SSL problem: renegotiation is not allowed

Hi all,
I'm trying to build a SSL client/server app (something simple, for learning purposes), and I got some pointers on the internet. However, when I ran both client and server, I got an exception on the client side: javax.net.ssl.SSLHandshakeException: renegotiation is not allowed
Here are my codes:
Server
//server.jks = keystore
          //ServerJKS = keystore password
          //SeverKey = certificate's password (certificate = server_full)
          if (args.length<3) {
               System.out.println("Usage:");
             System.out.println("   java AdminApp keyStoreName keyStorePass certPass");
             return;
          String keyStoreName = args[0];
         char[] keyStorePass = args[1].toCharArray();
         char[] certPass = args[2].toCharArray();
         System.setProperty("javax.net.ssl.trustStore", args[0]);
         System.setProperty("javax.net.ssl.trustStorePassword", args[1]);
         try {
              KeyStore keystore = KeyStore.getInstance("JKS");
             keystore.load(new FileInputStream(keyStoreName), keyStorePass);
             KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
             kmf.init(keystore, certPass);
             SSLContext context = SSLContext.getInstance("SSL");
             context.init(kmf.getKeyManagers(), null, null);
             SSLServerSocketFactory factory = context.getServerSocketFactory();
             SSLServerSocket server = (SSLServerSocket) factory.createServerSocket(8888);
             server.setNeedClientAuth(true);
             //call method printServerSocketInfo
             printServerSocketInfo(server);
             SSLSocket socket = (SSLSocket) server.accept();
             //call method printSocketInfo
             printSocketInfo(socket);
             BufferedWriter writer = new BufferedWriter(new OutputStreamWriter(socket.getOutputStream()));
             BufferedReader reader = new BufferedReader(new InputStreamReader(socket.getInputStream()));
             String msg = "Welcome to SSL Reverse Echo Server."+ " Please type in some words.";
             writer.write(msg,0,msg.length());
             writer.newLine();
             writer.flush();
             while ((msg = reader.readLine())!= null) {
                  if (msg.equals("."))
                       break;
                 char[] a = msg.toCharArray();
                 int n = a.length;
                 for(int i = 0; i < n/2; i++) {
                      char t = a;
          a[i] = a[n-1-i];
          a[n-i-1] = t;
     writer.write(a,0,n);
     writer.newLine();
     writer.flush();
     writer.close();
     reader.close();
     socket.close();
     server.close();
     } catch (Exception e) {
     System.err.println(e.toString());
_Client_if (args.length<3) {
               System.out.println("Usage:");
               System.out.println(" java SslReverseEchoerRevised keyStoreName keyStorePass certPass");
               return;
          String keyStoreName = args[0];
     char[] keyStorePass = args[1].toCharArray();
     char[] certPass = args[2].toCharArray();
     System.setProperty("javax.net.ssl.trustStore", args[0]);
     System.setProperty("javax.net.ssl.trustStorePassword", args[1]);
     //these two, to get messages out and in
     BufferedReader in = new BufferedReader(new InputStreamReader(System.in));
     PrintStream out = System.out;
     try {
          KeyStore keystore = KeyStore.getInstance("JKS");
     keystore.load(new FileInputStream(keyStoreName), keyStorePass);
     KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
     kmf.init(keystore, certPass);
     SSLContext context = SSLContext.getInstance("SSL");
     context.init(kmf.getKeyManagers(), null, null);
     SSLSocketFactory factory = context.getSocketFactory();
     SSLSocket socket = (SSLSocket) factory.createSocket("localhost", 8888);
     //call printSocketInfo method
     printSocketInfo(socket);
     //start handshake
     socket.startHandshake();
     BufferedWriter writer = new BufferedWriter(new OutputStreamWriter(socket.getOutputStream()));
     BufferedReader reader = new BufferedReader(new InputStreamReader(socket.getInputStream()));
     String msg = null;
     while ((msg = reader.readLine())!= null) {
          out.println(msg);
     msg = in.readLine();
     writer.write(msg,0,msg.length());
     writer.newLine();
     writer.flush();
     writer.close();
     reader.close();
     socket.close();
     } catch (Exception e) {
          System.err.println(e.toString());

I think you need to setup your proxy server to allow 7002 port,
or use port 443 for SSL ( it is the default proxy secured port)
Hope this will help
Mohds
"Paul Patrick" <[email protected]> wrote:
If this is a production problem, you should file a problem report with BEA
Support.
But I didn't see any certificates for the server registered. Without
certificates and a private
key the SSL protocol will not work.
Paul Patrick
"Antimo" <[email protected]> wrote in message
news:3a12cc80$[email protected]..
Hello there,
we have a BIG PROBLEM on a production system.
Some user on internet using IEXplore 5.0x could'nt access our https page.
Error reported are:
SSL Forbidden
SSL port specified is not allowed
We are using SSL on port 7002
This is the weblogic properties reagrd SSL:.
weblogic.security.ssl.enable=true
# SSL listen port
weblogic.system.SSLListenPort=7002
Any suggestion?
Is there a possibility to use port 80 both for https and http?
Any help will be apprciated.
THANK'S!

Similar Messages

  • I receive an error in Firefox 4.0 Beta 11: Secure Connection Failed An error occurred during a connection. Renegotiation is not allowed on this SSL socket. (Error code: ssl_error_renegotiation_not_allowed) Anyone know how to fix this?

    I have installed the Firefox 4.0 Beta 11 (+updates), I try to connect to our https: website and I receive the following error:
    Secure Connection Failed An error occurred during a connection.
    Renegotiation is not allowed on this SSL socket.
    (Error code: ssl_error_renegotiation_not_allowed)
    I have installed this certificate on Firefox 3.6.13 and I am able to connect to our HTTPS site but it will not work with the Beta 4.0 11

    I read about this for ages. I had problems setting up a certificate for my online banking. This one solution genuinely worked for me (finally!) ...Fingers crossed it will for you too:
    1) In the address bar type in '''about:config''' ...Firefox will say it's dangerous, but I just went ahead anyway lol - It's fine. Thank god there's always an edit-undo!
    2) Copy and paste this into the ''filter'' at the top: '''security.ssl.allow_unrestricted_renego_everywhere'''
    3) Then change ''false'' to ''true'' (I think I just clicked it, and it changed)
    That's it! Refresh your bank page, and it should work!
    (Spanish source: '''http://translate.google.com/translate?sl=es&tl=en&js=n&prev=_t&hl=en&ie=UTF-8&layout=2&eotf=1&u=http%3A%2F%2Fwww.fedora-ve.org%2F2011%2F09%2F14%2Ferror-error-code-ssl_error_renegotiation_not_allowed-en-firefox-4-x.html&act=url''')

  • SSL problem: SSL Forbidden or 12204 SSL port specified is not allowed

    Hello there,
    we have a BIG PROBLEM on a production system.
    Some user on internet using IEXplore 5.0x could'nt access our https page.
    Error reported are:
    SSL Forbidden
    SSL port specified is not allowed
    We are using SSL on port 7002
    This is the weblogic properties reagrd SSL:.
    weblogic.security.ssl.enable=true
    # SSL listen port
    weblogic.system.SSLListenPort=7002
    Any suggestion?
    Is there a possibility to use port 80 both for https and http?
    Any help will be apprciated.
    THANK'S!

    I think you need to setup your proxy server to allow 7002 port,
    or use port 443 for SSL ( it is the default proxy secured port)
    Hope this will help
    Mohds
    "Paul Patrick" <[email protected]> wrote:
    If this is a production problem, you should file a problem report with BEA
    Support.
    But I didn't see any certificates for the server registered. Without
    certificates and a private
    key the SSL protocol will not work.
    Paul Patrick
    "Antimo" <[email protected]> wrote in message
    news:3a12cc80$[email protected]..
    Hello there,
    we have a BIG PROBLEM on a production system.
    Some user on internet using IEXplore 5.0x could'nt access our https page.
    Error reported are:
    SSL Forbidden
    SSL port specified is not allowed
    We are using SSL on port 7002
    This is the weblogic properties reagrd SSL:.
    weblogic.security.ssl.enable=true
    # SSL listen port
    weblogic.system.SSLListenPort=7002
    Any suggestion?
    Is there a possibility to use port 80 both for https and http?
    Any help will be apprciated.
    THANK'S!

  • SSL exception: Duplicate extensions not allowed

    Hi,
    I have problem with connecting to exchange mail server with java(java mail)
    I get this exception.
    javax.net.ssl.SSLProtocolException: java.io.IOException: Duplicate extensions not allowed.
    Caused by: java.io.IOException: Duplicate extensions not allowed
    at sun.security.x509.CertificateExtensions.parseExtension(Unknown Source)
    at sun.security.x509.CertificateExtensions.init(Unknown Source)
    at sun.security.x509.CertificateExtensions.<init>(Unknown Source)
    at sun.security.x509.X509CertInfo.parse(Unknown Source)

    So, google has very little about that.
    I found that x509 have something like extensions and if i run java with debug -Djavax.net.debug=ssl
    I see
    adding as trusted cert:
    Subject: CN=T-TeleSec GlobalRoot Class 2, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE
    Issuer: CN=T-TeleSec GlobalRoot Class 2, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE
    Algorithm: RSA; Serial number: 0x1
    Valid from Wed Oct 01 12:40:14 CEST 2008 until Sun Oct 02 01:59:59 CEST 2033
    adding as trusted cert:
    Subject: EMAILADDRESS=[email protected], CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
    Issuer: EMAILADDRESS=[email protected], CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
    Algorithm: RSA; Serial number: 0x1
    Valid from Sat Jun 26 02:19:54 CEST 1999 until Wed Jun 26 02:19:54 CEST 2019
    I dont know if this is that extensions. But i see that some subject are duplicated. Maybe this is all about.

  • Problem: MBP Is not allowing external monitor Widescreen resolutions.

    I am using a 27" LCD HD TV (Yes, TV, not monitor) DVI->DVI and the MBP will not allow me to use a widescreen resolution on my external monitor.
    Yes, I assure you, it is Widescreen. The native resolution is 1280x720.
    Anyone have a clue how I can fix this? Running a stretched 4:3 screen ***** HARD. This was my old windows PC monitor and I never had this issue before.

    Hi,
    I've got the same problem. Tried SwitchResX with not much success. I'm using as second screen a Benq w100 projector. When I force resolutions like 854x480 at about 60Hz, the projector won't recognise it, which makes sense since the input is not supported as such from a PC.
    I think the clue would be sending a HDTV/HDMI signal through the DVI cable. Has anybody managed to do this with the ATI Radeon X1600 that comes with the MBP?
    Gabriel

  • HT1923 The last update caused a problem that will not allow I tunes to open. It says MSVCR80.dll not installed. Then shows Error 7(Windows error 126). I have tryed to fix it but it will not fix problem.

    The last upgrade for I Tunes on my Windows 7 PC was almost done when it showed error. I atempted to redownload and then when trying to reopen I Tunes it shows that the MSVCR80.dlll is missing and then a second message that states Error 7 (Windows error 126). It has told me to reinstall I tunes, which I have done many times with no sucess. All previous versions have never been a problem.

    Hey Barry229!
    I have an article for you that will help you troubleshoot this issue:
    iTunes 11.1.4 for Windows: Unable to install or open
    http://support.apple.com/kb/TS5376
    Thanks for coming to the Apple Support Communities!
    Cheers,
    Braden

  • Two mail accounts with same name and SSL not allowed?!

    Dear Common Wisdom:
    I have two accounts in my Mail program with the same web host. That means the outgoing mail server has the same name.
    If I put on SSL, though, it is not allowed to save two servers with the same name in two different accounts.
    Can I get around this and still use SSL for both accounts?
    Thanks!
    Kostas

    Each domain is expected to refer to its own unique database schema. Same SOA schema should not be shared by multiple SOA clusters/domains. It is technically possible though, I suppose, and still can run fine any one SOA environment at any given time with the other SOA environments/domains (sharing the same SOA schema) shutdown. It is not the general/recommended practice to share SOA schema across domains and there could be potential implications and unexpected behavior, particularly when the SOA environments pointing to the same schema are all running at a time.

  • ERROR: policy does not allow granting permissions at this level outlook

    Hi All,
    Our users are attempting to send sharing requests to each other via Right Click Calendar | Share | Share Calendar
    Availabilty only works fine but Limited and Full Access fails with the error: policy does not allow granting permissions at this level.
    I can see that the default sharing policy is set for availabilty only so I assume I need to add our internal SMTP addresses to the sharing policy with increased right's.
    But... From our testing in our LAB we found that if the exchange org does not have a connection to the federation setup it works fine straigh out of the box.
    Does this sound right or is my LAB just messing with me?
    Cheers
    Josh

    Hi VK, looks like these threads should resolve your problem:
    Assembly does not allow partially trusted
    callers                        
    "That assembly
    does not allow partially trusted callers."                        
    That assembly does not allow
    partially trusted callers                        
    Assembly does not allow partially
    trusted callers.                        
    WPF Assembly does not allow
    partially trusted callers
    cameron rautmann

  • That assembly does not allow partially trusted callers

    Post Author: Guya
    CA Forum: .NET
    Hi there,
    I am trying to view a report by using crystalreportviewer version 10.0.3300.0 on  asp.net 2.0. but I got That assembly does not allow partially trusted callers. Although I don't want to have full trust on the server but when I change trust level of my web site from midle trust to full trust again I got the same issue.
    Any idea how can I get around the issue?
    Thanks in advance

    Hi VK, looks like these threads should resolve your problem:
    Assembly does not allow partially trusted
    callers                        
    "That assembly
    does not allow partially trusted callers."                        
    That assembly does not allow
    partially trusted callers                        
    Assembly does not allow partially
    trusted callers.                        
    WPF Assembly does not allow
    partially trusted callers
    cameron rautmann

  • TS4291 I can't send mail from my iPad apps, I just get the error message, 'The recipient- was rejected by the server because it does not allow relaying.' Does anyone know what this means and how to fix the problem.

    I can't send mail from my iPad apps, I just get the error message, 'The recipient… was rejected by the server because it does not allow relaying.' Does anyone know what this means and how to fix the problem.

    iOS: Unable to send or receive email
    http://support.apple.com/kb/TS3899
    Can’t Send Emails on iPad – Troubleshooting Steps
    http://ipadhelp.com/ipad-help/ipad-cant-send-emails-troubleshooting-steps/
    Setting up and troubleshooting Mail
    http://www.apple.com/support/ipad/assistant/mail/
    Using a POP account with multiple devices
    http://support.apple.com/kb/ht3228
    iOS: Adding an email account
    http://support.apple.com/kb/HT4810
    iOS: Setting up an Outlook.com, Hotmail, Live, or MSN email account
    http://support.apple.com/kb/ht1694
    Server does not allow relaying email error, fix
    http://appletoolbox.com/2012/01/server-does-not-allow-relaying-email-error-fix/
    Why Does My iPad Say "Cannot Connect to Server"?
    http://www.ehow.co.uk/info_8693415_ipad-say-cannot-connect-server.html
    How to Sync Contacts with Your iPad Using iTunes
    http://www.dummies.com/how-to/content/how-to-sync-contacts-with-your-ipad-using- itunes.html
    iOS: 'Mailbox Locked', account is in use on another device, or prompt to re-enter POP3 password
    http://support.apple.com/kb/ts2621
    eMail Groups - You can use a third party app that many users recommend.
    MailShot -  https://itunes.apple.com/us/app/mailshot-pro-group-email-done/id445996226?mt=8
    Group Email  -  https://itunes.apple.com/us/app/group-email!-mail-client-attachments/id380690305 ?mt=8
    iPad Mail
    http://www.apple.com/support/ipad/mail/
    Configuration problems with IMAP e-mail on iOS with a non-standard SSL port.
    http://colinrobbins.me/2013/02/09/configuration-problems-with-imap-e-mail-on-ios -with-a-non-standard-ssl-port/
    Try this first - Reset the iPad by holding down on the Sleep and Home buttons at the same time for about 10-15 seconds until the Apple Logo appears - ignore the red slider - let go of the buttons. (This is equivalent to rebooting your computer.)
    Or this - Delete the account in Mail and then set it up again. Settings->Mail, Contacts, Calendars -> Accounts   Tap on the Account, then on the red button that says Remove Account.
     Cheers, Tom

  • I cannot open iCal because of a problem. Can anybody help me? The computer will not allow it to open and sends a message to apple each time. The icon has gone from the dock, but ical works on my iPad and I am afraid to sync it with my computer.?

    I cannot open iCal because of a problem. Can anybody help me? The computer will not allow it to open and sends a message to apple each time. The icon has gone from the dock, but ical works on my iPad and I am afraid to sync it with my computer in case it wipes everything .

    I have the exact same problem. I have not changed anything. This is probably a bug or something that has gone bad with Mac OS X (10.7.2). I have not found any solution for this on the web.
    MacBook Pro, Mac OS X (10.7.2).

  • JAN 4, 2012  As of the  Upgrade to   Lion,. and the  Email portion, ..   DOES NOT  allow a Video Clip to be sent via the Email  as the I-Photo is not supported by Video Clips  ( Previous Leopard  No problem  clip and drag  via Quick Time Pro to the email

    JAN 4, 2012 
    As of the  Upgrade to   Lion,.   2007  I-Mac  -   the  Email portion, ..   DOES NOT    allow a Video Clips to be sent via the Email 
    as the I-Photo is not supported by Video Clips  ( Previous Leopard ) 
    No problem  clip and drag  via Quick Time Pro to the email  and select the  Attchment  size to send. .  Depending on the 
    Size of the Video Clip  ..      Now  Lion only  Export's   1 size, .   only  and as a result . . teh  File is  TOO  Large and
    Will NOT  send via  E-Mail    ??? 
    Between the   Issue of   the   Lion,  and  Email  issues ,   and  the   Upgrade  of   I-Touch  to  5.1  from  4.2.1 
    as my  Photo  Size is  Huge ..    70,000  +  photos in the  Computer. .   and was   40,000  in the   I - Touch  .. .  
    The  New I-Touch  too will not Load the  same  as Previously  used  on  either  my  16 GB   or  32 GB   Unit . . 
              No Help . ..   so far, ..  as a Apple user   since   1996 ..    I  have Never  experieanced such  frustration    ??? 
                   (  any one have some help  if similar  experiances    ?     thank you     )

    JAN 4, 2012 
    As of the  Upgrade to   Lion,.   2007  I-Mac  -   the  Email portion, ..   DOES NOT    allow a Video Clips to be sent via the Email 
    as the I-Photo is not supported by Video Clips  ( Previous Leopard ) 
    No problem  clip and drag  via Quick Time Pro to the email  and select the  Attchment  size to send. .  Depending on the 
    Size of the Video Clip  ..      Now  Lion only  Export's   1 size, .   only  and as a result . . teh  File is  TOO  Large and
    Will NOT  send via  E-Mail    ??? 
    Between the   Issue of   the   Lion,  and  Email  issues ,   and  the   Upgrade  of   I-Touch  to  5.1  from  4.2.1 
    as my  Photo  Size is  Huge ..    70,000  +  photos in the  Computer. .   and was   40,000  in the   I - Touch  .. .  
    The  New I-Touch  too will not Load the  same  as Previously  used  on  either  my  16 GB   or  32 GB   Unit . . 
              No Help . ..   so far, ..  as a Apple user   since   1996 ..    I  have Never  experieanced such  frustration    ??? 
                   (  any one have some help  if similar  experiances    ?     thank you     )

  • Having a problem with Firefox using Hotmail email. Inbox - as checking messages it freezes up or a 1 item window follows cursor and does not allow you to enter

    I am having a problem accessing Hotmail email messages via Fireflox server. When I am in the Inbox, reviewing messages, it either freezes up or a "1 item" small icon window follows cursor and does not allow me to enter messages or do anything. Have to log off and start over. Suggestions>?

    Can you detect any pattern to it, whether related to messages with attachments, or particular advertising on the page, etc.?
    When you have a problem with one particular site, a good "first thing to try" is clearing your Firefox cache and deleting your saved cookies for the site.
    1. Clear Firefox's Cache
    orange Firefox button ''or'' Tools menu > Options > Advanced
    On the Network mini-tab > Offline Storage : "Clear Now"
    2. If needed, delete the site's cookies here
    While viewing a page on the site, right-click and choose View Page Info > Security > "View Cookies"
    (Usually the dialog will refer to live.com rather than hotmail.com, that's normal.)
    Then try reloading the page and logging in again. Does that help?

  • I have a new Mac Mini and all my software is up to date. My video keeps acting up, flashing and not allowing me to work. This was happening with my old machine as well. Is this a problem with my monitor or do I have a bug somewhere in  my system?

    I have a new Mini and updated software. My monitor will keep flashing back and forth, shrinking the display and not allowing me to work. Sometimes clicking the mouse helps, sometimes clicking into the screen but it freezes up and won't allow me to work. Is this a monitor problem or is there some bug in my system.

    Try just holding down on the power and home buttons to restart it. Thomas R. doesnt know what he was talking about. The tool is not made for jailbraeking and is not related to jailbreaking. If you want to get the link again, let me know, as I reapir iPhones, have been using it for years, nad it does NOT void your warranty. It simply reboots your device.
    My apologies for all of the new people on this site who are novices to anything beyond iTunes or the device itself. Hopefuly your problem is solved.

  • I have moved from the US to Norway, and want to change my apple ID to the Norwegian appstore. However, I am not allowed ot change from the US store before I use up my balance, which is 0.17 dollar. The problem is that nothing costs 0.17 dollar.Please help

    I have moved from the US to Norway, and want to change my apple ID to the Norwegian appstore. However, I am not allowed ot change from the US store before I use up my balance, which is 0.17 dollar. The problem is that nothing costs 0.17 dollar and I do no longer have an american visa card, only Norwegian. Is there any way I can erase the credit on my account so I can change the appstore country? Or osmething I can use this credit on? Thank you very much

    Try contacting the store support staff at: http://www.apple.com/emea/support/itunes/contact.html they are usually pretty good at sorting out these issues.

Maybe you are looking for

  • Project controlling with Solution Manager

    Dear SolMan community, we just finalized in a SAP Retail implementation project the planning for the release phase. Input for the planning activities were numerous functions that were already created in SolMan. We decided to use Excel to conduct a bo

  • Printing Cheque using EPSON LX-300

    Hi Everyone, Could you please help me with this issue?! I had implemented the Cheque process but when I am using EPSON LX-300 printer an error occurs. Some numbers and letters are showing up on the begining of the line. I think that this is because o

  • Show/ Hide Tables in SSRS based on Multiple Parameters

    Hi Is it possible to show/ hide multiple different tables based on a multivalued parameter?  I have 6 tables and I want 1 or 6 displayed dependent on what is selected from the multivalued parameter. When I add the IN operator and select multivalues,

  • Installing a repository using the repository assistant -- Error

    Hello, I get an error when i try to install repository using the repository assistant. here is an image of what error I get: http://myrmidonprocess.com/imageupload/images/error46249ed812cbc.png This was in the log: main.TaskScheduler timer[5]20070417

  • Difference in logseq's

    Hi All, i got a problem with logseq no. my primary database having logsequence of 40 and my standby database having logseq of 50.. can any bady help me through this . thanks .