Poor performance in establishing an SSL connection

Similar Messages

• Unable to establish any ssl connection

  Since my last update im not able to load any ssl webpage from my system.
  If i try with curl or wget, i get various SSL errors like
  "OpenSSL: error:0407006A:rsa routines: RSA_padding_check_PKCS1_type_1:block type is not 01"
  "OpenSSL: error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed"
  "OpenSSL: error:1408D07B:SSL routines:SSL3_GET_KEY_EXCHANGE:bad signature"
  "Read error at byte xxx (error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac)."
  Im using a d-link DWA-131 (r8712u module). The problem does not appear when using the wired interface. Windows 7 has no problem with the wireless dongle too.
  Could anyone point me in the right direction for finding a solution to this?

  This seems to be an issue with the r8712u driver (https://bugzilla.kernel.org/show_bug.cgi?id=45071) which was not happening before. Ill keep the thread updated.
  Last edited by honzor (2012-09-10 16:22:52)

• Establish SSL connection to Oracle Instance w/JDBC Thin Client

  Hello all,
  I am writing a monitoring utility that will allow me to establish connections to both Oracle instances and LDAP repositories and query them to determine that they are up and running. My utility consists of a number of objects that handle connections to the LDAP and Oracle instances. I need to be able to do SSL and non-SSL connections to said instances.
  My issue is this: I am able to do SSL and non-SSL to LDAP, and non-SSL to an Oracle instance. I am having problems, though, establishing an SSL connection to an Oracle instance (I am using the thin client). Whenever I try, a SQLException is thrown that states: "Encountered a problem with the secret store. Check the wallet location for the presense of an <b>open</b> wallet (cwallet.sso) and ensure that the wallet contains the correct credentials..."
  Ok, a little background for those who may need it. Oracle uses a wallet to hold certs that allow SSL connections. I have a wallet on my box, and, from the command line, I am able to sqlplus into and tnsping the appropriate Oracle instances, so I know it is setup properly. The inability to connect only occurs in my code. My code looks like this:
  DriverManager.registerDriver(new oracle.jdbc.driver.OracleDriver());
  Security.addProvider(new oracle.security.pki.OraclePKIProvider());
  /*Setup connection properties*/
  String connectionString = "testbox01:1000:ssl_instances_name";
  String userName = "userName";
  String pwd = "password";
  Properties props = new Properties();
  props.put("oracle.net.ssl_version", 3.0");
  props.put("oracle.net.wallet_location", "SOURCE=(METHOD=file)(METHOD_DATA=(DIRECTORY=c:\\wallet)))");
  props.put("oracle.net.ssl_cipher_suites", "ssl cipher suites");
  props.put("oracle.net.ssl_server_dn_match", "FALSE");
  props.put("oracle.net.ssl_client_authentication", "true");
  /*Do connection and return connection object
  OracleDataSource ods = new OracleDataSource();
  ods.setUser(userName);
  ods.setPassword(pwd);
  ods.setUrl("jdbc:oracle:thin:@" + connectionString);
  ods.setConnectionProperties(props);
  Connection conn = ods.getConnection(); <---This is where code errors out with SQLException described above.
  return conn;
  And that's pretty much it. Anyone have any ideas?

  Ok, that looked horrible. Let's try this again:<br>
  <br>
  I am writing a monitoring utility that will allow me to establish connections to both Oracle instances and LDAP repositories and query them to determine that they are up and running. My utility consists of a number of objects that handle connections to the LDAP and Oracle instances. I need to be able to do SSL and non-SSL connections to said instances.<br>
  <br>
  My issue is this: I am able to do SSL and non-SSL to LDAP, and non-SSL to an Oracle instance. I am having problems, though, establishing an SSL connection to an Oracle instance. Whenever I try, a SQLException is thrown that states: "Encountered a problem with the secret store. Check the wallet location for the presense of an <b>open</b> wallet (cwallet.sso) and ensure that the wallet contains the correct credentials..."<br>
  <br>
  Ok, a little background for those who may need it. Oracle uses a wallet to hold certs that allow SSL connections. I have a wallet on my box, and, from the command line, I am able to sqlplus into and tnsping the appropriate Oracle instances, so I know it is setup properly. The inability to connect only occurs in my code. My code looks like this:<br>
  <br>
  *****<br>
  <br>
  DriverManager.registerDriver(new oracle.jdbc.driver.OracleDriver());<br>
  Security.addProvider(new oracle.security.pki.OraclePKIProvider());<br>
  <br>
  /*Setup connection properties*/<br>
  <br>
  String connectionString = "testbox01:1000:ssl_instances_name";<br>
  String userName = "userName";<br>
  String pwd = "password";<br>
  <br>
  Properties props = new Properties();<br>
  props.put("oracle.net.ssl_version", 3.0");<br>
  props.put("oracle.net.wallet_location", "SOURCE=(METHOD=file)(METHOD_DATA=(DIRECTORY=c:\\wallet)))");<br>
  props.put("oracle.net.ssl_cipher_suites", "ssl cipher suites");<br>
  props.put("oracle.net.ssl_server_dn_match", "FALSE");<br>
  props.put("oracle.net.ssl_client_authentication", "true");<br>
  <br>
  /*Do connection and return connection object*/<br>
  OracleDataSource ods = new OracleDataSource();<br>
  ods.setUser(userName);<br>
  ods.setPassword(pwd);<br>
  ods.setUrl("jdbc:oracle:thin:@" + connectionString);<br>
  ods.setConnectionProperties(props);<br>
  <br>
  Connection conn = ods.getConnection(); <---This is where code errors out with SQLException described above.<br>
  <br>
  return conn;<br>
  <br>
  *****<br>
  <br>
  And that's pretty much it. Anyone have any ideas?<br>

• SSL connection, KeyManager and TrustManager

  Hello everyone,
  I am trying to established an SSL connection to a OC4J Server. The server is correctly configured, as the communications using Internet Explorer goes well.
  I am using JDK 1.3.1_06 with JSSE 1.0.3 and OC4J 9.0.3.
  But now I have a stand-alone java program that sends SOAP messages to the ssl port in the server using JAXM. When I send the message, I received the following exception:
  javax.net.ssl.SSLException: untrusted server cert chain
  The following I tried was to connect using a socket to test the handshacking. I received the same exception.
  I am using a KeyStore dinamically generated with the PKCS12 certificate of the cliente that is requesting the service, and a TrustStore dinamically generated with the CA certificate for both the client and the server. I am also tries to use the default cacerts file with this certificate imported in.
  The KeyManager is initialized in this way:
  ----- KeyManager start -----
  java.security.KeyStore ks = java.security.KeyStore.getInstance
       ("pkcs12", "SunJSSE");
  ks.load(new FileInputStream(file),pass.toCharArray());
  KeyManagerFactory kmf = KeyManagerFactory.getInstance     ("SunX509", "SunJSSE");
  kmf.init(ks, pass.toCharArray());
  KeyManager[] km = (KeyManager[])kmf.getKeyManagers();
  ----- KeyManager end -----
  The TrustManager is initialized in this way:
  ----- TrustManager start -----
  FileInputStream fis = new FileInputStream(file);
  java.io.DataInputStream dis = new java.io.DataInputStream(fis);
  byte[] bytes = new byte[dis.available()];
  dis.readFully(bytes);
  java.io.ByteArrayInputStream bais =
       new java.io.ByteArrayInputStream(bytes);
  java.security.cert.CertificateFactory cf =          java.security.cert.CertificateFactory.getInstance("X.509");
  java.security.cert.X509Certificate caCert =
       (java.security.cert.X509Certificate)
            cf.generateCertificate(bais);
  java.security.KeyStore ksCA =
       java.security.KeyStore.getInstance("pkcs12", "SunJSSE");
  ksCA.load(null, null);
  ksCA.setCertificateEntry("trustedCA", caCert);
  TrustManagerFactory tmf =
       TrustManagerFactory.getInstance("SunX509", "SunJSSE");
  tmf.init(ksCA);
  TrustManager[] tm = (TrustManager[])tmf.getTrustManagers();
  ----- TrustManager end -----
  And finally, this is the way I create the ssl connection:
  ----- main start -----
  // loads the jsse provider
  System.setProperty("java.protocol.handler.pkgs",
       "com.sun.net.ssl.internal.www.protocol");
  java.security.Security.addProvider(
       new com.sun.net.ssl.internal.ssl.Provider());
  // keymanager
  com.sun.net.ssl.KeyManager[] km = getKeyManager(args[0], args[1]);
  // trustmanager
  com.sun.net.ssl.TrustManager[] tm = getTrustManager(args[2]);
  // ssl context configuration
  com.sun.net.ssl.SSLContext ctx =
       com.sun.net.ssl.SSLContext.getInstance("SSL");
  ctx.init(km, tm, null);
  com.sun.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(
       ctx.getSocketFactory());
  // url
  URL url = new URL(
       "https", my_ip
       my_port, a_page,
       new com.sun.net.ssl.internal.www.protocol.https.Handler());
  // connection
  com.sun.net.ssl.HttpsURLConnection conn =
       (com.sun.net.ssl.HttpsURLConnection)url.openConnection();
  conn.connect();
  ----- main end -----
  This is the full exception trace:
  javax.net.ssl.SSLException: untrusted server cert chain
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
  at com.sun.net.ssl.internal.ssl.ClientHandshaker.a(DashoA6275)
  at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(DashoA6275)
  at com.sun.net.ssl.internal.ssl.Handshaker.process_record(DashoA6275)
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
  at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
  at java.io.OutputStream.write(OutputStream.java:56)
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA6275)
  at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.doConnect(DashoA6275)
  at com.sun.net.ssl.internal.www.protocol.https.NetworkClient.openServer(DashoA6275)
  at com.sun.net.ssl.internal.www.protocol.https.HttpClient.l(DashoA6275)
  at com.sun.net.ssl.internal.www.protocol.https.HttpClient.<init>(DashoA6275)
  at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.<init>(DashoA6275)
  at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.a(DashoA6275)
  at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.a(DashoA6275)
  at com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnection.connect(DashoA6275)
  at pruebas.SSLClient.main(SSLClient.java)
  Has anyone some idea of what is happening. Thanks in advance,
  Jorge Hidalgo

  hi
  how your client i.e stanadlone application (SOAP client) is getting the server certificates if client doesn't get the server certificate and vice versa then u will get this exception.
  check on both side.
  pras

• Cannot establish SSL connection after fresh install

  Hello,
  I performed a fresh install a couple of days ago. Everything is fine, no hardware errors, pacman and curl work like a charm, HTTP servers respond as they should, but SSL servers do not respond the right way.
  I tried with elinks, chromium and firefox and they get stuck on SSL negotiations for very long times.
  Installed the whole thing again. Same issue.
  Just tested with:
  openssl s_client -connect facebook.com:443
  openssl s_client -connect google.com:443
  Seems to work fine, I can GET with no problems.
  Also tested with:
  wget --debug -O - https://facebook.com
  It gets stuck to "Initializing SSL handshake" and after a couple of minutes the connection is closed with error message "Unable to establish SSL connection."
  The system date/time are correct, the system is up to date, used the latest install image available at http://archlinux.org, installed following the install guide from the wiki.
  All tests performed as root.
  Last edited by icecoder (2013-05-30 10:07:14)

  WonderWoofy wrote:Initscripts maybe... ethernet... since I am not familiar with either of your systems, I cannot answer this.
  As I understand, the latest arch uses systemd by default, so there's no need installing initscripts and in https://wiki.archlinux.org/index.php/In … e_internet nothing said I have to configure network as I'm using DHCP.
  Last edited by tenzan (2012-10-22 00:02:42)

• Cannot download Adobe reader error "Can't establish SSL connection (16248.331.1095.307)"

  I have XP x64 SP2 and have tried to download Adobe Reader. I get an error; "Can't establish SSL connection (16248.331.1095.307)" and
  then after a couple of these, it closes the download manager.
  We are using IE6.0.3790.359 128 cipher
  As to the alternate browsers, our corporation will not allow them to be loaded. So we cannot use other browser.
  The installation steps are: click get reader, allow activeX, unclick Google bar and click download- simple stuff.
  Please refer to the screen shot
  Thanks
  JPSingh

  Assuming that you want the English version of Adobe Reader 9.2, you can download it without download manager from http://ardownload.adobe.com/pub/adobe/reader/win/9.x/9.2/enu/AdbeRdr920_en_US.exe
  If you're looking for a different version, find it at ftp://ftp.adobe.com/pub/adobe/reader/

• Unable to establish SSL connection using Java PKCS11

  I am currently trying to establish SSL connectivity using eToken via PKCS11.
  The PKCS11 provider is setup and I can read the 3 stored certificates as a key Store Object.
  But I am getting the following exception while trying to establish SSL connectivity.
  I am using JDK 6.0(java version "1.6.0_31-rev).
  at java.lang.Thread.run(Unknown Source)
  Caused by: java.security.InvalidKeyException: Unsupported key type: SunPKCS11-aladdin-0 RSA private key, 2048 bits (id 147980297, token object, sensitive, unextractable)
  at sun.security.mscapi.RSACipher.engineGetKeySize(RSA Cipher.java:384)
  at javax.crypto.Cipher.b(DashoA13*..)
  at javax.crypto.Cipher.a(DashoA13*..)
  Code:
  KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
  KeyStore keyStore = getClientKeyStore(); //read Smart Card Token to get the Certificate
  kmf.init(keyStore, "mycardPin".toCharArray()); //#### hard coded the i/p parms
  TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
  KeyStore trustStore = KeyStore.getInstance("JKS");
  trustStore.load(new FileInputStream("C:\\Users\\usr1\\Desktop\\Certifi cates\\mycertca.jks"), "mycardPin".toCharArray());
  tmf.init(trustStore);
  SSLContext sslContext = SSLContext.getInstance("TLS");
  sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
  factory = sslContext.getSocketFactory();
  sslClient = (SSLSocket) factory.createSocket(host, port);
  sslClient.startHandshake(); //<--- code is breaking here with the above exception
  I am struggling like anything for the last 4 days to get rid of this issue. Please let me know is there any work-around to fix this issue.
  I really appreciate your help.

  Hi,
  have You found the solution. I have similar problem but now it is not repeatable. I'm not sure what was the reason (this InvalidKeyException apeared only once). I'm using JDK7 (java version 1.7.0_09-b05).
  Caused by: java.security.InvalidKeyException: Unsupported key type: SunPKCS11-GemSafe RSA private key, 1024 bits (id 2, token object, sensitive, unextractable)
       at sun.security.mscapi.RSACipher.engineGetKeySize(RSACipher.java:404)
       at javax.crypto.Cipher.passCryptoPermCheck(Cipher.java:1052)
       at javax.crypto.Cipher.checkCryptoPerm(Cipher.java:1010)
       at javax.crypto.Cipher.init(Cipher.java:1209)
       at java.security.Signature$CipherAdapter.engineInitSign(Unknown Source)
       at java.security.Signature$Delegate.init(Unknown Source)
       at java.security.Signature$Delegate.chooseProvider(Unknown Source)
       at java.security.Signature$Delegate.engineInitSign(Unknown Source)
       at java.security.Signature.initSign(Unknown Source)
       at sun.security.ssl.RSASignature.engineInitSign(Unknown Source)
       at java.security.Signature$Delegate.engineInitSign(Unknown Source)
       at java.security.Signature.initSign(Unknown Source)
       at sun.security.ssl.HandshakeMessage$CertificateVerify.<init>(Unknown Source)
       ... 53 more

• ACE20 SSL-connection rate performance

  Hello,
  One of our customers are challenging our ACE20 modules ssl-connection rate performance. During a loadtest performed against our webportals, they concluded, that the ACE-module showed signs of severe performance degredations, when the number of new ssl-connections hit 40.
  While I disagree with that conclusion, I find it somewhat difficult to disprove it. Nothing on the ACE-module suggest any ssl-resource depletion, the highest recorded ssl-connection rate is 677 tps and the license permits 10k. The context is currently sized to 4k. I've gone through numerous troubleshooting steps, trying to locate anything that would suggest a problem with the module, but so far nothing has turned up.
  I've been given somewhat conflicting information about what the ssl-connection rate resouce actually represent. Some say is represent the total number of new ssl-connections pr/sec, other say it represents ssl-transaction capacity as a whole, which among other things would include ssl-handshakes. Regardsless, 40 in my opinion seems way to low and this is very inconsistent with the generel load on our modules, which often climbs into the hundreds.
  So I'm looking for suggestions on how to conduct a simple ssl/tps test against the ACE-modules. The test is expected to be very basic, as I'm not looking to test the webportal end-to-end, but simply doing an ssl-tps performace test.
  Any help will do
  Thanks
  /Ulrich

  Hi,
  The connection will be denied once the SSL connection rate is exceeded.
  That can be identified by using the command :
  show resource usage all
  You will see something like this :
          Resource         Current       Peak        Min        Max       Denied
  ssl-connections rate        995       1000          0       1000     28975
  You will notice that the deny counter will start increasing once the rate is exceeded.
  hope that helps.
  regards,
  Ajay Kumar

• Shared nothing live migration over SMB. Poor performance

  Hi,
  I´m experiencing really poor performance when migrating VMs between newly installed server 2012 R2 Hyper-V hosts.
  Hardware:
  Dell M620 blades
  256Gb RAM
  2*8C Intel E5-2680 CPUs
  Samsung 840 Pro 512Gb SSD running in Raid1
  6* Intel X520 10G NICs connected to Force10 MXL enclosure switches
  The NICs are using the latest drivers from Intel (18.7) and firmware version 14.5.9
  The OS installation is pretty clean. Its Windows Server 2012 R2 + Dell OMSA + Dell HIT 4.6
  I have removed the NIC teams and vmSwitch/vNICs to simplify the problem solving process. Now there is one nic configured with one IP. RSS is enabled, no VMQ.
  The graphs are from 4 tests.
  Test 1 and 2 are nttcp-tests to establish that the network is working as expected.
  Test 3 is a shared nothing live migration of a live VM over SMB
  Test 4 is a storage migration of the same VM when shut down. The VMs is transferred using BITS over http.
  It´s obvious that the network and NICs can push a lot of data. Test 2 had a throughput of 1130MB/s (9Gb/s) using 4 threads. The disks can handle a lot more than 74MB/s, proven by test 4.
  While the graph above doesn´t show the cpu load, I have verified that no cpu core was even close to running at 100% during test 3 and 4.
  Any ideas?
  Test
  Config
  Vmswitch
  RSS
  VMQ
  Live Migration Config
  Throughput (MB/s)
  NTtcp
  NTttcp.exe -r -m 1,*,172.17.20.45 -t 30
  No
  Yes
  No
  N/A
  500
  NTtcp
  NTttcp.exe -r -m 4,*,172.17.20.45 -t 30
  No
  Yes
  No
  N/A
  1130
  Shared nothing live migration
  Online VM, 8GB disk, 2GB RAM. Migrated from host 1 -> host2
  No
  Yes
  No
  Kerberos, Use SMB, any available net
  74
  Storage migration
  Offline VM, 8Gb disk. Migrated from host 1 -> host2
  No
  Yes
  No
  Unencrypted BITS transfer
  350

  Hi Per Kjellkvist,
  Please try to change the "advanced features"settings of "live migrations" in "Hyper-v settings" , select "Compression" in "performance options" area .
  Then test 3 and 4 .
  Best Regards
  Elton Ji
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Sporadic SSL connection trouble

  I happened to run across https://discussions.apple.com/message/5546820, which describes a problem very similar to one I've had troubles with since Mac OS X 10.5 Server and still happens with 10.6.7; I did not experience this with Tiger.
  I have a web service written in PHP (v5.3.4) that makes another web service call to a third party web service.  The call TO my web service and the call my web service MAKES are both SSL encrypted; neither are going through a proxy.  Occasionally, my web service will get a SoapFault raised with the error "Could not connect to host" when instantiating a SoapClient object to connect to the third party web service.  We use this web service an average of nearly 1,000 times a day, and of those, only a handful each day gets this exception.  I have gone so far as to add code that will make a second attempt to instantiate the SoapClient class when the first fails.  Sometimes the second attempt works, but sometimes even it fails.
  At one point I moved this process back to 10.4.11 Server (w/PHP v5.2.4), and experienced no errors.  I've also ran the same code on a Windows machine with PHP 5.3 installed and it did not experience the problem either.  So I don't believe it has anything to do with upgrading PHP from 5.2 to 5.3.  I have performed tests from other Macs connecting to one of Amazon's web services over HTTPS, and they too experienced random failures beginning with Leopard.  So I don't think it has anything to do with the specific machine on which the process is running.  I also tried consuming the Amazon web service over HTTP, and didn't experience the problem.
  We have another process (on a different server running 10.5.8) that uses CURL to establish a SSL encrypted connection to a partner's system, and it's randomly failing on curl_exec() with "SSL read: error:00000000:lib(0):func(0):reason(0), errno 54".  According to http://curl.haxx.se/libcurl/c/libcurl-errors.html, error 54 means "Failed setting the selected SSL crypto engine as default!".
  CURL details:
  10.5.8 machine:
  curl 7.16.4 (i386-apple-darwin9.0) libcurl/7.16.4 OpenSSL/0.9.7l zlib/1.2.3
  Protocols: tftp ftp telnet dict ldap http file https ftps
  Features: GSS-Negotiate IPv6 Largefile NTLM SSL libz
  10.6.7 machine:
  curl 7.19.7 (universal-apple-darwin10.0) libcurl/7.19.7 OpenSSL/0.9.8l zlib/1.2.3
  Protocols: tftp ftp telnet dict ldap http file https ftps
  Features: GSS-Negotiate IPv6 Largefile NTLM SSL libz
  Neither error can be reproduced at will, but they do happen daily (no particular time of day; it's completely random).  It just really sounds like something is wrong with some low level code in the OS dealing with SSL that began with Leopard.  Anyone else having similar trouble?

  i got the connection to work, and the problem was that the regional settings of the client was set to "Turkish". after changing it to EN, it worked.
  (questions 2), 3) and 4) are "answered" herewith).
  is there a workaround for the language problem ? (the reg. settings have to be Turkish)
  (when set to "Turkish", the JRE parses the cacerts file erroneous (because of the Turkish 'i' character). running the program with "-javax.net.debug=all" parameter prints the trace)
  now, i've another question :
  when creating a user how do we specify which group the user belongs to ?
  a solution for this is to find the group and add the user to the group. is there an attribute of the user which can be set directly at creation time ?
  last question :
  why does it take so long to get a context with ssl connection ? does anybody know how to make it faster ?
  thanks

• Errror during SSL connection with LDAP using JNDI APIs

  Hello,
  I have established a client and server certificates cert.arm for LDAP server and client. On client i have created a client.kdb file and on server server.kdb file both containing cert.arm. whwn i give a request
  C:\Program Files\IBM\LDAP\bin>ldapsearch -b "o=ibm,c=us" -h 9.182.174.71 -p 636 -D cn=roo
  -w root1 -Z -K "C:\Program Files\ibm\ldap\etc\client.kdb" -P client -s sub cn=s* cn sn
  it gave me proper results
  but using a JNDI API where i specify
  Hashtable env = new Hashtable(11);
       env.put(Context.INITIAL_CONTEXT_FACTORY,
       "com.sun.jndi.ldap.LdapCtxFactory");
       // Specify LDAPS URL
       env.put(Context.PROVIDER_URL, "ldap://"+"9.182.174.71:636");
       // Authenticate as S. User and password "mysecret"
       env.put(Context.SECURITY_PROTOCOL, "ssl");
       env.put(Context.SECURITY_AUTHENTICATION, "simple");
       env.put(Context.SECURITY_PRINCIPAL, "cn=root1");
       env.put(Context.SECURITY_CREDENTIALS, "root1");
  DirContext ctx = new InitialDirContext(env);
  SearchControls constraintssc=new SearchControls();
  constraintssc.setSearchScope(SearchControls.SUBTREE_SCOPE);
                           // performing the search
  NamingEnumeration results=ctx.search("o=ibm,c=us","cn=s*",constraintssc);
  ////etc.........
  Its gives me an exception saying that
  javax.naming.CommunicationException: simple bind failed: 9.182.174.71:636. Root
  exception is javax.net.ssl.SSLHandshakeException: Couldn't find trusted certificate
  Could any body help me out on this
  Thank You

  You are attempting to authenticate via an SSL connection to port 636.
  The message 'couldn't find trusted certificate' means that your client doesn't trust the certificate it has received from the LDAP server.
  In order to establish that trust, you must export a certificate file from the LDAP server, then use Java's keytool.exe to create a keystore file using that certificate. Then your client code must reference that keystore file that you've created.
  So essentially, you have to provide your program the LDAP server's credentials. "If the server's certificate looks like this, then you can trust it."
  After your program trusts the certificate it receives from the server at runtime, your connection will authenticate.

• Extremely poor performance to various websites during peak hours - peering issue?

  Since approximately 26 Jan 2015, we have been experiencing extremely poor performance to several specific websites during peak hours, 9pm-11pm.  Page loads take many minutes (or never complete), etc.  Many other sites are perfectly fine, and if I connect to the same sites at the same time through my work VPN, they perform extremly well (under 1sec).  There is no correlation between OS or browser and the poor performance (tested on Windows, OSX, Linux) and speedtest typically reports over 80/80.
  I've not caught any packet loss using periodic pings.  Traceroutes indicate a bunch of different routes being used (I assume this is expected for CDNs), but here's one example of an obviously bad single traceroute:
  $ traceroute images.dailykos.com
  traceroute to fallback.global-ssl.fastly.net (23.235.46.185), 64 hops max
  1 10.1.1.1 0.464ms 0.364ms 0.298ms
  2 173.48.161.1 5.223ms 4.793ms 4.904ms
  3 130.81.191.250 7.387ms 7.466ms 7.366ms
  4 130.81.151.76 4.909ms 4.905ms 4.932ms
  5 152.63.20.117 12.441ms 12.433ms 12.434ms
  6 152.63.4.141 12.373ms 12.468ms 12.370ms
  7 152.179.220.126 14.989ms 14.937ms 14.872ms
  8 68.86.84.249 12.505ms 12.259ms 14.988ms
  9 68.86.85.25 22.409ms 22.433ms 22.519ms
  10 68.86.85.1 19.817ms 19.894ms 19.919ms
  11 68.86.83.74 17.389ms 19.870ms 22.460ms
  12 4.53.116.18 24.815ms 25.080ms 24.851ms
  13 * 208.122.44.198 2849.473ms 29.832ms
  14 173.231.134.18 22.430ms * 2026.736ms
  The sites in question use the Fastly CDN - my theory is that the VZ-Fastly connection is under provisioned or is broken, but I'm out of my depth at this point.  

  "This is a nationwide peering/routing issue that was intentionally created by Verizon to create congestion and (1) extract priority fees from the likes of Netflix and (2) get customers to subscribe to higher speed tiers. This has been acknowledged by the FCC. Verizon is building new interconnections to remedy the problem, but it will persist for at least another 6 months."

• How to establish an Https connection from a html client

  Hi! I�m totally new to Java so my question is rather"stupid". I have an html page that sends a post to a servlet
  <form name="form" action="servlet/ServletLogOn" method="post">
  I want to establish an https connection between the client and the servlet. How is it?
  Thanks in advance.

  Ignore the previous poster's reply - he was obviously mislead by my original post re: JSSE.
  How you install an SSL certificate on your webserver is completely dependent on the webserver you are using. Ususally there is some functionality for doing this from the administrative interface - usually involves pasting some text from the CA's (certificate authority, e.g. Verisign) site into a text box and designating a port number for SSL traffic (use 443, it's internet standard). I've actually only done this for Netscape Enterprise Server - you may want to find a forum for users of your webserver to ask for specifics.

• Weird internet problem / ssl connection error, site loads in safari not in firefox or other way around

  I really can't figure out this problem. Search the internet tried all kinds of things, nothing help so far.
  I have a Macbook Pro (Lion originally installed) running on Mavericks (all latest updates). SSD installed and the DVD tray is replaced by the original HDD.
  The laptop wasn't running very smooth anymore so decided to give it a fresh Mavericks install (even though I know it's not really necessary for mac, it helped, everything is much faster except a weird internet problem came up).
  After freshly installing Mavericks I couldn't get into my google account anymore, just wouldn't load. Tried Safari (use this normally) and Firefox and Chrome, this last was gave a SSL connection error, both Safari and FF said the website couldn't be loaded because the server didn't respond. For Gmail I use Mailplane which is just stuck on a white page. I tried repairing the keychain, repaired disk and disk permissions, cleaned browsers, turned off firewall and antivirus (Shopos) started in safe mode, checked time settings which were all good. Nothing of this helped. I even ended up creating a usb bootdisk for Mavericks, formatted the disk and reinstalled from the start just Mavericks and nothing else, started Safari, still the same problem. As even this didn't help I figured it's not worth reinstalling all software so put back my backup.
  Now I ended up somehow only being able to use Gmail normally in Firefox, Chrome still gives SSL error and Safari can load the inbox, but I can't open any messages. I get the error there is a problem with the connection. If I try in Basic HTML mode it surprisingly does work.
  You would say, just use Firefox, finished...but the thing is that sometimes random websites won't load in Firefox, when I load the same site in Safari it works perfectly.
  O yes, I also tried the connect to my iPhone and use the Cellular data network, then it's no problem using Gmail in Safari normally. You would say it's a router problem, but I have another Macbook Pro (just one model later running Mountain Lion) this one works perfectly with every browser. Also my iPhone does everyting logged into the WiFi network.
  You can understand I really have no clue what's going on here, I don't see any logic. I can only think of a hardware problem in my Macbook, but don't see how that could cause these problems.
  I hope someone is ably to help me ?

  Please read this whole message before doing anything.
  This procedure is a test, not a solution. Don’t be disappointed when you find that nothing has changed after you complete it.
  Step 1
  The purpose of this step is to determine whether the problem is localized to your user account.
  Enable guest logins* and log in as Guest. Don't use the Safari-only “Guest User” login created by “Find My Mac.”
  While logged in as Guest, you won’t have access to any of your documents or settings. Applications will behave as if you were running them for the first time. Don’t be alarmed by this behavior; it’s normal. If you need any passwords or other personal data in order to complete the test, memorize, print, or write them down before you begin.
  Test while logged in as Guest. Same problem?
  After testing, log out of the guest account and, in your own account, disable it if you wish. Any files you created in the guest account will be deleted automatically when you log out of it.
  *Note: If you’ve activated “Find My Mac” or FileVault, then you can’t enable the Guest account. The “Guest User” login created by “Find My Mac” is not the same. Create a new account in which to test, and delete it, including its home folder, after testing.
  Step 2
  The purpose of this step is to determine whether the problem is caused by third-party system modifications that load automatically at startup or login, by a peripheral device, by a font conflict, or by corruption of the file system or of certain system caches.
  Please take this step regardless of the results of Step 1.
  Disconnect all wired peripherals except those needed for the test, and remove all aftermarket expansion cards, if applicable. Start up in safe mode and log in to the account with the problem. You must hold down the shift key twice: once when you turn on the computer, and again when you log in.
  Note: If FileVault is enabled, or if a firmware password is set, or if the startup volume is a software RAID, you can’t do this. Ask for further instructions.
  Safe mode is much slower to start up and run than normal, with limited graphics performance, and some things won’t work at all, including sound output and Wi-Fi on certain models. The next normal startup may also be somewhat slow.
  The login screen appears even if you usually log in automatically. You must know your login password in order to log in. If you’ve forgotten the password, you will need to reset it before you begin.
  Test while in safe mode. Same problem?
  After testing, restart as usual (not in safe mode) and verify that you still have the problem. Post the results of Steps 1 and 2.

• Safari hangs and poor performance in MBPR (Mid 2012)

  Safari hangs and poor performance in MBPR (Mid 2012)? OS X 10.10.2 is up to date

  Please answer as many of the following questions as you can. You may already have answered some of them. In that case, there's no need to repeat the answers.
  Back up all data before making any changes.
  Have you restarted your router and your broadband device (if they're separate) since you first noticed the problem? If not, do that now and see whether there's any change.
  If your browser is Safari, then from the Safari menu bar, select
            Safari ▹ Preferences... ▹ Privacy ▹ Remove All Website Data
  and confirm. If the Downloads button (with the icon of a downward-pointing arrow) is showing in the toolbar, click it and then click Clear in the box that appears. The download history will be removed. Any change?
  If you're running OS X 10.9 or later, select the Advanced tab in the Preferences window and uncheck the box marked
            Stop plug-ins to save power
  Any change?
  Quit and relaunch the browser. Any change?
  Enable guest logins* and log in as Guest. Don't use the Safari-only “Guest User” login created by “Find My Mac.”
  While logged in as Guest, you won’t have access to any of your documents or settings. Applications will behave as if you were running them for the first time. Don’t be alarmed by this behavior; it’s normal. If you need any passwords or other personal data in order to complete the test, memorize, print, or write them down before you begin.
  Test while logged in as Guest. Same problem?
  After testing, log out of the guest account and, in your own account, disable it if you wish. Any files you created in the guest account will be deleted automatically when you log out of it.
  *Note: If you’ve activated “Find My Mac” or FileVault, then you can’t enable the Guest account. The “Guest User” login created by “Find My Mac” is not the same. Create a new account in which to test, and delete it, including its home folder, after testing.
  Are any other web browsers installed, and are they the same? What about other Internet applications, such as iTunes and the App Store?
  If other browsers and Internet applications are also affected, follow these instructions and test. Any change?
  If Parental Controls is active for any user, please turn it off and test. Any change?
  If only Safari is affected, launch the Activity Monitor application and enter "web" (without the quotes) in the search box. If a process named "Safari Web Content" is shown in red or is using more than about 5% of a CPU, select it and force it to quit by clicking the X or Quit Process button in the toolbar of the window. There may be more than one such process. Any improvement?
  Follow the instructions in this support article. Any change?
  Open the iCloud preference pane and uncheck the box marked Photos, if it's checked. Any change?
  Are there any other devices on the same network that can browse the Web, and are they affected?
  If you can test Safari on another network, is it the same there?
  If you connect to your router with Wi-Fi and you can also connect with Ethernet, do that and turn off Wi-Fi. Any difference?