Menu
▾
▴
[ebxmlms-general] RE: SSLHandshakeException (SSL PROBLEM)
|
From: Robert A. S. <ro...@no...> - 2005-06-22 22:08:45
|
After several more hours of testing and packet sniffing - it looks like
Hermes bombs out anytime a server tries to switch to SSL v3... How do I =
get
Hermes to connect to a SSL3 server? It seems like it tries to use TLS
protocol because it doesn=92t support SSL3?????
PLEASE help - I really want Hermes to work????!
From packet sniffer: (192.168.20.165 =3D Hermes, 192.168.10.101 =3D =
Cyclone)
--------------------------------------------------------------
No. Time Source Destination Protocol
Info
34 9.128011 192.168.20.165 192.168.10.101 TCP
1453 > https [SYN] Seq=3D0 Ack=3D0 Win=3D65535 Len=3D0 MSS=3D1460
36 9.197628 192.168.10.101 192.168.20.165 TCP
https > 1453 [SYN, ACK] Seq=3D0 Ack=3D1 Win=3D16560 Len=3D0 MSS=3D1380
37 9.197767 192.168.20.165 192.168.10.101 TCP
1453 > https [ACK] Seq=3D1 Ack=3D1 Win=3D65535 [TCP CHECKSUM INCORRECT] =
Len=3D0
38 9.199660 192.168.20.165 192.168.10.101 SSLv2
Client Hello
39 9.293068 192.168.10.101 192.168.20.165 TLS
Server Hello, Certificate, Certificate Request, Server Hello Done
40 9.484113 192.168.20.165 192.168.10.101 TCP
1453 > https [ACK] Seq=3D101 Ack=3D1323 Win=3D64213 [TCP CHECKSUM =
INCORRECT] Len=3D0
41 9.498985 192.168.20.165 192.168.10.101 TLS
Certificate, Client Key Exchange
42 9.512283 192.168.20.165 192.168.10.101 TLS
Change Cipher Spec
43 9.540430 192.168.20.165 192.168.10.101 TLS
Encrypted Handshake Message
44 9.601759 192.168.10.101 192.168.20.165 TLS
Alert (Level: Fatal, Description: Handshake Failure)
45 9.602017 192.168.10.101 192.168.20.165 TCP
https > 1453 [FIN, ACK] Seq=3D1330 Ack=3D247 Win=3D16560 Len=3D0
46 9.602096 192.168.20.165 192.168.10.101 TCP
1453 > https [ACK] Seq=3D290 Ack=3D1331 Win=3D64206 [TCP CHECKSUM =
INCORRECT] Len=3D0
47 9.602259 192.168.20.165 192.168.10.101 TCP
1453 > https [FIN, ACK] Seq=3D290 Ack=3D1331 Win=3D64206 [TCP CHECKSUM =
INCORRECT]
Len=3D0
48 9.602378 192.168.10.101 192.168.20.165 TCP
https > 1453 [RST] Seq=3D1331 Ack=3D3694123473 Win=3D0 Len=3D0
--------------------------------------------------------------
________________________________________
From: Robert A. Stockfleth [mailto:ro...@no...]=20
Sent: Monday, June 20, 2005 3:27 PM
To: 'ebx...@li...'
Subject: SSLHandshakeException (SSL PROBLEM)
Hello, I hope someone out there would be kind enough to help me out =96 =
I have
been struggling with this problem for a couple weeks now.
I am running Hermes 1.0 on a Windows 2003 Server using Java 1.5.0_03
runtime.=A0 Every time I attempt to send a message to =
=93othercompany=94=92s MSH
server (not hermes, Cyclone I think) I receive the =
SSLHandshakeException.=A0 I
have all the necessary trusted certs installed in my cacerts file that
Hermes is using as it=92s TrustedAnchor.=A0 I am able to sign messages =
with the
test09 private key with no problem from the Monitor app.
=93othercompany=94=92s MSH server requires that I send my certificate =
for
authentication.=A0 I have tested the authentication process in a browser =
with
no problems.
I have also tried the 9.31 version of Hermes with the same result.=A0 My
private key originally came in a .pfx file =96 I was able to sign =
messages
from the Monitor application using the .pfx file, but when I put that as =
my
keystore in the config file for SSL, it would always say =93Cannot load =
the
keystore on SSL client authentication : Cannot load keystore : Invalid
keystore format=94.=A0 So I programmatically put the private key into =
the JKS
format.
Is there a good way to debug the whole SSL handshaking process, I=92ve =
seen
posts about "-Djavax.net.debug=3Dall" =96 but can somebody elaborate and =
be more
specific about what I need to do?
Please help =96 I=92ve included as much pertinent information below as I =
can
think of!!!!!!=20
-Rob
-- from log ----------
Add SSL Client Authentication entry : https://othercompany/msh/
\hermes\test.keystore
Sending message to https://othercompany/msh/
Connection class : class
com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnectionOldImpl
Instance of HttpsURLConnection : true
Configuration to a HTTPS connection
use key manager for url : https://othercompany/msh/
[10505] Cannot send SOAP message Exception:
javax.net.ssl.SSLHandshakeException Message: Received fatal alert:
handshake_failure
------------------------------------
-- from config file -------
<SSL>
=A0=A0=A0=A0=A0 <!-- Optional property specifying the implementation =
class name of
=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 com.sun.net.ssl.HostnameVerifier from =
JSSE 1.0 which handle the
case
=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 when the URL's hostname and the server's =
identification hostname
=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 mismatch-->
=A0=A0=A0=A0=A0 <!-- <HostnameVerifier>Verifier</HostnameVerifier> -->
=A0=A0=A0=A0=A0 <TrustedAnchor>
=A0=A0=A0=A0=A0=A0=A0 <!-- Trust keystore for SSL Server Authentication =
-->
=A0=A0=A0=A0=A0=A0=A0 <KeyStore>
=A0=A0=A0=A0=A0=A0=A0=A0=A0 <Path>/hermes</Path>
=A0=A0=A0=A0=A0=A0=A0=A0=A0 <File>cacerts</File>
=A0=A0=A0=A0=A0=A0=A0=A0=A0 <Password>changeit</Password>
=A0=A0=A0=A0=A0=A0=A0 </KeyStore>
=A0=A0=A0=A0=A0 </TrustedAnchor>
=A0=A0=A0=A0=A0 <ClientAuth>
=A0=A0=A0=A0=A0=A0=A0 <URL>https://othercompany/msh/</URL>
=A0=A0=A0=A0=A0=A0=A0 <KeyStore>
=A0=A0=A0=A0=A0=A0=A0=A0=A0 <Path>/hermes</Path>
=A0=A0=A0=A0=A0=A0=A0=A0=A0 <File>test.keystore</File>
=A0=A0=A0=A0=A0=A0=A0=A0=A0 <Alias>test09</Alias>
=A0=A0=A0=A0=A0=A0=A0=A0=A0 <Password>password</Password>
=A0=A0=A0=A0=A0=A0=A0 </KeyStore>
=A0=A0=A0=A0=A0 </ClientAuth>
</SSL>
------------------------------------
-- from keytool ------
D:\jdk1.5.0_03\bin>keytool -list -keystore test.keystore
Enter keystore password:=A0 password
Keystore type: jks
Keystore provider: SUN
Your keystore contains 1 entries
test09, Jun 13, 2005, keyEntry,
Certificate fingerprint (MD5):
5D:69:75:75:7C:6D:4A:E9:C6:82:4B:9F:A8:E6:52:05
------------------------------------
|
