SSL-Tunneling Problem with Stronghold

Similar Messages

• SSL Cert problem with smtp

  If I use a self signed cert and name it default the smtp mail service works.
  If I try to use the cert I got from the CA, the imap service works with the cert, however the smtp service does not.
  This is most odd

  You don't need to buy a new one.
  See here for more info:
  http://discussions.apple.com/thread.jspa?messageID=6251145&#6251145

• SSL Certificate problem with WL 5.1

  "We are still using WLServer 5.1 SP12
  I just installed a new certificate (request generated with WL, signed by our 'local' CA)
  I always get the following message:
  Do Okt 10 15:17:25 CEST 2002:<I> <WebLogicServer> Loaded License : /apps/weblogic/license/WebLogicLicense.xml
  Do Okt 10 15:17:25 CEST 2002:<I> <WebLogicServer> Server loading from weblogic.class.path. EJB redeployment enabled.
  java.lang.StringIndexOutOfBoundsException: String index out of range: 15
  at java.lang.String.charAt(String.java:506)
  at weblogic.security.ASN1.ASN1Utils.parseDateInt(ASN1Utils.java:300)
  at weblogic.security.ASN1.ASN1Utils.inputASN1Date(ASN1Utils.java:292)
  at weblogic.security.X509.input(X509.java:118)
  at weblogic.security.X509.initialize(X509.java:64)
  at weblogic.security.Certificate.<init>(Certificate.java:54)
  at weblogic.security.X509.<init>(X509.java:44)
  at weblogic.t3.srvr.SSLListenThread.insertIntoCAChain(SSLListenThread.java:207)
  at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:318)
  at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:238)
  at weblogic.t3.srvr.T3Srvr.start(T3Srvr.java:1245)
  at weblogic.t3.srvr.T3Srvr.main(T3Srvr.java:879)

  hi
  Did you solved it?
  If it is may i know how you solved it
  thanks

• Big problem with security on px4-300R

  hello!recently we have bought px4-300R f/w 4.0.8.23976BIOSX4 FSBFV102
  i have a few questions:
  1) how can i disable IPTABLES? (we use cisco vpn tunnel and we don't see a device in tunnel - problem with ICMP_REDIRECT)
  2) we need to use a routing table. after reboot i see that routing table is empty..
  i add routes the following way
  route add -net 192.168.99.0 gw 192.168.99.19 netmask 255.255.255.0
  3) i create a script file in /var/prtg/scripts to monitor raid status of devices - after reboot its also empty. there're no files and directories, that i have  recently created
  *sorry for english
  **i understand that work under ssh is unsafe, but px4-300r is enterprise server and we need to resolve this problems

  Hi mistralalko,
  Enabling SSH can void you warranty. If you modify your device with SSH and the device is impaired or damaged as a result of your modification, the warranty will not cover such damages.
  We don't provide support for SSH as it can void your warranty and is intended for technical support or advanced users.
  If you need help with something specific, you can call in to our technical support directly to see if a higher level technician can help you.
  Have questions and need answers?
  Search the database for answers to FAQ's, software/driver downloads, tutorials, news, features and more!
  LenovoEMC Support & Downloads
  LenovoEMC North America Support Contact Page

• Tunneling and problem with unknown host exception

  hello! i've got a problem with https. i use jdk 1.5.0, jboss-4.0.4.ga-patch1, soap.
  and i'm going crasy.. i've testet my client code at our network and it works fine. but if i want to get jobs from the server of our customer, my client throw an "unknown host exception: firm".
  i wonder why it hasn't the full host. the url may look like this: https://firm.sub.com:443/ and while the client connects to the server, i depugged it and the host is correct: firm.sub.
  but after the connection, when the client want to get something from the server (when it wants to communicate with the server over soap) it crashs.
  my client code looks like this:
  private ClientInterfaceEndpoint getClientInterface() throws ServiceException {
  QName serviceQName = new QName(DOCSERVER_NAMESPACE, CLIENT_INTERFACE_SERVICENAME);
  URL wsdlUrl = getClientInterfaceWsdlUrl();
  log.info("*******WSDLURL host: " + wsdlUrl.getHost()); // out: firm.sub
  log.info("*******WSDLURL port: " + wsdlUrl.getPort()); // out: 443
  URL mapping = getClass().getClassLoader().getResource("META-INF/DocumentServer_Mapping.xml");
  log.info("*******MappingURL path: " + mapping.getPath());
  if (wsdlUrl.toString().toLowerCase().contains("https")) {
  if (null == getConfig().getTruststore() || getConfig().getTruststore().equalsIgnoreCase("")) {
  throw new RuntimeException("No or incorrect TruststorePath in the docclient-config");
  File tmp = new File(getConfig().getTruststore());
  if (!tmp.isFile() || !tmp.canRead()) {
  throw new RuntimeException("The truststore at the 'TruststorePath' isn't a file or can't be read.");
  System.setProperty(SYS_PROPERTY_KEY_TRUST, getConfig().getTruststore());
  System.setProperty(SYS_PROPERTY_KEY_TRUST_PW, config.getTruststorePass());
  ServiceFactoryImpl factory = null;
  factory = (ServiceFactoryImpl) ServiceFactory.newInstance();
  Service clientInterfaceService = null;
  try {// create the service for the ClientInterface
  clientInterfaceService = factory.createService(wsdlUrl, serviceQName, mapping, new URL(config.getServerURL())); //, new URL(config.getServerURL())
  log.info("*******ClientInterFaceService WSDL URL Host: " + clientInterfaceService.getWSDLDocumentLocation().getHost()); // out:firm.sub
  log.info("*******ClientInterFaceService WSDL URL Port: " + clientInterfaceService.getWSDLDocumentLocation().getPort()); // out: 443
  } catch (ServiceException e) {
  log.error(e.getMessage());
  throw new RuntimeException(e.getMessage());
  } catch (MalformedURLException e) {
  log.error(e.getMessage());
  throw new RuntimeException(e.getMessage());
  } catch (Exception e) {
  log.error(e.getMessage());
  throw new RuntimeException(e.getMessage());
  }// getting the ClientInterfaceEndpoint
  ClientInterfaceEndpoint clientInterface = (ClientInterfaceEndpoint) clientInterfaceService.getPort(ClientInterfaceEndpoint.class);
  return clientInterface;
  protected URL getClientInterfaceWsdlUrl() {
  URL url = null;
  String urlString = getConfig().getServerURL() + CLIENT_INTERFACE_URI + "?wsdl";
  Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
  Properties properties = System.getProperties();
  String handlers = System.getProperty(SYS_PROPERTY_KEY_PKGS);
  if (handlers == null) {
  properties.put(SYS_PROPERTY_KEY_PKGS, SYS_PROPERTY_VALUE_PKGS);
  else {
  properties.put(SYS_PROPERTY_KEY_PKGS, SYS_PROPERTY_VALUE_PKGS.concat("|").concat(handlers));
  try {
  url = new URL(urlString);
  log.info("*******URL host: " + url.getHost());
  log.info("*******URL port: " + url.getPort());
  log.info("*******URL path: " + url.getPath());
  } catch (MalformedURLException e) {
  log.fatal("DocumentProvider SOAP configured incorrectly. DocServer URL malformed: " + urlString);
  throw new RuntimeException("DocumentProvider SOAP configured incorrectly. DocServer URL malformed: " + urlString, e);
  System.setProperties(properties);
  return url;
  }if it's usefull: the customer use a apache server (not tomcat) where a the server is and the client at another system the jboss.
  The customer told me: if i want to connect the client via http i have to tunnel.. maybe i have to tunnel using https too?
  have i to generate the endpoint classes a second time, extra for https?
  or doesn't soap like host like "firm.sub"?
  can anyone help me please?!
  sorry, my english isn't very well...

  sorry, it's not the same error. The output is: Unable to connect to any host due to exception: java.net.socket.exception: java.net.socket.exception: Unregcognized windows socket error: 10106: create.

• Problem with SSL Activated on SSO Login

  Hi Guys,
  One of my applications has recently hit a few problems when SSL was activated on several environments. My application requires you to login using a SSO username and password before you can use the application. Before SSL was implemented, when you pressed the main menu button the page would redirect to the login server and the SSO login would remember your details and log you in again and then take you to the 1st page with a new session id. However, with SSL implemented, when the main menu button is pressed it redirects you to the login server but this time it asks you to enter your username and password. This is a problem as every time authentication is required on my application, it will keep telling you to login even if you have already done so before.
  For extra information, the main menu button (which is a navigation bar entry) redirects you to a piece of javascript which is used to take you back to the 1st page depending on what page you are on.
  I am also using the latest version of APEX.
  Any help is much appreciated as I am not sure where to go with this problem.
  Also is it a problem with the SSL setup or my application?
  Thanks
  -Mark

  I have tried to pass the cookie through the URL to the login server but this does nothing.I can't imagine what you mean by that or what exactly you did.
  it just takes me to the login page and resets the session id after i have logged in again!What do you mean by "reset"?
  How can I make cookies be accepted by SSL?Have you constructed an experiment to prove that this is the problem?
  Is there something i can put in the application itself?Definitely not.
  Scott

• I am having email problems with the new Lion.  stmp, imap, etc. I have looked up google info and It is confusing when it comes to TS, SSL also, please explain how to set it up so my email goes out and comes in securely.  Help

  I am having email problems with the new Mountain Lion.  stmp, imap, etc. I have looked up google info and It is confusing when it comes to TS, SSL also, please explain how to set it up so my email goes out and comes in securely.  Help
  Incoming Mail (IMAP) Server - requires SSL:
  imap.gmail.com
  Use SSL: Yes
  Port: 993
  Outgoing Mail (SMTP) Server - requires TLS:
  smtp.gmail.com (use authentication)
  Use Authentication: Yes
  Use STARTTLS: Yes (some clients call this SSL)
  Port: 465 or 587
  Account Name:
  your full email address (including @gmail.com) Google Apps users, please enter username@your_domain.com
  Email Address:
  your full Gmail email address ([email protected]) Google Apps users, please enter username@your_domain.com
  Password:
  your Gmail password
  The Quick Answer
  Follow the instructions below to set up IMAP1 access in most email clients.
  Google Apps users, please follow the default instructions unless otherwise noted, replacing 'your_domain.com' with your actual domain2 name.
  this is all greek to me. WHAT IS STARTTLS? On the first page of Apple set up there is a TLS certificate and it is marked NONE- should I change it to the long APPLE CERT option?  The next page under ADVANCED: THERE IS A BOX SSL MARKED.  Then IMAP Path Prefix - I put stmp.gmail.com.. is that right?  Port 993 can  use this one? as 456 doesn't work and 587 said it wasn't safe.  Under AUTHENTICATION I used PASSWORD.  Should I have used external client cert TLS?
  Please help me set this up securely. Thanks

  Apple - Support - Mail Setup Assistant

• Problem with SSL weblogic plug in and Apache

  We're using mod_wl_22.so with Apache, and after some problems with the mod failing on startup it is now working. We can access the weblogic SSL page fine directly on port 16101 with no warning, when we try via the proxy we get a failure of server Apache bride --------------------------------------------------------------------------------
  No backend server available for connection: timed out after 10 seconds or idempotent set to OFF. And in the wl_proxy.log there is a message that I think relates to the trustedcertfile in our http.conf file. We have a root certificate in pem format as the trustedcertfile.
  ================New Request: [GET /irm_desktop HTTP/1.1] =================
  Thu Jan 27 21:52:15 2011 <258812961651354> INFO: SSL is configured
  Thu Jan 27 21:52:15 2011 <258812961651354> INFO: SSL configured successfully
  Thu Jan 27 21:52:15 2011 <258812961651354> Using Uri /irm_desktop
  Thu Jan 27 21:52:15 2011 <258812961651354> After trimming path: '/irm_desktop'
  Thu Jan 27 21:52:15 2011 <258812961651354> The final request string is '/irm_desktop'
  Thu Jan 27 21:52:15 2011 <258812961651354> SEARCHING id=[sealedinfo-prod:16101] from current ID=[sealedinfo-prod:16101]
  Thu Jan 27 21:52:15 2011 <258812961651354> The two ids matched
  Thu Jan 27 21:52:15 2011 <258812961651354> @@@FOUND...id=[sealedinfo-prod:16101], server_name=[uat.sealedinfo.com], server_port=[443]
  Thu Jan 27 21:52:15 2011 <258812961651354> attempt #0 out of a max of 5
  Thu Jan 27 21:52:15 2011 <258812961651354> Trying a pooled connection for '10.10.10.10/16101/16101'
  Thu Jan 27 21:52:15 2011 <258812961651354> getPooledConn: No more connections in the pool for Host[10.10.10.10] Port[16101] SecurePort[16101]
  Thu Jan 27 21:52:15 2011 <258812961651354> general list: trying connect to '10.10.10.10'/16101/16101 at line 2658 for '/irm_desktop'
  Thu Jan 27 21:52:15 2011 <258812961651354> New SSL URL: match = 0 oid = 22
  Thu Jan 27 21:52:15 2011 <258812961651354> Connect returns -1, and error no set to 10035, msg 'Unknown error'
  Thu Jan 27 21:52:15 2011 <258812961651354> EINPROGRESS in connect() - selecting
  Thu Jan 27 21:52:15 2011 <258812961651354> Setting peerID for new SSL connection
  Thu Jan 27 21:52:15 2011 <258812961651354> 0a0a 0a0a e53e 0000 .....>..
  Thu Jan 27 21:52:15 2011 <258812961651354> Local Port of the socket is 63867
  Thu Jan 27 21:52:15 2011 <258812961651354> Remote Host 10.10.10.10 Remote Port 16101
  Thu Jan 27 21:52:15 2011 <258812961651354> general list: created a new connection to '10.10.10.10'/16101 for '/irm_desktop', Local port:63867
  Thu Jan 27 21:52:15 2011 <258812961648171> WARN: GetSessionCallback: No session match found
  Thu Jan 27 21:52:16 2011 <258812961651354> INFO: SSL certificate chain validation failed: 3015
  Thu Jan 27 21:52:16 2011 <258812961651354> trusted certs = 0
  Thu Jan 27 21:52:16 2011 <258812961651354> dumping cert chain
  Thu Jan 27 21:52:16 2011 <258812961651354> commonName is uat.sealedinfo.com
  Thu Jan 27 21:52:16 2011 <258812961648171> WARN: DeleteSessionCallback: No match found!!
  Thu Jan 27 21:52:16 2011 <258812961651354> ERROR: SSLWrite failed
  Thu Jan 27 21:52:16 2011 <258812961651354> SEND failed (ret=-1) at 793 of file ../nsapi/URL.cpp
  Thu Jan 27 21:52:16 2011 <258812961651354> *******Exception type [WRITE_ERROR_TO_SERVER] raised at line 794 of ../nsapi/URL.cpp
  Thu Jan 27 21:52:16 2011 <258812961651354> Marking 10.10.10.10:16101 as bad
  Thu Jan 27 21:52:16 2011 <258812961651354> got exception in sendRequest phase: WRITE_ERROR_TO_SERVER [os error=0,  line 794 of ../nsapi/URL.cpp]: at line 3094
  Thu Jan 27 21:52:16 2011 <258812961651354> INFO: Closing SSL context
  Thu Jan 27 21:52:16 2011 <258812961651354> INFO: Error after SSLClose, socket may already have been closed by peer
  Thu Jan 27 21:52:16 2011 <258812961651354> Failing over after WRITE_ERROR_TO_SERVER exception in sendRequest()
  Thu Jan 27 21:52:16 2011 <258812961651354> attempt #1 out of a max of 5
  Thu Jan 27 21:52:16 2011 <258812961651354> general list: trying connect to '10.10.10.10'/16101/16101 at line 2658 for '/irm_desktop'
  Thu Jan 27 21:52:16 2011 <258812961651354> New SSL URL: match = 0 oid = 22
  Thu Jan 27 21:52:16 2011 <258812961651354> Connect returns -1, and error no set to 10035, msg 'Unknown error'
  Thu Jan 27 21:52:16 2011 <258812961651354> EINPROGRESS in connect() - selecting
  Thu Jan 27 21:52:16 2011 <258812961651354> Setting peerID for new SSL connection
  Thu Jan 27 21:52:16 2011 <258812961651354> 0a0a 0a0a e53e 0000 .....>..
  Thu Jan 27 21:52:16 2011 <258812961651354> Local Port of the socket is 63868
  Thu Jan 27 21:52:16 2011 <258812961651354> Remote Host 10.10.10.10 Remote Port 16101
  Thu Jan 27 21:52:16 2011 <258812961651354> general list: created a new connection to '10.10.10.10'/16101 for '/irm_desktop', Local port:63868
  Thu Jan 27 21:52:16 2011 <258812961648171> WARN: GetSessionCallback: No session match found
  Thu Jan 27 21:52:16 2011 <258812961651354> INFO: SSL certificate chain validation failed: 3015
  Thu Jan 27 21:52:16 2011 <258812961651354> trusted certs = 0
  Thu Jan 27 21:52:16 2011 <258812961651354> dumping cert chain
  Thu Jan 27 21:52:16 2011 <258812961651354> commonName is uat.sealedinfo.com
  Thu Jan 27 21:52:16 2011 <258812961648171> WARN: DeleteSessionCallback: No match found!!
  Thu Jan 27 21:52:16 2011 <258812961651354> ERROR: SSLWrite failed
  Thu Jan 27 21:52:16 2011 <258812961651354> SEND failed (ret=-1) at 793 of file ../nsapi/URL.cpp
  Thu Jan 27 21:52:16 2011 <258812961651354> *******Exception type [WRITE_ERROR_TO_SERVER] raised at line 794 of ../nsapi/URL.cpp
  Thu Jan 27 21:52:16 2011 <258812961651354> Marking 10.10.10.10:16101 as bad
  Thu Jan 27 21:52:16 2011 <258812961651354> got exception in sendRequest phase: WRITE_ERROR_TO_SERVER [os error=0,  line 794 of ../nsapi/URL.cpp]: at line 3094
  Thu Jan 27 21:52:16 2011 <258812961651354> INFO: Closing SSL context
  Thu Jan 27 21:52:16 2011 <258812961651354> INFO: Error after SSLClose, socket may already have been closed by peer
  Thu Jan 27 21:52:16 2011 <258812961651354> Failing over after WRITE_ERROR_TO_SERVER exception in sendRequest()
  Thu Jan 27 21:52:16 2011 <258812961651354> attempt #2 out of a max of 5
  Thu Jan 27 21:52:16 2011 <258812961651354> general list: trying connect to '10.10.10.10'/16101/16101 at line 2658 for '/irm_desktop'
  Thu Jan 27 21:52:16 2011 <258812961651354> New SSL URL: match = 0 oid = 22
  Thu Jan 27 21:52:16 2011 <258812961651354> Connect returns -1, and error no set to 10035, msg 'Unknown error'
  Thu Jan 27 21:52:16 2011 <258812961651354> EINPROGRESS in connect() - selecting
  Thu Jan 27 21:52:16 2011 <258812961651354> Setting peerID for new SSL connection
  Thu Jan 27 21:52:16 2011 <258812961651354> 0a0a 0a0a e53e 0000 .....>..
  Thu Jan 27 21:52:16 2011 <258812961651354> Local Port of the socket is 63869
  Thu Jan 27 21:52:16 2011 <258812961651354> Remote Host 10.10.10.10 Remote Port 16101
  Thu Jan 27 21:52:16 2011 <258812961651354> general list: created a new connection to '10.10.10.10'/16101 for '/irm_desktop', Local port:63869
  Thu Jan 27 21:52:16 2011 <258812961648171> WARN: GetSessionCallback: No session match found
  Thu Jan 27 21:52:16 2011 <258812961651354> INFO: SSL certificate chain validation failed: 3015
  Thu Jan 27 21:52:16 2011 <258812961651354> trusted certs = 0
  Thu Jan 27 21:52:16 2011 <258812961651354> dumping cert chain
  Thu Jan 27 21:52:16 2011 <258812961651354> commonName is uat.sealedinfo.com
  Thu Jan 27 21:52:16 2011 <258812961648171> WARN: DeleteSessionCallback: No match found!!
  Thu Jan 27 21:52:16 2011 <258812961651354> ERROR: SSLWrite failed
  Thu Jan 27 21:52:16 2011 <258812961651354> SEND failed (ret=-1) at 793 of file ../nsapi/URL.cpp
  Thu Jan 27 21:52:16 2011 <258812961651354> *******Exception type [WRITE_ERROR_TO_SERVER] raised at line 794 of ../nsapi/URL.cpp
  Thu Jan 27 21:52:16 2011 <258812961651354> Marking 10.10.10.10:16101 as bad
  Thu Jan 27 21:52:16 2011 <258812961651354> got exception in sendRequest phase: WRITE_ERROR_TO_SERVER [os error=0,  line 794 of ../nsapi/URL.cpp]: at line 3094
  Thu Jan 27 21:52:16 2011 <258812961651354> INFO: Closing SSL context
  Thu Jan 27 21:52:16 2011 <258812961651354> INFO: Error after SSLClose, socket may already have been closed by peer
  Thu Jan 27 21:52:16 2011 <258812961651354> Failing over after WRITE_ERROR_TO_SERVER exception in sendRequest()
  Thu Jan 27 21:52:16 2011 <258812961651354> attempt #3 out of a max of 5
  Thu Jan 27 21:52:16 2011 <258812961651354> general list: trying connect to '10.10.10.10'/16101/16101 at line 2658 for '/irm_desktop'
  Thu Jan 27 21:52:16 2011 <258812961651354> New SSL URL: match = 0 oid = 22
  Thu Jan 27 21:52:16 2011 <258812961651354> Connect returns -1, and error no set to 10035, msg 'Unknown error'
  Thu Jan 27 21:52:16 2011 <258812961651354> EINPROGRESS in connect() - selecting
  Thu Jan 27 21:52:16 2011 <258812961651354> Setting peerID for new SSL connection
  Thu Jan 27 21:52:16 2011 <258812961651354> 0a0a 0a0a e53e 0000 .....>..
  Thu Jan 27 21:52:16 2011 <258812961651354> Local Port of the socket is 63870
  Thu Jan 27 21:52:16 2011 <258812961651354> Remote Host 10.10.10.10 Remote Port 16101
  Thu Jan 27 21:52:16 2011 <258812961651354> general list: created a new connection to '10.10.10.10'/16101 for '/irm_desktop', Local port:63870
  Thu Jan 27 21:52:16 2011 <258812961648171> WARN: GetSessionCallback: No session match found
  Thu Jan 27 21:52:16 2011 <258812961651354> INFO: SSL certificate chain validation failed: 3015
  Thu Jan 27 21:52:16 2011 <258812961651354> trusted certs = 0
  Thu Jan 27 21:52:16 2011 <258812961651354> dumping cert chain
  Thu Jan 27 21:52:16 2011 <258812961651354> commonName is uat.sealedinfo.com
  Thu Jan 27 21:52:16 2011 <258812961648171> WARN: DeleteSessionCallback: No match found!!
  Thu Jan 27 21:52:16 2011 <258812961651354> ERROR: SSLWrite failed
  Thu Jan 27 21:52:16 2011 <258812961651354> SEND failed (ret=-1) at 793 of file ../nsapi/URL.cpp
  Thu Jan 27 21:52:16 2011 <258812961651354> *******Exception type [WRITE_ERROR_TO_SERVER] raised at line 794 of ../nsapi/URL.cpp
  Thu Jan 27 21:52:16 2011 <258812961651354> Marking 10.10.10.10:16101 as bad
  Thu Jan 27 21:52:16 2011 <258812961651354> got exception in sendRequest phase: WRITE_ERROR_TO_SERVER [os error=0,  line 794 of ../nsapi/URL.cpp]: at line 3094
  Thu Jan 27 21:52:16 2011 <258812961651354> INFO: Closing SSL context
  Thu Jan 27 21:52:16 2011 <258812961651354> INFO: Error after SSLClose, socket may already have been closed by peer
  Thu Jan 27 21:52:16 2011 <258812961651354> Failing over after WRITE_ERROR_TO_SERVER exception in sendRequest()
  Thu Jan 27 21:52:16 2011 <258812961651354> attempt #4 out of a max of 5
  Thu Jan 27 21:52:16 2011 <258812961651354> general list: trying connect to '10.10.10.10'/16101/16101 at line 2658 for '/irm_desktop'
  Thu Jan 27 21:52:16 2011 <258812961651354> New SSL URL: match = 0 oid = 22
  Thu Jan 27 21:52:16 2011 <258812961651354> Connect returns -1, and error no set to 10035, msg 'Unknown error'
  Thu Jan 27 21:52:16 2011 <258812961651354> EINPROGRESS in connect() - selecting
  Thu Jan 27 21:52:16 2011 <258812961651354> Setting peerID for new SSL connection
  Thu Jan 27 21:52:16 2011 <258812961651354> 0a0a 0a0a e53e 0000 .....>..
  Thu Jan 27 21:52:16 2011 <258812961651354> Local Port of the socket is 63871
  Thu Jan 27 21:52:16 2011 <258812961651354> Remote Host 10.10.10.10 Remote Port 16101
  Thu Jan 27 21:52:16 2011 <258812961651354> general list: created a new connection to '10.10.10.10'/16101 for '/irm_desktop', Local port:63871
  Thu Jan 27 21:52:16 2011 <258812961648171> WARN: GetSessionCallback: No session match found
  Thu Jan 27 21:52:16 2011 <258812961651354> INFO: SSL certificate chain validation failed: 3015
  Thu Jan 27 21:52:16 2011 <258812961651354> trusted certs = 0
  Thu Jan 27 21:52:16 2011 <258812961651354> dumping cert chain
  Thu Jan 27 21:52:16 2011 <258812961651354> commonName is uat.sealedinfo.com
  Thu Jan 27 21:52:16 2011 <258812961648171> WARN: DeleteSessionCallback: No match found!!
  Thu Jan 27 21:52:16 2011 <258812961651354> ERROR: SSLWrite failed
  Thu Jan 27 21:52:16 2011 <258812961651354> SEND failed (ret=-1) at 793 of file ../nsapi/URL.cpp
  Thu Jan 27 21:52:16 2011 <258812961651354> *******Exception type [WRITE_ERROR_TO_SERVER] raised at line 794 of ../nsapi/URL.cpp
  Thu Jan 27 21:52:16 2011 <258812961651354> Marking 10.10.10.10:16101 as bad
  Thu Jan 27 21:52:16 2011 <258812961651354> got exception in sendRequest phase: WRITE_ERROR_TO_SERVER [os error=0,  line 794 of ../nsapi/URL.cpp]: at line 3094
  Thu Jan 27 21:52:16 2011 <258812961651354> INFO: Closing SSL context
  Thu Jan 27 21:52:16 2011 <258812961651354> INFO: Error after SSLClose, socket may already have been closed by peer
  Thu Jan 27 21:52:16 2011 <258812961651354> Failing over after WRITE_ERROR_TO_SERVER exception in sendRequest()
  Thu Jan 27 21:52:16 2011 <258812961651354> attempt #5 out of a max of 5
  Thu Jan 27 21:52:16 2011 <258812961651354> general list: trying connect to '10.10.10.10'/16101/16101 at line 2658 for '/irm_desktop'
  Thu Jan 27 21:52:16 2011 <258812961651354> New SSL URL: match = 0 oid = 22
  Thu Jan 27 21:52:16 2011 <258812961651354> Connect returns -1, and error no set to 10035, msg 'Unknown error'
  Thu Jan 27 21:52:16 2011 <258812961651354> EINPROGRESS in connect() - selecting
  Thu Jan 27 21:52:16 2011 <258812961651354> Setting peerID for new SSL connection
  Thu Jan 27 21:52:16 2011 <258812961651354> 0a0a 0a0a e53e 0000 .....>..
  Thu Jan 27 21:52:16 2011 <258812961651354> Local Port of the socket is 63872
  Thu Jan 27 21:52:16 2011 <258812961651354> Remote Host 10.10.10.10 Remote Port 16101
  Thu Jan 27 21:52:16 2011 <258812961651354> general list: created a new connection to '10.10.10.10'/16101 for '/irm_desktop', Local port:63872
  Thu Jan 27 21:52:16 2011 <258812961648171> WARN: GetSessionCallback: No session match found
  Thu Jan 27 21:52:16 2011 <258812961651354> INFO: SSL certificate chain validation failed: 3015
  Thu Jan 27 21:52:16 2011 <258812961651354> trusted certs = 0
  Thu Jan 27 21:52:16 2011 <258812961651354> dumping cert chain
  Thu Jan 27 21:52:16 2011 <258812961651354> commonName is uat.sealedinfo.com
  Thu Jan 27 21:52:16 2011 <258812961648171> WARN: DeleteSessionCallback: No match found!!
  Thu Jan 27 21:52:16 2011 <258812961651354> ERROR: SSLWrite failed
  Thu Jan 27 21:52:16 2011 <258812961651354> SEND failed (ret=-1) at 793 of file ../nsapi/URL.cpp
  Thu Jan 27 21:52:16 2011 <258812961651354> *******Exception type [WRITE_ERROR_TO_SERVER] raised at line 794 of ../nsapi/URL.cpp
  Thu Jan 27 21:52:16 2011 <258812961651354> Marking 10.10.10.10:16101 as bad
  Thu Jan 27 21:52:16 2011 <258812961651354> got exception in sendRequest phase: WRITE_ERROR_TO_SERVER [os error=0,  line 794 of ../nsapi/URL.cpp]: at line 3094
  Thu Jan 27 21:52:16 2011 <258812961651354> INFO: Closing SSL context
  Thu Jan 27 21:52:16 2011 <258812961651354> INFO: Error after SSLClose, socket may already have been closed by peer
  Thu Jan 27 21:52:16 2011 <258812961651354> Failing over after WRITE_ERROR_TO_SERVER exception in sendRequest()
  Thu Jan 27 21:52:16 2011 <258812961651354> request [irm_desktop] did NOT process successfully..................

  I see that it is six months ago that I first posted this. Nothing has changed. When I use affixa to create a message with an attachment from my gmail account in firefox, the message is created in drafts, but the gmail window is closed and I have to re-open it. Not critical, but annoying.
  Now there is a plug-in on the affixa site that is supposed to be designed for Firefox, and which affixa support claims should take care of this. And I've downloaded it twice. When you download it and open it, it says that it will be installed when Firefox restarts, and gives you a button to restart Firefox. But after you click that button and firefox disappears and re-appears, the affixa plug-in is NOT in the plugin list.
  Please, somebody, HELP.

• Urgent : Problem with Client when OC4J has been setup in 2 way SSL mode

  This is the output that is generated in the JDeveloper console on running the example from b14429.pdf. Examle :
  ====================================================
  import HTTPClient.HTTPConnection;
  import HTTPClient.HTTPResponse;
  import javax.security.cert.X509Certificate;
  import oracle.security.ssl.OracleSSLCredential;
  import java.io.IOException;
  import javax.net.ssl.SSLPeerUnverifiedException;
  public class SSLSocketClientWithClientAuth {
  public static void main(String[] args) {
  if (args.length < 4) {
  System.out.println("Usage: java HTTPSConnectionTest [host] [port] " +
  "[wallet] [password]");
  System.exit(-1);
  String hostname = args[0].toLowerCase();
  int port = Integer.decode(args[1]).intValue();
  String walletPath = args[2];
  String password = args[3];
  HTTPConnection httpsConnection = null;
  OracleSSLCredential credential = null;
  try {
  httpsConnection = new HTTPConnection("https", hostname, port);
  } catch (IOException e) {
  System.out.println("HTTPS Protocol not supported");
  System.exit(-1);
  try {
  credential = new OracleSSLCredential();
  credential.setWallet(walletPath, password);
  } catch (IOException e) {
  System.out.println("Could not open wallet");
  System.exit(-1);
  httpsConnection.setSSLEnabledCipherSuites(new String[]{"SSL_RSA_WITH_3DES_EDE_CBC_SHA"});
  httpsConnection.setSSLCredential(credential);
  try {
  httpsConnection.connect();
  } catch (IOException e) {
  System.out.println("Could not establish connection");
  e.printStackTrace();
  System.exit(-1);
  // X509Certificate x509 = new X509Certificate();
  //javax.servlet.request.
  X509Certificate[] peerCerts = null;
  try {
  peerCerts =
  (httpsConnection.getSSLSession()).getPeerCertificateChain();
  } catch (javax.net.ssl.SSLPeerUnverifiedException e) {
  System.err.println("Unable to obtain peer credentials");
  e.printStackTrace();
  System.exit(-1);
  String peerCertDN =
  peerCerts[peerCerts.length - 1].getSubjectDN().getName();
  peerCertDN = peerCertDN.toLowerCase();
  if (peerCertDN.lastIndexOf("cn=" + hostname) == -1) {
  System.out.println("Certificate for " + hostname +
  " is issued to " + peerCertDN);
  System.out.println("Aborting connection");
  System.exit(-1);
  try {
  HTTPResponse rsp = httpsConnection.Get("/");
  System.out.println("Server Response: ");
  System.out.println(rsp);
  } catch (Exception e) {
  System.out.println("Exception occured during Get");
  e.printStackTrace();
  System.exit(-1);
  ================================================================
  C:\j2sdk1.4.2_09\bin\javaw.exe -client -classpath "D:\eclipse\workspace\OC4JClient\OC4JClient\classes;D:\eclipse\workspace\jdev\extensions\.jar;C:\Documents and Settings\nilesh_bafna\Desktop\Nitin\lib\jssl-1_1.jar;E:\product\10.1.3.1\OracleAS_1\j2ee\home\lib\http_client.jar;E:\product\10.1.3.1\OracleAS_1\jlib\javax-ssl-1_1.jar" -Djava.protocol.handler.pkgs=HTTPClient -Djavax.net.debug=ssl -Djavax.net.ssl.keyStore=F:/oc4jcert/client.keystore -Djavax.net.ssl.keyStorePassword=welcome1 -Djavax.net.ssl.trustStore=F:/oc4jcert/client.keystore -Djavax.net.ssl.trustStorePassword=welcome1 -DOracle.ssl.defaultCipherSuites=SSL_RSA_WITH_RC4_128_MD5 SSLSocketClientWithClientAuth ps4372.persistent.co.in 443 F:/oc4jcert/client.keystore welcome1
  keyStore is : F:/oc4jcert/client.keystore
  keyStore type is : jks
  init keystore
  init keymanager of type SunX509
  found key for : oracle-client
  chain [0] = [
  Version: V3
  Subject: CN=ps4372.persistent.co.in, OU=Marketing, O=Oracle, L=Atlanta, ST=Georgia, C=US
  Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
  Key: SunJSSE RSA public key:
  public exponent:
  010001
  modulus:
  87fcc8e9 0ffcef8e 61f3be10 be7c9715 2792849b 3bbdeb1c cc76b337 4b82bbab
  86972c63 9af3adfd 35b5df99 9078a0d1 6dc760d8 0549a95a bfa7648a 9eadd326
  a6bc4b61 d8f8b42f 44e0b178 ff1dee20 db8406cd d800c26a 9c5a6ed9 4d6f2aef
  bc919814 3b46be39 e129280c e83afe12 c9d4e3d7 fb5787b1 d98bed4a 4f0833d5
  Validity: [From: Thu Jan 18 21:18:14 GMT+05:30 2007,
                 To: Wed Apr 18 21:18:14 GMT+05:30 2007]
  Issuer: CN=ps4372.persistent.co.in, OU=Marketing, O=Oracle, L=Atlanta, ST=Georgia, C=US
  SerialNumber: [    45af96be]
  Algorithm: [MD5withRSA]
  Signature:
  0000: 41 47 35 41 90 10 E3 77 A7 F3 F5 81 37 49 4F 57 AG5A...w....7IOW
  0010: 01 11 82 A2 FB 69 46 E8 18 6C EE 11 23 A6 67 2E .....iF..l..#.g.
  0020: 68 4D D6 A6 E7 09 45 24 58 18 9A E5 44 49 10 9B hM....E$X...DI..
  0030: F1 EC 99 4A 45 5F A4 4F 71 3F 05 3D 45 29 42 CD ...JE_.Oq?.=E)B.
  0040: 11 87 DA 0C AA DC 55 4E CF 22 4A 94 85 CB E5 EB ......UN."J.....
  0050: BA E1 10 D2 C8 80 2C 6B 65 94 13 01 1F 6E 18 C3 ......,ke....n..
  0060: 87 33 8C 65 C7 03 16 03 24 FB 0D B0 6D D8 E7 AA .3.e....$...m...
  0070: A1 A5 48 90 0D D6 8C 47 50 2A AA 7C 7B 14 E5 B7 ..H....GP*......
  trustStore is: F:\oc4jcert\client.keystore
  trustStore type is : jks
  init truststore
  adding as trusted cert:
  Subject: CN=ps4372.persistent.co.in, OU=Marketing, O=Oracle, L=Atlanta, ST=Georgia, C=US
  Issuer: CN=ps4372.persistent.co.in, OU=Marketing, O=Oracle, L=Atlanta, ST=Georgia, C=US
  Algorithm: RSA; Serial number: 0x45af96be
  Valid from Thu Jan 18 21:18:14 GMT+05:30 2007 until Wed Apr 18 21:18:14 GMT+05:30 2007
  adding as trusted cert:
  Subject: CN=ps4372.persistent.co.in, OU=Marketing, O=Oracle, L=Atlanta, ST=Georgia, C=US
  Issuer: CN=ps4372.persistent.co.in, OU=Marketing, O=Oracle, L=Atlanta, ST=Georgia, C=US
  Algorithm: RSA; Serial number: 0x45af95dc
  Valid from Thu Jan 18 21:14:28 GMT+05:30 2007 until Wed Apr 18 21:14:28 GMT+05:30 2007
  init context
  trigger seeding of SecureRandom
  done seeding SecureRandom
  %% No cached client session
  *** ClientHello, TLSv1
  RandomCookie: GMT: 1152299454 bytes = { 41, 212, 166, 48, 109, 77, 185, 232, 204, 95, 158, 141, 60, 96, 196, 172, 49, 19, 49, 22, 222, 234, 47, 76, 27, 130, 5, 176 }
  Session ID: {}
  Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
  Compression Methods: { 0 }
  main, WRITE: TLSv1 Handshake, length = 73
  main, WRITE: SSLv2 client hello message, length = 98
  main, READ: TLSv1 Handshake, length = 839
  *** ServerHello, TLSv1
  RandomCookie: GMT: 1152299454 bytes = { 206, 186, 162, 116, 179, 72, 44, 198, 189, 25, 70, 227, 170, 235, 83, 186, 152, 49, 194, 222, 248, 3, 191, 170, 248, 95, 134, 35 }
  Session ID: {69, 175, 178, 190, 47, 141, 131, 115, 241, 226, 39, 29, 241, 65, 235, 165, 57, 40, 52, 85, 68, 85, 68, 84, 108, 141, 1, 125, 193, 191, 158, 208}
  Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
  Compression Method: 0
  %% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
  ** SSL_RSA_WITH_RC4_128_MD5
  *** Certificate chain
  chain [0] = [
  Version: V3
  Subject: CN=ps4372.persistent.co.in, OU=Marketing, O=Oracle, L=Atlanta, ST=Georgia, C=US
  Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
  Key: SunJSSE RSA public key:
  public exponent:
  010001
  modulus:
  6f24d75b 96919725 ad6ea93a cab0bd96 a49d2f3c e14f5c09 0e228e36 de64e0f2
  f2b82740 1653bdb4 5024d281 21ed8c4c 89bc322b 4dc9ffb2 0e97cd95 16e6fe1e
  380340c9 f3c67e2c 18d06461 f4f30eaf 4394716e 7bc66d80 810a9cb5 9c168b36
  cdd99919 67074ebc edebf02e ebf0accb 2193bc38 7ae1cdda af5ff300 ed0e7763
  Validity: [From: Thu Jan 18 21:14:28 GMT+05:30 2007,
                 To: Wed Apr 18 21:14:28 GMT+05:30 2007]
  Issuer: CN=ps4372.persistent.co.in, OU=Marketing, O=Oracle, L=Atlanta, ST=Georgia, C=US
  SerialNumber: [    45af95dc]
  Algorithm: [MD5withRSA]
  Signature:
  0000: 05 4E EE 12 5B DD 7F 26 92 37 67 C9 D0 73 46 4D .N..[..&.7g..sFM
  0010: 7E A5 1E 67 38 06 D9 5F 9F B7 2F E8 F6 9E BF 88 ...g8.._../.....
  0020: 01 31 7D EA 42 5E 4F 9E D7 8F DA 9F 94 A5 EF 47 .1..B^O........G
  0030: E3 E9 BA DE 94 15 C6 03 DE C9 C0 7D CE 58 C0 27 .............X.'
  0040: 0F 1A 66 EC 73 53 5D 1D DE 7E FA 35 15 E0 2A CC ..f.sS]....5..*.
  0050: C9 74 CC 58 E9 B6 2F 68 A0 89 2B F3 E6 61 7D E1 .t.X../h..+..a..
  0060: 21 AF BE E8 83 49 B1 BD 36 C5 2D 1B 0D A1 0E 63 !....I..6.-....c
  0070: 02 4A 82 71 B0 E1 9C AD 55 67 F9 17 A5 96 18 EB .J.q....Ug......
  Found trusted certificate:
  Version: V3
  Subject: CN=ps4372.persistent.co.in, OU=Marketing, O=Oracle, L=Atlanta, ST=Georgia, C=US
  Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
  Key: SunJSSE RSA public key:
  public exponent:
  010001
  modulus:
  6f24d75b 96919725 ad6ea93a cab0bd96 a49d2f3c e14f5c09 0e228e36 de64e0f2
  f2b82740 1653bdb4 5024d281 21ed8c4c 89bc322b 4dc9ffb2 0e97cd95 16e6fe1e
  380340c9 f3c67e2c 18d06461 f4f30eaf 4394716e 7bc66d80 810a9cb5 9c168b36
  cdd99919 67074ebc edebf02e ebf0accb 2193bc38 7ae1cdda af5ff300 ed0e7763
  Validity: [From: Thu Jan 18 21:14:28 GMT+05:30 2007,
                 To: Wed Apr 18 21:14:28 GMT+05:30 2007]
  Issuer: CN=ps4372.persistent.co.in, OU=Marketing, O=Oracle, L=Atlanta, ST=Georgia, C=US
  SerialNumber: [    45af95dc]
  Algorithm: [MD5withRSA]
  Signature:
  0000: 05 4E EE 12 5B DD 7F 26 92 37 67 C9 D0 73 46 4D .N..[..&.7g..sFM
  0010: 7E A5 1E 67 38 06 D9 5F 9F B7 2F E8 F6 9E BF 88 ...g8.._../.....
  0020: 01 31 7D EA 42 5E 4F 9E D7 8F DA 9F 94 A5 EF 47 .1..B^O........G
  0030: E3 E9 BA DE 94 15 C6 03 DE C9 C0 7D CE 58 C0 27 .............X.'
  0040: 0F 1A 66 EC 73 53 5D 1D DE 7E FA 35 15 E0 2A CC ..f.sS]....5..*.
  0050: C9 74 CC 58 E9 B6 2F 68 A0 89 2B F3 E6 61 7D E1 .t.X../h..+..a..
  0060: 21 AF BE E8 83 49 B1 BD 36 C5 2D 1B 0D A1 0E 63 !....I..6.-....c
  0070: 02 4A 82 71 B0 E1 9C AD 55 67 F9 17 A5 96 18 EB .J.q....Ug......
  *** CertificateRequest
  Cert Types: RSA, DSS,
  Cert Authorities:
  <CN=ps4372.persistent.co.in, OU=Marketing, O=Oracle, L=Atlanta, ST=Georgia, C=US>
  *** ServerHelloDone
  matching alias: oracle-client
  *** Certificate chain
  chain [0] = [
  Version: V3
  Subject: CN=ps4372.persistent.co.in, OU=Marketing, O=Oracle, L=Atlanta, ST=Georgia, C=US
  Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
  Key: SunJSSE RSA public key:
  public exponent:
  010001
  modulus:
  87fcc8e9 0ffcef8e 61f3be10 be7c9715 2792849b 3bbdeb1c cc76b337 4b82bbab
  86972c63 9af3adfd 35b5df99 9078a0d1 6dc760d8 0549a95a bfa7648a 9eadd326
  a6bc4b61 d8f8b42f 44e0b178 ff1dee20 db8406cd d800c26a 9c5a6ed9 4d6f2aef
  bc919814 3b46be39 e129280c e83afe12 c9d4e3d7 fb5787b1 d98bed4a 4f0833d5
  Validity: [From: Thu Jan 18 21:18:14 GMT+05:30 2007,
                 To: Wed Apr 18 21:18:14 GMT+05:30 2007]
  Issuer: CN=ps4372.persistent.co.in, OU=Marketing, O=Oracle, L=Atlanta, ST=Georgia, C=US
  SerialNumber: [    45af96be]
  Algorithm: [MD5withRSA]
  Signature:
  0000: 41 47 35 41 90 10 E3 77 A7 F3 F5 81 37 49 4F 57 AG5A...w....7IOW
  0010: 01 11 82 A2 FB 69 46 E8 18 6C EE 11 23 A6 67 2E .....iF..l..#.g.
  0020: 68 4D D6 A6 E7 09 45 24 58 18 9A E5 44 49 10 9B hM....E$X...DI..
  0030: F1 EC 99 4A 45 5F A4 4F 71 3F 05 3D 45 29 42 CD ...JE_.Oq?.=E)B.
  0040: 11 87 DA 0C AA DC 55 4E CF 22 4A 94 85 CB E5 EB ......UN."J.....
  0050: BA E1 10 D2 C8 80 2C 6B 65 94 13 01 1F 6E 18 C3 ......,ke....n..
  0060: 87 33 8C 65 C7 03 16 03 24 FB 0D B0 6D D8 E7 AA .3.e....$...m...
  0070: A1 A5 48 90 0D D6 8C 47 50 2A AA 7C 7B 14 E5 B7 ..H....GP*......
  JsseJCE: Using JSSE internal implementation for cipher RSA/ECB/PKCS1Padding
  *** ClientKeyExchange, RSA PreMasterSecret, TLSv1
  Random Secret: { 3, 1, 236, 206, 185, 158, 75, 201, 230, 16, 170, 40, 193, 70, 188, 134, 36, 134, 14, 20, 191, 121, 246, 8, 7, 2, 137, 66, 166, 10, 185, 246, 104, 154, 27, 82, 161, 133, 11, 130, 11, 130, 71, 84, 155, 165, 239, 227 }
  main, WRITE: TLSv1 Handshake, length = 763
  SESSION KEYGEN:
  PreMaster Secret:
  0000: 03 01 EC CE B9 9E 4B C9 E6 10 AA 28 C1 46 BC 86 ......K....(.F..
  0010: 24 86 0E 14 BF 79 F6 08 07 02 89 42 A6 0A B9 F6 $....y.....B....
  0020: 68 9A 1B 52 A1 85 0B 82 0B 82 47 54 9B A5 EF E3 h..R......GT....
  CONNECTION KEYGEN:
  Client Nonce:
  0000: 45 AF B2 BE 29 D4 A6 30 6D 4D B9 E8 CC 5F 9E 8D E...)..0mM..._..
  0010: 3C 60 C4 AC 31 13 31 16 DE EA 2F 4C 1B 82 05 B0 <`..1.1.../L....
  Server Nonce:
  0000: 45 AF B2 BE CE BA A2 74 B3 48 2C C6 BD 19 46 E3 E......t.H,...F.
  0010: AA EB 53 BA 98 31 C2 DE F8 03 BF AA F8 5F 86 23 ..S..1......._.#
  Master Secret:
  0000: CA 5C BA B3 D0 C9 26 A9 3A 06 08 8F 27 2E CE 17 .\....&.:...'...
  0010: 93 98 BC DF EF 78 2A 99 DB 3E 50 3B 01 D1 84 5F .....x*..>P;..._
  0020: 28 80 CE 7C 7C C1 12 A4 11 F6 33 9B 2E D9 6F BE (.........3...o.
  Client MAC write Secret:
  0000: 80 FF CE 99 7C 45 4C D8 60 FA 40 79 A2 A4 36 7C .....EL.`[email protected].
  Server MAC write Secret:
  0000: 2D F1 A0 A8 ED A1 7B DD 89 A5 01 90 43 BF F1 19 -...........C...
  Client write key:
  0000: E1 3F 33 54 D3 C5 3A 26 4A 41 65 DA AC 44 3B 28 .?3T..:&JAe..D;(
  Server write key:
  0000: C5 08 52 AE A9 0A 4F D0 AD 54 49 C6 4E 2F 9C 4E ..R...O..TI.N/.N
  ... no IV for cipher
  JsseJCE: Using JSSE internal implementation for cipher RSA/ECB/PKCS1Padding
  *** CertificateVerify
  main, WRITE: TLSv1 Handshake, length = 134
  main, WRITE: TLSv1 Change Cipher Spec, length = 1
  main, handling exception: java.net.SocketException: Software caused connection abort: socket write error
  main, SEND TLSv1 ALERT: fatal, description = unexpected_message
  main, WRITE: TLSv1 Alert, length = 2
  Exception sending alert: java.net.SocketException: Software caused connection abort: socket write error
  main, called closeSocket()
  IOException in getSession(): java.net.SocketException: Software caused connection abort: socket write error
  Unable to obtain peer credentials
  javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
       at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificateChain(DashoA12275)
       at SSLSocketClientWithClientAuth.main(SSLSocketClientWithClientAuth.java:56)
  Process exited with exit code -1.
  =====================================================
  I think this is the problem with ciphers. So can anybody please help me with this!!!. This is very urgent!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
  Thanks in advance
  Nilesh

  Thanks for your prompt reply I was able to make it run. Actually I am using the same keystore and truststore at both the client and the server end. I added those properties in opmn.xml as startup parameters.
  I have another query I am using JDev to create a client proxy for my webservice that is deployed in OC4J. I have setup OC4J in 2 way SSL (mutual authentication)
  When I invoke my client proxy with these system properties set
  System.setProperty("javax.net.ssl.keyStore",keyStore);
  System.setProperty("javax.net.ssl.keyStorePassword", keyStorePassword);
  System.setProperty("javax.net.ssl.trustStore", trustStore);
  System.setProperty("javax.net.ssl.trustStorePassword",trustStorePassword);
  System.setProperty("javax.net.ssl.keyStoreType","JKS");
  System.setProperty("javax.net.ssl.trustStoreType","JKS");
  I get an exception in the log.xml which is
  <MSG_TEXT>IOException in ServerSocketAcceptHandler$AcceptHandlerHorse:run</MSG_TEXT>
  <SUPPL_DETAIL><![CDATA[javax.net.ssl.SSLProtocolException: handshake alert: no_certificate
              at com.sun.net.ssl.internal.ssl.ServerHandshaker.handshakeAlert(ServerHandshaker.java:1031)
              at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1535)
              at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:863)
              at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1025)
              at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1038)
              at oracle.oc4j.network.ServerSocketAcceptHandler.doSSLHandShaking(ServerSocketAcceptHandler.java:250)
              at oracle.oc4j.network.ServerSocketAcceptHandler$AcceptHandlerHorse.run(ServerSocketAcceptHandler.java:868)
              at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:303)
              at java.lang.Thread.run(Thread.java:595)
  ]]></SUPPL_DETAIL>
  Isn't setting these properties enough for sending a client certificate. Please help!!!!
  Thanks,
  Nilesh.

• Windows Server 2003 and problem with SSL connection (TLS)

  Hi,
  We are forcing a problem with SLL/TLS connection on a machine Windows Server 2003 SP2.
  We spent hours trying to solve it without any result. 
  SYMPTOMS
  No SSL connection can be established in any application since last year, e.g.:
  we cannot do any windows update, because there is a time verification over SSL on the windows update website (there is an error that the time is incorrect while it is up-to-date)
  we cannot open any website in Internet Explorer over https
  when we try to connect to the SQL Server (database SQL 2008 hosted on the same server) with Management Studio it fails with an error: "A connection
  was successfully established with the server, but then an error occurred during the pre-login handshake.(provider: SSL Provider, error: 0 - Could not
  contact LSA)(Microsoft SQL Server)"
  in a custom applications which sends requests over https we receive an error: "Could not establish trust relationship for SSL/TLS secure channel"
  Everything seems to point at some SSL problem somewhere deep inside Windows.
  We installed several patches, but without any result. 
  Can anybody help?
  Regards,
  Dawid

  Hi, thanks for answers,
  - In IE both SSL2.0 and TLS1.0 are checked. We tried to disable TLS1.0 - with no results. 
  - In  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel both SSL2.0
  and TLS1.0 are enabled. We also tried to dislable TLS1.0 on the Client side - with no resuts. 
  - In
  HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL EventLogging is set to 3, so it should log warnings
  and errors. But we cannot find any related logs in EventLog
  Unfortunately we are still in the same place.

• Problem with SSL

  I have created a java application that communicates with a Server via HTTPS.
  I use both jdk and jre 1.5
  I know this has somthing to do with Certificates and Storing them
  But i dont know exactly what to do.
  Can Som1 pls help me
  javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
       at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1518)
       at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174)
       at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168)
       at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:848)
       at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106)
       at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
       at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:818)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1030)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:622)
       at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
       at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
       at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
       at org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:827)
       at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:1975)
       at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:993)
       at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:397)
       at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:170)
       at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:396)
       at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:324)
       at lk.informatics.infopro.connector.command.AptiloHTTPCommand.httpPost(AptiloHTTPCommand.java:106)
       at lk.informatics.infopro.connector.command.AptiloHTTPCommand.performTask(AptiloHTTPCommand.java:134)
       at lk.informatics.infopro.connector.SimpleRMIImpl.performTask(SimpleRMIImpl.java:112)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:585)
       at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:294)
       at sun.rmi.transport.Transport$1.run(Transport.java:153)
       at java.security.AccessController.doPrivileged(Native Method)
       at sun.rmi.transport.Transport.serviceCall(Transport.java:149)
       at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:466)
       at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:707)
       at java.lang.Thread.run(Thread.java:595)
  Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
       at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:221)
       at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:145)
       at sun.security.validator.Validator.validate(Validator.java:203)
       at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:172)
       at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSLContextImpl.java:320)
       at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:841)
       ... 30 more
  Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
       at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:236)
       at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194)
       at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:216)
       ... 35 more

  The problem that i had was that my application was unable to find a valid certificate that proved that the site can be trusted.
  What you need to do is to tell the application that the site can be trusted and point it to a certificate that proves the site that you want to communicate with is a valid one.
  If the application cannot find a proper certificate then it results in a failed SSL handshake.
  What you must do is save the certificate provided by the site you wish to communicate and point the application to it. Done in 3 steps
  1.     Save the certificate provided by the end site on the as a .cer file
       eg:- theSite.cer
       This can be done via IE or Mozilla (Has not been tested with Mozilla yet)
  To do this open the site on your browser, When the browser asks if you
  wish to accept the certificate provided by the site view the certificate and
  save it.
  2.     Create a keyStore and add the saved certificate to it. Use the java "keytool" command in the command prompt to achive this
       keytool -import -alias ALIAS -file CERTIFICATE.cer -keystore KEY_STORE_NAME
       eg:-
       keytool -import -alias test -file theSite.cer -keystore TS
  3.     In you application make sure that you specify where to look for the Trusted Key Store in.
       System.setProperty("javax.net.ssl.trustStore", "TRUST_STORE_NAME");
       System.setProperty("javax.net.ssl.trustStorePassword", "TRUST_STORE_PASSWORD");
       eg:-
       System.setProperty("javax.net.ssl.trustStore", "C:\\Key_Store\\TS");
       System.setProperty("javax.net.ssl.trustStorePassword", "XXX");
       ALT: you can also specify the above values on the java execution command as
  -Djavax.net.ssl.trustStore=C:\Key_Store\TS -Djavax.net.ssl.trustStorePassword=XXX
  -Djavax.net.debug=all
  Can be used to view all debug information.
  Simply put we save the sites certificate in step 1. create a new KeyStore and and save the certificate in it in step 2 and show the application where to look for the valid certificate by pointing it to the proper keyStore in step 3.
  Note that you can save multiple certificates on the same keyStore.
  If you have any problems with this let me know

• Problems with an SSL connection

  I'm trying to execute a Post request using HTTPS. To achieve that I'm using commons-httpclient v.3.0rc1 and a custom SSLSocketProtocolSocketFactory that can work with untrusted self-signed certificates.
  My code works on Windows 2000 Pro, but it fails on Linux (Suse Linux 8.2). However I'm using JDK 1.4.2 both in Windows and LInux, with the same list of security providers set at $JAVA_HOME/jre/lib/security/java.security file.
  I've heard about problems with security when upgrading form JDK 1.4.x to JDK 1.5, but it's not the case.
  Any idea about this?
  This is the exception I get when I run my code on Linux:
  Caused by: javax.net.ssl.SSLKeyException: RSA premaster secret error
  at com.sun.net.ssl.internal.ssl.PreMasterSecret.<init>(PreMasterSecret.java:86)
  at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:514)
  at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:160)
  at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
  at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:815)
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1025)
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:619)
  at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
  at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
  at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
  at org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:825)
  at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:1920)
  at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1002)
  at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:382)
  at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:168)
  at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:393)
  at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:324)
  at com.gd.define.orion.mailets.AbstractHttpMailet.send(AbstractHttpMailet.java:451)
  ... 6 more
  Caused by: java.security.NoSuchAlgorithmException: Cannot find any provider supporting RSA/ECB/PKCS1Padding
  at javax.crypto.Cipher.getInstance(DashoA12275)
  at com.sun.net.ssl.internal.ssl.JsseJce.getCipher(JsseJce.java:90)
  at com.sun.net.ssl.internal.ssl.RSACipher.<init>(RSACipher.java:35)
  at com.sun.net.ssl.internal.ssl.RSACipher.getInstance(RSACipher.java:69)
  at com.sun.net.ssl.internal.ssl.PreMasterSecret.<init>(PreMasterSecret.java:82)
  ... 24 more

  I've read in other forums that server and client running on same machine can cause problems using SSL. Is that real? Could it happen even when server uses JDK 1.5 and client uses JDK 1.4.2? May JDK version conflicts appear?
  Thanks in advance

• New MS patch problems with Apache & SSL on NetWare web serve

  This week our users began to experience problems accessing our Intranet based on a NetWare 6.5 box running Apache and using a Verisign SSL certificate. IE would say it was connecting but you would never get there. Firefox could get to the server but I had similar problems with Safari & Chrome.
  I discovered that the MS security patch KB980436 had modified some portion of IE and was causing the problem. Uninstalling that patch put us back to where we could once again access our Intranet.
  This seems to have something to do with how IE accesses using the SSL 443 port. When, internally, I accessed this same site using http instead of https it worked perfectly.
  This patch was applied to Win XP and Win 7 with the same bad results.
  If there is a more appropriate place for this post please move it there.

  Have you tried the registry settings to go back to compatible mode? The
  settings are listed in the MS KB article.
  "boomchuck" <[email protected]> wrote in message
  news:[email protected]..
  >
  > This week our users began to experience problems accessing our Intranet
  > based on a NetWare 6.5 box running Apache and using a Verisign SSL
  > certificate. IE would say it was connecting but you would never get
  > there. Firefox could get to the server but I had similar problems with
  > Safari & Chrome.
  >
  > I discovered that the MS security patch KB980436 had modified some
  > portion of IE and was causing the problem. Uninstalling that patch put
  > us back to where we could once again access our Intranet.
  >
  > This seems to have something to do with how IE accesses using the SSL
  > 443 port. When, internally, I accessed this same site using http
  > instead of https it worked perfectly.
  >
  > This patch was applied to Win XP and Win 7 with the same bad results.
  >
  > If there is a more appropriate place for this post please move it
  > there.
  >
  >
  > --
  > boomchuck
  > ------------------------------------------------------------------------
  > boomchuck's Profile: http://forums.novell.com/member.php?userid=28653
  > View this thread: http://forums.novell.com/showthread.php?t=418742
  >

• Problem with a simple GRE tunnel

  Hello everyone:
  I have a problem with a simple GRE tunnel, and can not make it work, the problem lies in the instruction "tunnel source loopback-0" if I use this command does not work, now if I use "tunnel source <ip wan >" if it works, someone can tell me why?
  Thanks for your help
  Router 1: 2811
  version 12.4
  no service password-encryption
  hostname cisco2811
  no aaa new-model
  ip cef
  interface Loopback0
  ip address 2.2.2.2 255.255.255.255
  interface Tunnel0
  ip address 10.10.1.1 255.255.255.0
  tunnel source Loopback0
  tunnel destination 217.127.XXX.188
  interface Tunnel1
  ip address 10.10.2.1 255.255.255.0
  tunnel source Loopback0
  tunnel destination 80.32.XXX.125
  interface FastEthernet0/0
  description LOCAL LAN Interface
  ip address 192.168.1.254 255.255.255.0
  ip nat inside
  ip virtual-reassembly
  duplex auto
  speed auto
  interface FastEthernet0/1
  description WAN Interface
  ip address 195.77.XXX.70 255.255.255.248
  ip nat outside
  ip virtual-reassembly
  duplex auto
  speed auto
  ip forward-protocol nd
  ip route 0.0.0.0 0.0.0.0 195.77.XXX.65
  ip route 192.168.3.0 255.255.255.0 Tunnel0
  ip route 192.168.4.0 255.255.255.0 Tunnel1
  ip nat inside source route-map salida-fibra interface FastEthernet0/1 overload
  access-list 120 deny ip 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255
  access-list 120 deny ip 192.168.1.0 0.0.0.255 192.168.4.0 0.0.0.255
  access-list 120 permit ip 192.168.1.0 0.0.0.255 any
  route-map salida-fibra permit 10
  match ip address 120
  Router 2: 2811
  version 12.4
  service password-encryption
  ip cef
  no ip domain lookup
  multilink bundle-name authenticated
  username admin privilege 15 password 7 104CXXXXx13
  interface Loopback0
  ip address 4.4.4.4 255.255.255.255
  interface Tunnel0
  ip address 10.10.1.2 255.255.255.0
  tunnel source Loopback0
  tunnel destination 195.77.XXX.70
  interface Ethernet0
  ip address 192.168.3.251 255.255.255.0
  ip nat inside
  ip virtual-reassembly
  hold-queue 100 out
  interface ATM0
  no ip address
  no ip route-cache cef
  no ip route-cache
  no atm ilmi-keepalive
  dsl operating-mode auto
  interface ATM0.1 point-to-point
  ip address 217.127.XXX.188 255.255.255.192
  ip nat outside
  ip virtual-reassembly
  no ip route-cache
  no snmp trap link-status
  pvc 8/32
  encapsulation aal5snap
  ip route 0.0.0.0 0.0.0.0 ATM0.1
  ip route 192.168.1.0 255.255.255.0 Tunnel0
  ip nat inside source route-map nonat interface ATM0.1 overload
  access-list 100 permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255
  access-list 120 deny ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255
  access-list 120 permit ip 192.168.3.0 0.0.0.255 any
  route-map nonat permit 10
  match ip address 120

  Hello, thank you for the answer, as to your question, I have no connectivity within the tunnel, whether from Router 1, I ping 10.10.1.2 not get response ...
  Now both routers remove the loopback, and the interface tunnel 0 change the tunnel source to "tunnel source " tunnel works perfectly, the problem is when I have to use the loopback. Unfortunately achieved when the tunnel work, this will have to endure multicast, and all the examples found carrying a loopback as' source '... but this is a step back ..
  Tunnel0 is up, line protocol is up
  Hardware is Tunnel
  Internet address is 10.10.1.1/24
  MTU 1514 bytes, BW 9 Kbit, DLY 500000 usec,
  reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation TUNNEL, loopback not set
  Keepalive not set
  Tunnel source 2.2.2.2 (Loopback0), destination 217.127.XXX.188
  Tunnel protocol/transport GRE/IP
  Key disabled, sequencing disabled
  Checksumming of packets disabled
  Tunnel TTL 255
  Fast tunneling enabled
  Tunnel transmit bandwidth 8000 (kbps)
  Tunnel receive bandwidth 8000 (kbps)
  Last input 09:04:38, output 00:00:19, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/0 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
  0 packets input, 0 bytes, 0 no buffer
  Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
  0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
  11101 packets output, 773420 bytes, 0 underruns
  0 output errors, 0 collisions, 0 interface resets
  0 unknown protocol drops
  0 output buffer failures, 0 output buffers swapped out

• Getting error "Problem with SSL Certificate" but I'm connecting to my private server without SSL

  I wanted to create a PDF from a subtree at a website. The first problem was that Acrobat Pro (11.0.7) wouldn't spider it (probably because there was a robot.txt file there) so I had to use SiteSucker to pull the pages down to my Mac.
  Then I discovered that Acrobat Pro can't handle file:/// URLs so that was no good either
  So then I copied all the pages to a folder on my Linux server where I use a non-standard port (86) for http connection as a minor security precaution.
  When I tried to access that from Acrobat Pro, it bitched about a problem with SSL Certificate but gave me no option to do anything about it. More relevantly, all the files were accessible using http protocol, not https so there shouldn't have been any need to deal with SSL certificates at all
  I had to temporarily enable port 80 on my apache server at which point it's now pulling all the files in and hopefully converting them.
  A) We're at version 11 ---- these kinds of issues should have been fixed years ago
  B) While you're at it, fix the stupid UI issue where the download dialog disappears completely if Acrobat Pro doesn't have the focus. On a long download, I'd like to be able to see progress while working on other stuff. Acrobat Pro is not the center of the universe!

  Interesting point 2, I am working on a Mac plugin at the moment. It does not hide its dialogs when switching to a different app. I consider this a bug and will fix it so the dialog disappears. I hadn't considered the question of progress but there is a very strong reason to do this on the Mac.
  My tests seem to show that
  (a) to get a dialog to sit above PDF documents all the time, it must be on a higher "level".
  (b) if a dialog is at a higher level, this is a global setting.
  So, if the dialog is not hidden when switching all, it will typically sit on top of the other app's document windows. This would not be popular, as the end user, unless they have mountains of screen space and choose to use it that way, must either close or move the dialog when switching app, then bring the dialog back.  So, because Acrobat Pro is not the centre of the universe, it will hide dialogs (or rather, the Mac will, as it's a standard option when creating a window).