Flex + BlazeDS SSL issue with IE7
Hi there,
Am facing an unique issue when accessing my application using https (SSL) protocol. Actually my app is configured for "secure amf" and when it fails then it hits the "amf" of blazeds.
All is fine, when i try to open an IE window and hit the url for the first time. The client side is able to hit the server side thru secure amf and its receiving the response back from the server. But when i open another new IE7 tab/window then am getting a NetConnection issue....
i.e, NetConnection.Failed:HTTP error is popping up eventhough it tries to access the https url..
Let me know if any of you guys have a work around for this.
This works fine for FF & Chrome.
Thanks.
So it's definitely due to a change in Firefox, but I was able
to find a workaround. We put headers in our flex pages so we can
incorporate our global navigation at the top of the page.
You're not going to believe the workaround. Here's what the
code looked like before I fixed it:
<cfinclude
template="/cfdocs/proddev/common/cf/flex_header.cfm">
<script src="AC_OETags.js"
language="javascript"></script>
Now, here's the fix:
<script src="AC_OETags.js"
language="javascript"></script>
<cfinclude template="common/flex_header.cfm">
So, I either had to put the script tag in the <head>
tag, or put it before my html declarations.
My guess is that Firefox over SSL doesn't allow <script
src=''> tags in the body of an html document anymore.
Similar Messages
-
Flex file upload issue with large image files
Hello, I have created a sample flex application to upload an image and also created java servlet to upload and save image and deployed in local tomcat server. I am testing the application in LAN. I am able to upload small as well as large image file(1Mb) from some PCs but in some other PCs I am getting IOError while uploading large image files however it is working fine for small images. Image uploading is hanging after 10%-20% and throwing IOError. *Surprizgly it is working Ok with XP systems and causeing issues with Windows7 systems*.
Plz give me any idea to get a solution.
In Tomcat server side it is giving following error:
request: org.apache.catalina.connector.RequestFacade@c19694
org.apache.commons.fileupload.FileUploadBase$IOFileUploadException: Processing of multipart/form-data request failed. Stream ended unexpectedly
at org.apache.commons.fileupload.FileUploadBase.parseRequest(FileUploadBase.java:371)
at org.apache.commons.fileupload.servlet.ServletFileUpload.parseRequest(ServletFileUpload.ja va:126)
at flex.servlets.UploadImage.doPost(UploadImage.java:47)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.j ava:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
at org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:877)
at org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProto col.java:594)
at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1675)
at java.lang.Thread.run(Thread.java:722)
Caused by: org.apache.commons.fileupload.MultipartStream$MalformedStreamException: Stream ended unexpectedly
at org.apache.commons.fileupload.MultipartStream$ItemInputStream.makeAvailable(MultipartStre am.java:982)
at org.apache.commons.fileupload.MultipartStream$ItemInputStream.read(MultipartStream.java:8 86)
at java.io.InputStream.read(InputStream.java:101)
at org.apache.commons.fileupload.util.Streams.copy(Streams.java:96)
at org.apache.commons.fileupload.util.Streams.copy(Streams.java:66)
at org.apache.commons.fileupload.FileUploadBase.parseRequest(FileUploadBase.java:366)
UploadImage.java:
package flex.servlets;
import java.io.*;
import java.sql.*;
import java.util.*;
import java.text.*;
import java.util.regex.*;
import org.apache.commons.fileupload.servlet.ServletFileUpload;
import org.apache.commons.fileupload.disk.DiskFileItemFactory;
import org.apache.commons.fileupload.*;
import sun.reflect.ReflectionFactory.GetReflectionFactoryAction;
import javax.servlet.*;
import javax.servlet.http.*;
public class UploadImage extends HttpServlet{
* @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse
* response)
protected void doGet(HttpServletRequest request,
HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
doPost(request, response);
public void doPost(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException {
PrintWriter out = response.getWriter();
boolean isMultipart = ServletFileUpload.isMultipartContent(
request);
System.out.println("request: "+request);
if (!isMultipart) {
System.out.println("File Not Uploaded");
} else {
FileItemFactory factory = new DiskFileItemFactory();
ServletFileUpload upload = new ServletFileUpload(factory);
List items = null;
try {
items = upload.parseRequest(request);
System.out.println("items: "+items);
} catch (FileUploadException e) {
e.printStackTrace();
Iterator itr = items.iterator();
while (itr.hasNext()) {
FileItem item = (FileItem) itr.next();
if (item.isFormField()){
String name = item.getFieldName();
System.out.println("name: "+name);
String value = item.getString();
System.out.println("value: "+value);
} else {
try {
String itemName = item.getName();
Random generator = new Random();
int r = Math.abs(generator.nextInt());
String reg = "[.*]";
String replacingtext = "";
System.out.println("Text before replacing is:-" +
itemName);
Pattern pattern = Pattern.compile(reg);
Matcher matcher = pattern.matcher(itemName);
StringBuffer buffer = new StringBuffer();
while (matcher.find()) {
matcher.appendReplacement(buffer, replacingtext);
int IndexOf = itemName.indexOf(".");
String domainName = itemName.substring(IndexOf);
System.out.println("domainName: "+domainName);
String finalimage = buffer.toString()+"_"+r+domainName;
System.out.println("Final Image==="+finalimage);
File savedFile = new File(getServletContext().getRealPath("assets/images/")+"/LowesFloorPlan.png");
//File savedFile = new File("D:/apache-tomcat-6.0.35/webapps/ROOT/example/"+"\\test.jpeg");
item.write(savedFile);
out.println("<html>");
out.println("<body>");
out.println("<table><tr><td>");
out.println("");
out.println("</td></tr></table>");
try {
out.println("image inserted successfully");
out.println("</body>");
out.println("</html>");
} catch (Exception e) {
System.out.println(e.getMessage());
} finally {
} catch (Exception e) {
e.printStackTrace();It is only coming in Windows 7 systems and the root of this problem is SSL certificate.
Workaround for this:
Open application in IE and click on certificate error link at address bar . Click install certificate and you are done..
happy programming.
Thanks
DevSachin -
Safari SSl Issue with Online Grading Site
I manage a department that offers grading of exams online. Users supply their answers and have the server grade the submissions.
We randomly have an issue where Safari users will have their exams graded incorrectly. Basically failing the student even though they have supplied the correct answers.
When we have them resubmit the same answers in IE for Mac the server correctly grades the exam.
This issue is not consistent. Some exams grade correctly in Safari and some do not.
Any advice would be appreciated.Hmmmm....
via MacWorld:
Nothing in Apple’s ridiculously minimal release notes suggested that this feature existed. But this time, the company’s intransigence in telling you what it has changed in the software you use may have further consequences. How Safari could “know” about these phishing and malware sites raises all kinds of interesting questions. Now we can tell you with reasonable confidence how it all works—but because Apple has not done the same thing, we cannot say with certainty that it is completely private, or that Safari is not sending information about the pages you visit to a third party. -
Hi there,
I cannot start my sgd server with --ssl, i get the following error in the logs...
2012/08/13 13:04:33.169 ssl1112 ssldaemon/clientconnection/badforwardporterror
Sun Secure Global Desktop Software (4.4) ERROR:
The Security Daemon has received a connection to be forwarded onwards,
but it could not get the port to forward to from the
tarantella.config.server.proxiedhttpsurl attribute.
Please ensure this attribute is correctly correctly by using the Security
properties in the per-server section of the array manager. ssldaemon/clientconnection/badforwardporterror
2012/07/30 13:04:33.169 ssl1112 ssldaemon/clientconnection/badforwardporterror
Sun Secure Global Desktop Software (4.4) ERROR:
The Security Daemon has received a connection to be forwarded onwards,
but it could not get the port to forward to from the
tarantella.config.server.proxiedhttpsurl attribute.
Please ensure this attribute is correctly correctly by using the Security
properties in the per-server section of the array manager. ssldaemon/clientconnection/badforwardporterror
2012/07/30 13:04:33.170 ssl1112 ssldaemon/TTAservererror/badresponseinfo
Sun Secure Global Desktop Software (4.4) ERROR:
Secure Global Desktop server not responding on port 0, closing the connection.
TSP=SERVER IP:443 Client=CLIENT IP:35987 ssldaemon/TTAservererror/badresponseinfo
2012/07/30 13:04:33.170 ssl1112 ssldaemon/TTAservererror/badresponseinfo
Sun Secure Global Desktop Software (4.4) ERROR:
I cannot start array manager as its not used any more, and i cannot see any options on the gui config for this.
Any help is appreciated.
regardshi there,
thanks for the quick reply. please see below the output for config list...
array-audio-quality: medium
array-audio: 0
array-billingservices: 0
array-cdm-fallbackdrive: t+
array-cdm-wins: 0
array-cdm: 1
array-clipboard-clientlevel: 3
array-clipboard-enabled: 1
array-editprofile: 1
array-externallaservice: 0
array-logfilter: */*/fatalerror:.../_beans/com.sco.tta.server.log.ConsoleSink,server/login/*info:login%%PID%%_moreinfo.log,audit/session/*info:login%%PID%%_moreinfo.log,cdm/*/*:cdm%%PID%%.log,cdm/*/*:cdm%%PID%%.jsl,server/deviceservice/*:cdm%%PID%%.log,server/deviceservice/*:cdm%%PID%%.jsl,server/security/*:ssl%%PID%%.log,server/printing/*:print%%PID%%.log,server/printing/*:print%%PID%%.jsl
array-port-encrypted: 443
array-port-peer: 5427
array-port-unencrypted: 3144
array-resourcesync: 1
array-scard: 1
array-serialport: 1
array-unixaudio-quality: medium
array-unixaudio: 0
audiope-compression: never
chpe-compression: auto
chpe-compressionthreshold: 256
chpe-exitafter: 60
cpe-args: ""
cpe-exitafter: 60
cpe-maxsessions: 20
cpe-maxusers: 1
execpe-args: ""
execpe-exitafter: 60
execpe-maxsessions: 10
execpe-maxusers: 1
execpe-scriptdir: %%INSTALLDIR%%/var/serverresources/expect
iope-compression: never
launch-allowsmartcard: 0
launch-alwayssmartcard-initial: checked
launch-alwayssmartcard-state: enabled
launch-details-initial: shown
launch-details-showonerror: true
launch-details-state: enabled
launch-expiredpassword: manual
launch-loadbalancing-algorithm: sessions
launch-savepassword-initial: checked
launch-savepassword-state: enabled
launch-savettapassword: 1
launch-showauthdialog: user
launch-showdialogafter: 2
launch-trycachedpassword: 1
login-ad-base-domain: ""
login-ad-default-domain: ""
login-ad: 0
login-anon: 0
login-atla: 0
login-autotoken: 0
login-ens: 1
login-ldap-pki-enabled: 0
login-ldap-thirdparty-ens: 0
login-ldap-thirdparty-profile: 0
login-ldap-url: ldap://dc.domain.com
login-ldap: 0
login-mapped: 0
login-nt-domain: dc.domain.com
login-nt: 1
login-securid: 0
login-theme: sco/tta/standard
login-thirdparty-ens: 0
login-thirdparty-nonens: 1
login-thirdparty-superusers: sgd_trusted_user
login-thirdparty: 0
login-unix-group: 0
login-unix-user: 1
login-web-ens: 0
login-web-ldap-ens: 0
login-web-ldap-profile: 1
login-web-profile: 0
login-web-tokenvalidity: 180
ppe-compression: auto
ppe-compressionthreshold: 4096
ppe-exitafter: 240
printing-mapprinters: 1
printing-pdfdriver: ""
printing-pdfenabled: 0
printing-pdfisdefault: 0
printing-pdfprinter: "Universal PDF Printer"
printing-pdfprompt: 0
printing-pdfviewer: "Universal PDF Viewer"
printing-pdfviewerenabled: 0
printing-pdfviewerisdefault: 0
scardpe-compression: never
security-acceptplaintext: 0
security-applyconnections: 1
security-connectiontypes: "std,ssl"
security-firewallurl: ""
security-newkeyonrestart: 0security-printmappings-timeout: 1800
security-ssldaemon-failmode: reducesecurity
security-xsecurity: 1
server-dns-external: *:sgd1.domain.com
server-location: ""
server-logdir: /opt/tarantella/var/log
server-login: enabled
server-redirectionurl: ""
sessions-aipkeepalive: 100
sessions-loadbalancing-algorithm: .../_beans/com.sco.tta.server.loadbalancing.tier2.SessionLoadBalancingPolicy
sessions-timeout-always: 11500
sessions-timeout-session: 720
tuning-jvm-initial: 120
tuning-jvm-max: 2048
tuning-jvm-scale: 150
tuning-maxconnections: 1000
tuning-maxfiledescriptors: 4096
tuning-maxrequests: 7
tuning-resourcesync-time: 4:00
xpe-args: ""
xpe-cwm-maxheight: 1280
xpe-cwm-maxwidth: 3200
xpe-exitafter: 60
xpe-fontpath: "%%INSTALLDIR%%/etc/fonts/misc,%%INSTALLDIR%%/etc/fonts/TTF,%%INSTALLDIR%%/etc/fonts/Type1,%%INSTALLDIR%%/etc/fonts/CID,%%INSTALLDIR%%/etc/fonts/local,%%INSTALLDIR%%/etc/fonts/75dpi,%%INSTALLDIR%%/etc/fonts/100dpi,%%INSTALLDIR%%/etc/fonts/ibm,%%INSTALLDIR%%/etc/fonts/hp,%%INSTALLDIR%%/etc/fonts/andrew,%%INSTALLDIR%%/etc/fonts/icl,%%INSTALLDIR%%/etc/fonts/scoterm,%%INSTALLDIR%%/etc/fonts/cyrillic,%%INSTALLDIR%%/etc/fonts/hangul,%%INSTALLDIR%%/etc/fonts/oriental"
xpe-keymap: xuk.txt
xpe-maxsessions: 20
xpe-maxusers: 1
xpe-monitorresolution: 0
xpe-rgbdatabase: %%INSTALLDIR%%/etc/data/rgb.txt
xpe-sessionstarttimeout: 60
xpe-tzmapfile: %%INSTALLDIR%%/etc/data/timezonemap.txt
Edited by: 952573 on Aug 13, 2012 4:41 PM -
Hi Everyone,
I have a website that I created that is a two column fixed
width with header and footer. When you look at the site in Firefox
the spacing between the sidebar on the left and the main content is
correct but when you view the same site in IE7 there is a huge
amount of white space between the sidebar and the main content. I
cannot figure out how to get rid of that so that it view as it does
in Firefox. You can view the site at www.ebcardiac.com.
Any help will be great.
Thanks,
RobertI am hoping that someone can give me some idea of what I need
to adjust so that the layout in Internet Explorer will display
properly. - Robert -
AD Password Filter - SSL Issues with MSFT CA ?
- We have completed implementing one way EXPORT profile sync between OID to AD
- SSL configs are complete as per documentation and password synchronizing from OID to AD
successfully
- We now want to implement a new import profile to synchronize ONLY password from AD to OID
- Following documentation at
http://download.oracle.com/docs/cd/B28196_01/idmanage.1014/b15995/odip_adpasswordsync.htm#CHDBIIJC
- One of the first steps is to check if SSL is enabled at OID...when we do that using the tool(ldapbindssl.exe) we downloaded ...below
is the error we get...
+++++++++++++++++++++++++++++++++
C:\>ldapbindssl.exe -h oid-host -p 636 -D cn=orcladmin -w xxxx
Connecting server in SSL Mode
Checking if SSL is enabled
SSL not enabled.
SSL being enabled...
Binding ...
Ldap bindERROR
System Error Code: 1396
LDAP Error Code: 52
Error Message: Server Unavailable
C:\>
+++++++++++++++++++++++++++++++++
- We know for sure that SSL is configured on OID . The SSL is configured as "Server Authentication
Only" for Configset1 which is running on port 636
when we do ldapbind from the oidhost for this port it works...
ldapbind -U 2 -h oid-host -p 636 -W file://oracle/wallet -P xxxxx
bind successful
- For SSL configs we have used Micorsoft CA, hence the root certificate (CA) is also present on AD server and
there is no need to import Oracle CA as per the documentation.
Question:
1) What is th specific SSL set-up that we need to do on OID server such that AD is
able to detect SSL configuration ??? what is it that we are missing ?You do have to import the certificate (the OID Server certificate, that is), or the SSL setup will reject the connection as "not from the intended host".
Apart from that - there's a bug, requiring the OID server certificate SUBJECT attribute matches the OID server hostname. (Note 430907.1/bug 5846519 ). I seem to hit that one :( -
Accordion Issue with IE7/XP: First tab is initially opened. Should be closed
I'm almost finished my navigation menu for a client and everything is looking good. Except in IE7, of course. In IE7, the first tab is opened a little and I'd like it to be closed completely. How do I solve this or is this just a Spry bug?
http://www.tendergreensfood.com/wp-content/themes/greens/test.htmlMake the default panel -1 in the constructor (panel number -1, of course, does not exist, so no panel will be open at first):
<script type="text/javascript">
var acc8 = new Spry.Widget.Accordion("Accordion1", { defaultPanel: -1 });
</script>
Lovely site, by the way...
Beth -
SSL Issue with Dovecot Mac OS X Server 10.6.8
I run IMAP mail on SL Server using SSL. It's been running beautifully for a year or so till my (self signed) certificate expired. I created a new cert and configured SMTP & IMAP to use the new cert. SMTP is fine but IMAP refuses to use the cert. The message i get in the log is :mail dovecot [32551] can't use etc/ssl/certs/dovecot.pem no such file or directory. Invalid configuration, keeping old one. SSL simply doesn't start.
I've been right through the dovecot.conf file and checked and nowhere in the file is that location referred to. All the times SSL is mentioned in the conf file the correct location is referred to. I've looked and the certs are where they are supposed to be.
So what other configuration file can dovecot possibly be referring to when it attempts to load the new configuration after I've made changes using server admin?
I've even loaded a default conf file and started fresh and the same thing happens.
Appreciate any ideas
Mac OS X Server 10.6.8
RobNever Mind, I figured it out.
-
Hello,
I am trying to setup SSL in BPEL but need some help. This is what I have done so far.
Added signed cerificate in wallet C:\product\wallets
httpd.conf -
Listen 7777
Port 7777
ssl.conf -
Listen 4444
<VirtualHost default:4444>
Port 4444
SSLWallet file:C:\product\wallets
Verified in opmn.xml
<ias-component id="HTTP_Server">
<data id="start-mode" value="ssl-enabled"/>
When I access https://localhost:4444 I receive Server Connect Failed
When I access http://localhost:4444 I get the Welcome to Oracle SOA Suite (10.1.3.4) page
What am I doing wrong or missing that 4444 is accessible via http and not https.
Thanks in advance,
JimHi Jim,
Have you referred : http://download.oracle.com/docs/cd/B31017_01/integrate.1013/b28982/security.htm#sthref102 and
10 Enabling SSL for Oracle HTTP Server in Oracle® BPEL Process Manager Administrator's Guide
10g (10.1.3.1.0)
Part Number B28982-03
Regards
A -
SSL Issue with reverse proxy module
Hi there,
I'm hoping someone can help me. I am using Sun ONE Web Server 6.1SP7 Reverse Proxy Plugin to connect to a backend server over SSL.
However the backend server is reporting errors on the SSL handshake: SSL_ERROR_NO_CYPHER_OVERLAP
I have installed ssldump and can see the following set of cipher suites are offered by the client (in this case, the reverse proxy module:
New TCP connection #6: dptettsw02(62951) <-> dptdevss01(31006)
6 1 0.0105 (0.0105) C>S SSLv2 compatible client hello
Version 3.1
cipher suites
SSL2_CK_RC4
SSL2_CK_RC2
SSL2_CK_3DES
SSL2_CK_DES
SSL2_CK_RC4_EXPORT40
SSL2_CK_RC2_EXPORT40
TLS_RSA_WITH_RC4_128_MD5
Unknown value 0xfeff
TLS_RSA_WITH_3DES_EDE_CBC_SHA
Unknown value 0xfefe
TLS_RSA_WITH_DES_CBC_SHA
TLS_RSA_EXPORT1024_WITH_RC4_56_SHA
TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA
TLS_RSA_EXPORT_WITH_RC4_40_MD5
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
How do I configure the reverse proxy module to use a different cipher suite?
Any help would be greatly appreciated and please let me know if anything is unclear
Thanks!
KevHi there.
The server.xml file is below:
<?xml version="1.0" encoding="UTF-8"?>
<!--
Copyright (c) 2003 Sun Microsystems, Inc. All rights reserved.
Use is subject to license terms.
-->
<!DOCTYPE SERVER PUBLIC "-//Sun Microsystems Inc.//DTD Sun ONE Web Server 6.1//EN" "file:///opt/SUNWwbsvr/servers/bin/https/dtds/sun-web-server_6_1.dtd">
<SERVER qosactive="no" qosmetricsinterval="30" qosrecomputeinterval="100">
<PROPERTY name="docroot" value="/opt/iplanet/servers/docs"/>
<PROPERTY name="user" value=""/>
<PROPERTY name="group" value=""/>
<PROPERTY name="chroot" value=""/>
<PROPERTY name="nice" value=""/>
<PROPERTY name="dir" value=""/>
<PROPERTY name="accesslog" value="/opt/SUNWwbsvr/servers/https-ETT03WEB02/logs/accessSSL"/>
<LS id="group1" ip="0.0.0.0" port="2080" acceptorthreads="1" blocking="no" security="off" defaultvs="https-ETT03WEB02" servername="dptettsw02"/>
<LS id="ls2_default" ip="0.0.0.0" port="20443" acceptorthreads="1" blocking="no" security="on" defaultvs="https-ETT03WEB02" servername="ptpcam-ptpett-drs.dwpptp.londondc.com">
<SSLPARAMS servercertnickname="Server-Cert" ssl2="off" ssl2ciphers="+rc4,+rc4export,+rc2,+rc2export,+desede3,+des" ssl3="on" ssl3tlsciphers="-rsa_rc4_128_sha,-rsa_rc4_128_md5,-rsa_rc4_56_sha,-rsa_rc4_40_md5,-rsa_3des_sha,-rsa_des_sha,-rsa_des_56_sha,-rsa_rc2_40_md5,+rsa_null_md5,-fortezza,-fortezza_rc4_128_sha,+fortezza_null,-fips_3des_sha,-fips_des_sha" tls="on" tlsrollback="off" clientauth="off"/>
</LS>
<MIME id="mime1" file="mime.types"/>
<ACLFILE id="acl1" file="/opt/SUNWwbsvr/servers/httpacl/generated.https-ETT03WEB02.acl"/>
<VSCLASS id="defaultclass" objectfile="obj.conf" rootobject="default" acceptlanguage="off">
<PROPERTY name="docroot" value="/opt/iplanet/servers/docs"/>
<PROPERTY name="user" value=""/>
<PROPERTY name="group" value=""/>
<PROPERTY name="chroot" value=""/>
<PROPERTY name="nice" value=""/>
<PROPERTY name="dir" value=""/>
<VS id="https-ETT03WEB02" connections="group1" urlhosts="dptettsw02" mime="mime1" aclids="acl1" state="on">
<USERDB id="default" database="default"/>
</VS>
<VS id="ETT03WEB02_SSL" connections="ls2_default" urlhosts="ptpcam-ptpett-web.dwpptp.londondc.com" mime="mime1" aclids="acl1" state="on">
<USERDB id="default" database="default"/>
</VS>
</VSCLASS>
<JAVA javahome="/opt/SUNWwbsvr/servers/bin/https/jdk" serverclasspath="/opt/SUNWwbsvr/servers/bin/https/jar/webserv-rt.jar:${java.home}/lib/tools.jar:/opt/SUNWwbsvr/servers/bin/https/jar/webserv-ext.jar:/opt/SUNWwbsvr/servers/bin/https/jar/webserv-jstl.jar:/opt/SUNWwbsvr/servers/bin/https/jar/ktsearch.jar" classpathsuffix="" envclasspathignored="true" debug="false" debugoptions="" dynamicreloadinterval="2">
<JVMOPTIONS>-Dorg.xml.sax.parser=org.xml.sax.helpers.XMLReaderAdapter</JVMOPTIONS>
<JVMOPTIONS>-Dorg.xml.sax.driver=org.apache.crimson.parser.XMLReaderImpl</JVMOPTIONS>
<JVMOPTIONS>-Djava.security.policy=/opt/SUNWwbsvr/servers/https-ETT03WEB02/config/server.policy</JVMOPTIONS>
<JVMOPTIONS>-Djava.security.auth.login.config=/opt/SUNWwbsvr/servers/https-ETT03WEB02/config/login.conf</JVMOPTIONS>
<JVMOPTIONS>-Djava.util.logging.manager=com.iplanet.ias.server.logging.ServerLogManager</JVMOPTIONS>
<JVMOPTIONS>-Xmx256m</JVMOPTIONS>
<JVMOPTIONS>-Xrs</JVMOPTIONS>
<SECURITY defaultrealm="file" anonymousrole="ANYONE" audit="false">
<AUTHREALM name="file" classname="com.iplanet.ias.security.auth.realm.file.FileRealm">
<PROPERTY name="file" value="/opt/SUNWwbsvr/servers/https-ETT03WEB02/config/keyfile"/>
<PROPERTY name="jaas-context" value="fileRealm"/>
</AUTHREALM>
<AUTHREALM name="ldap" classname="com.iplanet.ias.security.auth.realm.ldap.LDAPRealm">
<PROPERTY name="directory" value="ldap://localhost:389"/>
<PROPERTY name="base-dn" value="o=isp"/>
<PROPERTY name="jaas-context" value="ldapRealm"/>
</AUTHREALM>
<AUTHREALM name="certificate" classname="com.iplanet.ias.security.auth.realm.certificate.CertificateRealm"/>
</SECURITY>
<RESOURCES/>
</JAVA>
<LOG file="/opt/SUNWwbsvr/servers/https-ETT03WEB02/logs/errors" loglevel="finest" logtoconsole="true" usesyslog="false" createconsole="false" logstderr="true" logstdout="true" logvsid="false"/>
</SERVER> -
IE7 issue with Thumbnails div & Overflow
this has to do with layout of the the gallery page and an IE7
CSS issue.
I was playing with the Photo gallery demo and decided to
resize the thumbnails div to get different shape and found an issue
with IE7 and the overflow. if the tumbnail div height is set to say
100px, and set overflow:auto; it makes sense that the thumbnails in
the bottom 3 rows would not be visible unless you scrolled the div.
well it works fine in Firefox but IE draws thumbnails right
over the height boundry and on into the next div below. I thought
IE7 was supposed to fix the CSS hacks needed.
what is the hack to fix this?It could be a function of how the script is written and
changes being
made at the object-level. Rather than set position to
relative, you
might try using the proprietary Microsoft zoom property to
give the
naughty container layout.
your-container {zoom: 1;}
If that doesn't work, then you can resort to position:
relative.
Al Sparber - PVII
http://www.projectseven.com
Extending Dreamweaver - Nav Systems | Galleries | Widgets
Authors: "42nd Street: Mastering the Art of CSS Design" -
Memory Leak Issue With Win7 64 bit and Youtube.
I have a Win7 64 bit using IE9 with version 11.4.402.265 installed. 4 MB installed.
Whenever I go to Youtube or Liveleak, and watch videos, over time it uses up to 4gigs of my memory! Even if I close the window, it does not free up the memory until I Ctrl/Alt/Delete and shut down the window(s).
I normally only keep open 1-2 windows. Google toolbar is about the only thing installed. I can open 5 and more tabs, but as long as the site does not use flash, I don't have issues and each window usually uses under 200k memory watching them in task manager.
When I go to open and watch a youtube video, it slowly climbs to 200k and within an hour, I can be at 2 gigs or more memory and up to 4 gigs within 2 hours (or sometimes much sooner). Closing the window does not release the memory until I end task on it and then after a minute or so, the memory seems to clear and everything is back to normal.
I searched the forums and seems lots of users, report memory leaks, some using yahoo toolbar installed, which is not my case. I do use yahoo as my e-mail address, no idea if that is related or not. I had the same issue when I had the prior Flash version installed, this has been going on for months. Right now having only this window open, using 129, 192 memory. If I open one more window (using the 64 or 32 bit browser) and start youtube, the memory in that window keeps climbing about 50-100kb a second, so it adds up quickly. I have kaspersky running in the background and that is about it other then my nvida driver setup.
Really frustrating that so many people here and across the internet have reported this. I did have IE8 a few weeks ago and still had the same issue, upgraded to IE9 to see if that helped.
Interesting side note, if I pause a video, it slows way down on the memory leak, but still rises at a slower pace. I don't know if this is an IE thing or Flash. I have had this setup since 2009 and don't recall having issues with IE7. I use Youtube so much as a teaching instrument as a music teacher, so constantly have lessons going on it.
Thanks and hope someone has come up with something. I also build computers and have done some programming, so I could modify a file if needed with clear instructions.This could be similar to bug https://bugbase.adobe.com/index.cfm?event=bug&id=3334814
-
We recently started suffering an issue with our CSS11501S-K9 units not performing URL stickiness on our SSL wrapped L5 rules. I've spent dozens of manhours working on the problem, and have quite a bit of information to report, including a solution. There is a high probability that anybody who uses SSL to an L5 rule on a CSS unit will become affected by this problem over the next few weeks/months as users update their browsers with new SSL patches.
We hadn't made any changes to our config in months, and eliminated hardware problems by testing a second unit.
Here are the exact symptoms we saw:
Browsers affected: Firefox 10, Chrome, IE9, others (and some earlier versions of IE depending on patch levels)
Browsers not affected: FireFox 3.5, w3m 0.5.2, curl7.19.7
Impact 1: For SSL Rules backed by L5 rules, the initial response to the first request would be 3 seconds. Further requests on the same TCP connection would not be delayed
Impact 2: L5 rules being accessed via SSL would nolonger perform any URL based stickiness. Accessing the same rule skipping SSL, would work fine
I focused on the 3 second delay, since that was a new issue and was easier to debug than monitoring multiple servers to see if stickiness was broken. This is what I found when a client tries to connect to an SSL rule that ultimately is routed to a L5 HTTP rule:
1. Client/CSS perform initial TLS handshake, crypto cyphers determined (nearly instantly)
2. Client sends HTTP 1.1 request for resource (nearly instantly)
3. 3 seconds of no traffic in our out of the CSS related to this request
4. CSS opens an HTTP connection to backend webserver, backend webserver responds (nearly instantly)
5. The CSS seems to route to the backend server using the balance method (round-robin) instead of the advanced-balance method (url)
6. Response is sent to the client with the resource (nearly instantly)
7. Future requests sent from the browser on the same TCP connection have no delay, but the advanced-balance continues to be ignored
The 3 seconds is quite an exact figure (within a few milliseconds) and appears to be entirely happening inside of the CSS unit itself, since it does not connect to the backend server until after the 3 seconds elapse. 3 seconds smelled like some sort of internal timeout set in the CSS unit after it gives up waiting for something.
Looking at the packets from affected browsers I discovered that the GET /foobar HTTP/1.1 request was being broken into two separate TLSv1 application messages, the first was 24 bytes and the second was 400 bytes. Decrypting these messages I found the first message was a
G
and the second message was:
ET /foobar HTTP/1.1
This essentially splits the initial request the client is sending into two pieces. This confuses wireshark so much, it doesn't decode this as a HTTP request, and just decodes it as "continuation or non-HTTP traffic".
On the working browsers I saw only one TLSv1 application message, decrypting it I saw:
GET /foobar HTTP/1.1
(obviously I'm simplifying the contents of the request, there were lots of headers and stuff)
I am aware that the CSS can't handle L5 rules appropriately if they get fragmented, so I suspected this was the problem. I pulled a packet trace from a few years ago, and at that time confirmed we never saw a double TLSv1 application messages before.
A number of openssl vulnerabilities were recently fixed: http://www.ubuntu.com/usn/usn-1357-1
and browsers may have been recently updated to fix some of these issues, changing the way they encode their traffic.
Solution:
Our ssl config looked something like this:
ssl-proxy-list SSL_ACCEL
ssl-server 10 vip address XX.XX.XX.XX
ssl-server 10 rsakey XXXX
ssl-server 10 cipher rsa-with-3des-ede-cbc-sha XX.XX.XX.XX 80
ssl-server 10 cipher rsa-with-rc4-128-sha XX.XX.XX.XX 80
ssl-server 10 cipher rsa-with-rc4-128-md5 XX.XX.XX.XX 80
ssl-server 10 unclean-shutdown
ssl-server 10 rsacert XXXXXX
Removing:
ssl-server 10 cipher rsa-with-3des-ede-cbc-sha XX.XX.XX.XX 80
Solves the problem. After that's removed, the browsers will nolonger fragment the first character of their request into a separate TLSv1 message. The 3 second delay goes away, and L5 stickiness is fixed. The "CBC" in the cyper refers to Cypher-Block-Chaining (a great article here:
http://en.wikipedia.org/wiki/Cipher-block_chaining), and breaking the payload into multiple packages may have been an attempt to initialize the IV for encryption -- although I'm really just guessing, I stopped researching once I verified this solution was acceptable.
This issue became serious enough for us to notice first on Monday Feb 13th 2012. We believe a number of our large customers distributed workstation updates over the weekend. The customers affected were using IE7, although my personal IE7 test workstation did not appear to be affected. It's quite possible our customers were going through an SSL proxy. I suspect as more people upgrade their browsers, this will become a more serious issue for CSS users, and I hope this saves somebody a huge headache and problems with their production environment.
-JoeHi Joe,
That's a very good analysis you did.
As you already suspected, the issue comes from the TLS record fragmentation feature that was introduced in the latest browser versions to overcome a SSL vulnerability (http://www.kb.cert.org/vuls/id/864643). Unfortunately, similar issues are happening with multiple products.
For CSS, the bug tracking this issue is CSCtx68270. The development team is actively working on a fix for it, which should be available (in an interim software release, so to get it you wil have to go through TAC) in the next couple of weeks
In the meantime, as workaround, you can configure the CSS to use only RC4 cyphers (which is what you were suggesting also). These are not affected by the vulnerability, so, browsers don't apply the record fragmentation when they are in use. This workaround has been tested by several customers already, and the results seem to be very positive.
Regards
Daniel -
SSL VPN (WebVPN) issues with IOS 15.0(1)M1
Hello everyone... I need your help!
I am having some weird issues with webvpn/anyconnect, please find the relevant information below;
Symptoms:
- AnyConnect Client prompts users with the following error:
"The secure gateway has rejected the agent's VPN connect or reconnect request. A new connection requires re-authentication and must be started manually. Please contact your network administrator if this problem persists."
Debug:
Mar 5 13:09:45:
Mar 5 13:09:45: WV-TUNL: Tunnel CSTP Version recv use 1
Mar 5 13:09:45: WV-TUNL: Allocating tunl_info
Mar 5 13:09:45: WV-TUNL: Allocating stc_config
Mar 5 13:09:45: Inserting static route: 172.25.130.126 255.255.255.255 SSLVPN-VIF36 to routing table
Mar 5 13:09:45: WV-TUNL: Use frame IP addr (172.25.130.126) netmask (255.255.255.255)
Mar 5 13:09:45: WV-TUNL: Tunnel entry create failed:IP= 172.25.130.126 vrf=77 session=0x67234340
Mar 5 13:09:45: HTTP/1.1 401 Unauthorized
Mar 5 13:09:45:
Mar 5 13:09:45:
Mar 5 13:09:45:
Mar 5 13:09:45: Deleting static route: 172.25.130.126 255.255.255.255 SSLVPN-VIF36 from routing table
Mar 5 13:09:45: WV-TUNL: Failed to install (addr 172.25.130.126, table_id 77) to TCP
Mar 5 13:09:45: WV-TUNL*: Received server IP packet 0x6692EB08:
Mar 5 13:09:45: WV-TUNL: CSTP Message frame received from user usr-test (172.25.130.126)
WV-TUNL: Severity ERROR Type USER_LOGOUT
WV-TUNL: Text: HTTP response contained an HTTP error code.
Mar 5 13:09:45: WV-TUNL: Call user logout function
Mar 5 13:09:45: WV-TUNL: Clean-up tunnel session (usr-test)
When the error occurs, the "SVCIP install TCP failed" counter increments:
VPN-Router1# show webvpn stats detail context CUSTOMER-VPN
[snip]
Tunnel Statistics:
Active connections : 1
Peak connections : 3 Peak time : 19:09:04
Connect succeed : 9 Connect failed : 5
Reconnect succeed : 0 Reconnect failed : 0
SVCIP install IOS succeed: 14 SVCIP install IOS failed : 0
SVCIP clear IOS succeed : 18 SVCIP clear IOS failed : 0
SVCIP install TCP succeed: 9 SVCIP install TCP failed : 5
DPD timeout : 0
[snip]
IOS Version Details:
Cisco IOS Software, 7200 Software (C7200-ADVIPSERVICESK9-M), Version 15.0(1)M1, RELEASE SOFTWARE (fc1)
System image file is "disk2:c7200-advipservicesk9-mz.150-1.M1.bin"
The router also runs IPSEC remote access VPN in addition to the webvpn/anyconnect scheme.
Config:
webvpn context CUSTOMER-VPN
title "SSL VPN for Customer"
ssl authenticate verify all
login-message "Enter username and passcode"
policy group CUSTOMER-VPN
functions svc-required
svc keep-client-installed
svc split include 10.1.16.0 255.255.240.0
svc split include 10.1.2.0 255.255.254.0
vrf-name CUSTOMER-VPN
default-group-policy CUSTOMER-VPN
aaa authentication list AAA-LIST
aaa authentication auto
aaa accounting list AAA-LIST
gateway vpn virtual-host customer.xx.com
logging enable
inservice
The error happens sporadically, at least once a week, and on different contexts. Does anyone have any clue on what can cause this issue? Any help is appreciated!Have you seen my post https://supportforums.cisco.com/message/2016069#2016069 ?
At that point in time we were running with local pool definition.
As the http 401 rc happens very sporadically we still gathering incident reports internally.
Will open a case if you did not yet.
cheers, Andy -
Issue with SSL in web service.
Hi All,
We are having synchronous web service to proxy scenario in XI. We are trying to send a binary data using the SOAP web service to SAP via XI. Initially, we were posting large binary data using HTTP connection via XI from the SOAP client. The scenario was working without any issues.
Since the data is sensitive changed the web service from HTTP to HTTPS.The interface works without issues when we test it using the SOAP client for testing. When the data is sent using the Dot Net application (the end application) using the same webservice, URL (HTTPS connection) the message errors out. The connection is borken and the message fails. In this scenario, XI does not even receive the message which I can make out looking into the SOAP adapter communication channel.
The interesting fact here is the same Dot Net application is able to connect and send smaller binary data using HTTPS connection.
Could you please let us know if this could be the issue with HTTPS connection on XI side? I doubt it to be an issue on XI side because the adapter does not even receive any message when the scenario fails. But we used some HTTPS monitoring tools and found that the Dot Net Application receives some encrypted response from the server which the application is not able to decrypt and the handshake breaks.
Could you please throw some inputs into this issue.
Thanks,
Manohar.Hi Manohar
You have posted the same question with two different subject text
anyway follow these SAP notes your problem will be short out
Note 856597 - FAQ: XI 3.0 / PI 7.0 / PI 7.1 SOAP Adapter
https://websmp102.sap-ag.de/~form/handler?_APP=01100107900000000342&_EVENT=REDIR&_NNUM=856597&_NLANG=E
Note 856599 - FAQ: XI 3.0 / PI 7.0 / PI 7.1 Mail Adapter
https://websmp102.sap-ag.de/~form/handler?_APP=01100107900000000342&_EVENT=REDIR&_NNUM=856599&_NLANG=E
Note 870845 - XI 3.0 SOAP adapter SSL client certificate problem
https://websmp130.sap-ag.de/sap(bD1lbiZjPTAwMQ==)/bc/bsp/spn/sapnotes/index2.htm?numm=916664&nlang=EN&smpsrv=https%3a%2f%2fwebsmp102%2esap-ag%2ede
https://websmp130.sap-ag.de/sap(bD1lbiZjPTAwMQ==)/bc/bsp/spn/sapnotes/index2.htm?numm=870845&nlang=EN&smpsrv=https%3a%2f%2fwebsmp102%2esap-ag%2ede
check the OSS Note 554174 & see if it helps
Note 645357 - SAPHTTP: SSL error
https://websmp130.sap-ag.de/sap(bD1lbiZjPTAwMQ==)/bc/bsp/spn/sapnotes/index2.htm?numm=645357&nlang=EN&smpsrv=https%3a%2f%2fwebsmp102%2esap-ag%2ede
https://websmp130.sap-ag.de/sap(bD1lbiZjPTAwMQ==)/bc/bsp/spn/sapnotes/index2.htm?numm=1150980&nlang=EN&smpsrv=https%3a%2f%2fwebsmp102%2esap-ag%2ede
one alternative may be Restart ICM (Internet Communication Manager) .This will solve your HTTP issue
Cheers!!!!
Regards
sandeep
if helpful kindly reward points
Maybe you are looking for
-
Hi, Can anyone recommended software to import dvd to iMovies. I need to import about a dozen homemade DVD's and edit them into a single DVD comprising the 'best bits'. How best can I do this. I have an external hard drive available for the job
-
Applying a signature to Acrobat 9 Pro cause it to close.
Whenever I try to apply a signature to a PDF it causes Acrobat I get an error window that reads, "The instruction at "0x00000000" referenced memory at "0x00000000". The memory could not be "read"". Acrobat then closes and when I re-open it and try to
-
Keynote 6.0 not working with SMB servers
Since upgrading to 6,0 when I try to open a Keynote file saved on our SMB server, it starts filling up the directory with temporary files, and actually destroys the original file so it can no longer be opened. It keeps popping up a little warning say
-
Time Machine refers to a non-existing Sparsebundle
Hi there, I had set-up my Time Capsule and TM-back-up had been running for a couple weeks. However, out of the blue my complete TM-back-up/sparsebundle disappeared (really, completely gone :-() and had to be redone from scratch. I tried to simply sta
-
Possible to have "global" variable for book files?
I'm working in FM9, I am wondering if there is any way to have a variable that spans all the .fm files within a book file? thanks gary in vermont