SSL over IRC

I'm developing an IRC applet with SSL sockets. I've reaches to make a connection with the IRC server, but when i try to send login to the server, i take the next exception:
IOException: javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLException: java.net.SocketException: Connection reset
I tried to change the mode i send info over the socket, trying it with a PrintWriter, a DataOutputStream and a Buffered Writer, but i take the same result.
Any ideas?

Hi,
I had the same problem, but i didn't get any answer in that forum.
I deinstalled the SAP Software (regard the end of the threat
https://forums.sdn.sap.com/click.jspa?searchID=22036513&messageID=6625975) and then I installed the software again. Then the system ran and i didn't have any more problems with the message server.
I didn't installed the MS Loopback Adapter, because i am connected to a network.
Best regards,
Günther Klee

Similar Messages

Attempting to use SSL over RMI from a web application to a RMI server

Hi,
I am attempting to use SSL over RMI to a server. The client is the web
application that is hosted on WebLogic and that attempts to connect to the
server. There is no client or server verification at either the client or
the server end. The code works outside of WebLogic 7/8 but has the following
issues when running the web application inside weblogic:
java.rmi.ConnectException: Connection refused to host: gkhanna1; nested
exception is:
java.net.ConnectException: Connection refused: connect
java.net.ConnectException: Connection refused: connect
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:350)
at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:137)
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:124)
at java.net.Socket.<init>(Socket.java:268)
at java.net.Socket.<init>(Socket.java:95)
at
sun.rmi.transport.proxy.RMIDirectSocketFactory.createSocket(RMIDirectSocketF
actory.java:20)
at
sun.rmi.transport.proxy.RMIMasterSocketFactory.createSocket(RMIMasterSocketF
actory.java:115)
at sun.rmi.transport.tcp.TCPEndpoint.newSocket(TCPEndpoint.java:494)
at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:185)
at sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:169)
at sun.rmi.server.UnicastRef.newCall(UnicastRef.java:313)
at sun.rmi.registry.RegistryImpl_Stub.lookup(Unknown Source)
at java.rmi.Naming.lookup(Naming.java:79)
at
com.hyperion.css.spi.impl.ntlm.NTLMConnectionClient.initConnection(NTLMConne
ctionClient.java:59)
at
com.hyperion.css.spi.impl.ntlm.NTLMConnectionClient.getUsers(NTLMConnectionC
lient.java:197)
at com.hyperion.css.CSSAPIImpl.getUsers(Unknown Source)
at com.hyperion.css.CSSAPIImpl.initialize(Unknown Source)
at com.hyperion.css.CSSAPIImpl.initialize(Unknown Source)
at jsp_servlet._jsp._app1.__app1signin._jspService(__app1signin.java:133)
at weblogic.servlet.jsp.JspBase.service(JspBase.java:27)
at
weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(Servle
tStubImpl.java:1058)
at
weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
:401)
at
weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
:445)
at
weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
:306)
at
weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(W
ebAppServletContext.java:5445)
at
weblogic.security.service.SecurityServiceManager.runAs(SecurityServiceManage
r.java:780)
at
weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletCo
ntext.java:3105)
at
weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java
:2588)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:213)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:189)
The code at the client that initiates the connection:
socketFactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
SSLSocket socket = (SSLSocket) socketFactory.createSocket(host, port);
socket.setEnabledCipherSuites(CIPHERS);
socket.setEnableSessionCreation(true);
Any ideas?
Thanks

I don't see anything that indicates SSL was directly a factor in the
failure.
From the exception stack it looks like a more basic connectivity issue,
maybe the URL for the
RMI server is incorrect for some reason or the server was down.
It looks like you are doing something like this:
SSL client -> WLS server with servletA, servletA RMI client
(com.hyperion.css) -> RMI server
The connection failure appears to be the connection from servletA RMI client
to the RMI server.
Is that a correct picture?
Tony
"Gaurav Khanna" <[email protected]> wrote in message
news:[email protected]...
Hi,
I am attempting to use SSL over RMI to a server. The client is the web
application that is hosted on WebLogic and that attempts to connect to the
server. There is no client or server verification at either the client or
the server end. The code works outside of WebLogic 7/8 but has thefollowing
issues when running the web application inside weblogic:
java.rmi.ConnectException: Connection refused to host: gkhanna1; nested
exception is:
java.net.ConnectException: Connection refused: connect
java.net.ConnectException: Connection refused: connect
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:350)
at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:137)
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:124)
at java.net.Socket.<init>(Socket.java:268)
at java.net.Socket.<init>(Socket.java:95)
at
sun.rmi.transport.proxy.RMIDirectSocketFactory.createSocket(RMIDirectSocketF
actory.java:20)
at
sun.rmi.transport.proxy.RMIMasterSocketFactory.createSocket(RMIMasterSocketF
actory.java:115)
at sun.rmi.transport.tcp.TCPEndpoint.newSocket(TCPEndpoint.java:494)
at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:185)
at sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:169)
at sun.rmi.server.UnicastRef.newCall(UnicastRef.java:313)
at sun.rmi.registry.RegistryImpl_Stub.lookup(Unknown Source)
at java.rmi.Naming.lookup(Naming.java:79)
at
com.hyperion.css.spi.impl.ntlm.NTLMConnectionClient.initConnection(NTLMConne
ctionClient.java:59)
at
com.hyperion.css.spi.impl.ntlm.NTLMConnectionClient.getUsers(NTLMConnectionC
lient.java:197)
at com.hyperion.css.CSSAPIImpl.getUsers(Unknown Source)
at com.hyperion.css.CSSAPIImpl.initialize(Unknown Source)
at com.hyperion.css.CSSAPIImpl.initialize(Unknown Source)
at jsp_servlet._jsp._app1.__app1signin._jspService(__app1signin.java:133)
at weblogic.servlet.jsp.JspBase.service(JspBase.java:27)
at
weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(Servle
tStubImpl.java:1058)
at
weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
:401)
at
weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
:445)
at
weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
:306)
at
weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(W
ebAppServletContext.java:5445)
at
weblogic.security.service.SecurityServiceManager.runAs(SecurityServiceManage
r.java:780)
at
weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletCo
ntext.java:3105)
at
weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java
:2588)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:213)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:189)
The code at the client that initiates the connection:
socketFactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
SSLSocket socket = (SSLSocket) socketFactory.createSocket(host, port);
socket.setEnabledCipherSuites(CIPHERS);
socket.setEnableSessionCreation(true);
Any ideas?
Thanks

Getting error when trying to enable ssl over pop3

We are using SunOne Messaging Server v5.2 on Solaris 9
We followed the below steps:
1. Create a trust database password for "Internal (Software) Token"
2. Obtain a certificate
3. Install the certificate along with CA certificate.
4. The certificate is installed with the name "Server_Cert" and is shown as trusted in the "Certificate Management"
5. configured ssl over pop3 using configutil
6. stop and start the services.
The Configutil changes made are as below:
nsserversecurity = on
encryption.rsa.nssslactivation = on
encryption.rsa.nssslpersonalityssl = Server_Cert
encryption.rsa.nsssltoken = "Internal (Software)"
service.pop.enablesslport = yes
service.pop.sslport = 995
We saved the below in the sslpassword.conf:
Internal (Software) Token:mypassword
After restarting the services, pop3 over ssl is not working.We also checked "netstat -an -P tcp | grep 995" and it shows nothing.
The logs are showing the below error:
"[22/Apr/2006:15:46:58 -0300] mail popd[26352]: General Error: SSL initialization error: Didn't find certificate Server_Cert (-8157)"
Please advice a solution for the same. I am unable to figure out the problem.
Your help will be highly aperciated .
Regards
Ehab

Hi,
have you checked whether the cert is in the certsdb using certutil?
thanks
ndrb

Whats the difference between 2 way SSL over HTTPS & 2 way SSL over TCP

also, is there an implementation on web for 2 way SSL/TCP .
PS: plz donot give me the definition for 2 way SSL :)

whats the difference between 2 way SSL over HTTPS & 2 way SSL over TCP?The difference is that '2 way SSL over HTTPS' doesn't exist.
HTTPS is HTTP over SSL, so SSL over that would be SSL over SSL which would be pointless.

SSL over plain TCP/IP

I am trying to write a client server app and i want my calls to be encrypted via SSL.
I am using IBM JDK as my runtime is WebSphere.
     //For JSSEPrvider2 use:com.ibm.net.ssl.www2.protocol
     //For JSSE Provider use: com.ibm.net.ssl.internal.www.protocol
          System.setProperty("java.protocol.handler.pkgs", "com.ibm.net.ssl.www2.protocol");
I notice for https we have to use the packages mentioned above.
My server talks plain tcp/ip?
What should my package names be?
If somebdoy can poin tm eon how to do it in Sun JDK i can do the necessary changes for the IBM JDK .
Appreciate any assistance
Warm Regards,
Manglu

Please examine http://java.sun.com/j2se/1.5.0/docs/guide/security/jsse/JSSERefGuide.html to see how to use SSL/TLS over TCP.

Authenticated SMTP/SSL over port 465

Does Oracle E-mail support authenticated SMTP over SSL on port 465? - E

Yes,
both TLS and SSL are possible with 10.1.1. Tried myself. A little bit tweaking essmi's accordingly, applying certificates, and adjusting listener.ora for LISTENER_ES.
Note: essmi only.
- Torsten

Custom sig: Non-SSL over SSL port

I am trying to build a custom signature for detecting non-SSL traffic on a specific SSL port (let's say tcp/443). This has to do with CONNECT tunnels through an HTTP proxy. Conceptually, it's not a complicated idea. Whether or not it can technically be done effectively with the Cisco IPS I don't know.
It seems that very early in every SSL connection, there is an SSL "client hello" message(SYN,SYN/ACK,ACK,CLIENT HELLO). There are two relevant record formats, SSLv2 and SSLv2/TLS. I would like to create a signature that fires when it DOES NOT see the client hello message very early in a given TCP session. I would want the signature to only need to check the very first n packets of any given TCP session (n = max size of connection establishment + max size of client hello packet). Has anyone created such a beast or willing to help? Here are a couple packets.
SSLv3 Client Hello
0000 00 00 5e 00 01 67 00 a0 8e 82 ec 5d 08 00 45 00 ..^..g.....]..E.
0010 00 8e 33 b8 40 00 3e 06 94 16 ce c3 c3 6c 40 22 ..3.@.>......l@"
0020 a2 49 58 27 01 bb b7 42 c6 92 fd 36 a3 d1 50 18 .IX'...B...6..P.
0030 44 70 08 e2 00 00 16 03 00 00 61 01 00 00 5d 03 Dp........a...].
0040 00 44 5f 9a 77 69 49 5a 85 52 a0 96 38 b3 b4 15 .D_.wiIZ.R..8...
0050 8f db f2 0f c9 0e ea 10 f5 69 39 8c 58 87 e5 33 .........i9.X..3
0060 70 20 ba 06 1e 3f d4 4e 3c d0 de a8 ea 4e a3 7f p ...?.N<....N..
0070 0f 07 fd 5f 88 07 17 ef 50 ce 6b cf 10 e3 84 99 ..._....P.k.....
0080 04 a2 00 16 00 04 00 05 00 0a 00 09 00 64 00 62 .............d.b
0090 00 03 00 06 00 13 00 12 00 63 01 00 .........c..
TLSv1 Client Hello
0000 00 0f 20 6c 99 8b 00 a0 8e 82 c4 c1 08 00 45 00 .. l..........E.
0010 00 96 a2 89 40 00 7f 06 32 b3 ce c3 c2 29 ce c3 [email protected]....)..
0020 c6 74 0d 13 01 bb 38 17 d5 89 98 0f fc 73 50 18 .t....8......sP.
0030 44 70 6c 75 00 00 16 03 01 00 69 01 00 00 65 03 Dplu......i...e.
0040 01 44 5f 9a 84 8a 94 ab f3 78 e7 b1 c9 ca 04 34 .D_......x.....4
0050 3b 95 1b 86 51 05 5f ac 9d a0 b0 69 fe 0c 27 e5 ;...Q._....i..'.
0060 9c 20 78 08 00 00 ce c3 c2 29 58 58 58 58 58 58 . x......)XXXXXX
0070 58 58 58 58 58 58 58 58 58 58 48 9a 5f 44 8c 4b XXXXXXXXXXH._D.K
0080 05 00 00 1e 00 04 00 05 00 2f 00 33 00 32 00 0a ........./.3.2..
0090 00 16 00 13 00 09 00 15 00 12 00 03 00 08 00 14 ................
00a0 00 11 01 00 ....
SSLv2 Client Hello
0000 00 00 5e 00 01 67 00 a0 8e 82 ec 5d 08 00 45 00 ..^..g.....]..E.
0010 00 82 fb a7 40 00 3e 06 cf 32 ce c3 c3 6c 9f 35 ....@.>..2...l.5
0020 40 36 58 6d 01 bb b7 78 06 1b cd e2 e2 3d 80 18 @6Xm...x.....=..
0030 44 70 47 6b 00 00 01 01 08 0a 31 fd f9 51 00 00 DpGk......1..Q..
0040 00 00 80 4c 01 03 00 00 33 00 00 00 10 00 00 04 ...L....3.......
0050 00 00 05 00 00 0a 01 00 80 07 00 c0 03 00 80 00 ................
0060 00 09 06 00 40 00 00 64 00 00 62 00 00 03 00 00 [email protected].....
0070 06 02 00 80 04 00 80 00 00 13 00 00 12 00 00 63 ...............c
0080 7b af 57 75 f8 a9 72 54 23 29 32 50 bf ef 1e a9 {.Wu..rT#)2P....

Hi mhellman:
I can see 3 difficulties with this kind of sign.
1) To determine the order of the packets.
2) To determine that happen at the very begining of the conection
3) fire when the traffic doesn't match with the signature.
The difficulty number 3, I think, is imposible to resolve because the sensor can compare the trafic with a well defined pattern and fire when it match, but not when it doen't.
The difficult number 2
You need a kind of state signature because this can be classified like a machine state (first three way handshake, then hello packet) but I can't see fields in the state engine that help in this case.
The difficult number 1 could be resolved by a Meta signature.
You will need to create an a custom atomic signature for the syn packet, another for the syn ack, another to ack, and the last one for hellow packet.
Then create a meta signature and add the fourth atomic singatures whith a strict order.
but guess what...
Meta signature doesn't permit custom signatures.
I think this kind of signature is imposible to write.
But I'd try.
Regards
Alberto Giorgi from spain.

[solved]partially working network, problems with ssl and irc

Hi,
for a weird reason I can't access any websites with https anymore nor can i connect to any irc servers with irssi and connection attempts with ssh time out. The system is up2date and I am using kdemod as DE.
My rc.conf looks like this:
# /etc/rc.conf - Main Configuration for Arch Linux
# LOCALIZATION
# LOCALE: available languages can be listed with the 'locale -a' command
# HARDWARECLOCK: set to "UTC" or "localtime", any other value will result
# in the hardware clock being left untouched (useful for virtualization)
# TIMEZONE: timezones are found in /usr/share/zoneinfo
# KEYMAP: keymaps are found in /usr/share/kbd/keymaps
# CONSOLEFONT: found in /usr/share/kbd/consolefonts (only needed for non-US)
# CONSOLEMAP: found in /usr/share/kbd/consoletrans
# USECOLOR: use ANSI color sequences in startup messages
LOCALE="de_DE.utf8"
HARDWARECLOCK="localtime"
TIMEZONE="Europe/Berlin"
KEYMAP="de"
CONSOLEFONT=
CONSOLEMAP=
USECOLOR="yes"
# HARDWARE
# MOD_AUTOLOAD: Allow autoloading of modules at boot and when needed
# MOD_BLACKLIST: Prevent udev from loading these modules
# MODULES: Modules to load at boot-up. Prefix with a ! to blacklist.
# NOTE: Use of 'MOD_BLACKLIST' is deprecated. Please use ! in the MODULES array.
MOD_AUTOLOAD="yes"
#MOD_BLACKLIST=() #deprecated
MODULES=(!b44 !mii !ipw2200 !libipw !ac97_bus !snd-mixer-oss !snd-pcm-oss !snd-page-alloc !snd-pcm !snd-timer !snd !snd-ac97-codec !snd-intel8x0 !snd-intel8x0m !soundcore b44 mii ipw2200 libipw ac97_bus snd-mixer-oss snd-pcm-oss snd-page-alloc snd-pcm snd-timer snd snd-ac97-codec snd-intel8x0 snd-intel8x0m soundcore)
# Scan for LVM volume groups at startup, required if you use LVM
USELVM="no"
# NETWORKING
# HOSTNAME: Hostname of machine. Should also be put in /etc/hosts
HOSTNAME="horst-lp"
# Use 'ifconfig -a' or 'ls /sys/class/net/' to see all available interfaces.
# Interfaces to start at boot-up (in this order)
# Declare each interface then list in INTERFACES
# - prefix an entry in INTERFACES with a ! to disable it
# - no hyphens in your interface names - Bash doesn't like it
eth0="dhcp"
# Wireless: See network profiles below
#Static IP example
#eth0="dhcp"
eth0="dhcp"
INTERFACES=(!eth0 !eth1 !wlan0)
# Routes to start at boot-up (in this order)
# Declare each route then list in ROUTES
# - prefix an entry in ROUTES with a ! to disable it
gateway="default gw 192.168.0.1"
ROUTES=(!gateway)
# Enable these network profiles at boot-up. These are only useful
# if you happen to need multiple network configurations (ie, laptop users)
# - set to 'menu' to present a menu during boot-up (dialog package required)
# - prefix an entry with a ! to disable it
# Network profiles are found in /etc/network.d
# This now requires the netcfg package
#NETWORKS=(main)
# DAEMONS
# Daemons to start at boot-up (in this order)
# - prefix a daemon with a ! to disable it
# - prefix a daemon with a @ to start it up in the background
DAEMONS=(syslog-ng hal !network networkmanager avahi-daemon avahi-dnsconfd alsa cdemud kdm samba mpd lighttpd)
Earlier I had some problems with not resolving addresses, which I somehow got rid of. At the time I blamed my isp.
Perhaps something broke when I had a program running in wine to play with a car too and I had to switch the laptop off bc it didn't want to react anymore.
thx for reading
e: I don't know why, but it worked when I started Arch this morning.. while it didn't yesterday although everything worked correctly on my other PCs.
Last edited by dt (2009-11-07 09:02:46)

Hi,
for a weird reason I can't access any websites with https anymore nor can i connect to any irc servers with irssi and connection attempts with ssh time out. The system is up2date and I am using kdemod as DE.
My rc.conf looks like this:
# /etc/rc.conf - Main Configuration for Arch Linux
# LOCALIZATION
# LOCALE: available languages can be listed with the 'locale -a' command
# HARDWARECLOCK: set to "UTC" or "localtime", any other value will result
# in the hardware clock being left untouched (useful for virtualization)
# TIMEZONE: timezones are found in /usr/share/zoneinfo
# KEYMAP: keymaps are found in /usr/share/kbd/keymaps
# CONSOLEFONT: found in /usr/share/kbd/consolefonts (only needed for non-US)
# CONSOLEMAP: found in /usr/share/kbd/consoletrans
# USECOLOR: use ANSI color sequences in startup messages
LOCALE="de_DE.utf8"
HARDWARECLOCK="localtime"
TIMEZONE="Europe/Berlin"
KEYMAP="de"
CONSOLEFONT=
CONSOLEMAP=
USECOLOR="yes"
# HARDWARE
# MOD_AUTOLOAD: Allow autoloading of modules at boot and when needed
# MOD_BLACKLIST: Prevent udev from loading these modules
# MODULES: Modules to load at boot-up. Prefix with a ! to blacklist.
# NOTE: Use of 'MOD_BLACKLIST' is deprecated. Please use ! in the MODULES array.
MOD_AUTOLOAD="yes"
#MOD_BLACKLIST=() #deprecated
MODULES=(!b44 !mii !ipw2200 !libipw !ac97_bus !snd-mixer-oss !snd-pcm-oss !snd-page-alloc !snd-pcm !snd-timer !snd !snd-ac97-codec !snd-intel8x0 !snd-intel8x0m !soundcore b44 mii ipw2200 libipw ac97_bus snd-mixer-oss snd-pcm-oss snd-page-alloc snd-pcm snd-timer snd snd-ac97-codec snd-intel8x0 snd-intel8x0m soundcore)
# Scan for LVM volume groups at startup, required if you use LVM
USELVM="no"
# NETWORKING
# HOSTNAME: Hostname of machine. Should also be put in /etc/hosts
HOSTNAME="horst-lp"
# Use 'ifconfig -a' or 'ls /sys/class/net/' to see all available interfaces.
# Interfaces to start at boot-up (in this order)
# Declare each interface then list in INTERFACES
# - prefix an entry in INTERFACES with a ! to disable it
# - no hyphens in your interface names - Bash doesn't like it
eth0="dhcp"
# Wireless: See network profiles below
#Static IP example
#eth0="dhcp"
eth0="dhcp"
INTERFACES=(!eth0 !eth1 !wlan0)
# Routes to start at boot-up (in this order)
# Declare each route then list in ROUTES
# - prefix an entry in ROUTES with a ! to disable it
gateway="default gw 192.168.0.1"
ROUTES=(!gateway)
# Enable these network profiles at boot-up. These are only useful
# if you happen to need multiple network configurations (ie, laptop users)
# - set to 'menu' to present a menu during boot-up (dialog package required)
# - prefix an entry with a ! to disable it
# Network profiles are found in /etc/network.d
# This now requires the netcfg package
#NETWORKS=(main)
# DAEMONS
# Daemons to start at boot-up (in this order)
# - prefix a daemon with a ! to disable it
# - prefix a daemon with a @ to start it up in the background
DAEMONS=(syslog-ng hal !network networkmanager avahi-daemon avahi-dnsconfd alsa cdemud kdm samba mpd lighttpd)
Earlier I had some problems with not resolving addresses, which I somehow got rid of. At the time I blamed my isp.
Perhaps something broke when I had a program running in wine to play with a car too and I had to switch the laptop off bc it didn't want to react anymore.
thx for reading
e: I don't know why, but it worked when I started Arch this morning.. while it didn't yesterday although everything worked correctly on my other PCs.
Last edited by dt (2009-11-07 09:02:46)

How do i know the ssl over non ssl

Hello Gurus,
Your answer is greatly aprreciaied ;
a)
https://ebusdockel.9dc.com:243/DockerMasterAJX/services/DockerMaster
b)
http://ebusmodel.9dc.com/DockerMasterAJX/services/DockerMaster
How do to dtermine from the above 2 URLS difference betwenn SSL and non SSL ,your answer is appreciated.

Hi,
There is a way within Forms to programmatically tell whether users are in SSL or not - if you're in 11g Forms. You can use the new 11g javascript built-ins to execute javascript. Javascript will pull the URL and return it to as a VARCHAR. Then you can have PL/SQL logic to see if the url contains "https" or "http", then you can execute whatever logic you want.
The PL/SQL Built-in you want to use is: web.javascript_eval_function
The javascript command you want to run is: document.location.href
If you are looking for a way to force users to go to SSL, there are some options you can do with OHS(Oracle HTTP Server) - which comes with the 11g Forms.
I hope this helps.
Thank you,
Gavin
http://pitss.com/us

SSL Over HTTPS

Dear All,
we have setup our SSL setup successfully in POP , but we have small problem in https , as follows when we try to open webmail like https://ourdomain , we get pop menu to accept the ceritificate , my qyuestion is how to make the authentication of our https thru user name and password , not to get this pop window to ask to accept the certifciate .

I have replied here so the thread can be continued in case there is another option that may be explained.
This thread has been very informative - we are using MMP/MSG 5.2 patch level 1.26. In our case our old expired certificate was Verisign, but now we use Equifax for the CA Authority. There are two Equifax Trusted Client CA certificates in the Certificate Database. We have our own certificate listed as Server-Cert. In viewing all three of the certificates, the radio button shows "Reject" under the "Trust CA" heading. I have stopped the message server with ./stop-msg and restarted with ./start-msg which should restart the http portion we are using which should implement the "untrusted" certificates and not prompt IE6 for a certificate. However, the web browser (IE 6) still requests thru the pop up box "The web site you want to view requests identification".
I do find the Equifax certificate in the IE 6 program by right clicking on the displayed screen after answering the prompt. Have I missed a place there is a certificate which shows as trusted for Equifax?
I surely am missing something in this scenario.
- Terry

Enable SSL over iWS4.1SP7 & iAS 6.0SP2

Hi,
I am running iPlanet Web Server (WS4.1SP7)with two instances running, with one instance runing in "Encryption" mode for SSL access.
Both instances access the same WAR modules in iPlanet Application Server (iAS6SP2).
I have successfully installed the SSL cert in the iWS encryted instance.
However, SSL access was available across the whole site, we want the Login module (login.war) with SSL enabled only.
I have enabled "secure session" for the login.war Web Application module. However iWS won't automatically switch to SSL mode.
So far I only came up with this solution:
Set-up URL prefixes (https://mysite/) in iWS with /NASApp/login/ so that all access to http://mysite/NASApp/login will redirect to https://mysite/NASApp/login
(I don't think this is a good idea as the whole site still have SSL enabled (i.e. https://mysite/index.html)
What are the correct steps to configure SSL access (directory level) in iWS and iAS?
Are there any documents to follow?
Thanks,
Kasnol Abrinski

I have read the SSO admin guide, and performed the steps for enabling SSL on the SSO, and followed the steps to configure mod_osso with virtual host on port 4443 as mentioned in the admin guide.
The case now is that when I call my form (which is developed by forms developer suite 10g and deployed on the forms server which is SSO enabled) , it calls the SSO module on port 7777 using http (the default behaviour).
on a URL that looks like this :
http://myhostname:7777/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=.......
and gives the error :
( Forbidden
You don't have permisission to access /sso/auth on this server at port 7777)
when I manually change the URL to :
https://myhostname:4443/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=.......
the SSO works correctly.
The question is :
How can I change this default behaviour and make it call SSO on port 4443 using https instead ?
Any ideas ?
Thanks in advance

SSL Connection over TCP using SSLSocketFactory to remote C++ Server

Hi.
Despite my traversing through the archives, I could not find a
solution to my problem. So hopefully, that would mean i have a simple
isolated, and FIXABLE problem :-)
My web application running under Weblogic 7.01 as a servlet needs to
connect to a remote server using SSL over tcp.
The server is a C++ app using openssl libraries to serve up a
self-signed certificate.
The code fragments to do so look like this:
     SSLSocketFactory sf =
(SSLSocketFactory)SSLSocketFactory.getDefault();
     connection = sf.createSocket(host, port);
     output.write(...)
     output.flush();
Upon the flush, I get the following error:
java.io.IOException: Write Channel Closed, possible SSL handshaking or
trust failure
     at com.certicom.tls.record.WriteHandler.write(Unknown Source)
     at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSent(Unknown
Source)
     at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown
Source)
     at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown
Source)
     at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown
Source)
     at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown
Source)
     at com.certicom.tls.record.ReadHandler.interpretContent(Unknown
Source)
     at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
     at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown
Source)
     at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown
Source)
     at com.certicom.tls.record.WriteHandler.write(Unknown Source)
     at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:67)
     at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:125)
     at java.io.DataOutputStream.flush(DataOutputStream.java:99)
My guess is that its complaining about not trusting the certificate
being sent back by the server.
I typically use JSSE for this application when running within other
appservers, and
this application has no problems. But because i've run into issues
with using JSSE in WL7.01 (another topic
for another day), I'm using the default WL ssl library.
I have set weblogic.security.SSL.trustedCAKeyStore=d:\bea\weblogic700\server\lib\cacerts,
and imported my
certificate into that cacerts file. This doesn't seem to fix my
problem. Is there another truststore
that my webapp may rely on? Where within the admin console can I
figure this out?
Or am I on the wrong track here?
Also, if its any clue, elsewhere within the same application, I make
https requests to another
web app running under the same weblogic server - and that is fine - I
use the URLConnection class in those cases.
Any help is much appreciated!
Thanks
Ed

Hi,
Can you show us the stacktrace?
/Kaj

LDAP over SSL - Works with AD Username but not with full logon @

Hello
I have 2 Cisco ASA 5505 and have configured SSL over LDAP to connect via a Active Directory server.
Everything works fine apart that lets say I have a user called [email protected] - When I am using Anyconnect or Cisco VPN Client and try that it does not work at all.
If I try abc without the @zzz.com then it works and authenticates to the AD and gets DHCP and user is fine.
The only question is since I think I have seen this documented somewhere - is that correct or can I use the @ full AD UPN ??
I am trying to make our users do a single SSO and have every other application using the full UPN.
Thanks

Hello
I have 2 Cisco ASA 5505 and have configured SSL over LDAP to connect via a Active Directory server.
Everything works fine apart that lets say I have a user called [email protected] - When I am using Anyconnect or Cisco VPN Client and try that it does not work at all.
If I try abc without the @zzz.com then it works and authenticates to the AD and gets DHCP and user is fine.
The only question is since I think I have seen this documented somewhere - is that correct or can I use the @ full AD UPN ??
I am trying to make our users do a single SSO and have every other application using the full UPN.
Thanks

SSL & The WRV200

Hell all, I am new to your community, and have a question surrounding the WRV200.
I have searched all over the place and couldn’t find anything related to what I was attempting to do.
I have Verizon Fios coming in and plugged in directly to a Netgear FVG318. Behind the FVG, I have a 16 port switch that runs off to other parts of the house that connects PS3's other WAPs etc. Everything is on the 192.168.0.x network. I currently use Greenbow to IPSec into my home network while away and when I connect, it assigns me an IP off of 192.168.0.x. I recently picked up a WRV200 toying with the idea of putting it behind my Netgear operating as a DHCP/SSL server. Here is where I am running into problems. i contacted Cisco, and they can't tell me if the WRV200 supports SSL over the LAN ports. Is anyone doing this today?
That said, my next attempt is to move the ethernet connection from LAN1 to the WAN. In doing so, I'll use the MAC address to assign it a static ip on the 192.168.0.x network. The issues with this is, unless i am mistaken, I will have to use 192.168.1.x (or some other network) on the LAN of the WRV200 now, which takes away its ability to be a DHCP server since it won't be able to assign on the .0.x. Additionally, if I SSL in, I presume it will assign me an IP off of the .1.x as well.
To resolve the issue surrounding the SSL, would a static route of 0.0.0.0 --> 192.168.0.1, which is the IP address of the Netgear solve the issue of getting to my other devices when SSL'ing into the network or am i just way over thinking this process and making this more difficult than it is?
At the end of the day, I am just trying to put an SSL device on the network and take away some of the load from my Netgear box.
Thanks for your time and input!
jwb

I think this is not possible. Having your WRV200 behind another router will not perform the way you want it. I really think that the NETGEAR router should be the one doing all the stuff the you needed, even if you do static routing.

Can I use HHTPS/SSL as a transport with JMQ 2.0

Hi,
I've heard that iMQ can send messages over SSL or JMS clients can send messages to iMQ useing SSL (or something like that). Is this
possible?
Example:
JMS prog #1 Post message to iMQ#1
|
iMQ#1 sends message to iMQ#2
|
SSL
|
iMQ#2
|
JMS prog #2 gets the message
Or
JMS prog #1 Post message to iMQ#1
|
iMQ#1
|
SSL
|
JMS prog #2 gets the message from iMQ#1
Or
JMS prog #1 Post message to iMQ#1
|
SSL
|
iMQ#1
|
JMS prog #2 gets the message from iMQ#1
Or is there other software/programs required?
Or am I dreaming.
What we, the ECXpert group are looking doing is this:
Application creates a document/file, e.g. PO
|
JMS prog #1 posts PO to iMQ#1 using SSL
|
--- Firewall ---
|
SSL over the Internet
|
--- Firewall ---
|
iMQ#1 in the DMZ recieves the file/message
|
--- Firewall ---
|
1.JMS prog of ECXpert gets the file/message from iMQ#1
2.ECXpert processes the file
3.ECXpert sends the file on the application
|
Application loads the PO into it's database
Let me know if this is possible. And if yes, I would like to talk with you.

iiMQ 2.0 does not support HTTPS (HTTP over SSL)
from client to broker (just HTTP or SSL)
Currently you would need to use SSL (opening a port in the
firewall).[I'm investigating some other possibilities, see
below]
Unfortunately in this release, we only support tcp connections
between brokers e.g.
client --- SSL --- [broker] -- tcp -- [broker] ---SSL --- client
We are looking at adding HTTPS support in 2.1 (our next feature release)
as well as support for SSL (and HTTP/S) between brokers.
Since we are in the process of determining features and schedules
for our next release:
Is HTTPS support needed ? If so ... do you have a timeframe.
Is SSL (or HTTP/s) support needed between broker ? If so .. do
you have a timeframe.
I'm in the process of investigating how easy it would be to
support using HTTPS to connect to the HttpTunnelServlet
(the tunnel servlet would then connect to the broker with
tcp). It may be possible to plug this support in to the
current 2.0 broker:
e.g.
iMQ
Client
sends msg
|
| HTTPS
--- Firewall
| iMQ HTTP Tunnel Servlet
|
| tcp
|
iMQ
Broker
| tcp
|
| iMQ HTTP Tunnel Servlet
--- Firewall
| HTTP/SSL
|
iMQ
Client
receives msg
processes file

SSL over IRC

Similar Messages

Maybe you are looking for