursday, October 23, 2014 4:57 PM
To: users@cxf.apache.org
Subject: How to Disable SSLv2 client hello in CXF?
I'm having an SSL problem and I wonder if there is a way to fix it within CXF
We have our CXF 2.7.6 based integration deployed on Weblogic 11. We are using JDK 1.7_065
When we connect to our remote client via SSL we get the following trace with lots of SSL debugging turned on
What appears to be happening is that the Hello message is sent with an SSLV2 protocol, which our partner's server does not like. Apparently sending the Hello at this level is a common behavior and apparently it sometimes causes the remote server to fail. I found a suggestion on line that this can be fixed by removing the SSLv2 from the allowed protocols. I am wondering if I can do that through CFX configuration?
This is a reference to the article that suggests that removing the protocol is the solution to this problem:
http://stackoverflow.com/questions/4682957/why-does-javas-sslsocket-send-a-version-2-client-hello
The protocols are apparently set on the SSLContext in JSSE by calling setEnabledProtocols(String[] protocols)
Is there a way to set the enabled protocols on the SSLContext via CXF configuration?
If not, is there a way to get hold of the SSLContext programmatically in a CXF interceptor?
We can't fix this problem at the WebLogic level because of side-effects on other apps. Thanks in advance for any suggestions or guidance!
WebLogic SSL debug trace follows:
%% No cached client session
*** ClientHello, TLSv1.2
RandomCookie: GMT: 1414096267 bytes = { 183, 209, 47, 148, 54, 202, 98, 8, 191, 222, 122, 248, 80, 190, 53, 88, 128, 130, 126, 108, 100, 82, 100, 197, 213, 31, 89, 96 } Session ID: {} Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS _WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AE S_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_ WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES _128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_W ITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp1 92k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1} Extension ec_point_formats, formats: [uncompressed] Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA, MD5withRSA
***
[write] MD5 and SHA1 hashes: len = 221
0000: 01 00 00 D9 03 03 54 49 66 8B B7 D1 2F 94 36 CA ......TIf.../.6.
0010: 62 08 BF DE 7A F8 50 BE 35 58 80 82 7E 6C 64 52 b...z.P.5X...ldR
0020: 64 C5 D5 1F 59 60 00 00 54 C0 24 C0 28 00 3D C0 d...Y`..T.$.(.=.
0030: 26 C0 2A 00 6B 00 6A C0 0A C0 14 00 35 C0 05 C0 &.*.k.j.....5...
0040: 0F 00 39 00 38 C0 23 C0 27 00 3C C0 25 C0 29 00 ..9.8.#.'.<.%.).
0050: 67 00 40 C0 09 C0 13 00 2F C0 04 C0 0E 00 33 00 g.@...../.....3.
0060: 32 C0 07 C0 11 00 05 C0 02 C0 0C C0 08 C0 12 00 2...............
0070: 0A C0 03 C0 0D 00 16 00 13 00 04 00 FF 01 00 00 ................
0080: 5C 00 0A 00 34 00 32 00 17 00 01 00 03 00 13 00 \...4.2.........
0090: 15 00 06 00 07 00 09 00 0A 00 18 00 0B 00 0C 00 ................
00A0: 19 00 0D 00 0E 00 0F 00 10 00 11 00 02 00 12 00 ................
00B0: 04 00 05 00 14 00 08 00 16 00 0B 00 02 01 00 00 ................
00C0: 0D 00 1A 00 18 06 03 06 01 05 03 05 01 04 03 04 ................
00D0: 01 03 03 03 01 02 03 02 01 02 02 01 01 .............
[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)', WRITE: TLSv1.2 Handshake, length = 221 [write] MD5 and SHA1 hashes: len = 188
0000: 01 03 03 00 93 00 00 00 20 00 C0 24 00 C0 28 00 ........ ..$..(.
0010: 00 3D 00 C0 26 00 C0 2A 00 00 6B 00 00 6A 00 C0 .=..&..*..k..j..
0020: 0A 07 00 C0 00 C0 14 00 00 35 00 C0 05 00 C0 0F .........5......
0030: 00 00 39 00 00 38 00 C0 23 00 C0 27 00 00 3C 00 ..9..8..#..'..<.
0040: C0 25 00 C0 29 00 00 67 00 00 40 00 C0 09 06 00 .%..)..g..@.....
0050: 40 00 C0 13 00 00 2F 00 C0 04 01 00 80 00 C0 0E @...../.........
0060: 00 00 33 00 00 32 00 C0 07 05 00 80 00 C0 11 00 ..3..2..........
0070: 00 05 00 C0 02 00 C0 0C 00 C0 08 00 C0 12 00 00 ................
0080: 0A 07 00 C0 00 C0 03 02 00 80 00 C0 0D 00 00 16 ................
0090: 00 00 13 00 00 04 01 00 80 00 00 FF 54 49 66 8B ............TIf.
00A0: B7 D1 2F 94 36 CA 62 08 BF DE 7A F8 50 BE 35 58 ../.6.b...z.P.5X
00B0: 80 82 7E 6C 64 52 64 C5 D5 1F 59 60 ...ldRd...Y`
[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)', WRITE: SSLv2 client hello message, length = 188 [Raw write]: length = 190
0000: 80 BC 01 03 03 00 93 00 00 00 20 00 C0 24 00 C0 .......... ..$..
0010: 28 00 00 3D 00 C0 26 00 C0 2A 00 00 6B 00 00 6A (..=..&..*..k..j
0020: 00 C0 0A 07 00 C0 00 C0 14 00 00 35 00 C0 05 00 ...........5....
0030: C0 0F 00 00 39 00 00 38 00 C0 23 00 C0 27 00 00 ....9..8..#..'..
0040: 3C 00 C0 25 00 C0 29 00 00 67 00 00 40 00 C0 09 <..%..)..g..@...
0050: 06 00 40 00 C0 13 00 00 2F 00 C0 04 01 00 80 00 ..@...../.......
0060: C0 0E 00 00 33 00 00 32 00 C0 07 05 00 80 00 C0 ....3..2........
0070: 11 00 00 05 00 C0 02 00 C0 0C 00 C0 08 00 C0 12 ................
0080: 00 00 0A 07 00 C0 00 C0 03 02 00 80 00 C0 0D 00 ................
0090: 00 16 00 00 13 00 00 04 01 00 80 00 00 FF 54 49 ..............TI
00A0: 66 8B B7 D1 2F 94 36 CA 62 08 BF DE 7A F8 50 BE f.../.6.b...z.P.
00B0: 35 58 80 82 7E 6C 64 52 64 C5 D5 1F 59 60 5X...ldRd...Y`
<Oct 23, 2014 4:35:23 PM EDT> <Debug> <SecuritySSL> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE: SSLEngine.wrap(ByteBuffer,ByteBuffer)
called: result=Status = OK HandshakeStatus = NEED_UNWRAP bytesConsumed = 0 bytesProduced = 190.> <Oct 23, 2014 4:35:23 PM EDT> <Debug> <SecuritySSL> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE: SSLEngine.unwrap(ByteBuffer,ByteBuffer
[]) called: result=Status = BUFFER_UNDERFLOW HandshakeStatus = NEED_UNWRAP bytesConsumed = 0 bytesProduced = 0.> [Raw read]: length = 5
0000: 15 03 03 00 02 .....
[Raw read]: length = 2
0000: 02 28 .(
[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)', READ: TLSv1.2 Alert, length = 2 [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)', RECV TLSv1 ALERT: fatal, handshake_failure [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)', fatal: engine already closed. Rethrowing javax.net.ssl.SSLException: Received fatal alert: handshake_failure [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)', fatal: engine already closed. Rethrowing javax.net.ssl.SSLException: Received fatal alert: handshake_failure <Oct 23, 2014 4:35:23 PM EDT> <Debug> <SecuritySSL> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE: Exception occurred during SSLEngine.un wrap(ByteBuffer,ByteBuffer[]).
javax.net.ssl.SSLException: Received fatal alert: handshake_failure
at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1619)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1587)
at sun.security.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1756)
at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1060)
at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:884)
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:758)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:664)
at weblogic.security.SSL.jsseadapter.JaSSLEngine$5.run(JaSSLEngine.java:134)
at weblogic.security.SSL.jsseadapter.JaSSLEngine.doAction(JaSSLEngine.java:732)
at weblogic.security.SSL.jsseadapter.JaSSLEngine.unwrap(JaSSLEngine.java:132)
at weblogic.socket.JSSEFilterImpl.unwrap(JSSEFilterImpl.java:505)
at weblogic.socket.JSSEFilterImpl.unwrapAndHandleResults(JSSEFilterImpl.java:448)
at weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:80)
at weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:64)
at weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:59)
at weblogic.socket.JSSEFilterImpl.write(JSSEFilterImpl.java:390)
at weblogic.socket.JSSESocket$JSSEOutputStream.write(JSSESocket.java:89)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
at java.io.FilterOutputStream.flush(FilterOutputStream.java:140)
at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:186)
at weblogic.net.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:280)
at org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream.setupWrappedStream(URLConnectionHTTPConduit.java:168)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHeadersTrustCaching(HTTPConduit.java:1278)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWrite(HTTPConduit.java:1234)
at org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream.onFirstWrite(URLConnectionHTTPConduit.java:195)
at org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutputStream.java:47)
at org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThresholdOutputStream.java:69)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1291)
at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:623)
at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271)
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:541)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:474)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:377)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:330)
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:134)
at com.sun.proxy.$Proxy258.startTransaction(Unknown Source)
at com.optimal.identity.gateway.equifax.eidverify.VerifyClient.initiateVerification(VerifyClient.java:87)
at com.optimal.identity.gateway.equifax.eidverify.VerifyGateway.submitInitial(VerifyGateway.java:24)
at com.optimal.identity.service.IdentificationServiceImpl.submitInitial(IdentificationServiceImpl.java:147)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:110)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at com.sun.proxy.$Proxy211.submitInitial(Unknown Source)
at com.optimal.identity.web.rest.IdentificationController.create(IdentificationController.java:133)
at com.optimal.identity.web.rest.IdentificationController$$FastClassByCGLIB$$95f388d3.invoke(<generated>)
at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:698)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
at org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:64)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:631)
at com.optimal.identity.web.rest.IdentificationController$$EnhancerByCGLIB$$36b7b48f.create(<generated>)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.springframework.web.method.support.InvocableHandlerMethod.invoke(InvocableHandlerMethod.java:219)
at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:132)
at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:104)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandleMethod(RequestMappingHandlerAdapter.java:745)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:686)
at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:80)
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:925)
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:856)
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:920)
at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:827)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:801)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at org.springframework.web.filter.ShallowEtagHeaderFilter.doFilterInternal(ShallowEtagHeaderFilter.java:73)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:118)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:201)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at com.optimal.rest.loggerfilter.LoggerFilter.doFilterInternal(LoggerFilter.java:169)
at com.optimal.rest.loggerfilter.LoggerFilter.doFilter(LoggerFilter.java:123)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at com.optimal.web.spring.filter.ApplicationUidFilter.doFilterInternal(ApplicationUidFilter.java:51)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3730)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3696)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2273)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2179)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1490)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
>
AVIS IMPORTANT
WARNING
Ce message ?lectronique et ses pi?ces jointes peuvent contenir des renseignements confidentiels, exclusifs ou l?galement privil?gi?s destin?s au seul usage du destinataire vis?. L'exp?diteur original ne renonce ? aucun privil?ge ou ? aucun autre droit si le pr?sent message a ?t? transmis involontairement ou s'il est retransmis sans son autorisation. Si vous n'?tes pas le destinataire vis? du pr?sent message ou si vous l'avez re?u par erreur, veuillez cesser imm?diatement de le lire et le supprimer, ainsi que toutes ses pi?ces jointes, de votre syst?me. La lecture, la distribution, la copie ou tout autre usage du pr?sent message ou de ses pi?ces jointes par des personnes autres que le destinataire vis? ne sont pas autoris?s et pourraient ?tre ill?gaux. Si vous avez re?u ce courrier ?lectronique par erreur, veuillez en aviser l'exp?diteur.
This electronic message and its attachments may contain confidential, proprietary or legally privileged information, which is solely for the use of the intended recipient. No privilege or other rights are waived by any unintended transmission or unauthorized retransmission of this message. If you are not the intended recipient of this message, or if you have received it in error, you should immediately stop reading this message and delete it and all attachments from your system. The reading, distribution, copying or other use of this message or its attachments by unintended recipients is unauthorized and may be unlawful. If you have received this e-mail in error, please notify the sender.
--
WARNING
-------
This electronic message and its attachments may contain confidential, proprietary or legally privileged information, which is solely for the use of the intended recipient. No privilege or other rights are waived by any unintended transmission or unauthorized retransmission of this message. If you are not the intended recipient of this message, or if you have received it in error, you should immediately stop reading this message and delete it and all attachments from your system. The reading, distribution, copying or other use of this message or its attachments by unintended recipients is unauthorized and may be unlawful. If you have received this e-mail in error, please notify the sender.
AVIS IMPORTANT
--------------
Ce message electronique et ses pieces jointes peuvent contenir des renseignements confidentiels, exclusifs ou legalement privilegies destines au seul usage du destinataire vise. L'expediteur original ne renonce a aucun privilege ou a aucun autre droit si le present message a ete transmis involontairement ou s'il est retransmis sans son autorisation. Si vous n'etes pas le destinataire vise du present message ou si vous l'avez recu par erreur, veuillez cesser immediatement de le lire et le supprimer, ainsi que toutes ses pieces jointes, de votre systeme. La lecture, la distribution, la copie ou tout autre usage du present message ou de ses pieces jointes par des personnes autres que le destinataire vise ne sont pas autorises et pourraient etre illegaux. Si vous avez recu ce courrier electronique par erreur, veuillez en aviser l'expediteur.
--
WARNING
-------
This electronic message and its attachments may contain confidential, proprietary or legally privileged information, which is solely for the use of the intended recipient. No privilege or other rights are waived by any unintended transmission or unauthorized retransmission of this message. If you are not the intended recipient of this message, or if you have received it in error, you should immediately stop reading this message and delete it and all attachments from your system. The reading, distribution, copying or other use of this message or its attachments by unintended recipients is unauthorized and may be unlawful. If you have received this e-mail in error, please notify the sender.
AVIS IMPORTANT
--------------
Ce message ?lectronique et ses pi?ces jointes peuvent contenir des renseignements confidentiels, exclusifs ou l?galement privil?gi?s destin?s au seul usage du destinataire vis?. L'exp?diteur original ne renonce ? aucun privil?ge ou ? aucun autre droit si le pr?sent message a ?t? transmis involontairement ou s'il est retransmis sans son autorisation. Si vous n'?tes pas le destinataire vis? du pr?sent message ou si vous l'avez re?u par erreur, veuillez cesser imm?diatement de le lire et le supprimer, ainsi que toutes ses pi?ces jointes, de votre syst?me. La lecture, la distribution, la copie ou tout autre usage du pr?sent message ou de ses pi?ces jointes par des personnes autres que le destinataire vis? ne sont pas autoris?s et pourraient ?tre ill?gaux. Si vous avez re?u ce courrier ?lectronique par erreur, veuillez en aviser l'exp?diteur.
--
WARNING
-------
This electronic message and its attachments may contain confidential, proprietary or legally privileged information, which is solely for the use of the intended recipient. No privilege or other rights are waived by any unintended transmission or unauthorized retransmission of this message. If you are not the intended recipient of this message, or if you have received it in error, you should immediately stop reading this message and delete it and all attachments from your system. The reading, distribution, copying or other use of this message or its attachments by unintended recipients is unauthorized and may be unlawful. If you have received this e-mail in error, please notify the sender.
AVIS IMPORTANT
--------------
Ce message electronique et ses pieces jointes peuvent contenir des renseignements confidentiels, exclusifs ou legalement privilegies destines au seul usage du destinataire vise. L'expediteur original ne renonce a aucun privilege ou a aucun autre droit si le present message a ete transmis involontairement ou s'il est retransmis sans son autorisation. Si vous n'etes pas le destinataire vise du present message ou si vous l'avez recu par erreur, veuillez cesser immediatement de le lire et le supprimer, ainsi que toutes ses pieces jointes, de votre systeme. La lecture, la distribution, la copie ou tout autre usage du present message ou de ses pieces jointes par des personnes autres que le destinataire vise ne sont pas autorises et pourraient etre illegaux. Si vous avez recu ce courrier electronique par erreur, veuillez en aviser l'expediteur.