ACE20 SSL-connection rate performance
Hello,
One of our customers are challenging our ACE20 modules ssl-connection rate performance. During a loadtest performed against our webportals, they concluded, that the ACE-module showed signs of severe performance degredations, when the number of new ssl-connections hit 40.
While I disagree with that conclusion, I find it somewhat difficult to disprove it. Nothing on the ACE-module suggest any ssl-resource depletion, the highest recorded ssl-connection rate is 677 tps and the license permits 10k. The context is currently sized to 4k. I've gone through numerous troubleshooting steps, trying to locate anything that would suggest a problem with the module, but so far nothing has turned up.
I've been given somewhat conflicting information about what the ssl-connection rate resouce actually represent. Some say is represent the total number of new ssl-connections pr/sec, other say it represents ssl-transaction capacity as a whole, which among other things would include ssl-handshakes. Regardsless, 40 in my opinion seems way to low and this is very inconsistent with the generel load on our modules, which often climbs into the hundreds.
So I'm looking for suggestions on how to conduct a simple ssl/tps test against the ACE-modules. The test is expected to be very basic, as I'm not looking to test the webportal end-to-end, but simply doing an ssl-tps performace test.
Any help will do
Thanks
/Ulrich
Hi,
The connection will be denied once the SSL connection rate is exceeded.
That can be identified by using the command :
show resource usage all
You will see something like this :
Resource Current Peak Min Max Denied
ssl-connections rate 995 1000 0 1000 28975
You will notice that the deny counter will start increasing once the rate is exceeded.
hope that helps.
regards,
Ajay Kumar
Similar Messages
-
What exactly happens when the SSL connection rate is exceeded. Is the connection dropped, queued or what ?
Defined as the SSL TPS. In our case 1000 but upgradeable to 5000Hi,
The connection will be denied once the SSL connection rate is exceeded.
That can be identified by using the command :
show resource usage all
You will see something like this :
Resource Current Peak Min Max Denied
ssl-connections rate 995 1000 0 1000 28975
You will notice that the deny counter will start increasing once the rate is exceeded.
hope that helps.
regards,
Ajay Kumar -
Poor performance in establishing an SSL connection
Hi,
i have a Servlet (loaded on Tomcat 4.1) that establishes a SSL Connection to a remote server. The issue is, is that the connection phase takes over 4 seconds to complete!
heres the function where the problem shows
public SSLSocket getSocket()
throws NoSuchAlgorithmException, KeyStoreException, FileNotFoundException,
IOException, KeyManagementException, CertificateException,
UnrecoverableKeyException
* Set up a key manager for client authentication if asked by the server.
SSLSocketFactory factory = null;
SSLContext ctx;
KeyManagerFactory kmf;
KeyStore ks;
// Set the SSL Context to TLS (required for Client certs).
ctx = SSLContext.getInstance("TLS");
kmf = KeyManagerFactory.getInstance("SunX509");
ks = KeyStore.getInstance(ksType);
// Load in the KeyStore.
ks.load(new FileInputStream(ksLoc), ksPassphrase);
kmf.init(ks, ksPassphrase);
// Generate some random data.
SecureRandom sr = new SecureRandom();
sr.nextInt();
// Initialise the SSL with the random data.
ctx.init(kmf.getKeyManagers(), null, sr);
factory = ctx.getSocketFactory();
* Open the Socket to the SSL server. from this point we can treat
* it like and nomal Socket
SSLSocket socket = (SSLSocket)factory.createSocket(servHost, servPort);
// Force the handshake
socket.startHandshake();
// Return the now open SSLSocket to the caller.
return socket;
the problematic line is:
SSLSocket socket = (SSLSocket)factory.createSocket(servHost, servPort);
it takes about 4.5 - 5.0 seconds to return. The remote server is based on the same LAN as this Servlet and so network lag should not be an issue (im accessing via 10.xx ip too)
Can anyone help me in determining why this takes so long?
Thanks !
Darren.First, try by removing the line which says:
socket.startHandshake();because the handshake will be initiated by the socket upon creation.
If you are using JDK v1.4.1 I've seen some SSL performance issues when stablishing the connection, so I returned to my old JDK 1.3.1.
Also be sure to create the factory in the servlet init() method because it has no sense to recreate the factory in every request as long as it uses the same KeyManager.
HTH -
I really can't figure out this problem. Search the internet tried all kinds of things, nothing help so far.
I have a Macbook Pro (Lion originally installed) running on Mavericks (all latest updates). SSD installed and the DVD tray is replaced by the original HDD.
The laptop wasn't running very smooth anymore so decided to give it a fresh Mavericks install (even though I know it's not really necessary for mac, it helped, everything is much faster except a weird internet problem came up).
After freshly installing Mavericks I couldn't get into my google account anymore, just wouldn't load. Tried Safari (use this normally) and Firefox and Chrome, this last was gave a SSL connection error, both Safari and FF said the website couldn't be loaded because the server didn't respond. For Gmail I use Mailplane which is just stuck on a white page. I tried repairing the keychain, repaired disk and disk permissions, cleaned browsers, turned off firewall and antivirus (Shopos) started in safe mode, checked time settings which were all good. Nothing of this helped. I even ended up creating a usb bootdisk for Mavericks, formatted the disk and reinstalled from the start just Mavericks and nothing else, started Safari, still the same problem. As even this didn't help I figured it's not worth reinstalling all software so put back my backup.
Now I ended up somehow only being able to use Gmail normally in Firefox, Chrome still gives SSL error and Safari can load the inbox, but I can't open any messages. I get the error there is a problem with the connection. If I try in Basic HTML mode it surprisingly does work.
You would say, just use Firefox, finished...but the thing is that sometimes random websites won't load in Firefox, when I load the same site in Safari it works perfectly.
O yes, I also tried the connect to my iPhone and use the Cellular data network, then it's no problem using Gmail in Safari normally. You would say it's a router problem, but I have another Macbook Pro (just one model later running Mountain Lion) this one works perfectly with every browser. Also my iPhone does everyting logged into the WiFi network.
You can understand I really have no clue what's going on here, I don't see any logic. I can only think of a hardware problem in my Macbook, but don't see how that could cause these problems.
I hope someone is ably to help me ?Please read this whole message before doing anything.
This procedure is a test, not a solution. Don’t be disappointed when you find that nothing has changed after you complete it.
Step 1
The purpose of this step is to determine whether the problem is localized to your user account.
Enable guest logins* and log in as Guest. Don't use the Safari-only “Guest User” login created by “Find My Mac.”
While logged in as Guest, you won’t have access to any of your documents or settings. Applications will behave as if you were running them for the first time. Don’t be alarmed by this behavior; it’s normal. If you need any passwords or other personal data in order to complete the test, memorize, print, or write them down before you begin.
Test while logged in as Guest. Same problem?
After testing, log out of the guest account and, in your own account, disable it if you wish. Any files you created in the guest account will be deleted automatically when you log out of it.
*Note: If you’ve activated “Find My Mac” or FileVault, then you can’t enable the Guest account. The “Guest User” login created by “Find My Mac” is not the same. Create a new account in which to test, and delete it, including its home folder, after testing.
Step 2
The purpose of this step is to determine whether the problem is caused by third-party system modifications that load automatically at startup or login, by a peripheral device, by a font conflict, or by corruption of the file system or of certain system caches.
Please take this step regardless of the results of Step 1.
Disconnect all wired peripherals except those needed for the test, and remove all aftermarket expansion cards, if applicable. Start up in safe mode and log in to the account with the problem. You must hold down the shift key twice: once when you turn on the computer, and again when you log in.
Note: If FileVault is enabled, or if a firmware password is set, or if the startup volume is a software RAID, you can’t do this. Ask for further instructions.
Safe mode is much slower to start up and run than normal, with limited graphics performance, and some things won’t work at all, including sound output and Wi-Fi on certain models. The next normal startup may also be somewhat slow.
The login screen appears even if you usually log in automatically. You must know your login password in order to log in. If you’ve forgotten the password, you will need to reset it before you begin.
Test while in safe mode. Same problem?
After testing, restart as usual (not in safe mode) and verify that you still have the problem. Post the results of Steps 1 and 2. -
Problems running SSL connection using JRUN 4.0/JDK 1.4.2
Hi,
Our project is to run a SSL connection to FedEx. When we test the connection with WebSphere 5.0 test server, it connected and worked. But, when we tested with our environment (JRUN4), exception thrown:
The following are the exceptions:
===========================
socket = (SSLSocket)factory.createSocket("gateway.fedex.com", 443);
causes the error:
java.net.SocketException: Export restriction: this JSSE implementation is non-pluggable.
Which implies that we are trying to use a SSL impementation other than Sun's, which is not allowed in JDK 1.4.x. Googleing for similar cases confirms that creating SSL sockets has been problematic for JDK 1.4.x users in particular.
However, the following code
SSLSocketFactory factory = (SSLSocketFactory)SSLSocketFactory.getDefault();
System.out.println("Classname: "+factory.getClass().getName());
produces
Classname: javax.net.ssl.DefaultSSLSocketFactory
This seems to imply that we are using the Sun SSL implementation. So I am not sure what could be causing the error. Have any you ever run into this particular problem before and if so what is your recommendation?
Any idea, thinking is greatly appreciated.
Thank you.I have plenty of HD space (130GB) left, so that's not the problem.
Actually, the amount of free space is not nearly as relevant to the issue as the % of free space. If your HD is over about 50% full, especially doing video, there will be performance degradation compared to an HD that is less than about 50% full. It's the physics of the hard drive. In addition, if you are working on HD video you can easily need 50-100GB per hour of video for working storage & render files. And if you render multiple times, FCE is not good at cleaning up old render files, so multiple renders take more & more disk space. The only effective way to clean out old render files is to manually delete them from your FCE /Render Files folder. And it's nearly impossible to tell which render files are actually in current use, so you end up having to delete them all and then re-render your entire timeline if you really want to free up disk space.
To answer your question about upgrading, yes, once you install Snow Leopard you should be able to update to 10.6.8 via Software Update. That's how I've always done it.
If your black Macbook is the one I suspect it is, the official max is 4GB RAM but it appears it will work with 6GB. Overall, the system specs are on the low side for FCE 4
As for still images, I have generally found sizing them to no more than 2x your video frame size works pretty well. Larger than that, FCE will be discarding lots of pixels to fit the image into your video frame. You need to consider the actual pixel dimensions of your image, not the embedded resolution or dpi. Actual pixel dimensions are what's important. The larger your jpeg image the more pixels will be discarded, so images that are much larger than your frame size are not advisable. -
SSL Connectivity Configuration
Hi,
I installed the SSL Certificates on the windows machine where our CPO server is configured. And I also configured the web service adapter to use secured authentication on the default port.
Is there anything else I would need to configure other than the above inorder to have the SSL connectivity? Also are there any standard tests I can perform from CPO inorder to validate this configuration.
Thanks,
GregYou need to make sure you have followed all the steps on page 12 of the Northbound Web Services guide. If you have you can test by opening a browser and going to https:// teo server>:/WS/Process?WSDL
You can test with portal feeding information in or you can run web service executes (in CPO) against it to further test. -
Exception -CSoapExceptionTransport while testing SM59 ADS SSL connection
Hi,
I have configured SSL to access ADS from ABAP environment.
I get the following exception when testing ADS SSL connection using report FP_PDF_TEST_00.
ERROR CODE : 100.101
ERROR MESSAGE : SOAP Runtime Exception: CSoapExceptionTransport : HTTP receive failed with exception communication_failure
SOAP Framework error: SOAP Runtime Exception: CSoapExceptionTransport : HTTP receive failed with exception communication_failure(100.101)
Any idea about the cause of this exception.
I have verified all the steps involved in configuring SSL but am not able to figure out what is missing.
Thanks,
ChitraliHi Amit,
Yes I have completed all the steps mentioned in the blog. I did not have the SAP cryptographic library on ABAP stack. Hence had to perform a few additional steps to install it and had to setup SSL Client PSE to create self signed SSL client certificate to be assigned to SM59 ADS destination. Still I get this error.
The problem is I cannot even test the SSL enabled ADS Java WS using WS navigator. It does not work.
It would be great if someone can provide me some direction for troubleshooting.
Thanks.
Chitrali -
I am trying to connect a UDS System from a Weblogic 7.0 sp1 server. My application is deployed as an ear file and when I try to open a SSL connection I am getting the following exception.
javax.net.ssl.SSLHandshakeException: FATAL Alert:HANDSHAKE_FAILURE - The handshake handler was unable to negotiate an acceptable set of security parameters.
The program is running normal from a command prompt.
Hoping somebody have idea about this problem and suggest how to resolve it?Pavel,
Here is what my log looks like ............can you get some clue out of it ???
<Mar 4, 2005 2:47:44 PM EST> <Debug> <TLS> <000000> <write HANDSHAKE offset = 0 length = 134>
<Mar 4, 2005 2:47:44 PM EST> <Debug> <TLS> <000000> <write CHANGE_CIPHER_SPEC offset = 0 length = 1>
<Mar 4, 2005 2:47:44 PM EST> <Debug> <TLS> <000000> <write HANDSHAKE offset = 0 length = 16>
<Mar 4, 2005 2:47:44 PM EST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<Mar 4, 2005 2:47:44 PM EST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<Mar 4, 2005 2:47:44 PM EST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<Mar 4, 2005 2:47:44 PM EST> <Debug> <TLS> <000000> <10767073 readRecord()>
<Mar 4, 2005 2:47:44 PM EST> <Debug> <TLS> <000000> <10767073 SSL3/TLS MAC>
<Mar 4, 2005 2:47:44 PM EST> <Debug> <TLS> <000000> <10767073 received ALERT>
<Mar 4, 2005 2:47:44 PM EST> <Debug> <TLS> <000000> <NEW ALERT: com.certicom.tls.record.alert.Alert@1cf54c0 Severity: 2 Type: 4
0
java.lang.Throwable: Stack trace
at weblogic.security.utils.SSLSetup.debug(SSLSetup.java:265)
at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
at com.certicom.tls.record.alert.AlertHandler.handleAlertMessages(AlertHandler.java:162)
at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:66)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:124)
at java.io.FilterOutputStream.flush(FilterOutputStream.java:123)
at com.bea.b2b.transport.http.HttpURLConnection.writeRequests(HttpURLConnection.java:100)
at com.bea.b2b.transport.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:177)
at com.bea.b2b.transport.http.HttpEndPoint.send(HttpEndPoint.java:164)
at com.bea.b2b.protocol.rosettanet.rnif1x.RNEncoder.process(RNEncoder.java:88)
at com.bea.b2b.protocol.ModuleChain.process(ModuleChain.java:64)
at com.bea.b2b.protocol.Protocol.encode(Protocol.java:632)
at com.bea.b2b.protocol.rosettanet.RNIBProtocol.send(RNIBProtocol.java:68)
at com.bea.b2b.protocol.rosettanet.rnif1x.messaging.RNMessage.send(RNMessage.java:451)
at com.bea.b2b.protocol.rosettanet.messagesender.RNMessageSenderBean.onMessage(RNMessageSenderBean.java:138)
at weblogic.ejb20.internal.MDListener.execute(MDListener.java:370)
at weblogic.ejb20.internal.MDListener.onMessage(MDListener.java:262)
at weblogic.jms.client.JMSSession.onMessage(JMSSession.java:2678)
at weblogic.jms.client.JMSSession.execute(JMSSession.java:2598)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)
>
<Mar 4, 2005 2:47:44 PM EST> <Debug> <TLS> <000000> <Alert received from peer, notifying peer we received it: com.certicom.tls.
record.alert.Alert@1cf54c0>
<Mar 4, 2005 2:47:44 PM EST> <Debug> <TLS> <000000> <close(): 10767073>
<Mar 4, 2005 2:47:44 PM EST> <Debug> <TLS> <000000> <SSLIOContextTable.removeContext(ctx): 11536308>
<Mar 4, 2005 2:47:44 PM EST> <Error> <WLI-B2B HTTP Transport> <BEA-463547> <HTTP send failed: javax.net.ssl.SSLHandshakeExcepti
on: FATAL Alert:HANDSHAKE_FAILURE - The handshake handler was unable to negotiate an acceptable set of security parameters.>
com.bea.b2b.transport.TransportException: [WLI-B2B HTTP Transport:463547]HTTP send failed: javax.net.ssl.SSLHandshakeException:
FATAL Alert:HANDSHAKE_FAILURE - The handshake handler was unable to negotiate an acceptable set of security parameters.
at com.bea.b2b.transport.http.HttpEndPoint.send(HttpEndPoint.java:257)
at com.bea.b2b.protocol.rosettanet.rnif1x.RNEncoder.process(RNEncoder.java:88)
at com.bea.b2b.protocol.ModuleChain.process(ModuleChain.java:64)
at com.bea.b2b.protocol.Protocol.encode(Protocol.java:632)
at com.bea.b2b.protocol.rosettanet.RNIBProtocol.send(RNIBProtocol.java:68)
at com.bea.b2b.protocol.rosettanet.rnif1x.messaging.RNMessage.send(RNMessage.java:451)
at com.bea.b2b.protocol.rosettanet.messagesender.RNMessageSenderBean.onMessage(RNMessageSenderBean.java:138)
at weblogic.ejb20.internal.MDListener.execute(MDListener.java:370)
at weblogic.ejb20.internal.MDListener.onMessage(MDListener.java:262)
at weblogic.jms.client.JMSSession.onMessage(JMSSession.java:2678)
at weblogic.jms.client.JMSSession.execute(JMSSession.java:2598)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)
Caused by: javax.net.ssl.SSLHandshakeException: FATAL Alert:HANDSHAKE_FAILURE - The handshake handler was unable to negotiate a
n acceptable set of security parameters.
at com.certicom.tls.record.alert.AlertHandler.handle(AlertHandler.java:194)
at com.certicom.tls.record.alert.AlertHandler.handleAlertMessages(AlertHandler.java:162)
at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:66)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:124)
at java.io.FilterOutputStream.flush(FilterOutputStream.java:123)
at com.bea.b2b.transport.http.HttpURLConnection.writeRequests(HttpURLConnection.java:100)
at com.bea.b2b.transport.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:177)
at com.bea.b2b.transport.http.HttpEndPoint.send(HttpEndPoint.java:164)
... 12 more
<Mar 4, 2005 2:47:44 PM EST> <Debug> <TLS> <000000> <write HANDSHAKE offset = 0 length = 134>
<Mar 4, 2005 2:47:44 PM EST> <Debug> <TLS> <000000> <Private key class is com.sun.net.ssl.internal.ssl.JSA_RSAPrivateKey>
<Mar 4, 2005 2:47:44 PM EST> <Debug> <TLS> <000000> <Using standard Certicom CertificateVerify code>
<Mar 4, 2005 2:47:44 PM EST> <Warning> <WLI-B2B Protocol> <BEA-467501> <Caught exception during plugin processing:
location: https://b2b-cts-test.b2bpartner.com:443/invoke/wm.ip.rn/receive
protocol: RosettaNet
plugin: RNEncoder
exception: com.bea.b2b.transport.TransportException: [WLI-B2B HTTP Transport:463547]HTTP send failed: javax.net.ssl.SSLHandsha
keException: FATAL Alert:HANDSHAKE_FAILURE - The handshake handler was unable to negotiate an acceptable set of security parame
ters.>
<Mar 4, 2005 2:47:46 PM EST> <Debug> <TLS> <000000> <write HANDSHAKE offset = 0 length = 134>
<Mar 4, 2005 2:47:46 PM EST> <Debug> <TLS> <000000> <write CHANGE_CIPHER_SPEC offset = 0 length = 1>
<Mar 4, 2005 2:47:46 PM EST> <Debug> <TLS> <000000> <write HANDSHAKE offset = 0 length = 16>
<Mar 4, 2005 2:47:46 PM EST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<Mar 4, 2005 2:47:46 PM EST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<Mar 4, 2005 2:47:46 PM EST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<Mar 4, 2005 2:47:46 PM EST> <Debug> <TLS> <000000> <15818420 readRecord()>
<Mar 4, 2005 2:47:46 PM EST> <Error> <WLI-B2B RosettaNet Messaging> <BEA-468502> <Received exception com.bea.b2b.protocol.PlugI
nException: com.bea.b2b.transport.TransportException: [WLI-B2B HTTP Transport:463547]HTTP send failed: javax.net.ssl.SSLHandsha
keException: FATAL Alert:HANDSHAKE_FAILURE - The handshake handler was unable to negotiate an acceptable set of security parame
ters. during send.>
<Mar 4, 2005 2:47:46 PM EST> <Debug> <TLS> <000000> <15818420 SSL3/TLS MAC>
<Mar 4, 2005 2:47:46 PM EST> <Debug> <TLS> <000000> <15818420 received ALERT>
<Mar 4, 2005 2:47:46 PM EST> <Debug> <TLS> <000000> <NEW ALERT: com.certicom.tls.record.alert.Alert@5045b0 Severity: 2 Type: 40
java.lang.Throwable: Stack trace
at weblogic.security.utils.SSLSetup.debug(SSLSetup.java:265)
at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
at com.certicom.tls.record.alert.AlertHandler.handleAlertMessages(AlertHandler.java:162)
at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:66)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:124)
at java.io.FilterOutputStream.flush(FilterOutputStream.java:123)
at com.bea.b2b.transport.http.HttpURLConnection.writeRequests(HttpURLConnection.java:100)
at com.bea.b2b.transport.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:177)
at com.bea.b2b.transport.http.HttpEndPoint.send(HttpEndPoint.java:164)
at com.bea.b2b.protocol.rosettanet.rnif1x.RNEncoder.process(RNEncoder.java:88)
at com.bea.b2b.protocol.ModuleChain.process(ModuleChain.java:64)
at com.bea.b2b.protocol.Protocol.encode(Protocol.java:632)
at com.bea.b2b.protocol.rosettanet.RNIBProtocol.send(RNIBProtocol.java:68)
at com.bea.b2b.protocol.rosettanet.rnif1x.messaging.RNMessage.send(RNMessage.java:451)
at com.bea.b2b.protocol.rosettanet.messagesender.RNMessageSenderBean.onMessage(RNMessageSenderBean.java:138)
at weblogic.ejb20.internal.MDListener.execute(MDListener.java:370)
at weblogic.ejb20.internal.MDListener.onMessage(MDListener.java:262)
at weblogic.jms.client.JMSSession.onMessage(JMSSession.java:2678)
at weblogic.jms.client.JMSSession.execute(JMSSession.java:2598)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)
>
<Mar 4, 2005 2:47:46 PM EST> <Debug> <TLS> <000000> <Alert received from peer, notifying peer we received it: com.certicom.tls.
record.alert.Alert@5045b0>
<Mar 4, 2005 2:47:46 PM EST> <Debug> <TLS> <000000> <close(): 15818420>
<Mar 4, 2005 2:47:46 PM EST> <Debug> <TLS> <000000> <SSLIOContextTable.removeContext(ctx): 11209530>
<Mar 4, 2005 2:47:46 PM EST> <Error> <WLI-B2B HTTP Transport> <BEA-463547> <HTTP send failed: javax.net.ssl.SSLHandshakeExcepti
on: FATAL Alert:HANDSHAKE_FAILURE - The handshake handler was unable to negotiate an acceptable set of security parameters.>
com.bea.b2b.transport.TransportException: [WLI-B2B HTTP Transport:463547]HTTP send failed: javax.net.ssl.SSLHandshakeException:
FATAL Alert:HANDSHAKE_FAILURE - The handshake handler was unable to negotiate an acceptable set of security parameters.
at com.bea.b2b.transport.http.HttpEndPoint.send(HttpEndPoint.java:257)
at com.bea.b2b.protocol.rosettanet.rnif1x.RNEncoder.process(RNEncoder.java:88)
at com.bea.b2b.protocol.ModuleChain.process(ModuleChain.java:64)
at com.bea.b2b.protocol.Protocol.encode(Protocol.java:632)
at com.bea.b2b.protocol.rosettanet.RNIBProtocol.send(RNIBProtocol.java:68)
at com.bea.b2b.protocol.rosettanet.rnif1x.messaging.RNMessage.send(RNMessage.java:451)
at com.bea.b2b.protocol.rosettanet.messagesender.RNMessageSenderBean.onMessage(RNMessageSenderBean.java:138)
at weblogic.ejb20.internal.MDListener.execute(MDListener.java:370)
at weblogic.ejb20.internal.MDListener.onMessage(MDListener.java:262)
at weblogic.jms.client.JMSSession.onMessage(JMSSession.java:2678)
at weblogic.jms.client.JMSSession.execute(JMSSession.java:2598)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)
Caused by: javax.net.ssl.SSLHandshakeException: FATAL Alert:HANDSHAKE_FAILURE - The handshake handler was unable to negotiate a
n acceptable set of security parameters.
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireException(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertReceived(Unknown Source)
at com.certicom.tls.record.alert.AlertHandler.handle(AlertHandler.java:194)
at com.certicom.tls.record.alert.AlertHandler.handleAlertMessages(AlertHandler.java:162)
at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:66)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:124)
at java.io.FilterOutputStream.flush(FilterOutputStream.java:123)
at com.bea.b2b.transport.http.HttpURLConnection.writeRequests(HttpURLConnection.java:100)
at com.bea.b2b.transport.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:177)
at com.bea.b2b.transport.http.HttpEndPoint.send(HttpEndPoint.java:164)
... 12 more
<Mar 4, 2005 2:47:46 PM EST> <Warning> <WLI-B2B Protocol> <BEA-467501> <Caught exception during plugin processing:
location: https://b2b-cts-test.b2bpartner.com:443/invoke/wm.ip.rn/receive
protocol: RosettaNet
plugin: RNEncoder
exception: com.bea.b2b.transport.TransportException: [WLI-B2B HTTP Transport:463547]HTTP send failed: javax.net.ssl.SSLHandsha
keException: FATAL Alert:HANDSHAKE_FAILURE - The handshake handler was unable to negotiate an acceptable set of security parame
ters.>
<Mar 4, 2005 2:47:46 PM EST> <Error> <WLI-B2B RosettaNet Messaging> <BEA-468502> <Received exception com.bea.b2b.protocol.PlugI
nException: com.bea.b2b.transport.TransportException: [WLI-B2B HTTP Transport:463547]HTTP send failed: javax.net.ssl.SSLHandsha
keException: FATAL Alert:HANDSHAKE_FAILURE - The handshake handler was unable to negotiate an acceptable set of security parame
ters. during send.>
<Mar 4, 2005 2:47:49 PM EST> <Debug> <TLS> <000000> <write HANDSHAKE offset = 0 length = 134>
<Mar 4, 2005 2:47:49 PM EST> <Debug> <TLS> <000000> <write CHANGE_CIPHER_SPEC offset = 0 length = 1>
<Mar 4, 2005 2:47:49 PM EST> <Debug> <TLS> <000000> <write HANDSHAKE offset = 0 length = 16>
<Mar 4, 2005 2:47:49 PM EST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<Mar 4, 2005 2:47:49 PM EST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<Mar 4, 2005 2:47:49 PM EST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<Mar 4, 2005 2:47:50 PM EST> <Debug> <TLS> <000000> <12347917 readRecord()>
<Mar 4, 2005 2:47:50 PM EST> <Debug> <TLS> <000000> <12347917 SSL3/TLS MAC>
<Mar 4, 2005 2:47:50 PM EST> <Debug> <TLS> <000000> <12347917 received CHANGE_CIPHER_SPEC>
<Mar 4, 2005 2:47:50 PM EST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<Mar 4, 2005 2:47:50 PM EST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<Mar 4, 2005 2:47:50 PM EST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<Mar 4, 2005 2:47:50 PM EST> <Debug> <TLS> <000000> <12347917 readRecord()>
<Mar 4, 2005 2:47:50 PM EST> <Debug> <TLS> <000000> <12347917 SSL3/TLS MAC>
<Mar 4, 2005 2:47:50 PM EST> <Debug> <TLS> <000000> <12347917 received HANDSHAKE>
<Mar 4, 2005 2:47:50 PM EST> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: Finished>
<Mar 4, 2005 2:47:50 PM EST> <Debug> <TLS> <000000> <write APPLICATION_DATA offset = 0 length = 296>
<Mar 4, 2005 2:47:50 PM EST> <Debug> <TLS> <000000> <write APPLICATION_DATA offset = 0 length = 6332>
<Mar 4, 2005 2:47:50 PM EST> <Debug> <TLS> <000000> <write HANDSHAKE offset = 0 length = 134>
<Mar 4, 2005 2:47:50 PM EST> <Debug> <TLS> <000000> <write CHANGE_CIPHER_SPEC offset = 0 length = 1>
<Mar 4, 2005 2:47:50 PM EST> <Debug> <TLS> <000000> <Filtering JSSE SSLSocket>
<Mar 4, 2005 2:47:50 PM EST> <Debug> <TLS> <000000> <write HANDSHAKE offset = 0 length = 16>
<Mar 4, 2005 2:47:50 PM EST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<Mar 4, 2005 2:47:50 PM EST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<Mar 4, 2005 2:47:50 PM EST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<Mar 4, 2005 2:47:50 PM EST> <Debug> <TLS> <000000> <12347917 read( offset: 0 length: 2048 )>
<Mar 4, 2005 2:47:50 PM EST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<Mar 4, 2005 2:47:50 PM EST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<Mar 4, 2005 2:47:50 PM EST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<Mar 4, 2005 2:47:51 PM EST> <Debug> <TLS> <000000> <SSLIOContextTable.addContext(ctx): 7232123>
<Mar 4, 2005 2:47:51 PM EST> <Debug> <TLS> <000000> <SSLIOContextTable.findContext(is): 16149905>
<Mar 4, 2005 2:47:51 PM EST> <Debug> <TLS> <000000> <write HANDSHAKE offset = 0 length = 137>
<Mar 4, 2005 2:47:51 PM EST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<Mar 4, 2005 2:47:51 PM EST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<Mar 4, 2005 2:47:51 PM EST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<Mar 4, 2005 2:47:51 PM EST> <Debug> <TLS> <000000> <20731063 readRecord()>
<Mar 4, 2005 2:47:51 PM EST> <Debug> <TLS> <000000> <20731063 SSL3/TLS MAC>
<Mar 4, 2005 2:47:51 PM EST> <Debug> <TLS> <000000> <20731063 received CHANGE_CIPHER_SPEC>
<Mar 4, 2005 2:47:51 PM EST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<Mar 4, 2005 2:47:51 PM EST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<Mar 4, 2005 2:47:51 PM EST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<Mar 4, 2005 2:47:51 PM EST> <Debug> <TLS> <000000> <20731063 readRecord()>
<Mar 4, 2005 2:47:51 PM EST> <Debug> <TLS> <000000> <20731063 SSL3/TLS MAC>
<Mar 4, 2005 2:47:51 PM EST> <Debug> <TLS> <000000> <20731063 received HANDSHAKE>
<Mar 4, 2005 2:47:51 PM EST> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: Finished>
<Mar 4, 2005 2:47:51 PM EST> <Debug> <TLS> <000000> <write APPLICATION_DATA offset = 0 length = 296>
<Mar 4, 2005 2:47:51 PM EST> <Debug> <TLS> <000000> <write APPLICATION_DATA offset = 0 length = 6332>
<Mar 4, 2005 2:47:51 PM EST> <Debug> <TLS> <000000> <20731063 read( offset: 0 length: 2048 )>
<Mar 4, 2005 2:47:51 PM EST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<Mar 4, 2005 2:47:51 PM EST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<Mar 4, 2005 2:47:51 PM EST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<Mar 4, 2005 2:47:51 PM EST> <Debug> <TLS> <000000> <26288283 readRecord()>
<Mar 4, 2005 2:47:51 PM EST> <Debug> <TLS> <000000> <26288283 SSL3/TLS MAC>
<Mar 4, 2005 2:47:51 PM EST> <Debug> <TLS> <000000> <26288283 received HANDSHAKE>
<Mar 4, 2005 2:47:51 PM EST> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: ServerHello>
<Mar 4, 2005 2:47:51 PM EST> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: Certificate>
<Mar 4, 2005 2:47:51 PM EST> <Debug> <TLS> <000000> <Performing hostname validation checks: proxy.ams1907.com>
<Mar 4, 2005 2:47:51 PM EST> <Debug> <TLS> <000000> <No proxy involved>
<Mar 4, 2005 2:47:51 PM EST> <Debug> <TLS> <000000> <Converting principal: [email protected], CN=DST RootCA X1, O
U=DSTCA X1, O=Digital Signature Trust Co., L=Salt Lake City, ST=Utah, C=us>
<Mar 4, 2005 2:47:51 PM EST> <Debug> <TLS> <000000> <Converting principal: CN=b2bpartner SSL CA, O=b2bpartner Systems>
<Mar 4, 2005 2:47:51 PM EST> <Debug> <TLS> <000000> <Converting principal: [email protected], CN=DST RootCA X1, O
U=DSTCA X1, O=Digital Signature Trust Co., L=Salt Lake City, ST=Utah, C=us>
<Mar 4, 2005 2:47:51 PM EST> <Debug> <TLS> <000000> <Converting principal: OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD
.(c)97 VeriSign, OU=VeriSign International Server CA - Class 3, OU="VeriSign, Inc.", O=VeriSign Trust Network>
<Mar 4, 2005 2:47:51 PM EST> <Debug> <TLS> <000000> <Converting principal: OU=Secure Server Certification Authority, O="RSA Dat
a Security, Inc.", C=US>
<Mar 4, 2005 2:47:51 PM EST> <Debug> <TLS> <000000> <Converting principal: CN=b2bpartner SSL CA, O=b2bpartner Systems>
<Mar 4, 2005 2:47:51 PM EST> <Debug> <TLS> <000000> <Converting principal: [email protected], CN=DST RootCA X1, O
U=DSTCA X1, O=Digital Signature Trust Co., L=Salt Lake City, ST=Utah, C=us>
<Mar 4, 2005 2:47:51 PM EST> <Debug> <TLS> <000000> <Converting principal: [email protected], CN=DST RootCA X1, O
U=DSTCA X1, O=Digital Signature Trust Co., L=Salt Lake City, ST=Utah, C=us>
<Mar 4, 2005 2:47:51 PM EST> <Debug> <TLS> <000000> <Converting principal: [email protected], CN=DST RootCA X1, O
U=DSTCA X1, O=Digital Signature Trust Co., L=Salt Lake City, ST=Utah, C=us>
<Mar 4, 2005 2:47:51 PM EST> <Debug> <TLS> <000000> <Converting principal: CN=b2bpartner SSL CA, O=b2bpartner Systems>
<Mar 4, 2005 2:47:51 PM EST> <Debug> <TLS> <000000> <Converting principal: [email protected], CN=DST RootCA X1, O
U=DSTCA X1, O=Digital Signature Trust Co., L=Salt Lake City, ST=Utah, C=us> -
Cannot establish SSL connection after fresh install
Hello,
I performed a fresh install a couple of days ago. Everything is fine, no hardware errors, pacman and curl work like a charm, HTTP servers respond as they should, but SSL servers do not respond the right way.
I tried with elinks, chromium and firefox and they get stuck on SSL negotiations for very long times.
Installed the whole thing again. Same issue.
Just tested with:
openssl s_client -connect facebook.com:443
openssl s_client -connect google.com:443
Seems to work fine, I can GET with no problems.
Also tested with:
wget --debug -O - https://facebook.com
It gets stuck to "Initializing SSL handshake" and after a couple of minutes the connection is closed with error message "Unable to establish SSL connection."
The system date/time are correct, the system is up to date, used the latest install image available at http://archlinux.org, installed following the install guide from the wiki.
All tests performed as root.
Last edited by icecoder (2013-05-30 10:07:14)WonderWoofy wrote:Initscripts maybe... ethernet... since I am not familiar with either of your systems, I cannot answer this.
As I understand, the latest arch uses systemd by default, so there's no need installing initscripts and in https://wiki.archlinux.org/index.php/In … e_internet nothing said I have to configure network as I'm using DHCP.
Last edited by tenzan (2012-10-22 00:02:42) -
Sporadic SSL connection trouble
I happened to run across https://discussions.apple.com/message/5546820, which describes a problem very similar to one I've had troubles with since Mac OS X 10.5 Server and still happens with 10.6.7; I did not experience this with Tiger.
I have a web service written in PHP (v5.3.4) that makes another web service call to a third party web service. The call TO my web service and the call my web service MAKES are both SSL encrypted; neither are going through a proxy. Occasionally, my web service will get a SoapFault raised with the error "Could not connect to host" when instantiating a SoapClient object to connect to the third party web service. We use this web service an average of nearly 1,000 times a day, and of those, only a handful each day gets this exception. I have gone so far as to add code that will make a second attempt to instantiate the SoapClient class when the first fails. Sometimes the second attempt works, but sometimes even it fails.
At one point I moved this process back to 10.4.11 Server (w/PHP v5.2.4), and experienced no errors. I've also ran the same code on a Windows machine with PHP 5.3 installed and it did not experience the problem either. So I don't believe it has anything to do with upgrading PHP from 5.2 to 5.3. I have performed tests from other Macs connecting to one of Amazon's web services over HTTPS, and they too experienced random failures beginning with Leopard. So I don't think it has anything to do with the specific machine on which the process is running. I also tried consuming the Amazon web service over HTTP, and didn't experience the problem.
We have another process (on a different server running 10.5.8) that uses CURL to establish a SSL encrypted connection to a partner's system, and it's randomly failing on curl_exec() with "SSL read: error:00000000:lib(0):func(0):reason(0), errno 54". According to http://curl.haxx.se/libcurl/c/libcurl-errors.html, error 54 means "Failed setting the selected SSL crypto engine as default!".
CURL details:
10.5.8 machine:
curl 7.16.4 (i386-apple-darwin9.0) libcurl/7.16.4 OpenSSL/0.9.7l zlib/1.2.3
Protocols: tftp ftp telnet dict ldap http file https ftps
Features: GSS-Negotiate IPv6 Largefile NTLM SSL libz
10.6.7 machine:
curl 7.19.7 (universal-apple-darwin10.0) libcurl/7.19.7 OpenSSL/0.9.8l zlib/1.2.3
Protocols: tftp ftp telnet dict ldap http file https ftps
Features: GSS-Negotiate IPv6 Largefile NTLM SSL libz
Neither error can be reproduced at will, but they do happen daily (no particular time of day; it's completely random). It just really sounds like something is wrong with some low level code in the OS dealing with SSL that began with Leopard. Anyone else having similar trouble?i got the connection to work, and the problem was that the regional settings of the client was set to "Turkish". after changing it to EN, it worked.
(questions 2), 3) and 4) are "answered" herewith).
is there a workaround for the language problem ? (the reg. settings have to be Turkish)
(when set to "Turkish", the JRE parses the cacerts file erroneous (because of the Turkish 'i' character). running the program with "-javax.net.debug=all" parameter prints the trace)
now, i've another question :
when creating a user how do we specify which group the user belongs to ?
a solution for this is to find the group and add the user to the group. is there an attribute of the user which can be set directly at creation time ?
last question :
why does it take so long to get a context with ssl connection ? does anybody know how to make it faster ?
thanks -
KT3 : Boost your ATA133 IDE Burst Rate Performance!!
[size=15]KT3 : Boost your ATA133 IDE Burst Rate Performance!![/size][/b]
Hi everyone.
[size=11]I've lost the first copy of this guide. This is a total rewrite and I hope I didn't leave out anything I wrote before.[/size]
There are many issues with weak IDE performance on KT3 Ultra board, in fact with most VIA chipset based boards too. This could probably due to the VIA PCI timing control that impacts the IDE performance. There are some PCI patches like VIA RAID Performance Patch and George Breese's PCI Latency Patch to tackle this problem. This guide will focus on how to install these patches accordingly to get true ATA133 performance on your system.
Here are some preparation you need before anything.
Requirement:
MSI KT3 Ultra ARU, K7T266 Pro2-R and any other VIA chipset RAID-equipped boards
ATA100 or ATA133 hard drives
80-conductors ATA-66/100/133 IDE cable
VIA 4-in-1 driver version 4.38 [size=11]Due to stability issues with version 4.40, for now version 4.38 is the best choice[/size]
VIA RAID Performance Patch v1.05
goto http://www.georgebreese.com/net/software/ and download HDSPEED.EXE and PCI Latency Patch 0.19d (no direct link)
stable and working PC with Windows operating system
the harddisk(s) must use 80-conductor ATA100 cable to connect to the motherboard's IDE port, and jumpered correctly
Here is the step-by-step guide:
[list=1]
run HDSPEED.EXE to get the hdd benchmark result. If it's well below 80MB for bandwidth, your system need to be tweaked.
Install VIA 4-in-1 driver. Installation guide is here from viaarena.com
Restart PC.
run HDSPEED.EXE to check any improvement. If still below 80MB, your system still need to be tweaked.
If you have RAID drives on your system, unzip the RAID Performance Patch and run SETUP to install the patch. After installation finished, Restart PC. Of course even if you don't have any RAID arrays , you may install VIA RAID Performance Patch too, it won't affect the system.
Run HDSPEED.EXE again to check any improvement, especially if you're running RAID.
Unzip the PCI Latency Patch to a temporary folder, run SETUP.BAT. After the patch installation completed, restart PC.
run HDSPEED.EXE again. You should be able to get 80MB/40MB now!
There are some assumptions I need to mention, here are them:
This guide is based on Windows XP, I assume it works for Win2k and Win9x too.
This guide works for both RAID and non-RAID system.
The result of HDSPEED for tweaked system is Bandwidth over 80MB, Sequential over 40MB for fast ATA100/133 harddisks, ie Maxtor D740x 95MB/42MB. If anything lower than 80MB/40MB, your system need to be tweaked.
Ultimately it is George Breese's PCI Latency Patch 0.19d that boosts the burst rate. Anyhow I do recommend to install both the VIA 4-in-1 drivers and VIA RAID Performance Patch to cover some patches that PCI Latency Patch doesn't cover. The installation sequence must be first VIA 4-in-1, then VIA RPP patch, then lastly PCI Latency Patch.
There are some other performance patches other than PCI latency patch done by George Breese's patch. So overall, it improves system performance. However, this might bring some stability issues to some system.
This guide ONLY improve the burst rate. It does not improve much in overall hdd benchmark obtained by PCMark2002 or Sisoft SANDRA.
This does improve my Maxtor drive from 70MB/42MB to 95MB/42MB!
Please tell us your result after attempting this guide. Please let us know if you face any issues in attempting this guide. I'll be ready to amend anything here.
Thanks for reading.
[size=11]p/s: I hope I really didn't miss out anything ;)[/size]I am having conflicts with Archtek/Smarltlink CNR Modem riser(I think). System automatically reboots when modem is activated-all other apps utilizing the PCI boards working fine. When I activate teh dial up - the system immedialy resets. I removed the patch until I find the problem. When patches are installed I had significally better results then below up to 110/50 yet when looking at the results from HDExpert the minimum data reads and min. data writes suffered significaly but the max rate was got good improvements.
I have 4 identical Maxtor 60GB Ultr/133 7200 drives - here's the results from George's Disk Performance Test
-------------------no patches----------------------------------
-----George's Disk Performance Test v0.14 --------------
---------------Bandwidth/Sequential--------------------------
Buffer Size-----Disk 1-----------Disk 2---------------Disk 3
Size ----------(C-IDE 1M) -----(D-IDE 1S)-------------RAID 0
65536---------70.7/41.8-------71.9/42.0----------65.5/45.9
131072-------76.6/41.4 -------77.6/41.5 ---------69.6/47.1
262144 ------78.6/41.1 -------78.8/41.7 ---------72.0/51.3
524288 ------80.3/39.8 --------81.7/41.4 --------73.0/50.2
1048576 -----30.0/41.0 -------32.8/41.0 --------73.6/54.9
2097152 -----39.3/39.7 -------38.6/39.7 --------60.0/63.6
As you can see the difference is when the buffer size is increased. This is with the standard BIOS load - no overclocking -
Errror during SSL connection with LDAP using JNDI APIs
Hello,
I have established a client and server certificates cert.arm for LDAP server and client. On client i have created a client.kdb file and on server server.kdb file both containing cert.arm. whwn i give a request
C:\Program Files\IBM\LDAP\bin>ldapsearch -b "o=ibm,c=us" -h 9.182.174.71 -p 636 -D cn=roo
-w root1 -Z -K "C:\Program Files\ibm\ldap\etc\client.kdb" -P client -s sub cn=s* cn sn
it gave me proper results
but using a JNDI API where i specify
Hashtable env = new Hashtable(11);
env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
// Specify LDAPS URL
env.put(Context.PROVIDER_URL, "ldap://"+"9.182.174.71:636");
// Authenticate as S. User and password "mysecret"
env.put(Context.SECURITY_PROTOCOL, "ssl");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, "cn=root1");
env.put(Context.SECURITY_CREDENTIALS, "root1");
DirContext ctx = new InitialDirContext(env);
SearchControls constraintssc=new SearchControls();
constraintssc.setSearchScope(SearchControls.SUBTREE_SCOPE);
// performing the search
NamingEnumeration results=ctx.search("o=ibm,c=us","cn=s*",constraintssc);
////etc.........
Its gives me an exception saying that
javax.naming.CommunicationException: simple bind failed: 9.182.174.71:636. Root
exception is javax.net.ssl.SSLHandshakeException: Couldn't find trusted certificate
Could any body help me out on this
Thank YouYou are attempting to authenticate via an SSL connection to port 636.
The message 'couldn't find trusted certificate' means that your client doesn't trust the certificate it has received from the LDAP server.
In order to establish that trust, you must export a certificate file from the LDAP server, then use Java's keytool.exe to create a keystore file using that certificate. Then your client code must reference that keystore file that you've created.
So essentially, you have to provide your program the LDAP server's credentials. "If the server's certificate looks like this, then you can trust it."
After your program trusts the certificate it receives from the server at runtime, your connection will authenticate. -
when Update to 10.7.2 ,I cannot access to any site with ssl connection and fail to open safari and keychain, unless restart computer and login in with Guest account.
OS:10.7.2
Macbook Pro 2010-mid 13inchI also have the same problem, however if I use Firefox or Opera sites with ssl connection work fine. Still, I can't use Google Chrome (ssl), Safari (ssl), the Mac app store (generally), or the iTunes store (generally). Both the iTunes store, Safari and the app store won't respond, and Chrome displays this error: (net::ERR_TIMED_OUT). The problem persists regardless of what network I'm using. Also, when trying to access the keychain or iCloud, the process will not start (will hang). I didn't have these problems at all before updating to 10.7.2.
Sometimes rebooting helps, and sometimes not. If the problem disappears by rebooting, then it only lasts a few minutes before it reappears. It is very frustrating, especially since there doesn't seem to be any obvious or consistent way of which to fix it.
I'm also using a Macbook Pro 13-inch mid 2010. -
SSL Connection Configuration between Apache and Weblogic 8,1
I'm currently using Apache web server as a front end server for Weblogic server 8.1 and now i' facing some configuration problem to setting up the SSL connection between this 2 server. When i open my web application page, it shows
Failure of Server Apache bridge
No backend server available for connection: timed out after 10 seconds or idempotent set to OFF.
and my proxy.log shows:
Thu Nov 03 09:36:41 2011 <182413202842013> INFO: SSL is configured
Thu Nov 03 09:36:41 2011 <182413202842013> INFO: SSL configured successfully
Thu Nov 03 09:36:41 2011 <182413202842013> Using Uri /favicon.ico
Thu Nov 03 09:36:41 2011 <182413202842013> After trimming path: '/favicon.ico'
Thu Nov 03 09:36:41 2011 <182413202842013> The final request string is '/favicon.ico'
Thu Nov 03 09:36:41 2011 <182413202842013> SEARCHING id=[ebwdsk298.ebworx.com:7002] from current ID=[ebwdsk298.ebworx.com:7002]
Thu Nov 03 09:36:41 2011 <182413202842013> The two ids matched
Thu Nov 03 09:36:41 2011 <182413202842013> @@@FOUND...id=[ebwdsk298.ebworx.com:7002], server_name=[10.122.50.218], server_port=[80]
Thu Nov 03 09:36:41 2011 <182413202842013> attempt #0 out of a max of 5
Thu Nov 03 09:36:41 2011 <182413202842013> general list: trying connect to '10.122.50.48'/7002/7002 at line 2696 for '/favicon.ico'
Thu Nov 03 09:36:41 2011 <182413202842013> New SSL URL: match = 0 oid = 22
Thu Nov 03 09:36:41 2011 <182413202842013> Connect returns -1, and error no set to 10035, msg 'Unknown error'
Thu Nov 03 09:36:41 2011 <182413202842013> EINPROGRESS in connect() - selecting
Thu Nov 03 09:36:41 2011 <182413202842013> Setting peerID for new SSL connection
Thu Nov 03 09:36:41 2011 <182413202842013> 0a7a 3230 5a1b 0000 .z20Z...
Thu Nov 03 09:36:41 2011 <182413202842013> Local Port of the socket is 2121
Thu Nov 03 09:36:41 2011 <182413202842013> Remote Host 10.122.50.48 Remote Port 7002
Thu Nov 03 09:36:41 2011 <182413202842013> general list: created a new connection to '10.122.50.48'/7002 for '/favicon.ico', Local port:2121
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs from clnt:[Host]=[10.122.50.218]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs from clnt:[Connection]=[keep-alive]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs from clnt:[Accept]=[*/*]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs from clnt:[User-Agent]=[Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.163 Safari/535.1]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs from clnt:[Accept-Encoding]=[gzip,deflate,sdch]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs from clnt:[Accept-Language]=[en-US,en;q=0.8]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs from clnt:[Accept-Charset]=[ISO-8859-1,utf-8;q=0.7,*;q=0.3]
Thu Nov 03 09:36:41 2011 <182413202842013> URL::sendHeaders(): meth='GET' file='/favicon.ico' protocol='HTTP/1.1'
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[Host]=[10.122.50.218]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[Accept]=[*/*]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[User-Agent]=[Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.163 Safari/535.1]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[Accept-Encoding]=[gzip,deflate,sdch]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[Accept-Language]=[en-US,en;q=0.8]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[Accept-Charset]=[ISO-8859-1,utf-8;q=0.7,*;q=0.3]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[Connection]=[Keep-Alive]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[WL-Proxy-SSL]=[false]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[WL-Proxy-Client-IP]=[10.122.50.48]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[Proxy-Client-IP]=[10.122.50.48]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[X-Forwarded-For]=[10.122.50.48]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[X-WebLogic-Force-JVMID]=[unset]
Thu Nov 03 09:36:41 2011 <182413202841921> INFO: No session match found
Thu Nov 03 09:36:41 2011 <182413202842013> INFO: No CA was trusted, validation failed
Thu Nov 03 09:36:41 2011 <182413202841921> INFO: DeleteSessionCallback
Thu Nov 03 09:36:41 2011 <182413202842013> ERROR: SSLWrite failed
Thu Nov 03 09:36:41 2011 <182413202842013> SEND failed (ret=-1) at 789 of file ../nsapi/URL.cpp
Thu Nov 03 09:36:41 2011 <182413202842013> *******Exception type [WRITE_ERROR_TO_SERVER] raised at line 790 of ../nsapi/URL.cpp
Thu Nov 03 09:36:41 2011 <182413202842013> Marking 10.122.50.48:7002 as bad
Thu Nov 03 09:36:41 2011 <182413202842013> got exception in sendRequest phase: WRITE_ERROR_TO_SERVER [os error=0, line 790 of ../nsapi/URL.cpp]: at line 3078
Thu Nov 03 09:36:41 2011 <182413202842013> INFO: Closing SSL context
Thu Nov 03 09:36:41 2011 <182413202842013> INFO: Error after SSLClose, socket may already have been closed by peer
Thu Nov 03 09:36:41 2011 <182413202842013> Failing over after WRITE_ERROR_TO_SERVER exception in sendRequest()
Can anyone tell me what should i do in order to correct this error? Your help is kindly appreciate!!! Please~1) Is the managed server up?
2) from apache server are you able to bind the managed server port?
3) can you pls send the weblogic ssl configuration? -
How to use a key file in the FTP Task using and SSL connection
In the past I have used this code to set the FTP pass word in an FTP component task in SSIS.
Does anyone know how to use a Key file in an SSL connection to download a file from an FTP site? If not can you tell me where I can get the C# code examples to learn how to create a script task or if there is another way in SSIS to download large files
from an SSL FTP site? Thank you for any help offered.
public void Main()
ConnectionManager FTPConn;
FTPConn = Dts.Connections["FTPServer"];
FTPConn.Properties["ServerPassword"].SetValue(FTPConn, Dts.Variables["FTPPassword"].Value);
Dts.TaskResult = (int)ScriptResults.Success;
AntonioYou can use SFTP for this.
This is a way of implementing SFTP in SSIS using standard tasks
http://visakhm.blogspot.in/2012/12/implementing-dynamic-secure-ftp-process.html
also see
http://blog.goanywheremft.com/2011/10/20/sftp-ftps-secure-ftp-transfers/
Please Mark This As Answer if it helps to solve the issue Visakh ---------------------------- http://visakhm.blogspot.com/ https://www.facebook.com/VmBlogs
Maybe you are looking for
-
Messages won't stay in trash go back into inbox?
Hi! I am having problems deleting emails. I put them into the trash and when I look they are not there and then appear back in the inbox. I have tried all the usual tricks to get it to work but it won't . I suspect it is one particular email that I d
-
Anyone having problems with mail? I erased two emails and the trash bin, then when i shut down the iPhone and after turning it on again, the same two emails and the trash bin contents are still there. I've verified that there are no new messages wait
-
Since I installed the last update to OS X, iPhoto is running so slow that I can not even stand to use it! This problem started in May. I do have 36K photos in my library - but this never ending spinning ball started out of the blue the first time I l
-
Why won't 'Address and Search' from 'Customize Toolbar' box 'stick' when I drag it to my toolbar? I ran updates last night, and my Google searchbox disappeared and I can't get it back.
-
Service Call with Expenses Report
Dear All I would like to view a service report with the expenses , may I know how to get this report from SAP B1? Thanks in advance for advice. Thanks, Catea k.