Bad_record_mac
I am getting an SSL error of bad_record_mac when using and SSL connection.
Does anyone know how to resolve this? I am using WL5.1 sp7.
Thanks,
Mica Cooper
Thanks Wiktor,
I turned in this problem two weeks ago, they fix it for us, and then neglect
to call and tell me its fixed.
Mica
"Wiktor Kozlik" <[email protected]> wrote in message
news:[email protected]..
>
Get service pack 8. It solves this problem.
"Mica Cooper" <[email protected]> wrote in message
news:[email protected]..
I am getting an SSL error of bad_record_mac when using and SSL
connection.
Does anyone know how to resolve this? I am using WL5.1 sp7.
Thanks,
Mica Cooper
Similar Messages
-
FTPSClient - SSL Received fatal alert: bad_record_mac
I am trying to connect to an out of network server using org.apache.commons.net.ftp.FTPSClient
and trying to upload a file.
The code works correctly when i execute it from localhost but throws the following exception from prod server.
javax.net.ssl.SSLException: Received fatal alert: bad_record_mac
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:190)
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:136)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1682)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:932)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1112)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1139)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123)
at org.apache.commons.net.ftp.FTPSClient.sslNegotiation(FTPSClient.java:240)
at org.apache.commons.net.ftp.FTPSClient._connectAction_(FTPSClient.java:171)
at org.apache.commons.net.SocketClient.connect(SocketClient.java:178)
Code
FTPClient ftp = new FTPSClient("SSL")
ftp.connect(server, 21);
reply = ftp.getReplyCode();
if (!FTPReply.isPositiveCompletion(reply)) {
ftp.disconnect();
log.debug("FTP server refused connection.");
return;
//ftp.enterRemotePassiveMode();
ftp.enterLocalPassiveMode();
ftp.login(username, password);
======================
Any suggestions why would it work from my localhost and not from the server.
Could it be a firewall issue or do i need to user a certificate?The FTP server sent you an alert saying that it received a bad_record_MAC from you, i.e. the client.
So there is something wrong with the client you used when it failed, or the underlying version of JSSE. Are the versions of Java the same in both cases? -
Bad_record_mac error
Hello,
I'm having a weird exception in the secure connection between weblogic
server and my client applications. A bad_record_mac error is found when
(it seems to) I'm trying to publish a JMS message.
Does anybody here have already had this or similar problem? (bad_record_mac)
What kind of things could be causing this exception? (firewall issues, dial
up
connection problems, etc.).
The stack trace is presented below.
Thanks in advance for any help.
Andre Mendonca
<STACK TRACE>
java.io.IOException: Alert: fatal bad_record_mac
at weblogic.security.SSL.SSLSocket.processAlert(SSLSocket.java:1063)
at weblogic.security.SSL.SSLSocket.processAlerts(SSLSocket.java,
Compiled Code)
at
weblogic.security.SSL.RecordInputStream.getData(RecordInputStream.java,
Compiled Code)
at
weblogic.security.SSL.RecordInputStream.read(RecordInputStream.java,
Compiled Code)
at weblogic.socket.SSLFilter.haveNextMessage(SSLFilter.java,
Compiled Code)
at
weblogic.socket.JavaSocketMuxer.processSockets(JavaSocketMuxer.java,
Compiled Code)
at
weblogic.socket.SocketReaderRequest.execute(SocketReaderRequest.java,
Compiled Code)
at weblogic.t3.srvr.ExecuteThread.run(ExecuteThread.java, Compiled
Code)
weblogic.rjvm.PeerGoneException: JVM -7325750532989658851C192.168.1.4 is
gone
at
weblogic.rmi.extensions.BasicRequest.sendReceive(BasicRequest.java,Compiled
Code)
at
weblogic.jms.common.SessionCallback_WLStub.deliver(SessionCallback_WStub.jav
a, Compiled Code)
at weblogic.jms.server.SessionState.sendCallback(SessionState.java,
Compiled Code)
at weblogic.jms.server.SessionState.deliver(SessionState.java,
Compiled Code)
at
weblogic.jms.server.SessionState.deliverMessage(SessionState.java, Compiled
Code)
at
weblogic.jms.server.TopicSessionState.deliverMessage(TopicSessionState.java,
Compiled Code)Thu Nov 16 10:16:30 EST 2000:<I> <RJVM> Closing connection to
192.168.1.4 -7325750532989658851
at
weblogic.jms.server.TopicSessionState.processOutgoingMessages(TopicSessionSt
ate.java, Compiled Code)
at weblogic.jms.server.SessionState.readQueue(SessionState.java,
Compiled Code)
at weblogic.jms.common.MessageQueue.execute(MessageQueue.java,
Compiled Code)
at weblogic.t3.srvr.ExecuteThread.run(ExecuteThread.java, Compiled
Code)
--------------- nested within: ------------------
weblogic.rmi.extensions.RemoteRuntimeException: Undeclared checked exception
- with nested exception:
[weblogic.rjvm.PeerGoneException: JVM -7325750532989658851C192.168.1.4 is
gone]
at
weblogic.jms.common.SessionCallback_WLStub.deliver(SessionCallback_WLStub.ja
va, Compiled Code)
at weblogic.jms.server.SessionState.sendCallback(SessionState.java,
Compiled Code)
at weblogic.jms.server.SessionState.deliver(SessionState.java,
Compiled Code)
at
weblogic.jms.server.SessionState.deliverMessage(SessionState.java, Compiled
Code)
at
weblogic.jms.server.TopicSessionState.deliverMessage(TopicSessionState.java,
Compiled Code)
at
weblogic.jms.server.TopicSessionState.processOutgoingMessages(TopicSessionSt
ate.java, Compiled Code)
at weblogic.jms.server.SessionState.readQueue(SessionState.java,
Compiled Code)
at weblogic.jms.common.MessageQueue.execute(MessageQueue.java,
Compiled Code)
at weblogic.t3.srvr.ExecuteThread.run(ExecuteThread.java, Compiled
Code)
Thu Nov 16 10:16:30 EST 2000:<I> <CliCon-#|myserver|8.974371980359>
Connection
o client for [CliCon: #|myserver|8.974371980359] has been unexpectedly lost
because t3s socket to -7325750532989658851C192.168.1.4 failed and could not
be reconnected.
Initiating hard disconnect.Sorry,
I forgot to say that I'm using WLS 4.5.1 SP11 and Windows NT 4.0, SP6
Thanks
"Andre Mendonca" <[email protected]> wrote in message
news:[email protected]...
Hello,
I'm having a weird exception in the secure connection between weblogic
server and my client applications. A bad_record_mac error is found when
(it seems to) I'm trying to publish a JMS message.
Does anybody here have already had this or similar problem?(bad_record_mac)
What kind of things could be causing this exception? (firewall issues,dial
up
connection problems, etc.).
The stack trace is presented below.
Thanks in advance for any help.
Andre Mendonca
<STACK TRACE>
java.io.IOException: Alert: fatal bad_record_mac
atweblogic.security.SSL.SSLSocket.processAlert(SSLSocket.java:1063)
at weblogic.security.SSL.SSLSocket.processAlerts(SSLSocket.java,
Compiled Code)
at
weblogic.security.SSL.RecordInputStream.getData(RecordInputStream.java,
Compiled Code)
at
weblogic.security.SSL.RecordInputStream.read(RecordInputStream.java,
Compiled Code)
at weblogic.socket.SSLFilter.haveNextMessage(SSLFilter.java,
Compiled Code)
at
weblogic.socket.JavaSocketMuxer.processSockets(JavaSocketMuxer.java,
Compiled Code)
at
weblogic.socket.SocketReaderRequest.execute(SocketReaderRequest.java,
Compiled Code)
at weblogic.t3.srvr.ExecuteThread.run(ExecuteThread.java, Compiled
Code)
weblogic.rjvm.PeerGoneException: JVM -7325750532989658851C192.168.1.4 is
gone
at
weblogic.rmi.extensions.BasicRequest.sendReceive(BasicRequest.java,Compiled
Code)
at
weblogic.jms.common.SessionCallback_WLStub.deliver(SessionCallback_WStub.jav
a, Compiled Code)
atweblogic.jms.server.SessionState.sendCallback(SessionState.java,
Compiled Code)
at weblogic.jms.server.SessionState.deliver(SessionState.java,
Compiled Code)
at
weblogic.jms.server.SessionState.deliverMessage(SessionState.java,Compiled
Code)
at
weblogic.jms.server.TopicSessionState.deliverMessage(TopicSessionState.java,
Compiled Code)Thu Nov 16 10:16:30 EST 2000:<I> <RJVM> Closing connectionto
192.168.1.4 -7325750532989658851
at
weblogic.jms.server.TopicSessionState.processOutgoingMessages(TopicSessionSt
ate.java, Compiled Code)
at weblogic.jms.server.SessionState.readQueue(SessionState.java,
Compiled Code)
at weblogic.jms.common.MessageQueue.execute(MessageQueue.java,
Compiled Code)
at weblogic.t3.srvr.ExecuteThread.run(ExecuteThread.java, Compiled
Code)
--------------- nested within: ------------------
weblogic.rmi.extensions.RemoteRuntimeException: Undeclared checkedexception
- with nested exception:
[weblogic.rjvm.PeerGoneException: JVM -7325750532989658851C192.168.1.4 is
gone]
at
weblogic.jms.common.SessionCallback_WLStub.deliver(SessionCallback_WLStub.ja
va, Compiled Code)
atweblogic.jms.server.SessionState.sendCallback(SessionState.java,
Compiled Code)
at weblogic.jms.server.SessionState.deliver(SessionState.java,
Compiled Code)
at
weblogic.jms.server.SessionState.deliverMessage(SessionState.java,Compiled
Code)
at
weblogic.jms.server.TopicSessionState.deliverMessage(TopicSessionState.java,
Compiled Code)
at
weblogic.jms.server.TopicSessionState.processOutgoingMessages(TopicSessionSt
ate.java, Compiled Code)
at weblogic.jms.server.SessionState.readQueue(SessionState.java,
Compiled Code)
at weblogic.jms.common.MessageQueue.execute(MessageQueue.java,
Compiled Code)
at weblogic.t3.srvr.ExecuteThread.run(ExecuteThread.java, Compiled
Code)
Thu Nov 16 10:16:30 EST 2000:<I> <CliCon-#|myserver|8.974371980359>
Connection
o client for [CliCon: #|myserver|8.974371980359] has been unexpectedlylost
because t3s socket to -7325750532989658851C192.168.1.4 failed and couldnot
be reconnected.
Initiating hard disconnect. -
Internal error int reply to ClientHello on ACE20 module with end-to-end SSL
Hello, world!
We have weird behaviour of our Cisco ACE20 module configured for end-to-end SSL (initiation+termination) - the module from time to time replies with SSLv3/TLSv1 alert "Fatal: internal error" message to the client right after client have sent 'ClientHello' SSL message. So sometimes SSL connection works and sometimes will be immediately closed due to this fatal error. The behaviour is very similar to the one described below:
CSCtc52085—After a client sends a ClientHello message, the SSL hand shake may fail with a fatal alert internal error sent by the ACE. This behavior is intermittent and may occur under the following conditions:
1. An SSL service is configured with the session-cache timeout command (session reuse).
2. SSL connections are aborted by the client after the client sends a ClientHello message to the service in condition 1 and before an internal resource state is changed. This behavior puts the internal resource in an improper state. This error is very timing sensitive.
3. The next connection that uses the internal resource in the improper state fails with a fatal alert internal error. That connection does not have to go to the service in condition 1 to experience this error because the internal resource is shared by all the SSL services.
Workaround: None.
But we have software version A2(3.1) and this bug must have been resolved in this release (at least it's listed in resolved caveats section of release notes).
Software
loader: Version 12.2[123]
system: Version A2(3.1) [build 3.0(0)A2(3.1)]
system image file: [LCP] disk0:c6ace-t1k9-mz.A2_3_1.bin
Again, we don't have session-cache timeout configured on the ACE.
On the ACE we have following stats:
ACE1/VC_UNIX# sh stats crypto server
SSL Server Statistics:
SSL alert CLOSE_NOTIFY rcvd: 0
SSL alert UNEXPECTED_MSG rcvd: 0
SSL alert BAD_RECORD_MAC rcvd: 0
SSL alert DECRYPTION_FAILED rcvd: 0
SSL alert RECORD_OVERFLOW rcvd: 0
SSL alert DECOMPRESSION_FAILED rcvd: 0
SSL alert HANDSHAKE_FAILED rcvd: 0
SSL alert NO_CERTIFICATE rcvd: 0
SSL alert BAD_CERTIFICATE rcvd: 0
SSL alert UNSUPPORTED_CERTIFICATE rcvd: 0
SSL alert CERTIFICATE_REVOKED rcvd: 0
SSL alert CERTIFICATE_EXPIRED rcvd: 0
SSL alert CERTIFICATE_UNKNOWN rcvd: 0
SSL alert ILLEGAL_PARAMETER rcvd: 0
SSL alert UNKNOWN_CA rcvd: 0
SSL alert ACCESS_DENIED rcvd: 0
SSL alert DECODE_ERROR rcvd: 0
SSL alert DECRYPT_ERROR rcvd: 0
SSL alert EXPORT_RESTRICTION rcvd: 0
SSL alert PROTOCOL_VERSION rcvd: 0
SSL alert INSUFFICIENT_SECURITY rcvd: 0
SSL alert INTERNAL_ERROR rcvd: 0
SSL alert USER_CANCELED rcvd: 0
SSL alert NO_RENEGOTIATION rcvd: 0
SSL alert CLOSE_NOTIFY sent: 0
SSL alert UNEXPECTED_MSG sent: 1
SSL alert BAD_RECORD_MAC sent: 0
SSL alert DECRYPTION_FAILED sent: 0
SSL alert RECORD_OVERFLOW sent: 0
SSL alert DECOMPRESSION_FAILED sent: 0
SSL alert HANDSHAKE_FAILED sent: 2
SSL alert NO_CERTIFICATE sent: 0
SSL alert BAD_CERTIFICATE sent: 0
SSL alert UNSUPPORTED_CERTIFICATE sent: 0
SSL alert CERTIFICATE_REVOKED sent: 0
SSL alert CERTIFICATE_EXPIRED sent: 0
SSL alert CERTIFICATE_UNKNOWN sent: 0
SSL alert ILLEGAL_PARAMETER sent: 0
SSL alert UNKNOWN_CA sent: 0
SSL alert ACCESS_DENIED sent: 0
SSL alert DECODE_ERROR sent: 0
SSL alert DECRYPT_ERROR sent: 0
SSL alert EXPORT_RESTRICTION sent: 0
SSL alert PROTOCOL_VERSION sent: 0
SSL alert INSUFFICIENT_SECURITY sent: 0
SSL alert INTERNAL_ERROR sent: 16
SSL alert USER_CANCELED sent: 0
SSL alert NO_RENEGOTIATION sent: 0
SSLv2 client hello received: 0
SSLv3 client hello received: 0
TLSv1 client hello received: 68
SSLv3 negotiated protocol: 0
TLSv1 negotiated protocol: 68
SSLv3 full handshakes: 0
SSLv3 resumed handshakes: 0
Cipher sslv3_rsa_rc4_128_md5: 0
Cipher sslv3_rsa_rc4_128_sha: 0
Cipher sslv3_rsa_des_cbc_sha: 0
Cipher sslv3_rsa_3des_ede_cbc_sha: 0
Cipher sslv3_rsa_exp_rc4_40_md5: 0
Cipher sslv3_rsa_exp_des40_cbc_sha: 0
Cipher sslv3_rsa_exp1024_rc4_56_md5: 0
Cipher sslv3_rsa_exp1024_des_cbc_sha: 0
Cipher sslv3_rsa_exp1024_rc4_56_sha: 0
Cipher sslv3_rsa_aes_128_cbc_sha: 0
Cipher sslv3_rsa_aes_256_cbc_sha: 0
TLSv1 full handshakes: 33
TLSv1 resumed handshakes: 0
Cipher tlsv1_rsa_rc4_128_md5: 68
Cipher tlsv1_rsa_rc4_128_sha: 0
Cipher tlsv1_rsa_des_cbc_sha: 0
Cipher tlsv1_rsa_3des_ede_cbc_sha: 0
Cipher tlsv1_rsa_exp_rc4_40_md5: 0
Cipher tlsv1_rsa_exp_des40_cbc_sha: 0
Cipher tlsv1_rsa_exp1024_rc4_56_md5: 0
Cipher tlsv1_rsa_exp1024_des_cbc_sha: 0
Cipher tlsv1_rsa_exp1024_rc4_56_sha: 0
Cipher tlsv1_rsa_aes_128_cbc_sha: 0
Cipher tlsv1_rsa_aes_256_cbc_sha: 0
Total SSL client authentications: 0
Failed SSL client authentications: 0
SSL authentication cache hits: 0
SSL static CRL lookups: 0
SSL best effort CRL lookups: 0
SSL CRL lookup cache hits: 0
SSL revoked certificates: 0
Total SSL server authentications: 0
Failed SSL server authentications: 0
Session headers extracted: 0
Session headers failed: 0
Server cert headers extracted: 0
Server cert headers failed: 0
Client cert headers extracted: 0
Client cert headers failed: 0
Headers truncated: 0
Redirects due to cert not yet valid: 0
Redirects due to cert expired: 0
Redirects due to unknown issuer cert: 0
Redirects due to cert revoked: 0
Redirects due to no client cert: 0
Redirects due to no CRL available: 0
Redirects due to expired CRL: 0
Redirects due to bad cert signature: 0
Redirects due to other cert error: 0
Internal error: 27
Handshake FlushRX operations: 0
Handshake FlushTX operations: 0
Xscale messages rcvd from ME: 1313330
Xscale messages sent to ME: 2041768
Finish msg split across ssl recs: 0
Fasttx msg ring full: 0
SSL_ME tx msg ring full: 0
N2 encrypt_record: 0
N2 decrypt_record: 144433
N2 random: 439915
N2 handshake_hash: 878094
N2 hash: 0
N2 gpop_master: 291164
N2 gpop_import_master_secret: 5
N2 gpop_pkcs1v15enc: 144430
N2 gpop_pkcs1v15enc_crt: 0
N2 gpop_finish: 291140
N2 gpop_verify: 0
N2 gpop_pkcs1v15dec: 0
N2 gpop_pkcs1v15dec_crt: 146752
N2 rsa_server_full: 15
N2 resume: 12
UXP A: 24576
UXP B: 0
The "Internal error" counter increases with failed connections.
Printscreen from wireshark attached.
Maybe someone has the problem like ours? I have no idea how to troubleshoot these "internal errors"... :-(
Thanks for your replies.Thanks for your reply.
The problem is not server-related, I have exactly the same situation if I do SSL termination only, with unencrypted connection between ACE and backend servers (another servers, with blank apache installed and listening on 443 port for non-SSL traffic) - generally speaking, it works, but often with these "internal errors" - not suitable for production.
Here is the output from the commands
# show np 1 me-stats -E0
SSL Server Statistics:
SSL alert CLOSE_NOTIFY rcvd: 0
SSL alert UNEXPECTED_MSG rcvd: 0
SSL alert BAD_RECORD_MAC rcvd: 0
SSL alert DECRYPTION_FAILED rcvd: 0
SSL alert RECORD_OVERFLOW rcvd: 0
SSL alert DECOMPRESSION_FAILED rcvd: 0
SSL alert HANDSHAKE_FAILED rcvd: 0
SSL alert NO_CERTIFICATE rcvd: 0
SSL alert BAD_CERTIFICATE rcvd: 0
SSL alert UNSUPPORTED_CERTIFICATE rcvd: 0
SSL alert CERTIFICATE_REVOKED rcvd: 0
SSL alert CERTIFICATE_EXPIRED rcvd: 0
SSL alert CERTIFICATE_UNKNOWN rcvd: 0
SSL alert ILLEGAL_PARAMETER rcvd: 0
SSL alert UNKNOWN_CA rcvd: 0
SSL alert ACCESS_DENIED rcvd: 0
SSL alert DECODE_ERROR rcvd: 0
SSL alert DECRYPT_ERROR rcvd: 0
SSL alert EXPORT_RESTRICTION rcvd: 0
SSL alert PROTOCOL_VERSION rcvd: 0
SSL alert INSUFFICIENT_SECURITY rcvd: 0
SSL alert INTERNAL_ERROR rcvd: 0
SSL alert USER_CANCELED rcvd: 0
SSL alert NO_RENEGOTIATION rcvd: 0
SSL alert CLOSE_NOTIFY sent: 0
SSL alert UNEXPECTED_MSG sent: 0
SSL alert BAD_RECORD_MAC sent: 0
SSL alert DECRYPTION_FAILED sent: 0
SSL alert RECORD_OVERFLOW sent: 0
SSL alert DECOMPRESSION_FAILED sent: 0
SSL alert HANDSHAKE_FAILED sent: 0
SSL alert NO_CERTIFICATE sent: 0
SSL alert BAD_CERTIFICATE sent: 0
SSL alert UNSUPPORTED_CERTIFICATE sent: 0
SSL alert CERTIFICATE_REVOKED sent: 0
SSL alert CERTIFICATE_EXPIRED sent: 0
SSL alert CERTIFICATE_UNKNOWN sent: 0
SSL alert ILLEGAL_PARAMETER sent: 0
SSL alert UNKNOWN_CA sent: 0
SSL alert ACCESS_DENIED sent: 0
SSL alert DECODE_ERROR sent: 0
SSL alert DECRYPT_ERROR sent: 0
SSL alert EXPORT_RESTRICTION sent: 0
SSL alert PROTOCOL_VERSION sent: 0
SSL alert INSUFFICIENT_SECURITY sent: 0
SSL alert INTERNAL_ERROR sent: 0
SSL alert USER_CANCELED sent: 0
SSL alert NO_RENEGOTIATION sent: 0
SSLv2 client hello received: 0
SSLv3 client hello received: 0
TLSv1 client hello received: 0
SSLv3 negotiated protocol: 0
TLSv1 negotiated protocol: 0
SSLv3 full handshakes: 0
SSLv3 resumed handshakes: 0
Cipher sslv3_rsa_rc4_128_md5: 0
Cipher sslv3_rsa_rc4_128_sha: 0
Cipher sslv3_rsa_des_cbc_sha: 0
Cipher sslv3_rsa_3des_ede_cbc_sha: 0
Cipher sslv3_rsa_exp_rc4_40_md5: 0
Cipher sslv3_rsa_exp_des40_cbc_sha: 0
Cipher sslv3_rsa_exp1024_rc4_56_md5: 0
Cipher sslv3_rsa_exp1024_des_cbc_sha: 0
Cipher sslv3_rsa_exp1024_rc4_56_sha: 0
Cipher sslv3_rsa_aes_128_cbc_sha: 0
Cipher sslv3_rsa_aes_256_cbc_sha: 0
TLSv1 full handshakes: 0
TLSv1 resumed handshakes: 0
Cipher tlsv1_rsa_rc4_128_md5: 0
Cipher tlsv1_rsa_rc4_128_sha: 0
Cipher tlsv1_rsa_des_cbc_sha: 0
Cipher tlsv1_rsa_3des_ede_cbc_sha: 0
Cipher tlsv1_rsa_exp_rc4_40_md5: 0
Cipher tlsv1_rsa_exp_des40_cbc_sha: 0
Cipher tlsv1_rsa_exp1024_rc4_56_md5: 0
Cipher tlsv1_rsa_exp1024_des_cbc_sha: 0
Cipher tlsv1_rsa_exp1024_rc4_56_sha: 0
Cipher tlsv1_rsa_aes_128_cbc_sha: 0
Cipher tlsv1_rsa_aes_256_cbc_sha: 0
Total SSL client authentications: 0
Failed SSL client authentications: 0
SSL authentication cache hits: 0
SSL static CRL lookups: 0
SSL best effort CRL lookups: 0
SSL CRL lookup cache hits: 0
SSL revoked certificates: 0
Total SSL server authentications: 0
Failed SSL server authentications: 0
Session headers extracted: 0
Session headers failed: 0
Server cert headers extracted: 0
Server cert headers failed: 0
Client cert headers extracted: 0
Client cert headers failed: 0
Headers truncated: 0
Redirects due to cert not yet valid: 0
Redirects due to cert expired: 0
Redirects due to unknown issuer cert: 0
Redirects due to cert revoked: 0
Redirects due to no client cert: 0
Redirects due to no CRL available: 0
Redirects due to expired CRL: 0
Redirects due to bad cert signature: 0
Redirects due to other cert error: 0
Internal error: 0
SSL Client Statistics:
SSL alert CLOSE_NOTIFY rcvd: 0
SSL alert UNEXPECTED_MSG rcvd: 0
SSL alert BAD_RECORD_MAC rcvd: 0
SSL alert DECRYPTION_FAILED rcvd: 0
SSL alert RECORD_OVERFLOW rcvd: 0
SSL alert DECOMPRESSION_FAILED rcvd: 0
SSL alert HANDSHAKE_FAILED rcvd: 0
SSL alert NO_CERTIFICATE rcvd: 0
SSL alert BAD_CERTIFICATE rcvd: 0
SSL alert UNSUPPORTED_CERTIFICATE rcvd: 0
SSL alert CERTIFICATE_REVOKED rcvd: 0
SSL alert CERTIFICATE_EXPIRED rcvd: 0
SSL alert CERTIFICATE_UNKNOWN rcvd: 0
SSL alert ILLEGAL_PARAMETER rcvd: 0
SSL alert UNKNOWN_CA rcvd: 0
SSL alert ACCESS_DENIED rcvd: 0
SSL alert DECODE_ERROR rcvd: 0
SSL alert DECRYPT_ERROR rcvd: 0
SSL alert EXPORT_RESTRICTION rcvd: 0
SSL alert PROTOCOL_VERSION rcvd: 0
SSL alert INSUFFICIENT_SECURITY rcvd: 0
SSL alert INTERNAL_ERROR rcvd: 0
SSL alert USER_CANCELED rcvd: 0
SSL alert NO_RENEGOTIATION rcvd: 0
SSL alert CLOSE_NOTIFY sent: 0
SSL alert UNEXPECTED_MSG sent: 4108
SSL alert BAD_RECORD_MAC sent: 0
SSL alert DECRYPTION_FAILED sent: 0
SSL alert RECORD_OVERFLOW sent: 0
SSL alert DECOMPRESSION_FAILED sent: 0
SSL alert HANDSHAKE_FAILED sent: 63355
SSL alert NO_CERTIFICATE sent: 0
SSL alert BAD_CERTIFICATE sent: 0
SSL alert UNSUPPORTED_CERTIFICATE sent: 0
SSL alert CERTIFICATE_REVOKED sent: 0
SSL alert CERTIFICATE_EXPIRED sent: 0
SSL alert CERTIFICATE_UNKNOWN sent: 0
SSL alert ILLEGAL_PARAMETER sent: 0
SSL alert UNKNOWN_CA sent: 0
SSL alert ACCESS_DENIED sent: 0
SSL alert DECODE_ERROR sent: 0
SSL alert DECRYPT_ERROR sent: 0
SSL alert EXPORT_RESTRICTION sent: 0
SSL alert PROTOCOL_VERSION sent: 0
SSL alert INSUFFICIENT_SECURITY sent: 0
SSL alert INTERNAL_ERROR sent: 37662
SSL alert USER_CANCELED sent: 0
SSL alert NO_RENEGOTIATION sent: 0
SSLv2 client hello received: 0
SSLv3 client hello received: 0
TLSv1 client hello received: 0
SSLv3 negotiated protocol: 0
TLSv1 negotiated protocol: 4062020
SSLv3 full handshakes: 0
SSLv3 resumed handshakes: 0
Cipher sslv3_rsa_rc4_128_md5: 0
Cipher sslv3_rsa_rc4_128_sha: 0
Cipher sslv3_rsa_des_cbc_sha: 0
Cipher sslv3_rsa_3des_ede_cbc_sha: 0
Cipher sslv3_rsa_exp_rc4_40_md5: 0
Cipher sslv3_rsa_exp_des40_cbc_sha: 0
Cipher sslv3_rsa_exp1024_rc4_56_md5: 0
Cipher sslv3_rsa_exp1024_des_cbc_sha: 0
Cipher sslv3_rsa_exp1024_rc4_56_sha: 0
Cipher sslv3_rsa_aes_128_cbc_sha: 0
Cipher sslv3_rsa_aes_256_cbc_sha: 0
TLSv1 full handshakes: 4015344
TLSv1 resumed handshakes: 0
Cipher tlsv1_rsa_rc4_128_md5: 0
Cipher tlsv1_rsa_rc4_128_sha: 0
Cipher tlsv1_rsa_des_cbc_sha: 0
Cipher tlsv1_rsa_3des_ede_cbc_sha: 0
Cipher tlsv1_rsa_exp_rc4_40_md5: 0
Cipher tlsv1_rsa_exp_des40_cbc_sha: 0
Cipher tlsv1_rsa_exp1024_rc4_56_md5: 0
Cipher tlsv1_rsa_exp1024_des_cbc_sha: 0
Cipher tlsv1_rsa_exp1024_rc4_56_sha: 0
Cipher tlsv1_rsa_aes_128_cbc_sha: 4062020
Cipher tlsv1_rsa_aes_256_cbc_sha: 0
Total SSL client authentications: 0
Failed SSL client authentications: 0
SSL authentication cache hits: 4059147
SSL static CRL lookups: 0
SSL best effort CRL lookups: 0
SSL CRL lookup cache hits: 0
SSL revoked certificates: 0
Total SSL server authentications: 4059888
Failed SSL server authentications: 0
Session headers extracted: 0
Session headers failed: 0
Server cert headers extracted: 0
Server cert headers failed: 0
Client cert headers extracted: 0
Client cert headers failed: 0
Headers truncated: 0
Redirects due to cert not yet valid: 0
Redirects due to cert expired: 0
Redirects due to unknown issuer cert: 0
Redirects due to cert revoked: 0
Redirects due to no client cert: 0
Redirects due to no CRL available: 0
Redirects due to expired CRL: 0
Redirects due to bad cert signature: 0
Redirects due to other cert error: 0
Internal error: 20380
Handshake FlushRX operations: 0
Handshake FlushTX operations: 0
Xscale messages rcvd from ME: 12092768
Xscale messages sent to ME: 0x0176adac
Finish msg split across ssl recs: 0
Fasttx msg ring full: 0
SSL_ME tx msg ring full: 0
N2 encrypt_record: 0
N2 decrypt_record: 4015344
N2 random: 8148797
N2 handshake_hash: 4322635
N2 hash: 0
N2 gpop_master: 4041700
N2 gpop_import_master_secret: 0
N2 gpop_pkcs1v15enc: 4041700
N2 gpop_pkcs1v15enc_crt: 0
N2 gpop_finish: 4031710
N2 gpop_verify: 0
N2 gpop_pkcs1v15dec: 0
N2 gpop_pkcs1v15dec_crt: 0
N2 rsa_server_full: 0
N2 resume: 0
UXP A: 24576
UXP B: 0
# show np 1 me-stats "-shttp -v"
HTTP Statistics (Current)
Unknown msgs received: 0 0
Data rx msgs received: 288293958 4
TCP proxy rx msgs received: 9816884 1
Ack trigger rx msgs received: 0 0
TCP event rx msgs received: 52961189 2
Dest decision tx msgs received: 55155089 1
LB dest decision tx msgs received: 0 0
Close tx msgs received: 83942817 0
Inspect allow tx msgs received: 0 0
Inspect drop tx msgs received: 0 0
DRAM blocks read: 577612022 16
Buffers dropped: 2702255 0
Regex states read: 38438408 25
Unproxy cancellations: 0 0
Redundant closes: 2990271 0
Internal errors: 0 0
Conn mismatch errors: 2748628 0
Exception with close: 6 0
Dest errors: 1 0
Total Packet count (Tx & Rx): 490169937 8
Stop regex: 12 0
(Context 5 Statistics)
Parse result LB msgs sent: 121180 0
Drop: LB queue full: 0 0
Parse result Inspect msgs sent: 0 0
Drop: Inspect queue full: 0 0
TCP data msgs sent: 96215 0
TCP queue full: 0 0
SSL data msgs sent: 516306 0
SSL queue full: 0 0
TCP fin msgs sent: 939 0
TCP rst msgs sent: 147 0
SSL fin msgs sent: 102907 0
SSL rst msgs sent: 38548 0
Bounced fin msgs sent: 1481 0
Bounced rst msgs sent: 2 0
Unproxy msgs sent: 25333 0
Drain msgs sent: 113966 0
Reuse msgs sent: 2304 0
Particles read: 1448314 0
HTTP requests: 121688 0
Reproxied requests: 17680 0
Headers inserted: 3825 0
Headers removed: 51 0
Headers rewritten: 0 0
HTTP redirects: 0 0
HTTP chunks: 42154 0
Unproxy conns: 25325 0
Pipelined requests: 0 0
Pipeline flushes: 0 0
Whitespace appends: 0 0
Response entries recycled: 24493 0
Second pass parsing: 0 0
Vserver mismatch errors: 5 0
Analysis errors: 0 0
Static parse errors: 20 0
Max parselen errors: 0 0
Resource errors: 75 0
Invalid path errors: 0 0
Bad HTTP version errors: 0 0
Header insert errors: 75 0
Header rewrite errors: 0 0
Invalid policy errors: 0 0
Invalid rserver errors: 0 0
Recycled requests: 0 0
SSL header insert success: 0 0
SSL header insert errors: 0 0
SSL spoof header deleted: 0 0
Drop: RST pipelined request: 0 0
There's nothing in ACE logs.
Forgot to mention - we are running ACE in one-arm mode, but I don't believe it makes a difference. -
ACE SSL terminate not working ... please help
Hello, I configured cisco ace 4710 with ssl-proxy and it is not working, but http://10.1.40.2 and http://10.1.40.3 is OK. When i put https://10.1.41.20 the output is: "There is a problem with this website's security certificate", so i click in "Continue to this website (not recommended)" and the ace dont balance the output show error "Internet Explorer cannot display the webpage".
The configuration:
ace-demo/Admin# sh run
Generating configuration....
boot system image:c4710ace-mz.A3_2_4.bin
boot system image:c4710ace-mz.A3_2_1.bin
login timeout 0
hostname ace-demo
interface gigabitEthernet 1/1
channel-group 1
no shutdown
interface gigabitEthernet 1/2
channel-group 1
no shutdown
interface gigabitEthernet 1/3
channel-group 1
no shutdown
interface gigabitEthernet 1/4
channel-group 1
no shutdown
interface port-channel 1
switchport trunk allowed vlan 400-401,450
no shutdown
crypto csr-params testparams
country PE
state Lima
locality Lima
organization-name TI
organization-unit TI
common-name www.yyy.com
serial-number 1000
access-list anyone line 8 extended permit ip any any
access-list anyone line 16 extended permit icmp any any
parameter-map type ssl sslparams
cipher RSA_WITH_RC4_128_MD5
version SSL3
rserver host rsrv1
ip address 10.1.40.2
inservice
rserver host rsrv2
ip address 10.1.40.3
inservice
serverfarm host farm-demo
rserver rsrv1
inservice
rserver rsrv2
inservice
serverfarm host site-A
rserver rsrv1
inservice
serverfarm host site-B
rserver rsrv2
inservice
ssl-proxy service testssl
key testkey.key
cert testcert.pem
ssl advanced-options sslparams
class-map type management match-any MGMT
2 match protocol icmp any
3 match protocol http any
4 match protocol https any
5 match protocol snmp any
6 match protocol telnet any
7 match protocol ssh any
class-map match-any VIP
6 match virtual-address 10.1.41.10 any
class-map type generic match-any WAN-site-A
2 match source-address 192.168.10.106 255.255.255.255
3 match source-address 192.168.10.125 255.255.255.255
class-map type generic match-any WAN-site-B
2 match source-address 192.168.10.96 255.255.255.255
3 match source-address 192.168.10.93 255.255.255.255
class-map type management match-any icmp
2 match protocol icmp any
class-map match-any vip-ssl-10.1.41.20
2 match virtual-address 10.1.41.20 tcp eq https
policy-map type management first-match ICMP
class icmp
permit
policy-map type management first-match MGMT
class MGMT
permit
policy-map type loadbalance first-match vip-ssl-10.1.41.20
class class-default
serverfarm farm-demo
policy-map type loadbalance generic first-match lb-server
class WAN-site-A
serverfarm site-A
class WAN-site-B
serverfarm site-B
class class-default
serverfarm farm-demo
policy-map multi-match client-side
class VIP
loadbalance vip inservice
loadbalance policy lb-server
policy-map multi-match lb-vip
class vip-ssl-10.1.41.20
loadbalance vip inservice
loadbalance policy vip-ssl-10.1.41.20
loadbalance vip icmp-reply
ssl-proxy server testssl
interface vlan 400
description side-server
ip address 10.1.40.1 255.255.255.0
access-group input anyone
service-policy input ICMP
no shutdown
interface vlan 401
description side-client
ip address 10.1.41.1 255.255.255.0
access-group input anyone
access-group output anyone
service-policy input ICMP
service-policy input client-side
service-policy input lb-vip
no shutdown
interface vlan 450
description mgmt
ip address 10.1.45.1 255.255.255.0
access-group input anyone
service-policy input MGMT
no shutdown
ip route 192.168.10.0 255.255.255.0 10.1.45.10
And the proof:
ace-demo/Admin# sh serverfarm farm-demo
serverfarm : farm-demo, type: HOST
total rservers : 2
----------connections-----------
real weight state current total failures
---+---------------------+------+------------+----------+----------+---------
rserver: rsrv1
10.1.40.2:0 8 OPERATIONAL 0 25 19
rserver: rsrv2
10.1.40.3:0 8 OPERATIONAL 0 23 18
ace-demo/Admin# sh crypto files
Filename File File Expor Key/
Size Type table Cert
admin 887 PEM Yes KEY
testcert.pem 709 PEM Yes CERT
testkey.key 497 PEM Yes KEY
ace-demo/Admin#
ace-demo/Admin# sh service-policy lb-vip class-map vip-ssl-10.1.41.20
Status : ACTIVE
Interface: vlan 1 401
service-policy: lb-vip
class: vip-ssl-10.1.41.20
ssl-proxy server: testssl
loadbalance:
L7 loadbalance policy: vip-ssl-10.1.41.20
VIP ICMP Reply : ENABLED
VIP State: INSERVICE
Persistence Rebalance: DISABLED
curr conns : 0 , hit count : 38
dropped conns : 18
client pkt count : 159 , client byte count: 12576
server pkt count : 16 , server byte count: 640
conn-rate-limit : 0 , drop-count : 0
bandwidth-rate-limit : 0 , drop-count : 0
compression:
bytes_in : 0
bytes_out : 0
Compression ratio : 0.00%
in other time:
ace-demo/Admin# sh service-policy lb-vip class-map vip-ssl-10.1.41.20
Status : ACTIVE
Interface: vlan 1 401
service-policy: lb-vip
class: vip-ssl-10.1.41.20
ssl-proxy server: testssl
loadbalance:
L7 loadbalance policy: vip-ssl-10.1.41.20
VIP ICMP Reply : ENABLED
VIP State: INSERVICE
Persistence Rebalance: DISABLED
curr conns : 0 , hit count : 170
dropped conns : 89
client pkt count : 703 , client byte count: 60089
server pkt count : 85 , server byte count: 3400
conn-rate-limit : 0 , drop-count : 0
bandwidth-rate-limit : 0 , drop-count : 0
compression:
bytes_in : 0
bytes_out : 0
Compression ratio : 0.00%
ace-demo/Admin#
ace-demo/Admin# sh stats crypto server
+----------------------------------------------+
+---- Crypto server termination statistics ----+
+----------------------------------------------+
SSLv3 negotiated protocol: 43
TLSv1 negotiated protocol: 0
SSLv3 full handshakes: 37
SSLv3 resumed handshakes: 0
SSLv3 rehandshakes: 0
TLSv1 full handshakes: 0
TLSv1 resumed handshakes: 0
TLSv1 rehandshakes: 0
SSLv3 handshake failures: 6
SSLv3 failures during data phase: 0
TLSv1 handshake failures: 0
TLSv1 failures during data phase: 0
Handshake Timeouts: 0
total transactions: 0
SSLv3 active connections: 0
SSLv3 connections in handshake phase: 0
SSLv3 conns in renegotiation phase: 0
SSLv3 connections in data phase: 0
TLSv1 active connections: 0
TLSv1 connections in handshake phase: 0
TLSv1 conns in renegotiation phase: 0
TLSv1 connections in data phase: 0
+----------------------------------------------+
+------- Crypto server alert statistics -------+
+----------------------------------------------+
SSL alert CLOSE_NOTIFY rcvd: 0
SSL alert UNEXPECTED_MSG rcvd: 0
SSL alert BAD_RECORD_MAC rcvd: 0
SSL alert DECRYPTION_FAILED rcvd: 0
SSL alert RECORD_OVERFLOW rcvd: 0
SSL alert DECOMPRESSION_FAILED rcvd: 0
SSL alert HANDSHAKE_FAILED rcvd: 0
SSL alert NO_CERTIFICATE rcvd: 0
SSL alert BAD_CERTIFICATE rcvd: 0
SSL alert UNSUPPORTED_CERTIFICATE rcvd: 0
SSL alert CERTIFICATE_REVOKED rcvd: 0
SSL alert CERTIFICATE_EXPIRED rcvd: 0
SSL alert CERTIFICATE_UNKNOWN rcvd: 6
SSL alert ILLEGAL_PARAMETER rcvd: 0
SSL alert UNKNOWN_CA rcvd: 0
SSL alert ACCESS_DENIED rcvd: 0
SSL alert DECODE_ERROR rcvd: 0
SSL alert DECRYPT_ERROR rcvd: 0
SSL alert EXPORT_RESTRICTION rcvd: 0
SSL alert PROTOCOL_VERSION rcvd: 0
SSL alert INSUFFICIENT_SECURITY rcvd: 0
SSL alert INTERNAL_ERROR rcvd: 0
SSL alert USER_CANCELED rcvd: 0
SSL alert NO_RENEGOTIATION rcvd: 0
SSL alert CLOSE_NOTIFY sent: 0
SSL alert UNEXPECTED_MSG sent: 0
SSL alert BAD_RECORD_MAC sent: 0
SSL alert DECRYPTION_FAILED sent: 0
SSL alert RECORD_OVERFLOW sent: 0
SSL alert DECOMPRESSION_FAILED sent: 0
SSL alert HANDSHAKE_FAILED sent: 0
SSL alert NO_CERTIFICATE sent: 0
SSL alert BAD_CERTIFICATE sent: 0
SSL alert UNSUPPORTED_CERTIFICATE sent: 0
SSL alert CERTIFICATE_REVOKED sent: 0
SSL alert CERTIFICATE_EXPIRED sent: 0
SSL alert CERTIFICATE_UNKNOWN sent: 0
SSL alert ILLEGAL_PARAMETER sent: 0
SSL alert UNKNOWN_CA sent: 0
SSL alert ACCESS_DENIED sent: 0
SSL alert DECODE_ERROR sent: 0
SSL alert DECRYPT_ERROR sent: 0
SSL alert EXPORT_RESTRICTION sent: 0
SSL alert PROTOCOL_VERSION sent: 47
SSL alert INSUFFICIENT_SECURITY sent: 0
SSL alert INTERNAL_ERROR sent: 0
SSL alert USER_CANCELED sent: 0
SSL alert NO_RENEGOTIATION sent: 0
+-----------------------------------------------+
+--- Crypto server authentication statistics ---+
+-----------------------------------------------+
Total SSL client authentications: 0
Failed SSL client authentications: 0
SSL client authentication cache hits: 0
SSL static CRL lookups: 0
SSL best effort CRL lookups: 0
SSL CRL lookup cache hits: 0
SSL revoked certificates: 0
Total SSL server authentications: 0
Failed SSL server authentications: 0
+-----------------------------------------------+
+------- Crypto server cipher statistics -------+
+-----------------------------------------------+
Cipher sslv3_rsa_rc4_128_md5: 43
Cipher sslv3_rsa_rc4_128_sha: 0
Cipher sslv3_rsa_des_cbc_sha: 0
Cipher sslv3_rsa_3des_ede_cbc_sha: 0
Cipher sslv3_rsa_exp_rc4_40_md5: 0
Cipher sslv3_rsa_exp_des40_cbc_sha: 0
Cipher sslv3_rsa_exp1024_rc4_56_md5: 0
Cipher sslv3_rsa_exp1024_des_cbc_sha: 0
Cipher sslv3_rsa_exp1024_rc4_56_sha: 0
Cipher sslv3_rsa_aes_128_cbc_sha: 0
Cipher sslv3_rsa_aes_256_cbc_sha: 0
Cipher tlsv1_rsa_rc4_128_md5: 0
Cipher tlsv1_rsa_rc4_128_sha: 0
Cipher tlsv1_rsa_des_cbc_sha: 0
Cipher tlsv1_rsa_3des_ede_cbc_sha: 0
Cipher tlsv1_rsa_exp_rc4_40_md5: 0
Cipher tlsv1_rsa_exp_des40_cbc_sha: 0
Cipher tlsv1_rsa_exp1024_rc4_56_md5: 0
Cipher tlsv1_rsa_exp1024_des_cbc_sha: 0
Cipher tlsv1_rsa_exp1024_rc4_56_sha: 0
Cipher tlsv1_rsa_aes_128_cbc_sha: 0
Cipher tlsv1_rsa_aes_256_cbc_sha: 0
ace-demo/Admin# crypto verify testkey.key testcert.pem
Keypair in testkey.key matches certificate in testcert.pem.
ace-demo/Admin#
ace-demo/Admin# sh conn
total current connections : 0
conn-id np dir proto vlan source destination state
----------+--+---+-----+----+---------------------+---------------------+------+Hello Alvaro,
The issue here is that your config is missing the clear text port the ACE should use to send the traffic to the backend servers; in this case port 80.
Remove the rservers from the SF "farm-demo" and then configure them back like this:
serverfarm host farm-demo
rserver rsrv1 80
inservice
rserver rsrv2 80
inservice
That should do the trick =)
HTH
Pablo -
Issue with configuring RSA 9.1 connector
Oracle Web logic Version 10.3.0.0
JDK JDK160_10
Oracle Identity Manager 9.1.0.2 bp11
OIM OS Windows 2003-R2-sp2-64bit
Processor AMD
RSA OS Windows 2003-R2-sp2-64bit
Processor AMD
JDK JDK150_04
RSA Auth manager 7.1
Could not communicate with the target system. javax.net.ssl.SSLException: Received fatal alert: bad_record_mac
These are the SSL logs from xel-log when I try to run a schedule task RSA recon.
2010-10-06 08:21:18,118 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.rsaauthmgr.usermgmt.tasks.RSALookupRecon : init():: STARTED
2010-10-06 08:21:18,118 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.common.vo.ITResource : ITResource:: STARTED
2010-10-06 08:21:18,149 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.common.vo.ITResource : ITResource : IT Resource Key :142
2010-10-06 08:21:18,165 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.common.vo.ITResource : ITResource:: FINISHED
2010-10-06 08:21:18,196 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.common.dao.OIMUtil : OIMUtil():: STARTED
2010-10-06 08:21:18,212 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.common.dao.OIMUtil : OIMUtil():: FINISHED
2010-10-06 08:21:18,212 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.common.dao.OIMUtil : getLookUpMap():: STARTED
2010-10-06 08:21:18,212 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.common.dao.OIMUtil : getLookUpMap() : LookUpName : Lookup.RSA.AuthManager.Configuration
2010-10-06 08:21:18,243 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.common.dao.OIMUtil : getLookUpMap():: FINISHED
2010-10-06 08:21:18,243 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.common.dao.OIMUtil : getLookUpMap():: STARTED
2010-10-06 08:21:18,243 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.common.dao.OIMUtil : getLookUpMap() : LookUpName : Lookup.RSA.AuthManager.LookupReconMapping
2010-10-06 08:21:18,259 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.common.dao.OIMUtil : getLookUpMap():: FINISHED
2010-10-06 08:21:18,259 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.common.dao.OIMUtil : getLookUpMap():: STARTED
2010-10-06 08:21:18,259 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.common.dao.OIMUtil : getLookUpMap() : LookUpName : Lookup.RSA.AuthManager.Constants
2010-10-06 08:21:18,274 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.common.dao.OIMUtil : getLookUpMap():: FINISHED
2010-10-06 08:21:18,274 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.common.dao.OIMUtil : getLookUpMap():: STARTED
2010-10-06 08:21:18,274 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.common.dao.OIMUtil : getLookUpMap() : LookUpName : Lookup.RSA.AuthManager.ITResourceMapping
2010-10-06 08:21:18,290 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.common.dao.OIMUtil : getLookUpMap():: FINISHED
2010-10-06 08:21:18,290 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.common.vo.ScheduledTask : getScheduledTaskDetails():: STARTED
2010-10-06 08:21:18,306 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.common.vo.ScheduledTask : getScheduleTaskKey():: STARTED
2010-10-06 08:21:18,337 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.common.vo.ScheduledTask : getScheduleTaskKey():: FINISHED
2010-10-06 08:21:18,352 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.common.vo.ScheduledTask : getScheduledTaskDetails():: FINISHED
2010-10-06 08:21:18,352 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.common.vo.ScheduledTask : validateMandatoryTaskAttrs():: STARTED
2010-10-06 08:21:18,352 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.common.vo.ScheduledTask : validateMandatoryTaskAttrs():: FINISHED
2010-10-06 08:21:18,352 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.common.dao.OIMUtil : getITResourceKey():: STARTED
2010-10-06 08:21:18,352 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.common.dao.OIMUtil : getITResourceKey() : ITResource Name = RSA Server Instance
2010-10-06 08:21:18,368 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.common.dao.OIMUtil : getITResourceKey() : tcresultSet.getRowCount() = 1
2010-10-06 08:21:18,368 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.common.dao.OIMUtil : getITResourceKey():: FINISHED
2010-10-06 08:21:18,368 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.common.vo.ITResource : validateMandatoryITResource():: STARTED
2010-10-06 08:21:18,368 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.common.vo.ITResource : validateMandatoryITResource():: FINISHED
2010-10-06 08:21:18,368 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.rsaauthmgr.usermgmt.tasks.RSALookupRecon : execute():: STARTED
2010-10-06 08:21:18,384 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.rsaauthmgr.common.connection.RSAConnection : createConnection():: STARTED
2010-10-06 08:21:18,384 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.rsaauthmgr.common.connection.RSAConnection : createConnection() : Setting connection properties...
2010-10-06 08:21:18,384 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.rsaauthmgr.common.connection.RSAConnection : createConnection() : Bean Method: SecurityPrincipal
2010-10-06 08:21:18,384 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.common.util.Util : getMethodName:: STARTED
2010-10-06 08:21:18,384 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.common.util.Util : getMethodName:: FINISHED
2010-10-06 08:21:18,384 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.rsaauthmgr.common.connection.RSAConnection : createConnection() : Method name: setSecurityPrincipal
2010-10-06 08:21:18,384 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.rsaauthmgr.common.connection.RSAConnection : createConnection() : Bean Method: SecurityCredentials
2010-10-06 08:21:18,384 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.common.util.Util : getMethodName:: STARTED
2010-10-06 08:21:18,384 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.common.util.Util : getMethodName:: FINISHED
2010-10-06 08:21:18,384 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.rsaauthmgr.common.connection.RSAConnection : createConnection() : Method name: setSecurityCredentials
2010-10-06 08:21:18,384 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.rsaauthmgr.common.connection.RSAConnection : createConnection() : Bean Method: InitialContextFactory
2010-10-06 08:21:18,384 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.common.util.Util : getMethodName:: STARTED
2010-10-06 08:21:18,384 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.common.util.Util : getMethodName:: FINISHED
2010-10-06 08:21:18,384 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.rsaauthmgr.common.connection.RSAConnection : createConnection() : Method name: setInitialContextFactory
2010-10-06 08:21:18,384 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.rsaauthmgr.common.connection.RSAConnection : createConnection() : Bean Method: ProviderURL
2010-10-06 08:21:18,384 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.common.util.Util : getMethodName:: STARTED
2010-10-06 08:21:18,384 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.common.util.Util : getMethodName:: FINISHED
2010-10-06 08:21:18,384 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.rsaauthmgr.common.connection.RSAConnection : createConnection() : Method name: setProviderURL
2010-10-06 08:21:18,384 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.rsaauthmgr.common.connection.RSAConnection : createConnection() : Bean Method: TargetClass
2010-10-06 08:21:18,384 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.common.util.Util : getMethodName:: STARTED
2010-10-06 08:21:18,384 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.common.util.Util : getMethodName:: FINISHED
2010-10-06 08:21:18,384 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.rsaauthmgr.common.connection.RSAConnection : createConnection() : Method name: setTargetClass
2010-10-06 08:21:18,384 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.rsaauthmgr.common.connection.RSAConnection : getITRCustomProperties():: STARTED
2010-10-06 08:21:18,384 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.rsaauthmgr.common.connection.RSAConnection : getITRCustomProperties() : Lookup code value: Command Client Password
2010-10-06 08:21:18,384 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.rsaauthmgr.common.connection.RSAConnection : getITRCustomProperties() : Lookup decode value: SecurityCredentials
2010-10-06 08:21:18,384 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.rsaauthmgr.common.connection.RSAConnection : getITRCustomProperties() : Lookup code value: Command Client UserID
2010-10-06 08:21:18,384 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.rsaauthmgr.common.connection.RSAConnection : getITRCustomProperties() : Lookup decode value: SecurityPrincipal
2010-10-06 08:21:18,384 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.rsaauthmgr.common.connection.RSAConnection : getITRCustomProperties() : Lookup code value: Provider URL
2010-10-06 08:21:18,384 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.rsaauthmgr.common.connection.RSAConnection : getITRCustomProperties() : Lookup decode value: ProviderURL
2010-10-06 08:21:18,384 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.rsaauthmgr.common.connection.RSAConnection : getITRCustomProperties() : Lookup code value: JNDI Factory Class
2010-10-06 08:21:18,384 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.rsaauthmgr.common.connection.RSAConnection : getITRCustomProperties() : Lookup decode value: InitialContextFactory
2010-10-06 08:21:18,384 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.rsaauthmgr.common.connection.RSAConnection : getITRCustomProperties():: FINISHED
2010-10-06 08:21:18,805 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.rsaauthmgr.common.connection.RSAConnection : createConnection() : CommandTarget initialized...
2010-10-06 08:21:23,194 | ERROR | QuartzWorkerThread-1 | OIMCP.RSAM | ====================================================
2010-10-06 08:21:23,194 | ERROR | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.rsaauthmgr.common.connection.RSAConnection : createConnection() : javax.net.ssl.SSLException: Received fatal alert: bad_record_mac
2010-10-06 08:21:23,194 | ERROR | QuartzWorkerThread-1 | OIMCP.RSAM | ====================================================
2010-10-06 08:21:23,194 | ERROR | QuartzWorkerThread-1 | OIMCP.RSAM | ================= Start Stack Trace =======================
2010-10-06 08:21:23,194 | ERROR | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.rsaauthmgr.common.connection.RSAConnection : createConnection()
2010-10-06 08:21:23,194 | ERROR | QuartzWorkerThread-1 | OIMCP.RSAM | javax.net.ssl.SSLException: Received fatal alert: bad_record_mac
2010-10-06 08:21:23,194 | ERROR | QuartzWorkerThread-1 | OIMCP.RSAM | Description : javax.net.ssl.SSLException: Received fatal alert: bad_record_mac
2010-10-06 08:21:23,194 | ERROR | QuartzWorkerThread-1 | OIMCP.RSAM | com.rsa.common.SystemException: javax.net.ssl.SSLException: Received fatal alert: bad_record_mac
2010-10-06 08:21:23,194 | ERROR | QuartzWorkerThread-1 | OIMCP.RSAM | ================= End Stack Trace =======================
Edited by: 800558 on Oct 6, 2010 12:02 PMThese are the server logs
####<Oct 6, 2010 9:14:39 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <> <main> <> <> <> <1286374479421> <BEA-000000> <Enabled muxing IO for SSL in server>
weblogic.debug.DebugSecuritySSL = true
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1286374612532> <BEA-000000> <SSLContextManager: initializing SSL context for channel DefaultSecure>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1286374612532> <BEA-000000> <Use Certicom SSL with Domestic strength>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1286374612547> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacSHA1>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1286374612547> <BEA-000000> <Will use default Mac for algorithm HmacSHA1>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1286374612547> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacMD5>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1286374612547> <BEA-000000> <Will use default Mac for algorithm HmacMD5>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1286374612610> <BEA-000000> <Ignoring not supported JCE KeyAgreement: SunJCE version 1.6 for algorithm DiffieHellman>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1286374612610> <BEA-000000> <Will use default KeyAgreement for algorithm DiffieHellman>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1286374612610> <BEA-000000> <Will use default KeyAgreement for algorithm ECDH>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1286374612625> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm DESede/CBC/NoPadding>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1286374612625> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm DES/CBC/NoPadding>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1286374612625> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm AES/CBC/NoPadding>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1286374612625> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RC4>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1286374612625> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RSA>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1286374612625> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RSA/ECB/NoPadding>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1286374612641> <BEA-000000> <SSL Session TTL :90000>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1286374612641> <BEA-000000> <DefaultHostnameVerifier: allowReverseDNS=false>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1286374612641> <BEA-000000> <SSL enableUnencryptedNullCipher= false>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1286374612641> <BEA-000000> <SSLContextManager: loading server SSL identity>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1286374612657> <BEA-000000> <Loaded public identity certificate chain:>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1286374612657> <BEA-000000> <Subject: CN=S02AOIMD03, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US; Issuer: CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1286374612657> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RSA/ECB/NoPadding>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1286374612719> <BEA-000000> <SSLContextManager: loaded 4 trusted CAs from D:\bea\WLSERV~1.3\server\lib\DemoTrust.jks>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1286374612953> <BEA-000000> <SSLContextManager: reusing SSL context of channel DefaultSecure>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure[1]]> <<WLS Kernel>> <> <> <1286374612953> <BEA-000000> <DynamicSSLListenThread[DefaultSecure[1]] 21 cipher suites enabled:>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure]> <<WLS Kernel>> <> <> <1286374612953> <BEA-000000> <DynamicSSLListenThread[DefaultSecure] 21 cipher suites enabled:>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure[1]]> <<WLS Kernel>> <> <> <1286374612953> <BEA-000000> <TLS_RSA_WITH_RC4_128_MD5>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure]> <<WLS Kernel>> <> <> <1286374612953> <BEA-000000> <TLS_RSA_WITH_RC4_128_MD5>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure[1]]> <<WLS Kernel>> <> <> <1286374612969> <BEA-000000> <TLS_RSA_WITH_RC4_128_SHA>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure]> <<WLS Kernel>> <> <> <1286374612969> <BEA-000000> <TLS_RSA_WITH_RC4_128_SHA>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure[1]]> <<WLS Kernel>> <> <> <1286374612969> <BEA-000000> <TLS_RSA_WITH_AES_128_CBC_SHA>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure]> <<WLS Kernel>> <> <> <1286374612969> <BEA-000000> <TLS_RSA_WITH_AES_128_CBC_SHA>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure[1]]> <<WLS Kernel>> <> <> <1286374612969> <BEA-000000> <TLS_RSA_WITH_AES_256_CBC_SHA>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure]> <<WLS Kernel>> <> <> <1286374612969> <BEA-000000> <TLS_RSA_WITH_AES_256_CBC_SHA>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure[1]]> <<WLS Kernel>> <> <> <1286374612969> <BEA-000000> <TLS_RSA_WITH_3DES_EDE_CBC_SHA>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure]> <<WLS Kernel>> <> <> <1286374612969> <BEA-000000> <TLS_RSA_WITH_3DES_EDE_CBC_SHA>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure[1]]> <<WLS Kernel>> <> <> <1286374612969> <BEA-000000> <TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure]> <<WLS Kernel>> <> <> <1286374612969> <BEA-000000> <TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure[1]]> <<WLS Kernel>> <> <> <1286374612969> <BEA-000000> <TLS_RSA_WITH_DES_CBC_SHA>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure]> <<WLS Kernel>> <> <> <1286374612969> <BEA-000000> <TLS_RSA_WITH_DES_CBC_SHA>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure[1]]> <<WLS Kernel>> <> <> <1286374612969> <BEA-000000> <TLS_DHE_RSA_WITH_DES_CBC_SHA>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure]> <<WLS Kernel>> <> <> <1286374612969> <BEA-000000> <TLS_DHE_RSA_WITH_DES_CBC_SHA>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure[1]]> <<WLS Kernel>> <> <> <1286374612969> <BEA-000000> <TLS_RSA_EXPORT1024_WITH_RC4_56_SHA>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure]> <<WLS Kernel>> <> <> <1286374612969> <BEA-000000> <TLS_RSA_EXPORT1024_WITH_RC4_56_SHA>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure[1]]> <<WLS Kernel>> <> <> <1286374612969> <BEA-000000> <TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure]> <<WLS Kernel>> <> <> <1286374612969> <BEA-000000> <TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure[1]]> <<WLS Kernel>> <> <> <1286374612969> <BEA-000000> <TLS_RSA_EXPORT_WITH_RC4_40_MD5>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure]> <<WLS Kernel>> <> <> <1286374612969> <BEA-000000> <TLS_RSA_EXPORT_WITH_RC4_40_MD5>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure[1]]> <<WLS Kernel>> <> <> <1286374612969> <BEA-000000> <TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure]> <<WLS Kernel>> <> <> <1286374612985> <BEA-000000> <TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure[1]]> <<WLS Kernel>> <> <> <1286374612985> <BEA-000000> <TLS_RSA_EXPORT_WITH_DES40_CBC_SHA>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure]> <<WLS Kernel>> <> <> <1286374612985> <BEA-000000> <TLS_RSA_EXPORT_WITH_DES40_CBC_SHA>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure[1]]> <<WLS Kernel>> <> <> <1286374612985> <BEA-000000> <TLS_DH_anon_WITH_3DES_EDE_CBC_SHA>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure]> <<WLS Kernel>> <> <> <1286374612985> <BEA-000000> <TLS_DH_anon_WITH_3DES_EDE_CBC_SHA>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure[1]]> <<WLS Kernel>> <> <> <1286374612985> <BEA-000000> <TLS_DH_anon_WITH_RC4_128_MD5>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure]> <<WLS Kernel>> <> <> <1286374612985> <BEA-000000> <TLS_DH_anon_WITH_RC4_128_MD5>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure[1]]> <<WLS Kernel>> <> <> <1286374612985> <BEA-000000> <TLS_DH_anon_WITH_DES_CBC_SHA>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure]> <<WLS Kernel>> <> <> <1286374612985> <BEA-000000> <TLS_DH_anon_WITH_DES_CBC_SHA>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure[1]]> <<WLS Kernel>> <> <> <1286374612985> <BEA-000000> <TLS_DH_anon_EXPORT_WITH_RC4_40_MD5>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure]> <<WLS Kernel>> <> <> <1286374612985> <BEA-000000> <TLS_DH_anon_EXPORT_WITH_RC4_40_MD5>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure[1]]> <<WLS Kernel>> <> <> <1286374612985> <BEA-000000> <TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure]> <<WLS Kernel>> <> <> <1286374612985> <BEA-000000> <TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure[1]]> <<WLS Kernel>> <> <> <1286374612985> <BEA-000000> <TLS_DHE_RSA_EXPORT_WITH_DES_40_CBC_SHA>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure]> <<WLS Kernel>> <> <> <1286374612985> <BEA-000000> <TLS_DHE_RSA_EXPORT_WITH_DES_40_CBC_SHA>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure[1]]> <<WLS Kernel>> <> <> <1286374612985> <BEA-000000> <TLS_RSA_EXPORT_WITH_DES_40_CBC_SHA>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure]> <<WLS Kernel>> <> <> <1286374612985> <BEA-000000> <TLS_RSA_EXPORT_WITH_DES_40_CBC_SHA>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure[1]]> <<WLS Kernel>> <> <> <1286374612985> <BEA-000000> <TLS_DH_anon_EXPORT_WITH_DES_40_CBC_SHA>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure]> <<WLS Kernel>> <> <> <1286374612985> <BEA-000000> <TLS_DH_anon_EXPORT_WITH_DES_40_CBC_SHA> -
Hi,
We migrate a DSEE instance from 6.3.1 to 11.1.1.7.1 but now we encounter random errors with some scripts we used on the 6.3.1 instance
For instance when we try to disable a replication agreement :
Unable to bind securely on "myHost:51389".
"myHost:51389" and "dsconf" could not negotiate the desired level of security.
Details: Received fatal alert: bad_record_mac
The "disable-repl-agmt" operation failed on "myHost:51389".
Or when we list the replication agreements :
Unable to bind securely on "localhost:51389".
"localhost:51389" and "dsconf" could not negotiate the desired level of security.
Details: Received fatal alert: bad_record_mac
The "list-repl-agmts" operation failed on "localhost:51389".
Those scripts are launched in a once a day and they fail randomly.
Il we launch the command mannually we do not encounter the problem.
So the questions are :
- why do we have those random errors? what is the root cause? (certificate problem?)
- On the forum, I have found that we can use -e option or set the $DIRSERV_UNSECURED variable (see : https://community.oracle.com/thread/2282940?tstart=0)
=> Is it THE solution?
Regards,
GillesHi.
This looks like a known issue that occurs on Solaris platform. See known DS bug in 14467092 in the release note:Directory Server Bugs Fixed and Known Problems - 11g Release 1 (11.1.1.7.0)
Regards,
Carole. -
We have a new secure site where we are using the ACE as a ssl-proxy. I see connections make it all the way to the servers, but the session eventually times out (Browser responds with "The connection has timed out"). I haven't been able to grab a packet capture yet, but I am looking for some input since I am new to the ACE. We are also set up for sticky connections using cookies.
I see connections to the server but no response back. I also see the cookie places in my browser. Once I close the browser window, the current connection drops.
sh serverfarm SECUREMAIL
serverfarm : SECUREMAIL, type: HOST
total rservers : 2
----------connections-----------
real weight state current total failures
---+---------------------+------+------------+----------+----------+---------
rserver: E01
10.0.0.95:8080 8 OPERATIONAL 1 4 0
rserver: E02
10.0.0.98:8080 8 OPERATIONAL 0 1
I verified the cert and keys match with the verify cryto command. If I bypass https and connect via http, I am able to hit the server test page. I attached the scrubbed config.
Any info is appreciated.Make sure clock on supervisor/device has correct date to avoid not before not after check of cert.
Once the configuration is complete, check to make sure the VIP address can be accessed via HTTPS in a web browser. If any certificate errors are shown, this indicates a problem with the certificate, not with the Cisco ACE configuration. The above commands can be used to verify that SSL sessions are being terminated successfully.
When a client’s web browser connects to an SSL server on any device, the browser and server negotiate which encryption cipher to use for the session. The list and order of ciphers presented by the ACE in a default configuration are as follows.
1. CM_SSL_RSA_WITH_RC4_128_MD5
2. CM_SSL_RSA_WITH_RC4_128_SHA
3. CM_SSL_RSA_WITH_DES_CBC_SHA
4. CM_SSL_RSA_WITH_3DES_EDE_CBC_SHA
5. CM_SSL_RSA_WITH_AES_128_CBC_SHA
6. CM_SSL_RSA_WITH_AES_256_CBC_SHA
7. CM_SSL_RSA_EXPORT_WITH_RC4_40_MD5
8. CM_SSL_RSA_EXPORT1024_WITH_RC4_56_MD5
9. CM_SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
10. CM_SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA
11. CM_SSL_RSA_EXPORT1024_WITH_RC4_56_SHA
If this list is not desirable or the order needs to be changed, an SSL parameter map can be configured to make such changes.
Can you send the output of the following commands to suggest more on your config
ACE-1/routed#show crypto authgroup all
ACE-1/routed# show conn display 1000 detail
ACE-1/routed# show crypto files
ACE-1/routed# show crypto certificate all
ACE-1/routed# show crypto key all
ACE-1/routed# show crypto session
ACE-1/routed# show crypto hardware
ACE-1/routed# show service-policy detail
Please Display client SSL statistics by entering the the following command and also attach it here so that I can also see what is happening in your ace device:
ACE_module5/Admin# show stats crypto client
+----------------------------------------------+
+---- Crypto client termination statistics ----+
+----------------------------------------------+
SSLv3 negotiated protocol: 0
TLSv1 negotiated protocol: 0
SSLv3 full handshakes: 0
SSLv3 resumed handshakes: 0
SSLv3 rehandshakes: 0
TLSv1 full handshakes: 0
TLSv1 resumed handshakes: 0
TLSv1 rehandshakes: 0
SSLv3 handshake failures: 0
SSLv3 failures during data phase: 0
TLSv1 handshake failures: 0
TLSv1 failures during data phase: 0
Handshake Timeouts: 0
total transactions: 0
SSLv3 active connections: 0
SSLv3 connections in handshake phase: 0
SSLv3 conns in renegotiation phase: 0
SSLv3 connections in data phase: 0
TLSv1 active connections: 0
TLSv1 connections in handshake phase: 0
TLSv1 conns in renegotiation phase: 0
TLSv1 connections in data phase: 0
+----------------------------------------------+
+------- Crypto client alert statistics -------+
+----------------------------------------------+
SSL alert CLOSE_NOTIFY rcvd: 0
SSL alert UNEXPECTED_MSG rcvd: 0
SSL alert BAD_RECORD_MAC rcvd: 0
SSL alert DECRYPTION_FAILED rcvd: 0
SSL alert RECORD_OVERFLOW rcvd: 0
SSL alert DECOMPRESSION_FAILED rcvd: 0
SSL alert HANDSHAKE_FAILED rcvd: 0
SSL alert NO_CERTIFICATE rcvd: 0
SSL alert BAD_CERTIFICATE rcvd: 0
SSL alert UNSUPPORTED_CERTIFICATE rcvd: 0
SSL alert CERTIFICATE_REVOKED rcvd: 0
SSL alert CERTIFICATE_EXPIRED rcvd: 0
SSL alert CERTIFICATE_UNKNOWN rcvd: 0
SSL alert ILLEGAL_PARAMETER rcvd: 0
SSL alert UNKNOWN_CA rcvd: 0
SSL alert ACCESS_DENIED rcvd: 0
SSL alert DECODE_ERROR rcvd: 0
SSL alert DECRYPT_ERROR rcvd: 0
SSL alert EXPORT_RESTRICTION rcvd: 0
SSL alert PROTOCOL_VERSION rcvd: 0
SSL alert INSUFFICIENT_SECURITY rcvd: 0
SSL alert INTERNAL_ERROR rcvd: 0
SSL alert USER_CANCELED rcvd: 0
SSL alert NO_RENEGOTIATION rcvd: 0
SSL alert CLOSE_NOTIFY sent: 0
SSL alert UNEXPECTED_MSG sent: 0
SSL alert BAD_RECORD_MAC sent: 0
SSL alert DECRYPTION_FAILED sent: 0
SSL alert RECORD_OVERFLOW sent: 0
SSL alert DECOMPRESSION_FAILED sent: 0
SSL alert HANDSHAKE_FAILED sent: 0
SSL alert NO_CERTIFICATE sent: 0
SSL alert BAD_CERTIFICATE sent: 0
SSL alert UNSUPPORTED_CERTIFICATE sent: 0
SSL alert CERTIFICATE_REVOKED sent: 0
SSL alert CERTIFICATE_EXPIRED sent: 0
SSL alert CERTIFICATE_UNKNOWN sent: 0
SSL alert ILLEGAL_PARAMETER sent: 0
SSL alert UNKNOWN_CA sent: 0
SSL alert ACCESS_DENIED sent: 0
SSL alert DECODE_ERROR sent: 0
SSL alert DECRYPT_ERROR sent: 0
SSL alert EXPORT_RESTRICTION sent: 0
SSL alert PROTOCOL_VERSION sent: 0
SSL alert INSUFFICIENT_SECURITY sent: 0
SSL alert INTERNAL_ERROR sent: 0
SSL alert USER_CANCELED sent: 0
SSL alert NO_RENEGOTIATION sent: 0
+-----------------------------------------------+
+--- Crypto client authentication statistics ---+
+-----------------------------------------------+
Total SSL client authentications: 0
Failed SSL client authentications: 0
SSL client authentication cache hits: 0
SSL static CRL lookups: 0
SSL best effort CRL lookups: 0
SSL CRL lookup cache hits: 0
SSL revoked certificates: 0
Total SSL server authentications: 0
Failed SSL server authentications: 0
+-----------------------------------------------+
+------- Crypto client cipher statistics -------+
+-----------------------------------------------+
Cipher sslv3_rsa_rc4_128_md5: 0
Cipher sslv3_rsa_rc4_128_sha: 0
Cipher sslv3_rsa_des_cbc_sha: 0
Cipher sslv3_rsa_3des_ede_cbc_sha: 0
Cipher sslv3_rsa_exp_rc4_40_md5: 0
Cipher sslv3_rsa_exp_des40_cbc_sha: 0
Cipher sslv3_rsa_exp1024_rc4_56_md5: 0
Cipher sslv3_rsa_exp1024_des_cbc_sha: 0
Cipher sslv3_rsa_exp1024_rc4_56_sha: 0
Cipher sslv3_rsa_aes_128_cbc_sha: 0
Cipher sslv3_rsa_aes_256_cbc_sha: 0
Cipher tlsv1_rsa_rc4_128_md5: 0
Cipher tlsv1_rsa_rc4_128_sha: 0
Cipher tlsv1_rsa_des_cbc_sha: 0
Cipher tlsv1_rsa_3des_ede_cbc_sha: 0
Cipher tlsv1_rsa_exp_rc4_40_md5: 0
Cipher tlsv1_rsa_exp_des40_cbc_sha: 0
Cipher tlsv1_rsa_exp1024_rc4_56_md5: 0
Cipher tlsv1_rsa_exp1024_des_cbc_sha: 0
Cipher tlsv1_rsa_exp1024_rc4_56_sha: 0
Cipher tlsv1_rsa_aes_128_cbc_sha: 0
Cipher tlsv1_rsa_aes_256_cbc_sha: 0
To Display SSL server statistics by entering the following command and send the results to us for further suggestions:
ACE_module5/Admin# show stats crypto server
+----------------------------------------------+
+---- Crypto server termination statistics ----+
+----------------------------------------------+
SSLv3 negotiated protocol: 0
TLSv1 negotiated protocol: 0
SSLv3 full handshakes: 0
SSLv3 resumed handshakes: 0
SSLv3 rehandshakes: 0
TLSv1 full handshakes: 0
TLSv1 resumed handshakes: 0
TLSv1 rehandshakes: 0
SSLv3 handshake failures: 0
SSLv3 failures during data phase: 0
TLSv1 handshake failures: 0
TLSv1 failures during data phase: 0
Handshake Timeouts: 0
total transactions: 0
SSLv3 active connections: 0
SSLv3 connections in handshake phase: 0
SSLv3 conns in renegotiation phase: 0
SSLv3 connections in data phase: 0
TLSv1 active connections: 0
TLSv1 connections in handshake phase: 0
TLSv1 conns in renegotiation phase: 0
TLSv1 connections in data phase: 0
+----------------------------------------------+
+------- Crypto server alert statistics -------+
+----------------------------------------------+
SSL alert CLOSE_NOTIFY rcvd: 0
SSL alert UNEXPECTED_MSG rcvd: 0
SSL alert BAD_RECORD_MAC rcvd: 0
SSL alert DECRYPTION_FAILED rcvd: 0
SSL alert RECORD_OVERFLOW rcvd: 0
SSL alert DECOMPRESSION_FAILED rcvd: 0
SSL alert HANDSHAKE_FAILED rcvd: 0
SSL alert NO_CERTIFICATE rcvd: 0
SSL alert BAD_CERTIFICATE rcvd: 0
SSL alert UNSUPPORTED_CERTIFICATE rcvd: 0
SSL alert CERTIFICATE_REVOKED rcvd: 0
SSL alert CERTIFICATE_EXPIRED rcvd: 0
SSL alert CERTIFICATE_UNKNOWN rcvd: 0
SSL alert ILLEGAL_PARAMETER rcvd: 0
SSL alert UNKNOWN_CA rcvd: 0
SSL alert ACCESS_DENIED rcvd: 0
SSL alert DECODE_ERROR rcvd: 0
SSL alert DECRYPT_ERROR rcvd: 0
SSL alert EXPORT_RESTRICTION rcvd: 0
SSL alert PROTOCOL_VERSION rcvd: 0
SSL alert INSUFFICIENT_SECURITY rcvd: 0
SSL alert INTERNAL_ERROR rcvd: 0
SSL alert USER_CANCELED rcvd: 0
SSL alert NO_RENEGOTIATION rcvd: 0
SSL alert CLOSE_NOTIFY sent: 0
SSL alert UNEXPECTED_MSG sent: 0
SSL alert BAD_RECORD_MAC sent: 0
SSL alert DECRYPTION_FAILED sent: 0
SSL alert RECORD_OVERFLOW sent: 0
SSL alert DECOMPRESSION_FAILED sent: 0
SSL alert HANDSHAKE_FAILED sent: 0
SSL alert NO_CERTIFICATE sent: 0
SSL alert BAD_CERTIFICATE sent: 0
SSL alert UNSUPPORTED_CERTIFICATE sent: 0
SSL alert CERTIFICATE_REVOKED sent: 0
SSL alert CERTIFICATE_EXPIRED sent: 0
SSL alert CERTIFICATE_UNKNOWN sent: 0
SSL alert ILLEGAL_PARAMETER sent: 0
SSL alert UNKNOWN_CA sent: 0
SSL alert ACCESS_DENIED sent: 0
SSL alert DECODE_ERROR sent: 0
SSL alert DECRYPT_ERROR sent: 0
SSL alert EXPORT_RESTRICTION sent: 0
SSL alert PROTOCOL_VERSION sent: 0
SSL alert INSUFFICIENT_SECURITY sent: 0
SSL alert INTERNAL_ERROR sent: 0
SSL alert USER_CANCELED sent: 0
SSL alert NO_RENEGOTIATION sent: 0
+-----------------------------------------------+
+--- Crypto server authentication statistics ---+
+-----------------------------------------------+
Total SSL client authentications: 0
Failed SSL client authentications: 0
SSL client authentication cache hits: 0
SSL static CRL lookups: 0
SSL best effort CRL lookups: 0
SSL CRL lookup cache hits: 0
SSL revoked certificates: 0
Total SSL server authentications: 0
Failed SSL server authentications: 0
+-----------------------------------------------+
+------- Crypto server cipher statistics -------+
+-----------------------------------------------+
Cipher sslv3_rsa_rc4_128_md5: 0
Cipher sslv3_rsa_rc4_128_sha: 0
Cipher sslv3_rsa_des_cbc_sha: 0
Cipher sslv3_rsa_3des_ede_cbc_sha: 0
Cipher sslv3_rsa_exp_rc4_40_md5: 0
Cipher sslv3_rsa_exp_des40_cbc_sha: 0
Cipher sslv3_rsa_exp1024_rc4_56_md5: 0
Cipher sslv3_rsa_exp1024_des_cbc_sha: 0
Cipher sslv3_rsa_exp1024_rc4_56_sha: 0
Cipher sslv3_rsa_aes_128_cbc_sha: 0
Cipher sslv3_rsa_aes_256_cbc_sha: 0
Cipher tlsv1_rsa_rc4_128_md5: 0
Cipher tlsv1_rsa_rc4_128_sha: 0
Cipher tlsv1_rsa_des_cbc_sha: 0
Cipher tlsv1_rsa_3des_ede_cbc_sha: 0
Cipher tlsv1_rsa_exp_rc4_40_md5: 0
Cipher tlsv1_rsa_exp_des40_cbc_sha: 0
Cipher tlsv1_rsa_exp1024_rc4_56_md5: 0
Cipher tlsv1_rsa_exp1024_des_cbc_sha: 0
Cipher tlsv1_rsa_exp1024_rc4_56_sha: 0
Cipher tlsv1_rsa_aes_128_cbc_sha: 0
Cipher tlsv1_rsa_aes_256_cbc_sha: 0
Also you can Display the number of SSL data messages sent and SSL FIN/RST messages sent by entering the following command and send the output from your ACE devices:
ACE_module5/Admin# show stats http
+------------------------------------------+
+-------------- HTTP statistics -----------+
+------------------------------------------+
LB parse result msgs sent : 0 , TCP data msgs sent : 0
Inspect parse result msgs : 0 , SSL data msgs sent : 0 <-------
sent
TCP fin/rst msgs sent : 0 , Bounced fin/rst msgs sent: 0
SSL fin/rst msgs sent : 0 , Unproxy msgs sent : 0 <-------
Drain msgs sent : 0 , Particles read : 0
Reuse msgs sent : 0 , HTTP requests : 0
Reproxied requests : 0 , Headers removed : 0
Headers inserted : 0 , HTTP redirects : 0
HTTP chunks : 0 , Pipelined requests : 0
HTTP unproxy conns : 0 , Pipeline flushes : 0
Whitespace appends : 0 , Second pass parsing : 0
Response entries recycled : 0 , Analysis errors : 0
Header insert errors : 0 , Max parselen errors : 0
Static parse errors : 0 , Resource errors : 0
Invalid path errors : 0 , Bad HTTP version errors : 0
Headers rewritten : 0 , Header rewrite errors : 0
Lastly to Display session cache statistics for the current context by entering the following command:
switch/Admin# show crypto session
SSL Session Cache Stats for Context
Number of Client Sessions: 0
Number of Server Sessions: 0
Please send the output of all the commands requested to see in more detail for your issue.
HTH
Sachin -
K08 Quicktiime export. Uploaded to web. Onlyplay the first two of 20 slides
Exported to QT. Works fine on the computer but when I uploaded to website, only plays first two slides. help
Have a look at bug 4513263, http://developer.java.sun.com/developer/bugParade/bugs/4513263.html
The key for me in fixing my bad_record_mac problem was a one-liner fix to disable TLS by calling:
socket.setEnabledProtocols(new String[] {"SSLv3"});Hope this fixes it for you...
I'll take those Duke dollars in small, unmarked bills. :)
-Steve
Maybe you are looking for
-
How do I sync Contacts on my Mac with my iPhone and iPads?
When I add a contact on my Mac, it does not sync with my iPhone or iPads.
-
Seeburger BIC Mapping Designer Material & Further Validations
Hi Guys, I was hoping if someone can point me to more material on BIC Mapping designer as only thing i have the standard PDF which came with it. However I need to do more stuff e.g. enhance validations and put a few more checks in. Was wondering If o
-
Hi, During creation of an Outbound Delivery from Stock Transfer, I am getting delivery quantities in decimals... Is there a way to round these decimal values? For example, I have a material with the UOM defined for Delivery/Goods Issuance as Case of
-
Hi, I have iphone 4s. I created a new @me icloud account. I would like my normal mails to be saved on my icloud. How do i go about?
-
Weird issue with Windows Server 2008 R2 Print Server
I have an issue with Windows 2008 R2 (VMWare Hosted) running Windows Print Server. Prior to a small network change, the print server was working well, hosting about 80 different networked printers from various vendors. We made a change (that we end