How to extend WebLogic's Cipher Suites

Newbie question...
I've seen the list of WebLogic supported cipher suites. It doesn't seem to have AES and TDEA (3 key) built-in. Can it support these and if so how. Does one buy these from a 3rd party? If so, who?
Thanks.

These suites are not supported in 810. AES will be supported in the next major release. TDEA will not, since it is not supported by the SSL implementation used by WLS.

Similar Messages

  • How to extend Prebuilt SOA/BPM Suite VM domain to include IPM?

    I am using the Pre-built Virtual Machine for SOA Suite and BPM Suite 11g.  I want to extend the domain to include IPM because my BPM app needs to search and update document fields stored in the UCM repository.  When I use the Fusion Middleware Configuration Wizard to extend the domain to include IPM, it fails.
    One thing I noticed is that it doesn't recognize the existing components that are already in the domain.  For example, Enterprise Manager is not checked and grayed out as it should be.  (Maybe this is related to the fact this prebuilt VM has a "collapsed domain".)
    When I check IPM, it automatically checks "Oracle Enterprise Manager" and  "Oracle JRF" in the list.  Clicking next, it then complains of existing components (Oracle JRF), but I select "Keep existing component".  Eventually I receive this error message:
      CFGFWK-64056: There is a problem with the template!
    So, how can I get IPM working on this VM?  Or, is there another VM (or more than one) that will allow me to run SOA and BPM Suite, along with UCM and IPM?  As I said, I am creating a BPM app that needs to communicate with IPM to search for and update field data for documents stored in the UCM respository.

    Hi Preethi,
    I also have same kind of scenario. Were you able to refresh the workspace programatically?
    Thanks,
    Pradeep

  • Lumia 610 - How to extend ring and Nokia Suite iss...

    Hi there thought I would give you try again as you were very helpful to me in the past I have just taken delivery of nokia lumia 610, I know not the latest phone but for what I want I reckon it will suit however I have encountered 2 problems  First is there any way you can extend the length of time it rings before it goes to voicemail it only rings 3 times on my phone Secondly  nokia suite just does not seem to recognize my phone I follow all the instructions but it just will not connect    I have tried uninstall/reinstall but nothing works  I right click on the phone  symbol to add new phone, connect my USB as it says and nothing happens. I am not all that tech savy so if you have answer in layman's terms it would be appreciated
    Thanks   Eddie

    this is the worst nokia i have had, except the slide phone i had for 13 months that lost its speaker. i cant believe that the ring time cant be extended, this would be the only product on the world market that cant extend it ring time. i dont see your technical help answering the question.
    regards peter.
    weedougie wrote:
    Hi there thought I would give you try again as you were very helpful to me in the past I have just taken delivery of nokia lumia 610, I know not the latest phone but for what I want I reckon it will suit however I have encountered 2 problems  First is there any way you can extend the length of time it rings before it goes to voicemail it only rings 3 times on my phone Secondly  nokia suite just does not seem to recognize my phone I follow all the instructions but it just will not connect    I have tried uninstall/reinstall but nothing works  I right click on the phone  symbol to add new phone, connect my USB as it says and nothing happens. I am not all that tech savy so if you have answer in layman's terms it would be appreciated
    Thanks   Eddie

  • How to add a Cipher Suite using RSA 1024 algorithm to the 'SSL Cipher Suite Order' GPO

    Following a VA test the Default Domain GPO has been set to enable the SSL Cipher Suite Order.  Following the change Symantec Endpoint Protection Manager doesn't work properly as the the Home, Monitors and Reports pages are blank and an Schannel error is
    logged in the SEPM server's event log.
    I have spoken to Symantec and I have been told that we need to allow the RSA 1024 bit algorithm but they can't tell me which cipher suite this would be.  I have looked in the GPO setting and can't see an RSA 1024 suite but have found some in this article:
    http://tools.ietf.org/html/draft-ietf-tls-56-bit-ciphersuites-01
    I want to know how to add an additional cipher suite into the setting safely.  Am I able to just add the suite into the GPO setting (eg TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA) or do I need to do anything else beforehand?
    If anyone has any advice regarding this or cipher suite orders and troubleshooting SSL problems it would be much appreciated,
    Thanks
    Chris

    Hi Chris,
    Based on my research, RSA_EXPORT1024_DES_CBC_SHA is a previous cipher suite, which is supported, you can enable it use
    SSL Cipher Suite Order policy setting under Administrative Templates\Network\SSL Configuration Settings.
    More information for you:
    TLS/SSL Cryptographic Enhancements
    http://technet.microsoft.com/en-us/library/cc766285(v=WS.10).aspx
    Best Regards,
    Amy

  • Supported Cipher  suites.

    Hi All,
    I am successfully communicating with the server using HTTPS with HttpsConnection from my J2ME Midlet. I am using APACHE as HTTP Server. However, the best cipher suite negutiated between the device and the server used by HTTPS was DES-CBC3-SHA. As you can see, it uses DES, which is not quite as secure as AES.However despite a lot of effort, i am just not able to get it to use an AES cipher suite. Is AES part of any supported cipher suite by MIDP? If not, can anyone tell me how i can enumeration the cipher suites supported on the MIDLet?
    Thanks in advance
    Edited by: AUTOMATON on Sep 14, 2007 3:38 AM

    @superena,
    Thanks for the links, but they actually dont give me the info I need. What I want to do is to find out how many SSL cipher suites are supported by J2ME. I mean if there is a list somewhere, of if i can write a program that can enumerate them for me..

  • How to specify a cipher suit used between plugin and weblogic server?

    I install Weblogic8.1 SP3 which supports for strong cipher suits, and config an apache 2.50 server as an front end.
    I config appache to use 2 way SSL with browser and wls one way SSL with apache plugin. Then config apache to forward client certs to WLS. now the problem is, I can see that the SSL connection between browser and apache uses a strong cipher suit('SSL_RSA_WITH_RC4_128_MD5'), but the ssl connection bwtween apache plugin and WLS uses a weak cipher suit('SSL_RSA_EXPORT_WITH_RC4_40_MD5'), with the SnoopServlet, although I use the mod_wl128_20.so module. How can I increase the cipher strength of SSL between WLS and it's apache plugin?
    Thanks in advance.
    Best
    Regards
    Jean

    Hello Gunaseelan,
    This is not possible because WLS 6.1 needs a config.xml file, exactly this
    name, to start.
    What you can do is to define a recovery domain, called myrecovery_domain for
    instance, and put the config_recovery.xml, renamed "config.xml".
    Hope this helps,
    Ludovic.
    Developer Relations Engineer
    BEA Support.
    "Gunaseelan Venkateswaran" <[email protected]> a écrit dans le message
    news: 3cd6a324$[email protected]..
    >
    Hi,
    I have 2 weblogic startup scripts (startWebLogic.sh and
    startWebLogic_recovery.sh) for the same domain.
    startWebLogic.sh uses config.xml file.
    I would like to use config_recovery.xml as the configuration file forstartWebLogic_recovery.sh
    >
    >
    How would I do this ?
    I am using WebLogic Server 6.1 on SunOS 5.8 / HP-UX 11.0.
    Appreciate any help.
    Regards
    Gunaseelan Venkateswaran

  • How can I control the list of cipher suites offered in the SSL Client Hello message? I want to forbid MD5 and RC4.

    How can I control the list of cipher suites offered in the SSL Client Hello message?
    I want to limit my browser to negotiating strong cipher suites. I'd like to forbid DES, MD5 and RC4.

    Set the related SSL3 prefs to false on the about:config page (Filter: security.ssl3.).
    *http://kb.mozillazine.org/about:config

  • How to locate and configure SSL cipher suites

    hi all,
    i wanted to knw how Ciphersuites that are used in SSL Connections are picked up by the JVM or whoever is responsible for establishing the connection at lower level. I mean there are methods in SSLSocketFactory, HttpsURLConnection named getEnabledCipherSuites(). I was just wondering where these default cipher suites are picked up. Is there any configuration file or some setting where we can add our own cipher suite to the list?
    Please advice.
    Thanks in advance :)
    Arun

    hi,
    As already we have discussed this, we can set the ciphersuite used in the SSLConnection using SSLSocket.setEnabledCIpherSuite() function only. And getSupportedCipherSuites() function returns the list of cipher suites that are supported by the connection.
    But i want to set ciphersuite in SSLConnection using HttpsURLConnection. Under this class (HttpsURLConnection) there is no such method where u can specify the ciphersuite.
    So i am trying to find out when an SSL connection is setup from where does the JVM loads the cipher suites? I checked the All the basic classes in javax.net.ssl package and all contain the methods as abstract. So if anybody has any idea regarding where these supported cipher suites are located in jdk please let me knw.
    Thanks in advance :)
    Arun

  • Schannel cipher suites and ChaCha20

    Is there a blog or other communications channel devoted to the PKI internals of Windows? Most security researchers focus on Linux web servers/OpenSSL, but there are folks in the Windows world who really care about this stuff too, and we'd like to hear
    about what the Windows PKI developers are working on and planning, and perhaps interact with comments and suggestions.
    Because I couldn't find any discussion about Schannel development, I started a
    feature suggestion on the Windows User Voice site for Microsoft to add ChaCha20-Poly1305 cipher suites to Schannel, mostly for the benefit of mobile visitors to IIS websites, but also to help Windows phones and tablets that don't have integrated CPU extensions
    for GCM encryption (improved speed and reduced power consumption).
    It's frustrating to be a security-focused IIS website administrator. Schannel is a "black box" that we can't tinker with or extend ourselves, and support for modern ciphers has been lagging behind other website and client software (it looks like we'll
    at least finally get strong and forward secret ECDHE_RSA + AES + GCM suites with Windows 10 and Server vNext/2016). The methods for configuring cipher suite orders and TLS versions could really use a rethink too (thank goodness for IISCrypto).

    Hi Jamie_E,
    May the following article can help you,
    Cipher Suites in Schannel
    http://msdn.microsoft.com/en-us/library/windows/desktop/aa374757%28v=vs.85%29.aspx
    Managing SSL for a Client Access Server
    http://technet.microsoft.com/en-us/library/bb310795.aspx
    Configuring Secure Sockets Layer in IIS 7
    http://technet.microsoft.com/en-us/library/cc771438(WS.10).aspx
    How to enable Schannel event logging in IIS
    https://vkbexternal.partners.extranet.microsoft.com/VKBWeb/?portalId=1#
    How to restrict the use of certain cryptographic algorithms and protocols in Schannel.dll
    http://support.microsoft.com/kb/245030/EN-US
    I’m glad to be of help to you!
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

  • Disabling Cipher Suites

    I am trying to disable cipher suites on Weblogic Server 8.1. Does anyone know how to do this?
    For example, if I want to disable the cipher suite "TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA" how would I do it?
    We are trying to restrict clients to only use certiain cipher suites that ensure a high key length. By disabling certain cipher suites we can restrict the "less secure" sessions.
    Thanks!
    Rob

    I found it. In the config.xml under SSL, there is a setting for "Ciphersuites".
    Thanks!
    Rob

  • SSLHandshakeException: no Cipher suits in common

    Hi
    I have created a self signed certificate using keytool utility using RSA algorithm, key algorithm as SHA1WITHRSA. When I am trying to proxy the requests from IIS 7.5, I am getting below exception in weblogic logs.
    Please let me know how do I go about debugging this.
    <26 Nov, 2014 7:29:42 PM IST> <Debug> <SecuritySSL> <BEA-000000> <DynamicJSSEListenThread[DefaultSecure] 33 cipher suites enabled:>
    <26 Nov, 2014 7:29:42 PM IST> <Debug> <SecuritySSL> <BEA-000000> <TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256>
    <26 Nov, 2014 7:29:42 PM IST> <Debug> <SecuritySSL> <BEA-000000> <TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256>
    <26 Nov, 2014 7:29:42 PM IST> <Debug> <SecuritySSL> <BEA-000000> <TLS_RSA_WITH_AES_128_CBC_SHA256>
    <26 Nov, 2014 7:29:42 PM IST> <Debug> <SecuritySSL> <BEA-000000> <TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256>
    <26 Nov, 2014 7:29:42 PM IST> <Debug> <SecuritySSL> <BEA-000000> <TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256>
    <26 Nov, 2014 7:29:42 PM IST> <Debug> <SecuritySSL> <BEA-000000> <TLS_DHE_RSA_WITH_AES_128_CBC_SHA256>
    <26 Nov, 2014 7:29:42 PM IST> <Debug> <SecuritySSL> <BEA-000000> <TLS_DHE_DSS_WITH_AES_128_CBC_SHA256>
    <26 Nov, 2014 7:29:42 PM IST> <Debug> <SecuritySSL> <BEA-000000> <TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA>
    <26 Nov, 2014 7:29:42 PM IST> <Debug> <SecuritySSL> <BEA-000000> <TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA>
    <26 Nov, 2014 7:29:42 PM IST> <Debug> <SecuritySSL> <BEA-000000> <TLS_RSA_WITH_AES_128_CBC_SHA>
    <26 Nov, 2014 7:29:42 PM IST> <Debug> <SecuritySSL> <BEA-000000> <TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA>
    <26 Nov, 2014 7:29:42 PM IST> <Debug> <SecuritySSL> <BEA-000000> <TLS_ECDH_RSA_WITH_AES_128_CBC_SHA>
    <26 Nov, 2014 7:29:42 PM IST> <Debug> <SecuritySSL> <BEA-000000> <TLS_DHE_RSA_WITH_AES_128_CBC_SHA>
    <26 Nov, 2014 7:29:42 PM IST> <Debug> <SecuritySSL> <BEA-000000> <TLS_DHE_DSS_WITH_AES_128_CBC_SHA>
    <26 Nov, 2014 7:29:42 PM IST> <Debug> <SecuritySSL> <BEA-000000> <TLS_ECDHE_ECDSA_WITH_RC4_128_SHA>
    <26 Nov, 2014 7:29:42 PM IST> <Debug> <SecuritySSL> <BEA-000000> <TLS_ECDHE_RSA_WITH_RC4_128_SHA>
    <26 Nov, 2014 7:29:42 PM IST> <Debug> <SecuritySSL> <BEA-000000> <SSL_RSA_WITH_RC4_128_SHA>
    <26 Nov, 2014 7:29:42 PM IST> <Debug> <SecuritySSL> <BEA-000000> <TLS_RSA_WITH_RC4_128_SHA>
    <26 Nov, 2014 7:29:42 PM IST> <Debug> <SecuritySSL> <BEA-000000> <TLS_ECDH_ECDSA_WITH_RC4_128_SHA>
    <26 Nov, 2014 7:29:42 PM IST> <Debug> <SecuritySSL> <BEA-000000> <TLS_ECDH_RSA_WITH_RC4_128_SHA>
    <26 Nov, 2014 7:29:42 PM IST> <Debug> <SecuritySSL> <BEA-000000> <TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA>
    <26 Nov, 2014 7:29:42 PM IST> <Debug> <SecuritySSL> <BEA-000000> <TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA>
    <26 Nov, 2014 7:29:42 PM IST> <Debug> <SecuritySSL> <BEA-000000> <SSL_RSA_WITH_3DES_EDE_CBC_SHA>
    <26 Nov, 2014 7:29:42 PM IST> <Debug> <SecuritySSL> <BEA-000000> <TLS_RSA_WITH_3DES_EDE_CBC_SHA>
    <26 Nov, 2014 7:29:42 PM IST> <Debug> <SecuritySSL> <BEA-000000> <TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA>
    <26 Nov, 2014 7:29:42 PM IST> <Debug> <SecuritySSL> <BEA-000000> <TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA>
    <26 Nov, 2014 7:29:42 PM IST> <Debug> <SecuritySSL> <BEA-000000> <SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA>
    <26 Nov, 2014 7:29:42 PM IST> <Debug> <SecuritySSL> <BEA-000000> <TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA>
    <26 Nov, 2014 7:29:42 PM IST> <Debug> <SecuritySSL> <BEA-000000> <SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA>
    <26 Nov, 2014 7:29:42 PM IST> <Debug> <SecuritySSL> <BEA-000000> <TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA>
    <26 Nov, 2014 7:29:42 PM IST> <Debug> <SecuritySSL> <BEA-000000> <SSL_RSA_WITH_RC4_128_MD5>
    <26 Nov, 2014 7:29:42 PM IST> <Debug> <SecuritySSL> <BEA-000000> <TLS_RSA_WITH_RC4_128_MD5>
    <26 Nov, 2014 7:29:42 PM IST> <Debug> <SecuritySSL> <BEA-000000> <TLS_EMPTY_RENEGOTIATION_INFO_SCSV>
    <26 Nov, 2014 7:29:42 PM IST> <Debug> <SecuritySSL> <BEA-000000> <[Thread[DynamicJSSEListenThread[DefaultSecure],9,WebLogicServer]]weblogic.security.SSL.jsseadapter: SSLENGINE: SSLEngine.setWantClient
    Auth(boolean): value=false.>
    <26 Nov, 2014 7:29:42 PM IST> <Debug> <SecuritySSL> <BEA-000000> <[Thread[DynamicJSSEListenThread[DefaultSecure],9,WebLogicServer]]weblogic.security.SSL.jsseadapter: SSLENGINE: SSLEngine.setUseClientM
    ode(boolean): value=false.>
    <26 Nov, 2014 7:29:42 PM IST> <Debug> <SecuritySSL> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseada
    pter: SSLENGINE: SSLEngine.unwrap(ByteBuffer,ByteBuffer[]) called: result=Status = OK HandshakeStatus = NEED_TASK
    bytesConsumed = 52 bytesProduced = 0.>
    <26 Nov, 2014 7:29:42 PM IST> <Debug> <SecuritySSL> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseada
    pter: SSLENGINE: Exception occurred during SSLEngine.wrap(ByteBuffer,ByteBuffer).
    javax.net.ssl.SSLHandshakeException: no cipher suites in common
            at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1362)
            at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:513)
            at sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1197)
            at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1169)
            at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:469)
            at weblogic.security.SSL.jsseadapter.JaSSLEngine$1.run(JaSSLEngine.java:68)
            at weblogic.security.SSL.jsseadapter.JaSSLEngine.doAction(JaSSLEngine.java:732)
            at weblogic.security.SSL.jsseadapter.JaSSLEngine.wrap(JaSSLEngine.java:66)
            at weblogic.socket.JSSEFilterImpl.wrapAndWrite(JSSEFilterImpl.java:619)
            at weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:91)
            at weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:64)
            at weblogic.socket.JSSEFilterImpl.isMessageComplete(JSSEFilterImpl.java:282)
            at weblogic.socket.SocketMuxer.readReadySocketOnce(SocketMuxer.java:962)
            at weblogic.socket.SocketMuxer.readReadySocket(SocketMuxer.java:889)
            at weblogic.socket.JavaSocketMuxer.processSockets(JavaSocketMuxer.java:339)
            at weblogic.socket.SocketReaderRequest.run(SocketReaderRequest.java:29)
            at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
            at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
    Caused By: javax.net.ssl.SSLHandshakeException: no cipher suites in common
            at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
            at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1639)
            at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:278)
            at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:266)
            at sun.security.ssl.ServerHandshaker.chooseCipherSuite(ServerHandshaker.java:892)
            at sun.security.ssl.ServerHandshaker.clientHello(ServerHandshaker.java:620)
            at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:167)
            at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
            at sun.security.ssl.Handshaker$1.run(Handshaker.java:808)
            at sun.security.ssl.Handshaker$1.run(Handshaker.java:806)
            at java.security.AccessController.doPrivileged(Native Method)
            at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1299)
            at weblogic.socket.JSSEFilterImpl.doTasks(JSSEFilterImpl.java:186)
            at weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:95)
            at weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:64)
            at weblogic.socket.JSSEFilterImpl.isMessageComplete(JSSEFilterImpl.java:282)
            at weblogic.socket.SocketMuxer.readReadySocketOnce(SocketMuxer.java:962)
            at weblogic.socket.SocketMuxer.readReadySocket(SocketMuxer.java:889)
            at weblogic.socket.JavaSocketMuxer.processSockets(JavaSocketMuxer.java:339)
            at weblogic.socket.SocketReaderRequest.run(SocketReaderRequest.java:29)
            at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
            at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
    >
    <26 Nov, 2014 7:29:42 PM IST> <Debug> <SecuritySSL> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseada
    pter: SSLENGINE: SSLEngine.closeOutbound(): value=closed.>
    <26 Nov, 2014 7:29:42 PM IST> <Debug> <SecuritySSL> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseada
    pter: SSLENGINE: SSLEngine.wrap(ByteBuffer,ByteBuffer) called: result=Status = CLOSED HandshakeStatus = NEED_UNWRAP
    bytesConsumed = 0 bytesProduced = 7.>
    Regards
    PPK

    Hi gimbal2,
    I've already googled the error but I didn't find anything useful: however I will try again.
    Thank you,
    AndreaWeird, because the first result I got was a highly informative stackoverflow post. I think you need to blame more what you were looking for: you were looking for a cut, copy and paste solution in stead of searching for information to understand the problem and solve it. But that is conjecture on my part, feel free to ignore me.I read that stackoverflow post (about forcing the RSA algorithm instead of the default DSA) some days ago but didn't fully understant it; now I first generated a keystore with the RSA algorithm then I imported the certificate and now it almost works, I.E. now warns me about the certificate not being trusted while it should (I can see the issuer in the Trusted Root CA of the browser). To recap:
    - in every browser at the customer sites there are two certificates installed (one intermediate and one wildcard)
    - the customer can use a Web MS application and has imported a certificate in IIS, so I exported this certificate and imported it in the keystore but I get the error about the CA not being trusted.
    So now it's not working and I will try to import the intermediate and the wildcard certificate (I think this could solve). I will post the result.
    Thank you gimbal2.

  • How to extend an address of a BP  with more fields ???? EEWB??

    Hi Gurus,
    I need to extend the address of a BP with some customer fields. I have tried to do it using EEWB but when you have to choose a Business Object for the new extension, the reasonable only possibility is to choose BUPA Object. Thus, the DB table BUT000 is extended with a custom include that contains the customer fields, but what I want to do is extending ADRC DB table. There is some way that I do not know of achieve this in which the system creates automatically all the FM for the BDT events????
    If it is not possible, which would be the procedure to do that with my own development???
    Thanks in Advance.
    Regards,
    Rosa

    Rosa, you can only extend table BUP000 and not the actual address table. Sorry for that for more details on how to extend the BP itself refer to my WeBLOG I wrote on this. Have fun and let me know whether you need more help, Tiest.
    Also do not forget to award points to useful responses.
    <a href="/people/tiest.vangool/blog/2005/07/24/pc-ui-and-easy-enhancement-workbench-eew-integration and Easy Enhancement Workbench (EEW) Integration</a>

  • Handshake_failure (no cipher suites in common) error

    Requirement
    1. Login to a HTTPS site with the given site username and password through a proxy server (Proxy server doesn't require authentication)
    2. Then upload a document in the site
    Jars used
    jsse.jar
    Jcert.jar
    Jnet.jar
    Environment
    Unix \ Weblogic
    Code
    import java.io.*;
    import java.net.*;
    import java.util.*;
    import java.security.*;
    import javax.net.ssl.*;
    String loginURL = config.getProperty("LoginURL");
    String putURL = config.getProperty("PutURL");
    // This is where we have stored the certificate from the server using keytool
    //keytool -import -alias ca -file xxx.cer -trustcacerts -v -keystore "cacerts"
    //Stored the certificate by viewing the site throw the browser and save it locally
    String certFile = config.getProperty("GetCertpath");
    // Set proxy
    System.setProperty("https.proxyHost", config.getProperty("Proxy"));
    System.setProperty("https.proxyPort", config.getProperty("ProxyPort"));
    Security.addProvider( new com.sun.net.ssl.internal.ssl.Provider() );
    System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
    // We are overriding the system default trust store
    System.setProperty( "javax.net.ssl.trustStore", certFile);
    URL dataURL = new URL(null, loginURL, new com.sun.net.ssl.internal.www.protocol.https.Handler());
    com.sun.net.ssl.HttpsURLConnection connection = (com.sun.net.ssl.HttpsURLConnection) dataURL.openConnection();
    connection.setHostnameVerifier(new HostnameVerifierImpl());
    connection.setInstanceFollowRedirects(true); // Follow redirects by host
    // Create login header
    String hostlogin = config.getProperty("userID") + ":" + config.getProperty("password");
    String encodedHostLogin = Base64Converter.encode(hostlogin.getBytes());
    connection.setRequestProperty("Authorization", "Basic " + encodedHostLogin);
    // Get the cookie. We'll need it to maintain the session
    cookie = connection.getHeaderField("Set-Cookie");
    // Read the host's reply, and dump
    BufferedReader in = new BufferedReader(new InputStreamReader(connection.getInputStream())); //ERROR at this point
    //System.out.print("## INFO: Host Replied...");
    String line = null;
    while((line = in.readLine()) != null)
    //System.out.println(line);
    in.close();
    Error Dump
    Exception occured Received fatal alert: handshake_failure (no cipher suites in common)
    javax.net.ssl.SSLException: Received fatal alert: handshake_failure (no cipher suites in common)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b([DashoPro-V1.2-120198])
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a([DashoPro-V1.2-120198])
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a([DashoPro-V1.2-120198])
    at com.sun.net.ssl.internal.ssl.AppOutputStream.write([DashoPro-V1.2-120198])
    at java.io.OutputStream.write(OutputStream.java:56)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake([DashoPro-V1.2-120198])
    at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.doConnect([DashoPro-V1.2-120198])
    at com.sun.net.ssl.internal.www.protocol.https.NetworkClient.openServer([DashoPro-V1.2-120198])
    at com.sun.net.ssl.internal.www.protocol.https.HttpClient.l([DashoPro-V1.2-120198])
    at com.sun.net.ssl.internal.www.protocol.https.HttpClient.<init>([DashoPro-V1.2-120198])
    at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.<init>([DashoPro-V1.2-120198])
    at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.a([DashoPro-V1.2-120198])
    at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.a([DashoPro-V1.2-120198])
    at com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnection.connect([DashoPro-V1.2-120198])
    at com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnection.getInputStream([DashoPro-V1.2-120198])
    Questions
    1. The client (we\our application) does not have any certificates. We just have to login to the site with the id and password and upload a file. What extra we should do to avoid this error?

    This is the full debug info
    *** ClientHello, v3.1
    RandomCookie: GMT: 1061973650 bytes = { 66, 125, 28, 182, 32, 174, 11, 166, 105, 30, 208, 142, 122, 250, 76, 48, 46, 41, 230, 73, 229, 20, 7, 5, 25, 218, 181, 43 }
    Session ID: {}
    Cipher Suites: { 0, 3, 0, 17 }
    Compression Methods: { 0 }
    [write] MD5 and SHA1 hashes: len = 47
    0000: 01 00 00 2B 03 01 3F 4C 6F 92 42 7D 1C B6 20 AE ...+..?Lo.B... .
    0010: 0B A6 69 1E D0 8E 7A FA 4C 30 2E 29 E6 49 E5 14 ..i...z.L0.).I..
    0020: 07 05 19 DA B5 2B 00 00 04 00 03 00 11 01 00 .....+.........
    main, WRITE: SSL v3.1 Handshake, length = 47
    [write] MD5 and SHA1 hashes: len = 50
    0000: 01 03 01 00 09 00 00 00 20 00 00 03 02 00 80 00 ........ .......
    0010: 00 11 3F 4C 6F 92 42 7D 1C B6 20 AE 0B A6 69 1E ..?Lo.B... ...i.
    0020: D0 8E 7A FA 4C 30 2E 29 E6 49 E5 14 07 05 19 DA ..z.L0.).I......
    0030: B5 2B .+
    main, WRITE: SSL v2, contentType = 22, translated length = 16337
    main, READ: SSL v3.1 Alert, length = 2
    main, RECV SSLv3 ALERT: fatal, handshake_failure
    %% No cached client session
    *** ClientHello, v3.1
    RandomCookie: GMT: 1061973650 bytes = { 2, 6, 51, 93, 63, 135, 69, 177, 206, 97, 223, 48, 244, 40, 179, 108, 54, 67, 148, 76, 251, 197, 152, 112, 73, 142, 206, 13 }
    Session ID: {}
    Cipher Suites: { 0, 3, 0, 17 }
    Compression Methods: { 0 }
    [write] MD5 and SHA1 hashes: len = 47
    0000: 01 00 00 2B 03 01 3F 4C 6F 92 02 06 33 5D 3F 87 ...+..?Lo...3]?.
    0010: 45 B1 CE 61 DF 30 F4 28 B3 6C 36 43 94 4C FB C5 E..a.0.(.l6C.L..
    0020: 98 70 49 8E CE 0D 00 00 04 00 03 00 11 01 00 .pI............
    main, WRITE: SSL v3.1 Handshake, length = 47
    [write] MD5 and SHA1 hashes: len = 50
    0000: 01 03 01 00 09 00 00 00 20 00 00 03 02 00 80 00 ........ .......
    0010: 00 11 3F 4C 6F 92 02 06 33 5D 3F 87 45 B1 CE 61 ..?Lo...3]?.E..a
    0020: DF 30 F4 28 B3 6C 36 43 94 4C FB C5 98 70 49 8E .0.(.l6C.L...pI.
    0030: CE 0D ..
    main, WRITE: SSL v2, contentType = 22, translated length = 16337
    main, READ: SSL v3.1 Alert, length = 2
    main, RECV SSLv3 ALERT: fatal, handshake_failure
    Exception in thread "main" javax.net.ssl.SSLException: Received fatal alert: handshake_failure (no cipher suites in common)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b([DashoPro-V1.2-120198])
         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a([DashoPro-V1.2-120198])
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a([DashoPro-V1.2-120198])
    at com.sun.net.ssl.internal.ssl.AppOutputStream.write([DashoPro-V1.2-120198])
    at java.io.OutputStream.write(OutputStream.java:56)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake([DashoPro-V1.2-120198])
    at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.doConnect([DashoPro-V1.2-120198])
    at com.sun.net.ssl.internal.www.protocol.https.NetworkClient.openServer([DashoPro-V1.2-120198])
    at com.sun.net.ssl.internal.www.protocol.https.HttpClient.l([DashoPro-V1.2-120198])
    at com.sun.net.ssl.internal.www.protocol.https.HttpClient.<init>([DashoPro-V1.2-120198])
    at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.<init>([DashoPro-V1.2-120198])
    at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.a([DashoPro-V1.2-120198])
    at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.a([DashoPro-V1.2-120198])
    at com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnection.connect([DashoPro-V1.2-120198])
    at com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnection.getInputStream([DashoPro-V1.2-120198])
    Apart from this,
    1. When we run the same code in the Windows 2000 environment it works.
    2. We want the code to run in the unix box.
    3. We have also placed jsse.jar, jcert.jar and jnet.jar in the jre/lib/ext folder
    4.Took the following existing file "cacerts" from jre/lib/security folder
    5. Saved the certificate from the site through the browser as xxx.cer
    6. Put both the files cacerts and xxx.cer in a directory
    7. Added the xxx.cer to the cacerts using the following command
    keytool -import -alias ca -file xxx.cer -trustcacerts -v -keystore "cacerts"
    8. In the java code set the following property,
    System.setProperty( "javax.net.ssl.trustStore", path to the cacerts file);

  • Transport Layer Security Cipher Suites in Safari

    Does anyone happen to know which Transport Layer Security (TLS) Cipher Suites Safari 4 supports?
    Specifically, does it support the Elliptic Curve suites from RFC 4492? How about AES?
    Thanks!

    Hi,
    i`m only aware that SSL is supported. If you need an official Statement i would recommend you open an OSS Message with the SAP Support.
    Regards
    -Seb.

  • Setting cipher suites for ssl sockets

    Hi
    While setting cipher suites for ssl serversocket and socket, there may be lot of stream ciphers and block ciphers in the list. (also there may or may not be anonymous cipher suites).
    How does the ssl socket decide which cipher suite to use?
    Sorry for this newbie question.
    Thank you.

    Have you read the JSSE Reference Guide? It has a really good description of how the SSL handshake works. Part of the "Client Hello" step includes sending all the cipher-suites the client has enabled. The server picks the "best" of that set, that the server also supports, and sends it back as part of the "Server Hello". Both sides switch to that set.
    Now, what "best" means isn't defined. I'm not sure what criteria the server uses to determine that. Maybe someone else reading the thread can chime in.
    Grant

Maybe you are looking for