SSL timeout with HttpURLConnection

Similar Messages

• SSL VPN with client, anyconnect.

  I've set up a simple test on SSL VPN with client on a 3800.
  It didnt work. I assume i have to turn on the IP http server so that the client can hit it.
  but when I turned it on, the client goes to SDM, nothing with ssl vpn happened. it tells me the pay is not available.
  The underlying routing is fine.
  Could you tell me where it is configured wrong?
  Config is copied below.
  thanks,
  Han
  =======
  Current configuration : 3340 bytes
  version 12.4
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname Router
  boot-start-marker
  boot-end-marker
  enable password cisco
  aaa new-model
  aaa authentication login default local
  aaa session-id common
  no network-clock-participate slot 1
  crypto pki trustpoint TP-self-signed-3551041125
  enrollment selfsigned
  subject-name cn=IOS-Self-Signed-Certificate-3551041125
  revocation-check none
  rsakeypair TP-self-signed-3551041125
  crypto pki certificate chain TP-self-signed-3551041125
  certificate self-signed 01
  3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 33353531 30343131 3235301E 170D3131 31313135 31383238
  30365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 35353130
  34313132 3530819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100CFCF CFFAD76A 50DA82C9 8D4E3F90 64AD24EB 5409C5E2 43BC64F3 07F6C0E0
  29FF2D71 0DA0D897 2F814BD2 7F817503 429D4BC6 6AD6EEA4 DFA74BAD 0EAF84D5
  6ED55EC0 6C637178 BEEBCD1D 184BB90C CA84E974 48003885 87B53F2E 36A04661
  23DA2CBB DD8EEE1D 2F25AF9A E21DC288 BF76A17C C1F4BA07 95F09377 A12BE01A
  53750203 010001A3 77307530 0F060355 1D130101 FF040530 030101FF 30220603
  551D1104 1B301982 17526F75 7465722E 776E7362 6E6F632E 696E7465 726E616C
  301F0603 551D2304 18301680 14BE9E8F ED788928 560D7CA1 EED89B0D DE34D772
  5D301D06 03551D0E 04160414 BE9E8FED 78892856 0D7CA1EE D89B0DDE 34D7725D
  300D0609 2A864886 F70D0101 04050003 818100BC 4A2A3C47 7BF809AF 78EE0FD9
  73692913 F280765E BAFAECAB ED32C38D 3030810B C62C7F45 13C8A6EE AE96A891
  CDD4C78B 803299AD EB098B27 383CEF6F 0E2B811F 3ECFADBA 07CD0AC6 BBB8C5FE
  B2FC0FD8 562B7100 BB28036E 4575D1F5 B17687C6 8EACBD66 A9E52FEE A030E69A
  CAAE9F1B 618FA59D 02C25BC8 77D6CAC2 C7E56F
  quit
  dot11 syslog
  ip cef
  multilink bundle-name authenticated
  voice-card 0
  no dspfarm
  username cisco1 privilege 15 secret 5 $1$L2RA$Zqs6FLce5Ns5fny5aRL49/
  archive
  log config
  hidekeys
  interface GigabitEthernet0/0
  ip address dhcp
  duplex auto
  speed auto
  media-type rj45
  end
  interface Loopback1
  ip address 1.1.1.1 255.255.255.0
  interface GigabitEthernet0/0
  ip address dhcp
  duplex auto
  speed auto
  media-type rj45
  ip local pool svc-poll 1.1.1.50 1.1.1.100
  ip forward-protocol nd
  ip route 0.0.0.0 0.0.0.0 192.168.1.254
  ip http server
  no ip http secure-server
  control-plane
  line con 0
  logging synchronous
  line aux 0
  line vty 0 4
  scheduler allocate 20000 1000
  webvpn gateway SSLVPN
  ip interface GigabitEthernet0/0 port 443
  ssl trustpoint local
  inservice
  webvpn install svc flash:/webvpn/svc.pkg
  webvpn context SSLVPN
  ssl authenticate verify all
  policy group default
     functions svc-required
     svc default-domain "test.org"
     svc keep-client-installed
     svc split dns "primary"
  default-group-policy default
  gateway SSLVPN
  inservice
  end

  Using the SDM follow the below config example
  http://www.cisco.com/en/US/products/ps6496/products_configuration_example09186a008071c58b.shtml
  The text "cisco 3800 ssl vpn configuration" in my favorite search engine, identified the above.
  HTH>

• Problem with HttpURLConnection and HttpSession.

  Hi,
  Problem with HttpURLConnection and HttpSession.
  I created a HttpSession object in my main class and then called a URL via HttpURLConnection.
  I tried to access the same session object from the servlet called by the URL . but the main session
  is not returned a new seperate session is created.let me know how can we continue the same session in
  the called URL also which is created in main class.
  Thanks
  Prasad

  You are not supported to create a HttpSession by java client. Only J2EE web container can create it.

• Timeouts with proxy

  Customers have been reporting "Page cannot be displayed" in IE and sending screenshots of partially loaded pages. I'm assuming we have a timeout issue.
  We have a proxy (HttpClusterServlet) handling the SSL, and load balancing on a few managed servers over non-SSL protocol on the same machine.
  Server2008 64bit [ Client ---> HTTPS ---> Proxy ---> HTTP ---> Managed Servers ]
  Where would a timeout issue likely been occuring?
  In admin console, under the Proxy server -> Tuning, I'm noticing the HTTP timeout is 5sec and SSL timeout is 25sec (Defaults). Would increasing the SSL timeout on the proxy and the HTTP timeouts on the managed server help this situation?
  Side note: In the managed servers' output logs I am also notice "View cannot be restored" errors, which I'm assuming is a user trying to request an expired session, probably due to reloading a page that has already expired. This may be a seperate issue, as I have set all no-cache, revalidates headers in my filter.
  Any feedback appreciated.

  The document tells me I should install OWA. I assume it's Oracle Web Agent, since the document doesn't ever tell me what OWA is, and not the more common Outlook Web App (nor anything else on the wikipedia page for OWA). I do not see anything on the download page about a Web Agent. I downloaded Oracle Fusion Middleware 11g Web Tier Utilities, which the asktom site suggested, but it's over a gigabyte of stuff (compressed), won't let me chose components, and requires the WebLogic Server, which I'm not paying for.
  I looked at the linked mod_plsql, and it's from Total Knowledge Software, not Oracle. Also, the official website for that release says the next version will support Apache 2, which is hardly current. Since the current version is 4.5 years old, I assume the project is dead and there will be no next version. Even if development is alive, I need something now. There is another open-source version of mod_plsql, but they specifically state that it does not have full support for application express.

• How to configure Oracle 10g Advanced Security to use SSL concurrently with

  How to configure Oracle 10g Advanced Security to use SSL concurrently with database User names and passwords
  In Oracle Advanced Security Documentation it is mentioned that i can use SSL concurrently with DB user names and passwords. But when i configure the client certificate on the client my DB connection is getting authenticated using the certificate, which out passing user id or password.
  We want to connect to Oracle DB over SSL channel so that the data packets are not in clear text. Also we want the user to make a connection using user id and password.
  Basically we want SSL with out authentication.
  Need your expert advice

  Read the documentation (I have given following links assuming you are running a 32 bit architecture)
  Server installations:
  http://www.oracle.com/pls/db102/to_toc?pathname=install.102%2Fb14316%2Ftoc.htm&remark=portal+%28Books%29
  Client installations:
  http://www.oracle.com/pls/db102/to_toc?pathname=install.102%2Fb14312%2Ftoc.htm&remark=portal+%28Books%29
  You can find the required books (if not using 32 bit architecture) from
  http://www.oracle.com/pls/db102/portal.portal_db?selected=3

• How to avoid the page timeout with the HP Color LaserJet Enterprise CP4025?

  We are using a DOS application developed with DB4 and running always on the same XP workstation. One month ago we changed our previous HP color printer (was broken) buying a newest CP4025. With the previous HP color printer, and also with another printer we have (HP Color LaserJet CP2025), our application works very well. But using the CP4025 now we have a problem.
  When our application prints in PCL mode, sends the first part of job, then the application perform some calculation tasks with the database and sends the final part after about 30 seconds. We don't know why, but the CP4025 seems to have a timeout after about 15 seconds that cause closing the printing job with a sort of end of page, printing wrongly a half page, and after a new page with the second half of the real single page.
  Why the CP4025 have a so short timeout? Our previous HP and also the CP2025 works well with our application, without perform any kind of short timeout. 
  Anybody knows how is it possible to avoid this timeout with the CP4025?

  In theory PCL5 jobs should only be terminated and forced to finish printing via either an IO timeout, the network connection being closed, or an end of job command in PCL5. 
  You can check/change the default IO timeout value through the front screen. You'll find it by navigating to Configure Device->I/O->I/O Timeout. I would recommend making sure it is set to something around 120 seconds. 
  Do you know whether the application itself is generating the PCL5 job, or whether it is going through a print driver to generate the job? 
  I work for HP

• SSL Passphrases with Nginx and Systemd

  I'm currently looking to migrate one of my systems to Arch Linux with Nginx powering my web stack. For my site I use a wildcard SSL certificate for communication, and of course my SSL key is passphrased.
  While finishing up the last things on the system last night, I came around to actually putting the real cert on the system and starting Nginx. To my surprise Nginx failed. Using `journal -xn` I found that it was requesting the SSL key's passphrase via stdin which wasn't being sent to me, and thus would just fail.
  How are people using SSL passphrases with systemd? I saw some work-around suggestions for Apache in relation to the PasswordAgent, are there any for Nginx? I'm starting to think that I'm just going to need to disable the systemd service for nginx and write my own init script.
  I've taken a look at the systemd documentation, and there seemed to be plenty of theoretical / philosophical information about the PasswordAgent but nothing specific about how you add support to a service that needs it. It's possible I just missed the relevant article.
  Any information will be greatly helpful.
  Cheers!
  -Tim

  Thank you for the suggestion, I'm not sure how I missed this patch.
  I'd like to avoid having to compile nginx from source. I suppose I should probably open a bug report on the project to allow this to be a core feature.
  Cheers!
  -Tim

• What version of SQL Server support ssl connection with TLS. 1.2 (SHA-256 HASH)

  Hi,
  I just want to know,
  What version of SQL Server support ssl connection with TLS. 1.2 (SHA-256 HASH).
  if support already,
  how can i setting.
  plz.  help me!!! 

  The following blog states that SQL Server "leverages the SChannel layer (the SSL/TLS layer provided
  by Windows) for facilitating encryption.  Furthermore, SQL Server will completely rely upon SChannel to determine the best encryption cipher suite to use." meaning that the version of SQL Server you are running has no bearing on which
  encryption method is used to encrypt connections between SQL Server and clients.
  http://blogs.msdn.com/b/sql_protocols/archive/2007/06/30/ssl-cipher-suites-used-with-sql-server.aspx
  So the question then becomes which versions of Windows Server support TLS 1.2.  The following article indicates that Windows Server 2008 R2 and beyond support TLS 1.2.
  http://blogs.msdn.com/b/kaushal/archive/2011/10/02/support-for-ssl-tls-protocols-on-windows.aspx
  So if you are running SQL Server on Windows Server 2008 R2 or later you should be able to enable TLS 1.2 and install a TLS 1.2 certificate.  By following the instructions in the following article you should then be able to enable TLS 1.2 encryption
  for connections between SQL Server and your clients:
  http://support.microsoft.com/kb/316898
  I hope that helps.

• ERROR http: 5: Unable to initialize ssl connection with server, aborting co

  HI EXPERTS,
  one of my database give me below error when i start its dbconsole. and after failure it give me meassge
  TZ set to Asia/Karachi
  Oracle Enterprise Manager 10g Database Control Release 10.2.0.4.0
  Copyright (c) 1996, 2007 Oracle Corporation. All rights reserved.
  https://test:5500/em/console/aboutApplication
  Starting Oracle Enterprise Manager 10g Database Control ..............................................................
  ........ failed.
  Logs are generated in directory /u01/oracle/product/10.2/cnichol_cpuplt/sysman/log
  and in trace file name "emdctl.trc" below error is logged.
  ERROR http: 5: Unable to initialize ssl connection with server, aborting connection attempt
  ERROR ssl: nzos_Handshake failed, ret=29024
  and trace file named "emagent.trc" give below error
  2010-10-04 19:12:25 Thread-88238992 ERROR http: 11: Unable to initialize ssl connection with server, aborting connection attempt
  2010-10-04 19:12:25 Thread-88238992 ERROR pingManager: nmepm_pingReposURL: Cannot connect to https://test:5500/em/upload/: retStatus=-1
  2010-10-04 19:12:38 Thread-88238992 ERROR upload: Error in uploadXMLFiles. Trying again in 300.00 seconds.
  dbconosle URL is
  https://test:5500/em/console/aboutApplication
  Operating system is Redhat linux AS 5.3
  what is the possible cause of this failure any one can guide me.
  thanx in Advance
  regards,
  Edited by: AMIABU on Oct 4, 2010 7:28 AM

  oracle@bcm-laptop:~$ emctl
  Oracle Enterprise Manager 11g Database Control Release 11.2.0.1.0
  Copyright (c) 1996, 2009 Oracle Corporation.  All rights reserved.
     Oracle Enterprise Manager 10g Database Control commands:
          emctl start | stop dbconsole
          emctl status | secure | setpasswd dbconsole
          emctl config dbconsole -heap_size <size_value> -max_perm_size <size_value>
         emctl status agent
         emctl status agent -secure [-omsurl <http://<oms-hostname>:<oms-unsecure-port>/em/*>]
         emctl getversion
         emctl reload | upload | clearstate | getversion agent
         emctl reload agent dynamicproperties [<Target_name>:<Target_Type>]....
         emctl config agent <options>
         emctl config agent updateTZ
         emctl config agent getTZ
         emctl resetTZ agent
         emctl config agent credentials [<Target_name>[:<Target_Type>]]
         emctl gensudoprops
         emctl clearsudoprops
  Blackout Usage :
         emctl start blackout <Blackoutname> [-nodeLevel] [<Target_name>[:<Target_Type>]].... [-d <Duration>]
         emctl stop blackout <Blackoutname>
         emctl status blackout [<Target_name>[:<Target_Type>]]....
  The following are valid options for blackouts
  <Target_name:Target_type> defaults to local node target if not specified.
  If -nodeLevel is specified after <Blackoutname>,the blackout will be applied to all targets and any target list that follows will be ignored.
  Duration is specified in [days] hh:mm
          emctl getemhome
          emctl ilint
  Em Key Commands Usage :
  emctl config emkey -emkeyfile <emkey.ora path> [-force] [-sysman_pwd <sysman password>]
  emctl config emkey -emkey [-emkeyfile <emkey.ora path>] [-force] [-sysman_pwd <sysman password>]
  emctl config emkey -repos [-emkeyfile <emkey.ora path>] [-force] [-sysman_pwd <sysman password>]
  emctl config emkey -remove_from_repos [-sysman_pwd <sysman password>]
  emctl config emkey -copy_to_repos [-sysman_pwd <sysman password>]
  emctl status emkey [-sysman_pwd <sysman password>]
  Secure DBConsole Usage :
  emctl secure dbconsole -sysman_pwd <sysman password> [-passwd_file <abs file loc>]
       [-host <slb hostname>] [-sid <service name>] [-reset] [-secure_port <secure_port>]
       [-root_dc <root_dc>] [-root_country <root_country>] [-root_state <root_state>] [-root_loc <root_loc>]
       [-root_org <root_org>] [-root_unit <root_unit>] [-root_email <root_email>]
       [-wallet <wallet loc>] [-wallet_pwd <wallet pwd>] [-trust_certs_loc <certs loc>]
  emctl secure status dbconsole
  Register Targettype Usage :
  emctl register oms targettype [-o <Output filename>] <XML filename> <rep user> <rep passwd> <rep host> <rep port> <rep sid> OR
  emctl register oms targettype [-o <Output filename>] <XML filename> <rep user> <rep passwd> <rep connect descriptor>

• Generate SSL cert with stronger signature algorithm such as RSA-SHA 1 or SHA 2 from Certificate Authority Version: 5.2.3790.3959

  We have a Certificate Authority (Version: 5.2.3790.3959) configured on  Windows 2003 R2 server in our environment. How do i generated SSL cert with stronger signature algorithm such as with SHA1 or SHA2
  Currently i am only able to generate SSL cert with md5RSA.

  Hi,
  Since you are using Windows Server 2003 R2 as CA, the hash algorithm cannot be changed, while in Windows 2008 and 2008 R2, changing the hash algorithm is possible.
  Therefore, you need to build a new CA to use a new algorithm.
  More information for you:
  Is it possible to change the hash algorithm when I renew the Root CA
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/91572fee-b455-4495-a298-43f30792357e/is-it-possible-to-change-the-hash-algorithm-when-i-renew-the-root-ca?forum=winserversecurity
  Changing public key algorithm of a CA certificate
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/0fd19577-4b21-4bda-8f56-935e4d360171/changing-public-key-algorithm-of-a-ca-certificate?forum=winserversecurity
  modify CA configuration after Migration
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/0d5bcb76-3a04-4bcf-b317-cc65516e984c/modify-ca-configuration-after-migration?forum=winserversecurity
  Best Regards,
  Amy Wang

• Help Please with HttpURLConnection

  We�re having an issue with HttpURLConnection when executing from a servlet, initially reached through a Proxy server. A little background of our environment and overall processing taking place:
  We have a typical multi-tier extranet architecture with firewalls between our Web, App and Data layers. The application (Websphere) experiencing this issue; 1) is first invoked by an https request that�s passed back to the app layer, 2) this initial servlet then opens a URLConnection to tunnel back through a Proxy server (sitting between Web and App layers) and passes a subsequent request to another Websphere servlet, 3) from this second servlet a new HttpURLConnection is opened and attempts to issue a request to a servlet running under Tomcat (directly accessible from the Application-Tier layer).
  It�s been determined the HttpURLConnection is not connecting directly to Tomcat, but instead going back through the Proxy server (opened earlier) to the Web-Tier layer, where our Tomcat server can�t be reached. We�ve had no problems executing the HttpURLConnection and sending requests directly to Tomcat server, from servlets where the Proxy server is bypassed. We�ve looked at the attributes and methods for HttpURLconnection and haven�t come across anything to override the OutputStream that�s pointing back to the initial Proxy connection.
  Following are code snippets from both initial URLconnection (Proxy) and subsequent HttpURLConnection (Tomcat):
  Proxy
  Properties systemSettings = System.getProperties();
  systemSettings.put("proxySet", "true");
  systemSettings.put("proxyHost", "myProxyServer.com");
  systemSettings.put("proxyPort", "8080");
  System.setProperties(systemSettings);
  URL url=new URL("http://someserver/somepage");
  URLConnection uc = url.openConnection ();
  Tomcat
  requestData.put("Fld1", var_1);
  requestData.put("Fld2", var_2);
  requestData.put("Fld3", var_3);
  requestData.put("Fld4", var_4);
  //Encode the POST data in application /x-www-form-urlencoded format
  byte[] postData = encodeFormData(requestData);
  HttpURLConnection connection = (HttpURLConnection) (new URL(var_URL).openConnection());
  connection.setRequestMethod("POST");
  connection.setDefaultUseCaches(false);
  connection.setDoInput(true);
  connection.setDoOutput(true);
  connection.setInstanceFollowRedirects(false);
  connection.getOutputStream().write(postData);

  If you are using JDK 1.5 or 1.6:
  http://java.sun.com/j2se/1.5.0/docs/api/java/net/URLConnection.html#setReadTimeout(int)

• Help With HttpURLConnection and PHP

  I can connect to a site with HttpURLConnection but i need to access a link FROM that site.
  Ex: www.hangman/index.php
  I need to get a link like www.hangman/index.php?letter=a
  It will only display the letter if you go from www.hangman/index.php and click on the letter. But how do i do that with HttpURLConnection.
  I think you have to use the POST , but it doesnt work.
  Thanks.

  That's probably because the site uses cookies to maintain a session.
  The cookie's name is PHPSESSID, so I'm guessing this is a standard PHP session maintenance system (I haven't worked with PHP much...).
  So if you want to create a java app that will play hangman from that site, it looks like you'll have to handle cookies to keep the session active between accesses. So you'll grab the cookie from the response headers in the first connection, and then send it to the server in the request headers in subsequent connections. The cookie may remain the same throughout the session, or it may change on each connection; I don't know.
  I did a quick google and found this:
  http://jcookie.sourceforge.net/
  I haven't used it myself, but it looks useful. Unless you're doing this as a learning exercise, it's probably easier to use this than to wrote your own cookie code.

• SSL communication with IBM Tivoli 5.2

  Hi,
  I have downloaded the free version of the IBM Tivoli 5.22 directory server. Its installed great and I can connect and query the sample data using port 389.
  I am working on enabling SSL communication with the same.
  I referred to
  http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/index.jsp?topic=/com.ibm.itame.doc/am60_install33.html
  Followed the steps provided to enable SSL communication, it gave me errors saying that the password for the key database file was incorrect.
  Has anyone try to connect to the IBM Tivoli Directory server via SSL, is there a way to do it in the same way as we set up ssl with Active Directory.
  Any help in this regard would be great,
  Regards
  Zoharat

  Hey ,
  I got SSL enalbed on the Tivoli server. I follwed the instructions availabe on the IBM site to set up the GSKIT and create the key database , the certificates and also the setting up the server to use them. I used self signed certificates.
  For setting up the server I used the command line utilities.
  The ldapsearch command always failed it kept saying bad password. So I took the certificate file that created added it to the cacerts of the java client and then communicated with the server on port 636.
  It worked great.
  Regards
  Zoharat

• New SSL certificate with 2048 bit shows error: (Fehlercode: sec_error_unknown_issuer)

  installed a new SSL certificate with 2048 bit encryption (as is now required by issuer of certificate). Everything is OK with IE, FF shows error: (Fehlercode: sec_error_unknown_issuer)
  == URL of affected sites ==
  https://www.dongil.at/

  I have also tried all the solutions mentioned - but no luck.
  I wrote to Geotrust support and the pointed out that I needed the intermediate certificate and provided me with this url:
  https://knowledge.geotrust.com/support/knowledge-base/index?page=content&id=AR1422
  Please note, this intermediate certificate was *not* the same is linked to above - seems like there are 2 different intermediate certificates, depending on what type of certificate you got from Geotrust.
  Just to recap - if you got yourself a "QuickSSL, QuickSSL Premium or SSL Trial"-certificate (like me) then use this intermediate:
  https://knowledge.geotrust.com/support/knowledge-base/index?page=content&id=AR1422
  If you got a "True BusinessID or Enterprise SSL"-certificate, you should use this:
  https://knowledge.geotrust.com/support/knowledge-base/index?page=content&id=AR1423
  - Lasse

• Using secure tranport for making ssl connection with server using iPhone

  HI all,
  I need to estabilish a secured connection using tcp with sslv3 to the server. I tried using
  [inputStream setProperty:NSStreamSocketSecurityLevelKey forKey:NSStreamSocketSecurityLevelSSLv3];
  [outputStream setProperty:NSStreamSocketSecurityLevelKey forKey:NSStreamSocketSecurityLevelSSLv3];
  I have explained the problem in detail in the following link
  http://www.iphonedevsdk.com/forum/iphone-sdk-development/25721-creating-ssl-conn ection-using-sockets.html
  But it makes only a tcp connection wth the server and the server sends the "Connection Reset by peer " error.
  So I have planned to use Secure Tranport. But i didnt find a suitable sample code in the internet. I found a sample in apple 's docs. But thats too confusing. Any sample code available for making tcp with ssl connection with the server ????
  Regards,
  Mohammed Sadiq.

  You must select if you use certificates for the SSL.
  If you are not, here is an example
  // server is the ip address for the server and hostport the port to use
  CFReadStreamRef readStream = NULL;
  CFWriteStreamRef writeStream = NULL;
  CFStreamCreatePairWithSocketToHost(kCFAllocatorDefault, (CFStringRef ) server, hostport, &readStream, &writeStream);
  if (readStream && writeStream) {
  CFReadStreamSetProperty(readStream, kCFStreamPropertyShouldCloseNativeSocket , kCFBooleanTrue);
  CFWriteStreamSetProperty(writeStream, kCFStreamPropertyShouldCloseNativeSocket, kCFBooleanTrue);
  iStream = (NSInputStream *)readStream;
  [iStream retain];
  [iStream setDelegate:self];
  oStream = (NSOutputStream *)writeStream;
  [oStream retain];
  [oStream setDelegate:self];
  if (Iwill_use_ssltoday == true)
  int res1 = [iStream setProperty:NSStreamSocketSecurityLevelNegotiatedSSL forKey:NSStreamSocketSecurityLevelKey];
  int res2 = [oStream setProperty:NSStreamSocketSecurityLevelNegotiatedSSL forKey:NSStreamSocketSecurityLevelKey];
  NSLog(@"SEC TEST %d %d",res1,res2);
  NSDictionary *settings = [[NSDictionary alloc] initWithObjectsAndKeys:
  [NSNumber numberWithBool:YES], kCFStreamSSLAllowsExpiredCertificates,
  [NSNumber numberWithBool:YES], kCFStreamSSLAllowsAnyRoot,
  [NSNumber numberWithBool:NO], kCFStreamSSLValidatesCertificateChain,
  kCFNull,kCFStreamSSLPeerName,
  // kCFStreamSocketSecurityLevelTLSv1, kCFStreamSSLLevel,
  nil];
  CFReadStreamSetProperty((CFReadStreamRef)iStream, kCFStreamPropertySSLSettings, (CFTypeRef)settings);
  CFWriteStreamSetProperty((CFWriteStreamRef)oStream, kCFStreamPropertySSLSettings, (CFTypeRef)settings);
  [iStream scheduleInRunLoop:[NSRunLoop currentRunLoop] forMode:NSDefaultRunLoopMode];
  [iStream open];
  [oStream scheduleInRunLoop:[NSRunLoop currentRunLoop] forMode:NSDefaultRunLoopMode];
  [oStream open];
  if (readStream)
  CFRelease(readStream);
  if (writeStream)
  CFRelease(writeStream);