SSL problem: renegotiation is not allowed
Hi all,
I'm trying to build a SSL client/server app (something simple, for learning purposes), and I got some pointers on the internet. However, when I ran both client and server, I got an exception on the client side: javax.net.ssl.SSLHandshakeException: renegotiation is not allowed
Here are my codes:
Server
//server.jks = keystore
//ServerJKS = keystore password
//SeverKey = certificate's password (certificate = server_full)
if (args.length<3) {
System.out.println("Usage:");
System.out.println(" java AdminApp keyStoreName keyStorePass certPass");
return;
String keyStoreName = args[0];
char[] keyStorePass = args[1].toCharArray();
char[] certPass = args[2].toCharArray();
System.setProperty("javax.net.ssl.trustStore", args[0]);
System.setProperty("javax.net.ssl.trustStorePassword", args[1]);
try {
KeyStore keystore = KeyStore.getInstance("JKS");
keystore.load(new FileInputStream(keyStoreName), keyStorePass);
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(keystore, certPass);
SSLContext context = SSLContext.getInstance("SSL");
context.init(kmf.getKeyManagers(), null, null);
SSLServerSocketFactory factory = context.getServerSocketFactory();
SSLServerSocket server = (SSLServerSocket) factory.createServerSocket(8888);
server.setNeedClientAuth(true);
//call method printServerSocketInfo
printServerSocketInfo(server);
SSLSocket socket = (SSLSocket) server.accept();
//call method printSocketInfo
printSocketInfo(socket);
BufferedWriter writer = new BufferedWriter(new OutputStreamWriter(socket.getOutputStream()));
BufferedReader reader = new BufferedReader(new InputStreamReader(socket.getInputStream()));
String msg = "Welcome to SSL Reverse Echo Server."+ " Please type in some words.";
writer.write(msg,0,msg.length());
writer.newLine();
writer.flush();
while ((msg = reader.readLine())!= null) {
if (msg.equals("."))
break;
char[] a = msg.toCharArray();
int n = a.length;
for(int i = 0; i < n/2; i++) {
char t = a;
a[i] = a[n-1-i];
a[n-i-1] = t;
writer.write(a,0,n);
writer.newLine();
writer.flush();
writer.close();
reader.close();
socket.close();
server.close();
} catch (Exception e) {
System.err.println(e.toString());
_Client_if (args.length<3) {
System.out.println("Usage:");
System.out.println(" java SslReverseEchoerRevised keyStoreName keyStorePass certPass");
return;
String keyStoreName = args[0];
char[] keyStorePass = args[1].toCharArray();
char[] certPass = args[2].toCharArray();
System.setProperty("javax.net.ssl.trustStore", args[0]);
System.setProperty("javax.net.ssl.trustStorePassword", args[1]);
//these two, to get messages out and in
BufferedReader in = new BufferedReader(new InputStreamReader(System.in));
PrintStream out = System.out;
try {
KeyStore keystore = KeyStore.getInstance("JKS");
keystore.load(new FileInputStream(keyStoreName), keyStorePass);
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(keystore, certPass);
SSLContext context = SSLContext.getInstance("SSL");
context.init(kmf.getKeyManagers(), null, null);
SSLSocketFactory factory = context.getSocketFactory();
SSLSocket socket = (SSLSocket) factory.createSocket("localhost", 8888);
//call printSocketInfo method
printSocketInfo(socket);
//start handshake
socket.startHandshake();
BufferedWriter writer = new BufferedWriter(new OutputStreamWriter(socket.getOutputStream()));
BufferedReader reader = new BufferedReader(new InputStreamReader(socket.getInputStream()));
String msg = null;
while ((msg = reader.readLine())!= null) {
out.println(msg);
msg = in.readLine();
writer.write(msg,0,msg.length());
writer.newLine();
writer.flush();
writer.close();
reader.close();
socket.close();
} catch (Exception e) {
System.err.println(e.toString());
I think you need to setup your proxy server to allow 7002 port,
or use port 443 for SSL ( it is the default proxy secured port)
Hope this will help
Mohds
"Paul Patrick" <[email protected]> wrote:
If this is a production problem, you should file a problem report with BEA
Support.
But I didn't see any certificates for the server registered. Without
certificates and a private
key the SSL protocol will not work.
Paul Patrick
"Antimo" <[email protected]> wrote in message
news:3a12cc80$[email protected]..
Hello there,
we have a BIG PROBLEM on a production system.
Some user on internet using IEXplore 5.0x could'nt access our https page.
Error reported are:
SSL Forbidden
SSL port specified is not allowed
We are using SSL on port 7002
This is the weblogic properties reagrd SSL:.
weblogic.security.ssl.enable=true
# SSL listen port
weblogic.system.SSLListenPort=7002
Any suggestion?
Is there a possibility to use port 80 both for https and http?
Any help will be apprciated.
THANK'S!
Similar Messages
-
I have installed the Firefox 4.0 Beta 11 (+updates), I try to connect to our https: website and I receive the following error:
Secure Connection Failed An error occurred during a connection.
Renegotiation is not allowed on this SSL socket.
(Error code: ssl_error_renegotiation_not_allowed)
I have installed this certificate on Firefox 3.6.13 and I am able to connect to our HTTPS site but it will not work with the Beta 4.0 11I read about this for ages. I had problems setting up a certificate for my online banking. This one solution genuinely worked for me (finally!) ...Fingers crossed it will for you too:
1) In the address bar type in '''about:config''' ...Firefox will say it's dangerous, but I just went ahead anyway lol - It's fine. Thank god there's always an edit-undo!
2) Copy and paste this into the ''filter'' at the top: '''security.ssl.allow_unrestricted_renego_everywhere'''
3) Then change ''false'' to ''true'' (I think I just clicked it, and it changed)
That's it! Refresh your bank page, and it should work!
(Spanish source: '''http://translate.google.com/translate?sl=es&tl=en&js=n&prev=_t&hl=en&ie=UTF-8&layout=2&eotf=1&u=http%3A%2F%2Fwww.fedora-ve.org%2F2011%2F09%2F14%2Ferror-error-code-ssl_error_renegotiation_not_allowed-en-firefox-4-x.html&act=url''') -
SSL problem: SSL Forbidden or 12204 SSL port specified is not allowed
Hello there,
we have a BIG PROBLEM on a production system.
Some user on internet using IEXplore 5.0x could'nt access our https page.
Error reported are:
SSL Forbidden
SSL port specified is not allowed
We are using SSL on port 7002
This is the weblogic properties reagrd SSL:.
weblogic.security.ssl.enable=true
# SSL listen port
weblogic.system.SSLListenPort=7002
Any suggestion?
Is there a possibility to use port 80 both for https and http?
Any help will be apprciated.
THANK'S!I think you need to setup your proxy server to allow 7002 port,
or use port 443 for SSL ( it is the default proxy secured port)
Hope this will help
Mohds
"Paul Patrick" <[email protected]> wrote:
If this is a production problem, you should file a problem report with BEA
Support.
But I didn't see any certificates for the server registered. Without
certificates and a private
key the SSL protocol will not work.
Paul Patrick
"Antimo" <[email protected]> wrote in message
news:3a12cc80$[email protected]..
Hello there,
we have a BIG PROBLEM on a production system.
Some user on internet using IEXplore 5.0x could'nt access our https page.
Error reported are:
SSL Forbidden
SSL port specified is not allowed
We are using SSL on port 7002
This is the weblogic properties reagrd SSL:.
weblogic.security.ssl.enable=true
# SSL listen port
weblogic.system.SSLListenPort=7002
Any suggestion?
Is there a possibility to use port 80 both for https and http?
Any help will be apprciated.
THANK'S! -
SSL exception: Duplicate extensions not allowed
Hi,
I have problem with connecting to exchange mail server with java(java mail)
I get this exception.
javax.net.ssl.SSLProtocolException: java.io.IOException: Duplicate extensions not allowed.
Caused by: java.io.IOException: Duplicate extensions not allowed
at sun.security.x509.CertificateExtensions.parseExtension(Unknown Source)
at sun.security.x509.CertificateExtensions.init(Unknown Source)
at sun.security.x509.CertificateExtensions.<init>(Unknown Source)
at sun.security.x509.X509CertInfo.parse(Unknown Source)So, google has very little about that.
I found that x509 have something like extensions and if i run java with debug -Djavax.net.debug=ssl
I see
adding as trusted cert:
Subject: CN=T-TeleSec GlobalRoot Class 2, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE
Issuer: CN=T-TeleSec GlobalRoot Class 2, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE
Algorithm: RSA; Serial number: 0x1
Valid from Wed Oct 01 12:40:14 CEST 2008 until Sun Oct 02 01:59:59 CEST 2033
adding as trusted cert:
Subject: EMAILADDRESS=[email protected], CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
Issuer: EMAILADDRESS=[email protected], CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
Algorithm: RSA; Serial number: 0x1
Valid from Sat Jun 26 02:19:54 CEST 1999 until Wed Jun 26 02:19:54 CEST 2019
I dont know if this is that extensions. But i see that some subject are duplicated. Maybe this is all about. -
Problem: MBP Is not allowing external monitor Widescreen resolutions.
I am using a 27" LCD HD TV (Yes, TV, not monitor) DVI->DVI and the MBP will not allow me to use a widescreen resolution on my external monitor.
Yes, I assure you, it is Widescreen. The native resolution is 1280x720.
Anyone have a clue how I can fix this? Running a stretched 4:3 screen ***** HARD. This was my old windows PC monitor and I never had this issue before.Hi,
I've got the same problem. Tried SwitchResX with not much success. I'm using as second screen a Benq w100 projector. When I force resolutions like 854x480 at about 60Hz, the projector won't recognise it, which makes sense since the input is not supported as such from a PC.
I think the clue would be sending a HDTV/HDMI signal through the DVI cable. Has anybody managed to do this with the ATI Radeon X1600 that comes with the MBP?
Gabriel -
The last upgrade for I Tunes on my Windows 7 PC was almost done when it showed error. I atempted to redownload and then when trying to reopen I Tunes it shows that the MSVCR80.dlll is missing and then a second message that states Error 7 (Windows error 126). It has told me to reinstall I tunes, which I have done many times with no sucess. All previous versions have never been a problem.
Hey Barry229!
I have an article for you that will help you troubleshoot this issue:
iTunes 11.1.4 for Windows: Unable to install or open
http://support.apple.com/kb/TS5376
Thanks for coming to the Apple Support Communities!
Cheers,
Braden -
Two mail accounts with same name and SSL not allowed?!
Dear Common Wisdom:
I have two accounts in my Mail program with the same web host. That means the outgoing mail server has the same name.
If I put on SSL, though, it is not allowed to save two servers with the same name in two different accounts.
Can I get around this and still use SSL for both accounts?
Thanks!
KostasEach domain is expected to refer to its own unique database schema. Same SOA schema should not be shared by multiple SOA clusters/domains. It is technically possible though, I suppose, and still can run fine any one SOA environment at any given time with the other SOA environments/domains (sharing the same SOA schema) shutdown. It is not the general/recommended practice to share SOA schema across domains and there could be potential implications and unexpected behavior, particularly when the SOA environments pointing to the same schema are all running at a time.
-
ERROR: policy does not allow granting permissions at this level outlook
Hi All,
Our users are attempting to send sharing requests to each other via Right Click Calendar | Share | Share Calendar
Availabilty only works fine but Limited and Full Access fails with the error: policy does not allow granting permissions at this level.
I can see that the default sharing policy is set for availabilty only so I assume I need to add our internal SMTP addresses to the sharing policy with increased right's.
But... From our testing in our LAB we found that if the exchange org does not have a connection to the federation setup it works fine straigh out of the box.
Does this sound right or is my LAB just messing with me?
Cheers
JoshHi VK, looks like these threads should resolve your problem:
Assembly does not allow partially trusted
callers
"That assembly
does not allow partially trusted callers."
That assembly does not allow
partially trusted callers
Assembly does not allow partially
trusted callers.
WPF Assembly does not allow
partially trusted callers
cameron rautmann -
That assembly does not allow partially trusted callers
Post Author: Guya
CA Forum: .NET
Hi there,
I am trying to view a report by using crystalreportviewer version 10.0.3300.0 on asp.net 2.0. but I got That assembly does not allow partially trusted callers. Although I don't want to have full trust on the server but when I change trust level of my web site from midle trust to full trust again I got the same issue.
Any idea how can I get around the issue?
Thanks in advanceHi VK, looks like these threads should resolve your problem:
Assembly does not allow partially trusted
callers
"That assembly
does not allow partially trusted callers."
That assembly does not allow
partially trusted callers
Assembly does not allow partially
trusted callers.
WPF Assembly does not allow
partially trusted callers
cameron rautmann -
I can't send mail from my iPad apps, I just get the error message, 'The recipient… was rejected by the server because it does not allow relaying.' Does anyone know what this means and how to fix the problem.
iOS: Unable to send or receive email
http://support.apple.com/kb/TS3899
Can’t Send Emails on iPad – Troubleshooting Steps
http://ipadhelp.com/ipad-help/ipad-cant-send-emails-troubleshooting-steps/
Setting up and troubleshooting Mail
http://www.apple.com/support/ipad/assistant/mail/
Using a POP account with multiple devices
http://support.apple.com/kb/ht3228
iOS: Adding an email account
http://support.apple.com/kb/HT4810
iOS: Setting up an Outlook.com, Hotmail, Live, or MSN email account
http://support.apple.com/kb/ht1694
Server does not allow relaying email error, fix
http://appletoolbox.com/2012/01/server-does-not-allow-relaying-email-error-fix/
Why Does My iPad Say "Cannot Connect to Server"?
http://www.ehow.co.uk/info_8693415_ipad-say-cannot-connect-server.html
How to Sync Contacts with Your iPad Using iTunes
http://www.dummies.com/how-to/content/how-to-sync-contacts-with-your-ipad-using- itunes.html
iOS: 'Mailbox Locked', account is in use on another device, or prompt to re-enter POP3 password
http://support.apple.com/kb/ts2621
eMail Groups - You can use a third party app that many users recommend.
MailShot - https://itunes.apple.com/us/app/mailshot-pro-group-email-done/id445996226?mt=8
Group Email - https://itunes.apple.com/us/app/group-email!-mail-client-attachments/id380690305 ?mt=8
iPad Mail
http://www.apple.com/support/ipad/mail/
Configuration problems with IMAP e-mail on iOS with a non-standard SSL port.
http://colinrobbins.me/2013/02/09/configuration-problems-with-imap-e-mail-on-ios -with-a-non-standard-ssl-port/
Try this first - Reset the iPad by holding down on the Sleep and Home buttons at the same time for about 10-15 seconds until the Apple Logo appears - ignore the red slider - let go of the buttons. (This is equivalent to rebooting your computer.)
Or this - Delete the account in Mail and then set it up again. Settings->Mail, Contacts, Calendars -> Accounts Tap on the Account, then on the red button that says Remove Account.
Cheers, Tom -
I cannot open iCal because of a problem. Can anybody help me? The computer will not allow it to open and sends a message to apple each time. The icon has gone from the dock, but ical works on my iPad and I am afraid to sync it with my computer in case it wipes everything .
I have the exact same problem. I have not changed anything. This is probably a bug or something that has gone bad with Mac OS X (10.7.2). I have not found any solution for this on the web.
MacBook Pro, Mac OS X (10.7.2). -
JAN 4, 2012
As of the Upgrade to Lion,. 2007 I-Mac - the Email portion, .. DOES NOT allow a Video Clips to be sent via the Email
as the I-Photo is not supported by Video Clips ( Previous Leopard )
No problem clip and drag via Quick Time Pro to the email and select the Attchment size to send. . Depending on the
Size of the Video Clip .. Now Lion only Export's 1 size, . only and as a result . . teh File is TOO Large and
Will NOT send via E-Mail ???
Between the Issue of the Lion, and Email issues , and the Upgrade of I-Touch to 5.1 from 4.2.1
as my Photo Size is Huge .. 70,000 + photos in the Computer. . and was 40,000 in the I - Touch .. .
The New I-Touch too will not Load the same as Previously used on either my 16 GB or 32 GB Unit . .
No Help . .. so far, .. as a Apple user since 1996 .. I have Never experieanced such frustration ???
( any one have some help if similar experiances ? thank you )JAN 4, 2012
As of the Upgrade to Lion,. 2007 I-Mac - the Email portion, .. DOES NOT allow a Video Clips to be sent via the Email
as the I-Photo is not supported by Video Clips ( Previous Leopard )
No problem clip and drag via Quick Time Pro to the email and select the Attchment size to send. . Depending on the
Size of the Video Clip .. Now Lion only Export's 1 size, . only and as a result . . teh File is TOO Large and
Will NOT send via E-Mail ???
Between the Issue of the Lion, and Email issues , and the Upgrade of I-Touch to 5.1 from 4.2.1
as my Photo Size is Huge .. 70,000 + photos in the Computer. . and was 40,000 in the I - Touch .. .
The New I-Touch too will not Load the same as Previously used on either my 16 GB or 32 GB Unit . .
No Help . .. so far, .. as a Apple user since 1996 .. I have Never experieanced such frustration ???
( any one have some help if similar experiances ? thank you ) -
I am having a problem accessing Hotmail email messages via Fireflox server. When I am in the Inbox, reviewing messages, it either freezes up or a "1 item" small icon window follows cursor and does not allow me to enter messages or do anything. Have to log off and start over. Suggestions>?
Can you detect any pattern to it, whether related to messages with attachments, or particular advertising on the page, etc.?
When you have a problem with one particular site, a good "first thing to try" is clearing your Firefox cache and deleting your saved cookies for the site.
1. Clear Firefox's Cache
orange Firefox button ''or'' Tools menu > Options > Advanced
On the Network mini-tab > Offline Storage : "Clear Now"
2. If needed, delete the site's cookies here
While viewing a page on the site, right-click and choose View Page Info > Security > "View Cookies"
(Usually the dialog will refer to live.com rather than hotmail.com, that's normal.)
Then try reloading the page and logging in again. Does that help? -
I have a new Mini and updated software. My monitor will keep flashing back and forth, shrinking the display and not allowing me to work. Sometimes clicking the mouse helps, sometimes clicking into the screen but it freezes up and won't allow me to work. Is this a monitor problem or is there some bug in my system.
Try just holding down on the power and home buttons to restart it. Thomas R. doesnt know what he was talking about. The tool is not made for jailbraeking and is not related to jailbreaking. If you want to get the link again, let me know, as I reapir iPhones, have been using it for years, nad it does NOT void your warranty. It simply reboots your device.
My apologies for all of the new people on this site who are novices to anything beyond iTunes or the device itself. Hopefuly your problem is solved. -
I have moved from the US to Norway, and want to change my apple ID to the Norwegian appstore. However, I am not allowed ot change from the US store before I use up my balance, which is 0.17 dollar. The problem is that nothing costs 0.17 dollar and I do no longer have an american visa card, only Norwegian. Is there any way I can erase the credit on my account so I can change the appstore country? Or osmething I can use this credit on? Thank you very much
Try contacting the store support staff at: http://www.apple.com/emea/support/itunes/contact.html they are usually pretty good at sorting out these issues.
Maybe you are looking for
-
Project controlling with Solution Manager
Dear SolMan community, we just finalized in a SAP Retail implementation project the planning for the release phase. Input for the planning activities were numerous functions that were already created in SolMan. We decided to use Excel to conduct a bo
-
Printing Cheque using EPSON LX-300
Hi Everyone, Could you please help me with this issue?! I had implemented the Cheque process but when I am using EPSON LX-300 printer an error occurs. Some numbers and letters are showing up on the begining of the line. I think that this is because o
-
Show/ Hide Tables in SSRS based on Multiple Parameters
Hi Is it possible to show/ hide multiple different tables based on a multivalued parameter? I have 6 tables and I want 1 or 6 displayed dependent on what is selected from the multivalued parameter. When I add the IN operator and select multivalues,
-
Installing a repository using the repository assistant -- Error
Hello, I get an error when i try to install repository using the repository assistant. here is an image of what error I get: http://myrmidonprocess.com/imageupload/images/error46249ed812cbc.png This was in the log: main.TaskScheduler timer[5]20070417
-
Hi All, i got a problem with logseq no. my primary database having logsequence of 40 and my standby database having logseq of 50.. can any bady help me through this . thanks .