Ssl version
Hi,
If I go to a secure web site, how can I check what version of ssl it is using? Does the Version properties in Detail tab (after I clicked the yellow lock on the site) is teh ssl version? Thanks
I don't know which browsers support this information, but one way you can check is to see what
data is travelling on the connection. (Use tcp/windump, snoop, or any other packet sniffer).
Each SSLv3/TLSv1 packet has the following header:
Type: 1 byte
Vmajor: 1 byte
Vminor: 1 byte
lenMajor 1 byte
lenMinor 1 byte
If you look at a packet's vMajor/vMinor
3,0 - SSLv3
3,1 - TLSv1
See RFC 2246 for more info.
SSLv2 uses a slightly different format.
Similar Messages
-
SSL Version used in AnyConnect 3.0.1047
Can anyone tell me what version of SSL is used by the AnyConnect client (version 3.0.1047)? Where would I find this information?
Thanks.
TeressaIt is SSL version 3.
ASA only accepts SSL version 3 as per the following:
http://www.cisco.com/en/US/docs/security/asa/asa83/command/reference/s8.html#wp1421230
Hope that answers your question. -
PCI compliance, need to disable SSL version 2
I'm running OS X 10.7.2 and I recently failed my PCI compliance scan. I was informed that I have SSLv2 and SSLv3 and that I need to disable SSLv2. The company that performs the scan says that they can't help me do it and that I should call my ISP, ATT Uverse. I've done this and spent several hours being bounced around and they don't seem to understand what I'm talking about or how to fix it. So...my questions is how can I disable SSLv2?? I'm not very "code" savy so if you could walk me throught the steps that would be very helpful. I really don't wnat to try tech support with ATT again! TIA
Launch the Terminal application by entering the first few letters of its name into a Spotlight search. Drag or copy -- do not type -- the following line into the window, then press return:
launchctl list | sed 1d | awk '!/0x|com\.apple/ {print $3}'
Post any lines of output that appear below what you entered -- the text, please, not a screenshot. -
Apache, iPrint and SSL/nile.nlm
Hi,
Getting various abends on a daily basis. Server is running as a vm on ESX 4.1 on an AMD platform. The running process is not always the same (apache_workprocess, seg.nlm, pcountdp.nlm) but the type of abend seems to be very consistent. It is the "Kernel detected an attempted context switch in an MPK Fast WTD". Another consistency seems to be that SSL and nile.nlm are high up on the stack - but maybe that is just normal for any iPrint server with secure iprint enabled on every printer (about 400 printer agents).
Thinking it might be a bad cert I have tried using both the self-signed "SSL CertificateDNS" cert and a third-party (Thawte) cert. Same result in either case. I have also tried the various tweaks on ESX for NetWare guest vm's :
- setting the memory reservation
- settting cpu affinity,
- setting the virtualization method to use hardware (Intel/AMD mmu and Intel/AMD instruction set) rather than automatic,
- removing the acpidrv.psm module from startup.ncf
- I have NOT set the NUMA memory node affinity.
The last thing I can think of to try is to turn off secure iPrint. If I do that, can I load apache without it listening on port 443 and not break any iPrint services? I do have iManager running on this same guest as well but I do not need it there.
Any other ideas?
Thanks,
Ron
Below are two recent abends, one with pcountdp.nlm and the second with apache_worker process. I've cut the nlm list on the second abend to get it to fit into this post.
Server N05 halted Monday, November 21, 2011 12:53:52.463 pm
Abend 1 on P00: Server-5.70.08-1315: Kernel detected an attempted context switch in an MPK Fast WTD.
Registers:
CS = 0008 DS = 0010 ES = 0010 FS = 0010 GS = 0023 SS = 0010
EAX = 00000000 EBX = 00000001 ECX = 00000000 EDX = 00090009
ESI = 00000006 EDI = A00D19D8 EBP = FBF138DB ESP = 8FD9DE9C
EIP = 0021AB7A FLAGS = 00000002
0021AB7A 83C404 ADD ESP, 00000004
EIP in SERVER.NLM at code start +00019B5Ah
The violation occurred while processing the following instruction:
0021AB7A 83C404 ADD ESP, 00000004
0021AB7D 833D14D0030000 CMP [SERVER.NLM|SleepNotAllowedUseCount]=00000001
, 00000000
0021AB84 7482 JZ 0021AB08
0021AB86 833DACC1030000 CMP [0003C1AC]=00000000, 00000000
0021AB8D 0F84D5000000 JZ 0021AC68
0021AB93 85DB TEST EBX, EBX
0021AB95 0F84BA000000 JZ 0021AC55
0021AB9B 8B1DE843F0FB MOV EBX, [FBF043E8]=FBF24D68
0021ABA1 53 PUSH EBX
0021ABA2 E8CFDBEFFF CALL LOADER.NLM|Abend
Running process: PCOUNTDP.NLM 236 Process
Thread Owned by NLM: PCOUNTDP.NLM
Stack pointer: 8FD9E1A8
OS Stack limit: 8FD9B360
CPU 0 (Thread A52305C0) is in a NO SLEEP state
Scheduling priority: 67371008
Wait state: 5050010 Blocked on a Mutex
Stack: --FBF138DB ?
--A00D19E0 ?
--00000006 (LOADER.NLM|KernelAddressSpace+6)
--A00D19C0 ?
002186BC (SERVER.NLM|SchedSwitch+48)
--00000001 (LOADER.NLM|KernelAddressSpace+1)
--A00D19E0 ?
--A00D19D8 ?
--00000006 (LOADER.NLM|KernelAddressSpace+6)
--A00D19C0 ?
002064BC (SERVER.NLM|kMutexLock+1AC)
--A00D19E4 ?
--A00D1A40 ?
--8FD9DEF0 ?
--00000000 (LOADER.NLM|KernelAddressSpace+0)
--04B4E504 ?
--9D96379C ?
883E6AC9 (LIBC.NLM|pthread_mutex_lock+A9)
--A00D19C0 ?
--04B4E504 ?
--00000006 (LOADER.NLM|KernelAddressSpace+6)
--8FD9DEFC ?
9EDD3AF1 (NILE.NLM|SSL_library_init+26C)
--9D96379C ?
--8FD9DF20 ?
9EDE3ABF (NILE.NLM|CRYPTO_lock+8F)
--00000009 (LOADER.NLM|KernelAddressSpace+9)
--00000009 (LOADER.NLM|KernelAddressSpace+9)
-9FE9C114 (NILE.NLM|RSA_version+28)
--000000F6 (LOADER.NLM|KernelAddressSpace+F6)
-9FEC9448 (NILE.NLM|serverPostFix+1968)
--8FD9DF24 ?
--04B4E504 ?
--8FD9DF48 ?
9EDE3B44 (NILE.NLM|CRYPTO_add_lock+5A)
--00000009 (LOADER.NLM|KernelAddressSpace+9)
--00000009 (LOADER.NLM|KernelAddressSpace+9)
-9FE9C114 (NILE.NLM|RSA_version+28)
--000000F6 (LOADER.NLM|KernelAddressSpace+F6)
--00000000 (LOADER.NLM|KernelAddressSpace+0)
-9FEC9448 (NILE.NLM|serverPostFix+1968)
--04B4E504 ?
--00000006 (LOADER.NLM|KernelAddressSpace+6)
--8FD9DF70 ?
9EDE00AF (NILE.NLM|RSA_free+2E)
--04B6E43C ?
--FFFFFFFF ?
--00000009 (LOADER.NLM|KernelAddressSpace+9)
-9FE9C114 (NILE.NLM|RSA_version+28)
--000000F6 (LOADER.NLM|KernelAddressSpace+F6)
-9FEC9448 (NILE.NLM|serverPostFix+1968)
--04B4E504 ?
--04B4E504 ?
--8FD9DF80 ?
9EDE7A81 (NILE.NLM|EVP_PKEY_free+97)
--04B6E404 ?
--00000002 (LOADER.NLM|KernelAddressSpace+2)
--8FD9DF94 ?
9EDE7A2A (NILE.NLM|EVP_PKEY_free+40)
--046B3A84 ?
9EDF8F2C (NILE.NLM|ASN1_template_free+8A)
--00000000 (LOADER.NLM|KernelAddressSpace+0)
--8FD9DFA8 ?
9EDF3660 (NILE.NLM|PKCS7_DIGEST_free+35)
--046B3A84 ?
-9FEA2C70 (NILE.NLM|X509_PUBKEY_it+0)
--047E85C4 ?
--8FD9DFEC ?
9EDF8E7A (NILE.NLM|ASN1_item_ex_free+2A6)
--00000003 (LOADER.NLM|KernelAddressSpace+3)
--009052DC ?
-9FEA2C70 (NILE.NLM|X509_PUBKEY_it+0)
--A00D1540 ?
-9FEA2C28 (NILE.NLM|PKCS7_ATTR_VERIFY_it+34)
-9FEA2C3C (NILE.NLM|PKCS7_ATTR_VERIFY_it+48)
--A00D1540 ?
--8FD9DFE8 ?
-9FEA2C10 (NILE.NLM|PKCS7_ATTR_VERIFY_it+1C)
9EDF3641 (NILE.NLM|PKCS7_DIGEST_free+16)
--00000002 (LOADER.NLM|KernelAddressSpace+2)
--046DFC84 ?
--047E85C4 ?
--04B4E504 ?
--00000003 (LOADER.NLM|KernelAddressSpace+3)
--8FD9E010 ?
9EDF8F2C (NILE.NLM|ASN1_template_free+8A)
--009052DC ?
-9FEA2C70 (NILE.NLM|X509_PUBKEY_it+0)
--00000000 (LOADER.NLM|KernelAddressSpace+0)
--04622844 ?
--00000005 (LOADER.NLM|KernelAddressSpace+5)
--009052DC ?
--00000003 (LOADER.NLM|KernelAddressSpace+3)
--8FD9E050 ?
9EDF8E55 (NILE.NLM|ASN1_item_ex_free+281)
--009052DC ?
-9FE9B6C4 (NILE.NLM|OID_AES256+760)
--0000000A (LOADER.NLM|KernelAddressSpace+A)
-9FE9B6C4 (NILE.NLM|OID_AES256+760)
-9FE9B6C4 (NILE.NLM|OID_AES256+760)
Additional Information:
The NetWare OS detected a problem with the system while executing a process owned by SERVER.NLM. It may be the source of the problem or there may have been a memory corruption.
Loaded Modules:
PCOUNTWI.NLM Pcounter Web Interface
Version 5.50 October 27, 2011
Code Address: A13A6000h Length: 00006A0Ch
Data Address: A653C000h Length: 00003AA0h
NDPSGW.NLM NDPS Gateway
Version 4.01.02 March 2, 2010
Code Address: A5D20000h Length: 0000E7FCh
Data Address: A5199000h Length: 0000737Ch
PCOUNTDP.NLM Pcounter for NDPS
Version 5.50 October 27, 2011
Code Address: A5CE3000h Length: 0002230Bh
Data Address: A3071000h Length: 00005154h
NETDB.NLM Network Database Access Module
Version 4.11.05 January 6, 2005
Code Address: A5CC9000h Length: 0001394Dh
Data Address: A5CDD000h Length: 000025FCh
FPSM.NLM Novell Floating-Point Support Module for NLMs [debugging, 0A10]
Version 5.90.01 December 12, 2000
Code Address: A2E26000h Length: 0000003Ch
Data Address: 00000000h Length: 00000000h
LPR2NDPS.NLM NDPS Utility to accept UNIX jobs via LPR
Version 4.00.06 April 16, 2010
Code Address: A5CB9000h Length: 00009975h
Data Address: A2D9B000h Length: 00001AE8h
NDPSM.NLM NDPS Manager
Version 3.03.02 May 18, 2010
Code Address: A2A97000h Length: 00083318h
Data Address: A5C48000h Length: 00025E80h
RMANSRVR.NLM NDPS Resource Manager
Version 3.07.02 March 2, 2010
Code Address: A5C01000h Length: 0001DE5Fh
Data Address: A2188000h Length: 00004A24h
NIPPZLIB.NLM General Purpose ZIP File Library for NetWare
Version 1.00.01 November 28, 2005
Code Address: A5BE7000h Length: 00002A23h
Data Address: A2760000h Length: 00000048h
ZLIB.NLM ZLIB 1.1.4 General Purpose Compression Library for NetWare
Version 1.01.04 December 20, 2002
Code Address: A5BF5000h Length: 0000BAB4h
Data Address: A273B000h Length: 000014D8h
BROKER.NLM NDPS Broker
Version 3.00.12 February 20, 2008
Code Address: A5B9B000h Length: 0000FFECh
Data Address: A137A000h Length: 000071A5h
DBNET6.NLM Debug Network IO Support
Version 1.45.02 March 16, 2006
Code Address: A5508000h Length: 0001B831h
Data Address: A5524000h Length: 000127B8h
IPMCFG.NLM Web Interface for IP Address Management
Version 1.01.16 October 22, 2005
Code Address: A54AC000h Length: 0000A479h
Data Address: A54B7000h Length: 0000B610h
NIRMAN.NLM TCPIP - NetWare Internetworking Remote Manager
Version 1.06.04 September 18, 2007
Code Address: A2492000h Length: 00060760h
Data Address: A542C000h Length: 00018FCAh
TCPSTATS.NLM Web Interface for Protocol Monitoring
Version 6.50.10 June 20, 2003
Code Address: A5412000h Length: 0000E5ECh
Data Address: A1318000h Length: 00005460h
HWDETECT.NLM Novell Hardware Insertion/Removal Detection
Version 1.19.05 February 20, 2003
Code Address: A53E2000h Length: 00002B33h
Data Address: A0F11000h Length: 00000D3Ch
IPPSRVR.NLM Novell iPrint Server
Version 4.02.02 June 16, 2010
Code Address: A39CF000h Length: 00017550h
Data Address: A39E7000h Length: 000081F8h
DPLSV386.NLM NetWare 6.x Distributed Print Library - DPLSV386
Version 1.15.03 April 16, 2010
Code Address: A2FF3000h Length: 000541E9h
Data Address: A39A8000h Length: 0000C724h
NIPPED.NLM NetWare 5.x, 6.x INF File Editing Library - NIPPED
Version 1.03.09 February 26, 2010
Code Address: A1571000h Length: 00005345h
Data Address: A398C000h Length: 0000016Ch
DPRPCNLM.NLM Novell NDPS RPC Library NLM
Version 3.00.17 October 10, 2006
Code Address: A1547000h Length: 00005324h
Data Address: A13DB000h Length: 00001F20h
MONITOR.NLM NetWare Console Monitor
Version 12.02.02 April 4, 2006
Code Address: A38FD000h Length: 00022BEFh
Data Address: A1312000h Length: 00005F15h
NWSNUT.NLM NetWare NLM Utility User Interface
Version 7.00.01 July 11, 2008
Code Address: A38CC000h Length: 000134EBh
Data Address: A38E1000h Length: 00000790h
ROTLOGS.NLM Apache 2.0.63 Log Rotation Utility for NetWare
Version 2.00.63 April 25, 2008
Code Address: A3200000h Length: 000009F9h
Data Address: A3201000h Length: 00000438h
ROTLOGS.NLM Apache 2.0.63 Log Rotation Utility for NetWare
Version 2.00.63 April 25, 2008
Code Address: A31E1000h Length: 000009F9h
Data Address: A31E2000h Length: 00000438h
REWRITE.NLM Apache 2.0.63 Rewrite Module
Version 2.00.63 April 25, 2008
Code Address: A15A1000h Length: 00006C99h
Data Address: A31DB000h Length: 00001EA8h
HEADERS.NLM Apache 2.0.63 Headers Module
Version 2.00.63 April 25, 2008
Code Address: A31BE000h Length: 00000E39h
Data Address: A31BF000h Length: 00000538h
EXPIRES.NLM Apache 2.0.63 Expires Module
Version 2.00.63 April 25, 2008
Code Address: A31BA000h Length: 00000B89h
Data Address: A31BB000h Length: 00000388h
MOD_IPP.NLM iPrint Module
Version 1.00.04 June 7, 2006
Code Address: A31B4000h Length: 00000B76h
Data Address: A31B5000h Length: 000004CCh
AUTHLDDN.NLM LdapDN Module
Version 1.00 November 9, 2005
Code Address: A31AF000h Length: 00001926h
Data Address: A31B1000h Length: 00000EC8h
UTILLDP2.NLM LdapDN Module
Version 1.00 November 9, 2005
Code Address: A1544000h Length: 00002A56h
Data Address: A3194000h Length: 00001E80h
JNET.NLM Java jnet (based on 1.4.2_18)
Version 1.43 October 16, 2008
Code Address: A153D000h Length: 0000653Eh
Data Address: A318E000h Length: 00001100h
MOD_JK.NLM Apache 2.0 plugin for Tomcat
Version 1.02.23 April 25, 2008
Code Address: A315B000h Length: 00025B33h
Data Address: A3181000h Length: 0000CDD0h
LIBGCC_S.NLM gcc runtime and intrinsics support
Version 3.04.03 April 29, 2005
Code Address: A13B5000h Length: 00004ABCh
Data Address: A1086000h Length: 00000A74h
AUTHLDAP.NLM Apache 2.0.63 LDAP Authentication Module
Version 2.00.63 April 25, 2008
Code Address: 9D909000h Length: 00001BB9h
Data Address: 9EC05000h Length: 000019D0h
UTILLDAP.NLM Apache 2.0.63 LDAP Authentication Module
Version 2.00.63 April 25, 2008
Code Address: A12A0000h Length: 000034A9h
Data Address: A12A4000h Length: 00002598h
TSAFS.NLM SMS - File System Agent for NetWare 6.X
Version 6.53.03 October 16, 2008
Code Address: A1467000h Length: 0005F9A2h
Data Address: A14C7000h Length: 0000D7B0h
SMDR.NLM SMS - Storage Data Requestor
Version 6.58.01 October 16, 2008
Code Address: A101B000h Length: 00047EF8h
Data Address: A1364000h Length: 0000D8E0h
SMSUT.NLM SMS - Utility Library for NetWare 6.X
Version 1.01.03 June 26, 2008
Code Address: A12CB000h Length: 00010201h
Data Address: A12DC000h Length: 00001DF0h
LLDAPX.NLM NetWare Extension APIs for LDAP SDK (LibC version)
Version 3.05.01 October 26, 2010
Code Address: A1297000h Length: 0000754Ch
Data Address: A129F000h Length: 00000F70h
LLDAPSSL.NLM NetWare SSL Library for LDAP SDK (LibC version)
Version 3.05.01 October 26, 2010
Code Address: A109B000h Length: 0009CD03h
Data Address: A1138000h Length: 0002FFD0h
APACHE2.NLM Apache Web Server 2.0.63
Version 2.00.63 April 25, 2008
Code Address: A0EBF000h Length: 00039D29h
Data Address: A0EF9000h Length: 00011A9Ch
APRLIB.NLM Apache Portability Runtime Library 0.9.17
Version 0.09.17 April 25, 2008
Code Address: A0E4E000h Length: 0002E688h
Data Address: A0E7D000h Length: 00008088h
SASL.NLM Simple Authentication and Security Layer 3.3.2.3 20091224
Version 33230912.24 December 24, 2009
Code Address: A0CA6000h Length: 00000C7Ch
Data Address: A0CA7000h Length: 00000160h
LBURP.NLM LDAP Bulkload Update/Replication Protocol service extension for Novell eDirectory 8.8.
Version 20504.02 May 24, 2010
Code Address: A0CA3000h Length: 0000111Ch
Data Address: A0CA5000h Length: 00000444h
LDAPXS.NLM (Clib version)
Version 3.05.01 October 26, 2010
Code Address: A0C9B000h Length: 000047F3h
Data Address: A0CA0000h Length: 000008FCh
NMASLDAP.NLM NMAS LDAP Extensions 3.3.2.3 20091224
Version 33230912.24 December 24, 2009
Code Address: A07EC000h Length: 00004E5Ch
Data Address: A0C6D000h Length: 000007D0h
SEG.NLM NetWare Memory Analyzer
Version 2.00.25 April 27, 2009
Code Address: A0C03000h Length: 00032CB4h
Data Address: A0C36000h Length: 0001C656h
AFREECON.NLM AdRem Free Remote Console (NCPE)
Version 6.00 February 28, 2006
Code Address: A0801000h Length: 00005A8Dh
Data Address: A0807000h Length: 00002490h
RCONAG6.NLM RConsole Agent for Netware
Version 6.11 November 20, 2007
Code Address: A0425000h Length: 00006C5Bh
Data Address: 9EEC0000h Length: 00003304h
SAS.NLM Secure Authentication Services
Version 1.75 March 13, 2004
Code Address: A0864000h Length: 00056640h
Data Address: A0B8B000h Length: 0001E890h
NLDAP.NLM LDAP Agent for Novell eDirectory 8.8 SP5
Version 20506.05 December 30, 2010
Code Address: A091C000h Length: 0008F8BBh
Data Address: A09AC000h Length: 00052D20h
PMPORTAL.NLM NetWare License Information Portal
Version 2.16 November 21, 2003
Code Address: 9FD18000h Length: 000071C9h
Data Address: 9FD20000h Length: 00004360h
NDSIMON.NLM NDS iMonitor 8.8.5 SP5
Version 20506.01 December 24, 2010
Code Address: A02D0000h Length: 00113D69h
Data Address: 9FC46000h Length: 00091E24h
LANGMANI.NLM Novell Cross-Platform Language Manager
Version 20504.01 May 24, 2010
Code Address: 9F92A000h Length: 000040F2h
Data Address: 9EC71000h Length: 00001084h
XI18N.NLM Novell Cross-Platform Internationalization Package
Version 10310.53 August 2, 2005
Code Address: A0ABE000h Length: 0001CA12h
Data Address: 9F753000h Length: 00007EC8h
PORTAL.NLM Novell Remote Manager NLM
Version 4.03 September 22, 2008
Code Address: A0540000h Length: 0010147Ch
Data Address: 9FBDC000h Length: 00069EA4h
NWIDK.NLM CDWare Volume Module
Version 3.01.01 September 19, 2003
Code Address: 9EF30000h Length: 00004640h
Data Address: 9EFF9000h Length: 00000730h
BTCPCOM.NLM BTCPCOM.NLM v7.90.000, Build 253
Version 7.90 July 9, 2003
Code Address: 9ED88000h Length: 00004450h
Data Address: 9EF96000h Length: 00000CECh
HTTPSTK.NLM Novell Small Http Interface
Version 4.03 September 4, 2008
Code Address: 9FFB3000h Length: 000317C6h
Data Address: 9FFE5000h Length: 00019C10h
WSPSSL.NLM NetWare Winsock Service 1.0 NLM for SSL
Version 6.26 December 4, 2007
Code Address: 9FEEF000h Length: 00008AFFh
Data Address: 9FEF8000h Length: 0001095Fh
NILE.NLM Novell N/Ties NLM ("") Release Build with symbols
Version 7.00.01 August 20, 2007
Code Address: 9EDC3000h Length: 00090A31h
Data Address: 9FE99000h Length: 00030C70h
PKI.NLM Novell Certificate Server
Version 3.33 April 16, 2009
Code Address: 9F79D000h Length: 0017C9E5h
Data Address: 9ECAA000h Length: 00092270h
PKIAPI.NLM Public Key Infrastructure Services
Version 2.23.10 November 20, 2004
Code Address: 9FE61000h Length: 00037721h
Data Address: 9ECA3000h Length: 00006A14h
NWUTIL.NLM Novell Utility Library NLM (_NW65[SP7]{""})
Version 3.00.02 August 20, 2007
Code Address: 9FE13000h Length: 0000EE40h
Data Address: 9FE22000h Length: 00023BD4h
NWBSRVCM.NLM NWBSRVCM.NLM v7.90.000, Build 230
Version 7.90 March 20, 2001
Code Address: 9EBB4000h Length: 00006776h
Data Address: 9FDCA000h Length: 00000AD0h
VOLSMS.NLM NSS Distributed Volume Manager (Build 212 MP)
Version 3.27.02 November 11, 2009
Code Address: 9FD48000h Length: 00018771h
Data Address: 9D8FD000h Length: 00001780h
VLRPC.NLM DFS Volume Location Database (VLDB) RPC interface (Build 212 MP)
Version 3.27.02 November 11, 2009
Code Address: 9EBA4000h Length: 00003383h
Data Address: 9FD45000h Length: 000002FDh
VMRPC.NLM DFS Volume Manager RPC interface (Build 212 MP)
Version 3.27.02 November 11, 2009
Code Address: 9EB83000h Length: 00003703h
Data Address: 9FD43000h Length: 000002FDh
JSTCP.NLM Jetstream TCP Transport Layer (Build 212 MP)
Version 3.27.02 November 11, 2009
Code Address: 9EDBD000h Length: 000050F0h
Data Address: 9FB0F000h Length: 000001E0h
JSMSG.NLM Jetstream Message Layer (Build 212 MP)
Version 3.27.02 November 11, 2009
Code Address: 9EDB6000h Length: 00006E80h
Data Address: 9FAF2000h Length: 00000220h
DFSLIB.NLM DFS Common Library (Build 212 MP)
Version 3.27.02 November 11, 2009
Code Address: 9F680000h Length: 000005C3h
Data Address: 9F681000h Length: 00000080h
NLSTRAP.NLM NetWare License Server Trap
Version 5.02 February 19, 2004
Code Address: 9E448000h Length: 0000298Ah
Data Address: 9F1F9000h Length: 00000695h
ZIP.NLM Java zip (based on 1.4.2_18)
Version 1.43 October 16, 2008
Code Address: 9F667000h Length: 0000ADCCh
Data Address: 9D972000h Length: 00001C90h
JVMLIB.NLM Java jvmlib (based on 1.4.2_18)
Version 1.43 October 16, 2008
Code Address: 9F62C000h Length: 00017134h
Data Address: 9F644000h Length: 00008670h
VERIFY.NLM Java verify (based on 1.4.2_18)
Version 1.43 October 16, 2008
Code Address: 9F5D5000h Length: 000087B4h
Data Address: 9D4B1000h Length: 00001BC0h
JVM.NLM Java Hotspot 1.4.2_18 Interpreter
Version 1.43 October 16, 2008
Code Address: 9F230000h Length: 00222FFFh
Data Address: 9F064000h Length: 00065A60h
LIBPERL.NLM Perl 5.8.4 - Script Interpreter and Library
Version 5.00.05 September 13, 2005
Code Address: 9F0EE000h Length: 000B3D60h
Data Address: 9F1A2000h Length: 0001ADE0h
IPMGMT.NLM TCPIP - NetWare IP Address Management
Version 1.03.01 May 29, 2007
Code Address: 9EA5B000h Length: 000307CDh
Data Address: 9EA8C000h Length: 0000D778h
JSOCK6X.NLM NetWare 6.x Support For Java Sockets (JDK 1.4.2)
Version 1.43 October 16, 2008
Code Address: 9EA47000h Length: 0000FDB1h
Data Address: 9EA57000h Length: 00002C44h
JAVA.NLM java.nlm (based on 1.4.2_18) Build 08101613
Version 1.43 October 16, 2008
Code Address: 9E99D000h Length: 000385DEh
Data Address: 9E9D6000h Length: 0003DD40h
JSOCK.NLM Support For Java Sockets (loader)
Version 1.43 October 16, 2008
Code Address: 9E97C000h Length: 00000086h
Data Address: 9E97D000h Length: 00000064h
CRLSM.NLM Challenge Response LSM v2.8.1.0
Version 2.08.01 October 28, 2008
Code Address: 9E926000h Length: 00021E46h
Data Address: 9E948000h Length: 00009456h
LCMCIFS2.NLM Windows Native File Access Login Methods (Build 83 SP)
Version 2.00.09 July 25, 2005
Code Address: 9E862000h Length: 0000E011h
Data Address: 9E871000h Length: 000016B0h
LSMCIFS2.NLM Windows Native File Access Login Methods (Build 94 SP)
Version 2.00.07 July 25, 2005
Code Address: 9E834000h Length: 0000F051h
Data Address: 9E844000h Length: 000017B0h
LSMAFP3.NLM Macintosh Native File Access Login Methods (Build 106 SP)
Version 2.00.11 January 3, 2005
Code Address: 9E80D000h Length: 0000F24Eh
Data Address: 9E81D000h Length: 000013C0h
NMASGPXY.NLM NMAS Generic Proxy 3.3.2.3 20091224
Version 33230912.24 December 24, 2009
Code Address: 9E7EA000h Length: 0000159Ch
Data Address: 9E7EC000h Length: 000000E0h
VMWTOOL.NLM VMware Tools
Version 1.01 May 24, 2010
Code Address: 9E795000h Length: 0001F9A0h
Data Address: 9E7B5000h Length: 00019A20h
PWDLCM.NLM Novell Simple Password Proxy LCM 2.8.2.1 20090422
Version 28210904.22 April 22, 2009
Code Address: 9E764000h Length: 0000E228h
Data Address: 9E773000h Length: 000014B0h
PWDLSM.NLM Novell Simple Password LSM 2.8.2.1 20090422
Version 28210904.22 April 22, 2009
Code Address: 9E720000h Length: 00010538h
Data Address: 9E731000h Length: 00001A60h
ACPISBD.NLM System Bus Driver for ACPI compliant systems
Version 1.05.16 January 16, 2007
Code Address: 9DA39000h Length: 00002BBAh
Data Address: 9E6F4000h Length: 000004E1h
NCM.NLM Novell Configuration Manager
Version 1.15.01 October 20, 2004
Code Address: 9E6ED000h Length: 000054CCh
Data Address: 9E6F3000h Length: 00000FB0h
LSMCIFS.NLM NMAS Login Server Module for CIFS - MS Windows File System for NetWare
Version 1.20 March 5, 2003
Code Address: 9E6A0000h Length: 0000EB2Ah
Data Address: 9E6AF000h Length: 00001610h
SLPTCP.NLM SERVICE LOCATION TCP/UDP INTERFACE (RFC2165/RFC2608)
Version 2.13 November 15, 2005
Code Address: 9DA32000h Length: 0000386Ah
Data Address: 9E60F000h Length: 0000108Ch
NSPDNS.NLM NetWare Winsock 2.0 NSPDNS.NLM Name Service Providers
Version 6.20.03 September 8, 2003
Code Address: 9DA36000h Length: 00002527h
Data Address: 9E604000h Length: 000004E4h
WSPIP.NLM NetWare Winsock Service 1.0 NLM for TCP and UDP
Version 6.24 December 4, 2007
Code Address: 9E4B3000h Length: 000124C4h
Data Address: 9DA2F000h Length: 0000287Ch
NCPIP.NLM NetWare NCP Services over IP
Version 6.02.01 September 30, 2008
Code Address: 9E41C000h Length: 000168E9h
Data Address: 9DA23000h Length: 00003540h
BSDSOCK.NLM Novell BSDSOCK Module (Domestic)
Version 6.92.02 December 23, 2009
Code Address: 9E38A000h Length: 00012099h
Data Address: 9E39D000h Length: 0000C0E0h
TCPIP.NLM Novell TCP/IP/IPSec Module (Domestic) NICI Enabled
Version 6.92.02 September 30, 2009
Code Address: 9D9A3000h Length: 00078AB4h
Data Address: 9D468000h Length: 000405F0h
TCP.NLM Novell TCP/IP Stack - Transport module (Domestic)
Version 6.92.05 December 23, 2009
Code Address: 9DB5A000h Length: 00025862h
Data Address: 9DB80000h Length: 00082F60h
NETLIB.NLM Novell TCPIP NETLIB Module
Version 6.50.22 February 12, 2003
Code Address: 9DA7C000h Length: 00005AACh
Data Address: 9DA82000h Length: 000D0710h
CSLIND.NLM TCPIP CSL INDEPENDENCE MODULE 7Dec99 7Dec99
Version 4.21 December 7, 1999
Code Address: 9D97D000h Length: 000003CCh
Data Address: 9D97E000h Length: 000024E0h
E1000.LAN Intel(R) PRO/1000 PCI/PCI-X Network Connections Driver
Version 8.24 December 22, 2005
Code Address: 9D84B000h Length: 00016B5Dh
Data Address: 006A7000h Length: 00009973h
ETHERTSM.NLM Novell Ethernet Topology Specific Module
Version 3.90 March 20, 2006
Code Address: 9D847000h Length: 000024CEh
Data Address: 9D84A000h Length: 000002BCh
MSM.NLM Novell Multi-Processor Media Support Module
Version 4.12 August 22, 2007
Code Address: 9D831000h Length: 0000E5B3h
Data Address: 9D840000h Length: 00003DFCh
LSAPI.NLM NLS LSAPI Library
Version 5.02 January 7, 2003
Code Address: 9D817000h Length: 0000A51Bh
Data Address: 9D822000h Length: 00001B00h
NLSAPI.NLM NLSAPI
Version 5.02 August 7, 2003
Code Address: 9D7EB000h Length: 000124DBh
Data Address: 9D740000h Length: 000022A4h
NLSLSP.NLM NLS - License Service Provider
Version 5.02 May 25, 2005
Code Address: 9D74E000h Length: 0006DF03h
Data Address: 9D7BC000h Length: 000205DCh
CSL.NLM NetWare Call Support Layer For NetWare
Version 2.06.02 January 13, 2000
Code Address: 9D71A000h Length: 0000CB32h
Data Address: 90203000h Length: 000028F4h
BTRIEVE.NLM BTRIEVE.NLM v7.90.000
Version 7.90 March 21, 2001
Code Address: 8FEF1000h Length: 000013BFh
Data Address: 8FEF3000h Length: 00000980h
NWMKDE.NLM NWMKDE.NLM v7.94.251.000
Version 7.94 December 11, 2001
Code Address: 8FCB5000h Length: 00053D55h
Data Address: 9D127000h Length: 0000F784h
NWENC103.NLM NWENC103.NLM v7.90.000 (Text Encoding Conversion Library)
Version 7.90 February 24, 2001
Code Address: 8FEA0000h Length: 0004D0F5h
Data Address: 9CF76000h Length: 001B0208h
NWAIF103.NLM nwaif103.nlm v7.94, Build 251 ()
Version 7.94 November 30, 2001
Code Address: 9CF5C000h Length: 00010E51h
Data Address: 8FC86000h Length: 00006828h
PSVCS.NLM Portability Services
Version 251.00 November 30, 2001
Code Address: 9CF25000h Length: 0001270Fh
Data Address: 9CF38000h Length: 00009464h
NWUCMGR.NLM NWUCMGR.NLM v1.5 Build 230
Version 1.05 March 14, 2001
Code Address: 9CEF5000h Length: 0000D920h
Data Address: 8FC49000h Length: 000078D4h
SPMDCLNT.NLM Novell SPM Client for DClient 3.3.2.3 20091224
Version 33230912.24 December 24, 2009
Code Address: 9CE6F000h Length: 000145E8h
Data Address: 8F9DB000h Length: 00001370h
NPKIAPI.NLM Public Key Infrastructure Services
Version 3.33 April 16, 2009
Code Address: 9CE17000h Length: 00038627h
Data Address: 9CE50000h Length: 0001E73Fh
LDAPSDK.NLM LDAP SDK Library (Clib version)
Version 3.05.02 October 26, 2010
Code Address: 9CDF5000h Length: 00021500h
Data Address: 8F4FE000h Length: 000065ADh
SNMP.NLM Netware 4.x/5.x/6.x SNMP Service
Version 4.18 July 25, 2006
Code Address: 9CDB2000h Length: 00013E90h
Data Address: 8F432000h Length: 00003220h
TLI.NLM NetWare Transport Level Interface Library
Version 4.30.02 December 19, 2000
Code Address: 8F423000h Length: 00003859h
Data Address: 8F427000h Length: 00000164h
Global Code Address: 8F428000h Length: 00001000h
Global Data Address: 8F429000h Length: 00002000h
DHOST.NLM Novell DHost Portability Interface 1.0.0 SMP
Version 10010.97 September 18, 2006
Code Address: 8F224000h Length: 00006621h
Data Address: 8F0CD000h Length: 0000234Ch
CONLOG.NLM System Console Logger
Version 3.01.02 August 8, 2006
Code Address: 8EF13000h Length: 0000243Ch
Data Address: 8EF16000h Length: 00001CE0h
NPKIT.NLM Public Key Infrastructure Services
Version 3.33 April 16, 2009
Code Address: 9028C000h Length: 0002E5BEh
Data Address: 902BB000h Length: 000166ABh
LLDAPSDK.NLM LDAP SDK Library (LibC version)
Version 3.05.02 October 26, 2010
Code Address: 90269000h Length: 00022600h
Data Address: 8EF0A000h Length: 000065C0h
NSPNDS.NLM NetWare Winsock 2.0 NSPNDS.NLM Name Service Provider
Version 6.20 November 12, 2001
Code Address: 896E7000h Length: 00006547h
Data Address: 88206000h Length: 00000518h
DS.NLM Novell eDirectory Version 8.8 SP5 SMP
Version 20506.07 March 18, 2011
Code Address: 8FF37000h Length: 002CBA43h
Data Address: 8F338000h Length: 0008D794h
ROLLCALL.NLM RollCall NLM (101, API 1.0)
Version 5.00 July 27, 1998
Code Address: 80133000h Length: 0000055Dh
Data Address: 88258000h Length: 000002D4h
NTLS.NLM NTLS 2.0.5.0 based on OpenSSL 0.9.7m
Version 20510.01 March 11, 2009
Code Address: 8F44B000h Length: 000A72C6h
Data Address: 8FEFD000h Length: 0003915Fh
DSLOG.NLM DS Log for Novell eDirectory 8.8.0
Version 20219.15 May 12, 2009
Code Address: 8EEFC000h Length: 00003CCFh
Data Address: 8966E000h Length: 0000B06Ch
SPMNWCC.NLM Novell SPM Client for NWCC 3.3.2.3 20091224
Version 33230912.24 December 24, 2009
Code Address: 8FA66000h Length: 00011688h
Data Address: 8FA78000h Length: 00001340h
NMAS.NLM Novell Modular Authentication Service 3.3.2.3 20091224
Version 33230912.24 December 24, 2009
Code Address: 8F1C9000h Length: 0005AB78h
Data Address: 8FA54000h Length: 0000D5A0h
GAMS.NLM Graded Authentication Management Service
Version 2.00.01 September 2, 2008
Code Address: 8FA44000h Length: 0000DFC7h
Data Address: 8FA52000h Length: 00001348h
NDSAUDIT.NLM Directory Services Audit
Version 2.09 May 22, 2003
Code Address: 8FA33000h Length: 00010844h
Data Address: 8EEF6000h Length: 00002ED0h
SAL.NLM Novell System Abstraction Layer Version 8.8.0
Version 20504.01 May 24, 2010
Code Address: 8F9FC000h Length: 000086E6h
Data Address: 8FA05000h Length: 00001554h
NICISDI.NLM Security Domain Infrastructure
Version 27610.01.01 March 30, 2009
Code Address: 8F9BD000h Length: 0000ADA2h
Data Address: 006A5000h Length: 00001320h
SASDFM.NLM SAS Data Flow Manager
Version 27610.01.01 March 30, 2009
Code Address: 8F9A0000h Length: 000040AEh
Data Address: 32D56000h Length: 00000980h
CALNLM32.NLM NetWare NWCalls Runtime Library
Version 6.01.03 August 26, 2008
Code Address: 8F971000h Length: 0001CEB9h
Data Address: 8F25F000h Length: 00000510h
POLIMGR.NLM NetWare License Policy Manager
Version 6.27 November 3, 2005
Code Address: 8F918000h Length: 00013F5Ch
Data Address: 8F92C000h Length: 00008E90h
TIMESYNC.NLM NetWare Time Synchronization Services
Version 6.61.01 October 14, 2005
Code Address: 8F8EF000h Length: 0000E13Ch
Data Address: 8F835000h Length: 00004240h
CLXNLM32.NLM NetWare NWCLX Runtime Library
Version 6.01.03 August 26, 2008
Code Address: 8F833000h Length: 000011F3h
Data Address: 8F245000h Length: 000001B0h
DSAPI.NLM NetWare NWNet Runtime Library
Version 6.00.04 January 27, 2006
Code Address: 8F243000h Length: 00000043h
Data Address: 8F244000h Length: 00000024h
DSEVENT.NLM NetWare DSEvent Runtime Library
Version 6.01.03 August 26, 2008
Code Address: 8F241000h Length: 00000633h
Data Address: 8F242000h Length: 00000034h
NETNLM32.NLM NetWare NWNet Runtime Library
Version 6.01.03 August 26, 2008
Code Address: 8F8B9000h Length: 00035B77h
Data Address: 8F82A000h Length: 00004DA5h
NCPNLM32.NLM NetWare NWNCP Runtime Library
Version 6.01.03 August 26, 2008
Code Address: 8F899000h Length: 0001F473h
Data Address: 00000000h Length: 00000000h
CLNNLM32.NLM NetWare NWClient Runtime Library
Version 6.01.03 August 26, 2008
Code Address: 8F824000h Length: 00001CC2h
Data Address: 8F240000h Length: 00000150h
CLIB.NLM (Legacy) Standard C Runtime Library for NLMs
Version 5.90.15 March 10, 2008
Code Address: 8F85B000h Length: 0001898Eh
Data Address: 8EEA4000h Length: 00002FB0h
NIT.NLM NetWare Interface Tools Library for NLMs
Version 5.90.15 March 10, 2008
Code Address: 8F83E000h Length: 0001C694h
Data Address: 8F23E000h Length: 00000690h
NLMLIB.NLM Novell NLM Runtime Library
Version 5.90.15 March 10, 2008
Code Address: 8F7F5000h Length: 000263EDh
Data Address: 8EE9D000h Length: 000038C0h
STREAMS.NLM NetWare STREAMS PTF
Version 6.00.06 May 4, 2005
Code Address: 8F7DA000h Length: 0001206Dh
Data Address: 8F7ED000h Length: 000010A0h
Global Code Address: 8F23D000h Length: 00001000h
REQUESTR.NLM Novell NCP Requestor for NLMs
Version 5.90.15 March 10, 2008
Code Address: 8F7A0000h Length: 00020DE3h
Data Address: 8F7C1000h Length: 000010D0h
THREADS.NLM Novell Threads Package for NLMs
Version 5.90.15 March 10, 2008
Code Address: 8F775000h Length: 00018CF8h
Data Address: 8F78E000h Length: 000116A0h
LIB0.NLM Novell Ring 0 Library for NLMs
Version 5.90.15 March 10, 2008
Code Address: 8F506000h Length: 000250EAh
Data Address: 8F52C000h Length: 00228070h
MASV.NLM Mandatory Access Control Service
Version 2.00.01 September 2, 2008
Code Address: 8F1B6000h Length: 00012386h
Data Address: 8EE91000h Length: 000023A0h
NSPSLP.NLM NetWare Winsock 2.0 NSPSLP.NLM Name Service Provider
Version 6.20.04 December 6, 2007
Code Address: 8F119000h Length: 00005ED3h
Data Address: 8F11F000h Length: 00000B30h
PMLODR.NLM PMLodr for NW65
Version 1.26 October 7, 2005
Code Address: 8F123000h Length: 0000E63Ah
Data Address: 8F132000h Length: 00001658h
SLP.NLM SERVICE LOCATION PROTOCOL (RFC2165/RFC2608)
Version 2.13 November 15, 2005
Code Address: 8F0EC000h Length: 0001A658h
Data Address: 8F107000h Length: 00005384h
CCS.NLM Controlled Cryptography Services from Novell, Inc.
Version 27610.01.01 March 30, 2009
Code Address: 8F081000h Length: 00019EE4h
Data Address: 006A2000h Length: 00002F90h
DSLOADER.NLM Novell eDirectory Version 8.8.5 Loader SMP
Version 20506.07 March 18, 2011
Code Address: 8F002000h Length: 0000CB1Ch
Data Address: 8F00F000h Length: 00001720h
XENGUSC.NLM NICI U.S./Worldwide XENG from Novell, Inc.
Version 27610.01.01 March 30, 2009
Code Address: 8EFEE000h Length: 00000058h
Data Address: 00000000h Length: 00000000h
XNGAUSC.NLM NICI U.S./Worldwide XMGR Assistant XENG from Novell, Inc.
Version 27610.01.01 March 30, 2009
Code Address: 8EFBB000h Length: 000153E4h
Data Address: 00098000h Length: 00004864h
XENGEXP.NLM NICI Import Restricted XENG from Novell, Inc.
Version 27610.01.01 March 30, 2009
Code Address: 8961D000h Length: 00050DD4h
Data Address: 0068D000h Length: 00014C3Ch
XENGNUL.NLM NICI NULL XENG from Novell, Inc.
Version 27610.01.01 March 30, 2009
Code Address: 8EFAE000h Length: 00001DC9h
Data Address: 32EC4000h Length: 00000860h
XMGR.NLM NICI XMGR from Novell, Inc.
Version 27610.01.01 March 30, 2009
Code Address: 8EE2D000h Length: 00025F01h
Data Address: 00682000h Length: 0000AA10h
XSUP.NLM NICI XSUP from Novell, Inc.
Version 27610.01.01 March 30, 2009
Code Address: 8EDB8000h Length: 00006EF2h
Data Address: 0065E000h Length: 00023170h
XIM.XLM Novell NICI Signed Loader
Version 27510.02.01 August 25, 2008
Code Address: 8ED56000h Length: 0002C680h
Data Address: 00656000h Length: 00007CE4h
WS2_32.NLM NetWare Winsock 2.0 NLM
Version 6.24.01 February 14, 2008
Code Address: 8E5C0000h Length: 00037F28h
Data Address: 8E5F8000h Length: 00011B84h
NCP.NLM NetWare Core Protocol (NCP) Engine
Version 5.61.01 September 30, 2008
Code Address: 8E577000h Length: 00026DEFh
Data Address: 8E59E000h Length: 00018B24h
QUEUE.NLM NetWare Queue Services NLM
Version 5.60 May 24, 2001
Code Address: 8E56E000h Length: 00006D8Dh
Data Address: 8E575000h Length: 00000473h
VDISK.NLM NetWare Virtual Disk
Version 1.00 November 30, 2004
Code Address: 8E52A000h Length: 00001FEEh
Data Address: 8E52D000h Length: 00001160h
NWTERMIO.NLM NetWare Terminal Emulation
Version 1.00 September 11, 2006
Code Address: 89DB8000h Length: 00007570h
Data Address: 89DC0000h Length: 00004560h
MALHLP.NLM NSS Configure help messages (Build 212 MP)
Version 3.27.02 November 11, 2009
Code Address: 89547000h Length: 000000BAh
Data Address: 89548000h Length: 0000002Ah
CDDVD.NSS NSS Loadable Storage System (LSS) for CD/UDF (Build 212 MP)
Version 3.27.02 November 11, 2009
Code Address: 89DC9000h Length: 00014B00h
Data Address: 89972000h Length: 00001050h
NSSIDK.NSS NSS Pool Configuration Manager (Build 212 MP)
Version 3.27.02 November 11, 2009
Code Address: 8943D000h Length: 000039C5h
Data Address: 89544000h Length: 00000090h
PARTAPI.NLM Partition APIs for NetWare 6.1
Version 2.00 April 17, 2002
Code Address: 89543000h Length: 00000007h
Data Address: 00000000h Length: 00000000h
VOLMN.NSS NSS Distributed Volume Manager (Build 212 MP)
Version 3.27.02 November 11, 2009
Code Address: 89D99000h Length: 0000A6A3h
Data Address: 8953C000h Length: 000005B0h
NWSA.NSS NSS NetWare Semantic Agent (NWSA) (Build 212 MP)
Version 3.27.02 November 11, 2009
Code Address: 898B3000h Length: 0004ADEEh
Data Address: 89CE6000h Length: 000A1390h
ZLSS.NSS NSS Journaled Storage System (ZLSS) (Build 212 MP)
Version 3.27.02 November 11, 2009
Code Address: 89C0C000h Length: 000CD166h
Data Address: 89CDA000h Length: 0000BE30h
MAL.NSS NSS Media Access Layer (MAL) (Build 212 MP)
Version 3.27.02 November 11, 2009
Code Address: 89439000h Length: 00003196h
Data Address: 89531000h Length: 00000170h
MANAGE.NSS NSS Management Functions (Build 212 MP)
Version 3.27.02 November 11, 2009
Code Address: 89914000h Length: 0004F275h
Data Address: 8952F000h Length: 00000C20h
COMN.NSS NSS Common Support Layer (COMN) (Build 212 MP)
Version 3.27.02 November 11, 2009
Code Address: 899F5000h Length: 000EF408h
Data Address: 89AE5000h Length: 00015E50h
NSS.NLM NSS (Novell Storage Services) (Build 212 MP)
Version 3.27.02 November 11, 2009
Code Address: 8978E000h Length: 00030420h
Data Address: 8949D000h Length: 00091830h
SYSLOG.NLM NetWare Logfile Daemon
Version 6.05.03 October 22, 2007
Code Address: 89417000h Length: 0000616Ah
Data Address: 89727000h Length: 00026140h
LIBNSS.NLM Generic Library used by NSS (Build 212 MP)
Version 3.27.02 November 11, 2009
Code Address: 89428000h Length: 0000464Ch
Data Address: 8949C000h Length: 000003D0h
NSSWIN.NLM NSS ASCI Window API Library (Build 212 MP)
Version 3.27.02 November 11, 2009
Code Address: 89423000h Length: 000047DCh
Data Address: 8949A000h Length: 000000FCh
LOCNLM32.NLM NetWare NWLocale Runtime Library
Version 6.00.04 November 29, 2005
Code Address: 89412000h Length: 000044BBh
Data Address: 89499000h Length: 00000B30h
UNICODE.NLM NetWare Unicode Runtime Library (UniLib-based) [optimized]
Version 7.00 October 26, 2004
Code Address: 89619000h Length: 000016F5h
Data Address: 89466000h Length: 00000504h
FILESYS.NLM NetWare File System NLM
Version 5.14 April 16, 2008
Code Address: 89567000h Length: 0008E4E7h
Data Address: 895F6000h Length: 00012C90h
LFS.NLM NetWare Logical File System NLM
Version 5.12 September 21, 2005
Code Address: 89481000h Length: 000098A2h
Data Address: 8948B000h Length: 000084BCh
CONNMGR.NLM NetWare Connection Manager NLM
Version 5.60.01 September 7, 2006
Code Address: 89443000h Length: 0001172Bh
Data Address: 89402000h Length: 00003CE8h
ACPIPWR.NLM ACPI Power Management Driver for ACPI compliant systems
Version 1.05.16 January 16, 2007
Code Address: 89421000h Length: 00000C9Ah
Data Address: 89422000h Length: 00000904h
ACPICMGR.NLM ACPI Component Manager for ACPI compliant systems
Version 1.05.16 January 16, 2007
Code Address: 89400000h Length: 00000A6Fh
Data Address: 89401000h Length: 000002F4h
LSIMPTNW.HAM LSI Corporation Common Architecture NWPA-HAM SAS/Fibre/SCSI Driver.
Version 5.03.01 January 23, 2008
Code Address: 89396000h Length: 00033686h
Data Address: 00A40000h Length: 0000787Eh
SCSIHD.CDM Novell NetWare SCSI Fixed Disk Custom Device Module
Version 3.03.10 May 30, 2008
Code Address: 89380000h Length: 00005523h
Data Address: 00A4B000h Length: 000017C0h
ACPIDRV.PSM ACPI Platform Support Module for ACPI compliant systems
Version 1.05.19 January 16, 2007
Code Address: 89339000h Length: 0000AD1Eh
Data Address: 00A4D000h Length: 0000C694h
ACPICA.NLM ACPI Component Architecture for ACPI compliant systems
Version 1.05.16 January 16, 2007
Code Address: 892BD000h Length: 0002BA90h
Data Address: 892E9000h Length: 00011C74h
ACPIASL.NLM ACPI Architecture Services Layer for ACPI compliant systems
Version 1.05.16 January 16, 2007
Code Address: 88DE1000h Length: 00000F9Bh
Data Address: 88DE2000h Length: 0000019Ch
CIOS.NLM Consolidated IO System
Version 1.60 February 12, 2008
Code Address: 89230000h Length: 00042C15h
Data Address: 31961000h Length: 00008B4Ah
LSL.NLM Novell NetWare Link Support Layer
Version 4.86 February 2, 2006
Code Address: 88DE4000h Length: 0000A7A7h
Data Address: 88DEF000h Length: 00009EC8h
NWPALOAD.NLM NetWare 5 NWPA Load Utility
Version 3.00 July 10, 2000
Code Address: 88D08000h Length: 00000007h
Data Address: 00000000h Length: 00000000h
NWPA.NLM NetWare 6.5 NetWare Peripheral Architecture NLM
Version 3.21.02 October 29, 2008
Code Address: 88CE5000h Length: 00016C82h
Data Address: 8823A000h Length: 00002A5Ch
MM.NLM ENG TEST - NetWare 6.5 Media Manager
Version 3.22.08 April 24, 2009
Code Address: 88D1A000h Length: 0004C524h
Data Address: 88C90000h Length: 0000B84Ch
SGUID.NLM NetWare GUID Services
Version 6.01 September 27, 2002
Code Address: 88C8E000h Length: 00000E04h
Data Address: 88C8F000h Length: 0000018Ah
NBI.NLM NetWare Bus Interface
Version 3.01.01 July 13, 2007
Code Address: 88C80000h Length: 0000D72Dh
Data Address: 88233000h Length: 00003D8Dh
NEB.NLM Novell Event Bus
Version 5.60 September 27, 2004
Code Address: 88CA6000h Length: 00005843h
Data Address: 88316000h Length: 0000097Ch
DIAG500.NLM Diagnostic/coredump utility for NetWare 6.x
Version 3.04.03 October 31, 2007
Code Address: 88C06000h Length: 00007FC0h
Data Address: 88C0F000h Length: 0001DF84h
CPUCHECK.NLM NetWare Processor Checking Utility
Version 5.60.01 December 6, 2007
Code Address: 88344000h Length: 00001B5Ch
Data Address: 88CAE000h Length: 00004B3Ch
NWKCFG.NLM NetWare Kernel Config NLM
Version 2.16 June 24, 2005
Code Address: 88228000h Length: 00003F4Fh
Data Address: 8822C000h Length: 00003CA4h
CDBE.NLM NetWare Configuration DB Engine
Version 6.01 September 21, 2006
Code Address: 88995000h Length: 000116E6h
Data Address: 889A7000h Length: 000161FAh
FATFS.NLM FAT Filesystem Module for NetWare
Version 1.24 August 27, 2007
Code Address: 8844F000h Length: 00020526h
Data Address: 88470000h Length: 0002B32Fh
LIBC.NLM Standard C Runtime Library for NLMs [optimized, 7]
Version 9.00.05 October 3, 2008
Code Address: 8834B000h Length: 000D0CD6h
Data Address: 80140000h Length: 000415E0h
PVER500.NLM NetWare 6.XX Version Library
Version 3.00 February 1, 2007
Code Address: 80135000h Length: 00000837h
Data Address: 80136000h Length: 000003DCh
SERVER.NLM NetWare Server Operating System
Version 5.70.08 October 3, 2008
Code Address: 00201020h Length: 0016A000h
Data Address: 00401020h Length: 00216FE0h
Memory at EAX
Invalid dump address
Memory at EBX
Invalid dump address
Memory at ECX
Invalid dump address
Memory at EDX
00090009 46656572 46656572-46656572 46656572 Feer Feer Feer Feer
00090019 46656572 46656572-46656572 46656572 Feer Feer Feer Feer
00090029 46656572 46656572-46656572 46656572 Feer Feer Feer Feer
00090039 46656572 46656572-46656572 46656572 Feer Feer Feer Feer
00090049 46656572 46656572-46656572 46656572 Feer Feer Feer Feer
00090059 46656572 46656572-46656572 46656572 Feer Feer Feer Feer
00090069 46656572 46656572-46656572 46656572 Feer Feer Feer Feer
00090079 46656572 46656572-46656572 46656572 Feer Feer Feer Feer
00090089 46656572 46656572-46656572 46656572 Feer Feer Feer Feer
00090099 46656572 46656572-46656572 46656572 Feer Feer Feer Feer
000900A9 46656572 46656572-46656572 46656572 Feer Feer Feer Feer
000900B9 46656572 46656572-46656572 46656572 Feer Feer Feer Feer
000900C9 46656572 46656572-46656572 46656572 Feer Feer Feer Feer
000900D9 46656572 46656572-46656572 46656572 Feer Feer Feer Feer
000900E9 46656572 46656572-46656572 46656572 Feer Feer Feer Feer
000900F9 46656572 46656572-46656572 46656572 Feer Feer Feer Feer
Memory at ESI
Invalid dump address
Memory at EDI
A00D19D8 A52305C0 A52305C0-00000000 00000000 %#.@ %#.@ .... ....
A00D19E8 00000000 00000000-00000000 00000000 .... .... .... ....
A00D19F8 00000000 00000000-72687470 20646165 .... .... rhtp dae
A00D1A08 6574756D 00000078-00000000 00000000 etum ...x .... ....
A00D1A18 00000000 00000000-00000000 00000000 .... .... .... ....
A00D1A28 00000000 00000000-00000000 00000000 .... .... .... ....
A00D1A38 00000000 00000000-893CA160 A00D1B04 .... .... .<!` ...
A00D1A48 A00D1984 0000008F-00000001 00000000 ... .... .... ....
A00D1A58 00000000 00000000-00000000 00000000 .... .... .... ....
A00D1A68 00000000 00000000-00000000 00000000 .... .... .... ....
A00D1A78 00000000 34343434-1515071E 00000000 .... 4444 .... ....
A00D1A88 A52305C0 00000000-000052E6 00000000 %#.@ .... ..Rf ....
A00D1A98 00000000 A00D1A98-00000000 00000000 .... ... .... ....
A00D1AA8 00000000 00000000-00000000 00000000 .... .... .... ....
A00D1AB8 00000000 00000000-72687470 20646165 .... .... rhtp dae
A00D1AC8 6574756D 00000078-00000000 00000000 etum ...x .... ....
Memory at EBP
FBF138DB 6E72654B 64206C65-63657465 20646574 nreK d le cete det
FBF138EB 61206E61 6D657474-64657470 6E6F6320 a na mett detp noc
FBF138FB 74786574 69777320-20686374 61206E69 txet iws hct a ni
FBF1390B 504D206E 6146204B-57207473 002E4454 PM n aF K W ts ..DT
FBF1391B 616E550A 20656C62-61206F74 636F6C6C anU. elb a ot coll
FBF1392B 20657461 6F6D656D-66207972 6420726F eta omem f yr d ro
FBF1393B 20617461 65657274-0A000A73 61766E49 ata eert ...s avnI
FBF1394B 2064696C 6E616853-206E6F6E 6146202D dil nahS non aF -
FBF1395B 54206F6E 0A656572-65520A00 70206461 T on .eer eR.. p da
FBF1396B 20747361 20646E65-7220666F 20646165 tsa dne r fo dae
FBF1397B 66667562 000A7265-7272450A 2520726F ffub ..re rrE. % ro
FBF1398B 65722064 6E696461-6F732067 65637275 er d nida os g ecru
FBF1399B 6C696620 43000A65-00344D4F 434F4C43 lif C..e .4MO COLC
FBF139AB 4C00244B 2044414F-6F72705B 74636574 L.$K DAO orp[ tcet
FBF139BB 5D6E6F69 61705B20-6C5D6874 6164616F ]noi ap[ l]ht adao
FBF139CB 5F656C62 75646F6D-5B20656C 61726170 _elb udom [ el arap
Memory at ESP
8FD9DE9C FBF138DB A00D19E0-00000006 A00D19C0 {q8[ ..` .... ..@
8FD9DEAC 002186BC 00000001-A00D19E0 A00D19D8 .!.< .... ..` ..X
8FD9DEBC 00000006 A00D19C0-002064BC A00D19E4 .... ..@ . d< ..d
8FD9DECC A00D1A40 8FD9DEF0-00000000 04B4E504 ..@ .Y^p .... .4e.
8FD9DEDC 9D96379C 883E6AC9-A00D19C0 04B4E504 ..7. .>jI ..@ .4e.
8FD9DEEC 00000006 8FD9DEFC-9EDD3AF1 9D96379C .... .Y^| .]:q ..7.
8FD9DEFC 8FD9DF20 9EDE3ABF-00000009 00000009 .Y_ .^:? .... ....
8FD9DF0C 9FE9C114 000000F6-9FEC9448 8FD9DF24 .iA. ...v .l.H .Y_$
8FD9DF1C 04B4E504 8FD9DF48-9EDE3B44 00000009 .4e. .Y_H .^;D ....
8FD9DF2C 00000009 9FE9C114-000000F6 00000000 .... .iA. ...v ....
8FD9DF3C 9FEC9448 04B4E504-00000006 8FD9DF70 .l.H .4e. .... .Y_p
8FD9DF4C 9EDE00AF 04B6E43C-FFFFFFFF 00000009 .^./ .6d< .... ....
8FD9DF5C 9FE9C114 000000F6-9FEC9448 04B4E504 .iA. ...v .l.H .4e.
8FD9DF6C 04B4E504 8FD9DF80-9EDE7A81 04B6E404 .4e. .Y_. .^z. .6d.
8FD9DF7C 00000002 8FD9DF94-9EDE7A2A 046B3A84 .... .Y_. .^z* .k:.
8FD9DF8C 9EDF8F2C 00000000-8FD9DFA8 9EDF3660 ._., .... .Y_( ._6`
Stack Walk
Current EIP: 0021AB7A SERVER.NLM|ProcessSchedulerAbendTriggers+82
Stack Contents
8FD9DEAC 002186BC SERVER.NLM|SchedSwitch+48
8FD9DEB0 00000001
8FD9DEC4 002064BC SERVER.NLM|kMutexLock+1AC
8FD9DEE0 883E6AC9 LIBC.NLM|pthread_mutex_lock+A9
8FD9DEF4 9EDD3AF1 NILE.NLM|SSL_library_init+26C
8FD9DEF8 9D96379C A00D19C0 4E8B2056 20500124 8B244811 @.. V .N$.P .H$.
8FD9DEFC 8FD9DF20 8FD9DF48 9EDE3B44 00000009 00000009 H_Y.D;^.........
8FD9DF00 9EDE3ABF NILE.NLM|CRYPTO_lock+8F
8FD9DF04 00000009
8FD9DF08 00000009
8FD9DF0C 9FE9C114 5F617372 2E62696C 00000063 5F617372 rsa_lib.c...rsa_
8FD9DF10 000000F6
8FD9DF24 9EDE3B44 NILE.NLM|CRYPTO_add_lock+5A
8FD9DF28 00000009
8FD9DF2C 00000009
8FD9DF30 9FE9C114 5F617372 2E62696C 00000063 5F617372 rsa_lib.c...rsa_
8FD9DF34 000000F6
8FD9DF4C 9EDE00AF NILE.NLM|RSA_free+2E
8FD9DF50 04B6E43C 00000001 00000006 00000000 00000000 ................
8FD9DF54 FFFFFFFF
8FD9DF58 00000009
8FD9DF5C 9FE9C114 5F617372 2E62696C 00000063 5F617372 rsa_lib.c...rsa_
8FD9DF60 000000F6
8FD9DF74 9EDE7A81 NILE.NLM|EVP_PKEY_free+97
8FD9DF78 04B6E404 00000000 00000000 9FEAF3AC 00000008 ........,sj.....
8FD9DF7C 00000002
8FD9DF84 9EDE7A2A NILE.NLM|EVP_PKEY_free+40
8FD9DF88 046B3A84 00000006 00000006 00000000 04B6E404 .............d6.
8FD9DF8C 9EDF8F2C C90CC483 55C3C9C3 5653E589 8310EC83 .D.ICICU.eSV.l..
8FD9DF98 9EDF3660 NILE.NLM|PKCS7_DIGEST_free+35
8FD9DF9C 046B3A84 00000006 00000006 00000000 04B6E404 .............d6.
8FD9DFA0 9FEA2C70 00000001 00000010 9FEA2C3C 00000002 ........<,j.....
8FD9DFAC 9EDF8E7A NILE.NLM|ASN1_item_ex_free+2A6
8FD9DFB0 00000003
8FD9DFB4 009052DC 047E85C4 00000000 00000000 00000000 D.~.............
8FD9DFB8 9FEA2C70 00000001 00000010 9FEA2C3C 00000002 ........<,j.....
8FD9DFF0 9EDF8F2C NILE.NLM|ASN1_template_free+8A
8FD9DFF4 009052DC 047E85C4 00000000 00000000 00000000 D.~.............
8FD9DFF8 9FEA2C70 00000001 00000010 9FEA2C3C 00000002 ........<,j.....
8FD9DFFC 00000000
8FD9E014 9EDF8E55 NILE.NLM|ASN1_item_ex_free+281
8FD9E018 009052DC 047E85C4 00000000 00000000 00000000 D.~.............
8FD9E01C 9FE9B6C4 00000000 00000000 00000018 9FE9B627 ............'6i.
8FD9E020 0000000A
8FD9E054 9EDF8F2C NILE.NLM|ASN1_template_free+8A
8FD9E058 04622844 009052C4 00000000 00000000 00000000 DR..............
8FD9E05C 9FE9B720 00000001 00000010 9FE9B64C 0000000A ........L6i.....
8FD9E060 00000000
8FD9E078 9EDF8E55 NILE.NLM|ASN1_item_ex_free+281
8FD9E07C 04622844 009052C4 00000000 00000000 00000000 DR..............
8FD9E080 9FE9B768 00000000 00000000 00000000 9FE9B754 ............T7i.
8FD9E084 0000000A
8FD9E0B8 9EDF8BCD NILE.NLM|ASN1_item_free+11
8FD9E0BC 8FD9E0D0 04622844 9FE9B7AC 8FD9E0F0 9EDD8B5E D(b.,7i.p`Y.^.].
8FD9E0C0 9FE9B7AC 00000001 00000010 9FE9B768 00000003 ........h7i.....
8FD9E0C4 00000000
8FD9E0CC 9EDD7D2F NILE.NLM|X509_free+10
8FD9E0D0 04622844 009052C4 00000000 00000000 00000000 DR..............
8FD9E0D4 9FE9B7AC 00000001 00000010 9FE9B768 00000003 ........h7i.....
8FD9E0D8 8FD9E0F0 8FD9E104 9EDD09AF 046F6964 55325B84 .aY./.].dio..[2U
8FD9E0DC 9EDD8B5E NILE.NLM|ssl_cert_free+8E
8FD9E0E0 04622844 009052C4 00000000 00000000 00000000 DR..............
8FD9E0E4 8FD9E0F0 8FD9E104 9EDD09AF 046F6964 55325B84 .aY./.].dio..[2U
8FD9E0F4 9EDD09AF NILE.NLM|SSL_CTX_free+D1
8FD9E0F8 046F6964 046F6984 00000000 00000000 00000000 .io.............
8FD9E0FC 55325B84 00000020 00908E64 9EDC3710 00000000 ...d....7\.....
8FD9E108 9EDC4825 NILE.NLM|SSLDeRegister+A5
8FD9E10C 04B4E504 9FEC9398 04B623A4 04B57784 04632484 ..l.$#6..w5..$c.
8FD9E118 9FEF5542 WSPSSL.NLM|WSPSSL_deleteSktProc+1D2
8FD9E11C 04B4E504 9FEC9398 04B623A4 04B57784 04632484 ..l.$#6..w5..$c.
8FD9E134 9FEEFE5A WSPSSL.NLM|SSLMapSessnReleaseWTD+EE
8FD9E138 9EBBE8A0 00000000 8E7792A0 00000080 0000000A .... .w.........
8FD9E154 9FEEFD8D WSPSSL.NLM|SSLMapSessnReleaseWTD+21
8FD9E158 8E7792A0 9FEF83CC 9FEF8430 00000001 00000000 L.o.0.o.........
8FD9E164 00361298 SERVER.NLM|kDoFastWorkToDo+28
8FD9E168 9FD2D020 00000000 9FEEFD6C 9FD74C00 00000000 ....l}n..LW.....
8FD9E184 0022476C SERVER.NLM|kWorkToDoCheckAllRunFast+A4
8FD9E19C 00224EE8 SERVER.NLM|MpkSystemWork+68
8FD9E1A8 002181C4 SERVER.NLM|SchedThreadYield+340
8FD9E1BC 003615F1 SERVER.NLM|TimerInterruptHandlerBackEnd+9A
8FD9E260 00000000
EIP invalid.
Novell Open Enterprise Server, NetWare 6.5
PVER: 6.50.08
Server N05 halted Wednesday, November 23, 2011 10:35:58.629 am
Abend 1 on P00: Server-5.70.08-1315: Kernel detected an attempted context switch in an MPK Fast WTD.
Registers:
CS = 0008 DS = 0010 ES = 0010 FS = 0010 GS = 0023 SS = 0010
EAX = 00000000 EBX = 00000001 ECX = 00000000 EDX = 00090009
ESI = 00000006 EDI = 9FE40018 EBP = FBF138DB ESP = A4930264
EIP = 002231BA FLAGS = 00000002
002231BA 83C404 ADD ESP, 00000004
EIP in SERVER.NLM at code start +00019B5Ah
The violation occurred while processing the following instruction:
002231BA 83C404 ADD ESP, 00000004
002231BD 833D14D0030000 CMP [SERVER.NLM|SleepNotAllowedUseCount]=00000001
, 00000000
002231C4 7482 JZ 00223148
002231C6 833DACC1030000 CMP [0003C1AC]=00000000, 00000000
002231CD 0F84D5000000 JZ 002232A8
002231D3 85DB TEST EBX, EBX
002231D5 0F84BA000000 JZ 00223295
002231DB 8B1DE843F0FB MOV EBX, [FBF043E8]=FBF24D68
002231E1 53 PUSH EBX
002231E2 E8AF38EFFF CALL LOADER.NLM|Abend
Running process: Apache_Worker 66 Process
Thread Owned by NLM: APACHE2.NLM
Stack pointer: A4931E20
OS Stack limit: A4922FC0
CPU 0 (Thread A4921600) is in a NO SLEEP state
Scheduling priority: 67371008
Wait state: 5050010 Blocked on a Mutex
Stack: --FBF138DB ?
--9FE40020 ?
--00000006 (LOADER.NLM|KernelAddressSpace+6)
--9FE40000 ?
00220CFC (SERVER.NLM|SchedSwitch+48)
--00000001 (LOADER.NLM|KernelAddressSpace+1)
--9FE40020 ?
--9FE40018 ?
--00000006 (LOADER.NLM|KernelAddressSpace+6)
--9FE40000 ?
0020EAFC (SERVER.NLM|kMutexLock+1AC)
--9FE40024 ?
--9FE40080 ?
--A49302B8 ?
--00000000 (LOADER.NLM|KernelAddressSpace+0)
--04719004 ?
--9D9A589C ?
883E6AC9 (LIBC.NLM|pthread_mutex_lock+A9)
--9FE40000 ?
--04719004 ?
--00000006 (LOADER.NLM|KernelAddressSpace+6)
--A49302C4 ?
9F92FAF1 (NILE.NLM|SSL_library_init+26C)
--9D9A589C ?
--A49302E8 ?
9F93FABF (NILE.NLM|CRYPTO_lock+8F)
--00000009 (LOADER.NLM|KernelAddressSpace+9)
--00000009 (LOADER.NLM|KernelAddressSpace+9)
-A007C114 (NILE.NLM|RSA_version+28)
--000000F6 (LOADER.NLM|KernelAddressSpace+F6)
-A00A9448 (NILE.NLM|serverPostFix+1968)
--A49302EC ?
--04719004 ?
--A4930310 ?
9F93FB44 (NILE.NLM|CRYPTO_add_lock+5A)
--00000009 (LOADER.NLM|KernelAddressSpace+9)
--00000009 (LOADER.NLM|KernelAddressSpace+9)
-A007C114 (NILE.NLM|RSA_version+28)
--000000F6 (LOADER.NLM|KernelAddressSpace+F6)
--00000000 (LOADER.NLM|KernelAddressSpace+0)
-A00A9448 (NILE.NLM|serverPostFix+1968)
--04719004 ?
--00000006 (LOADER.NLM|KernelAddressSpace+6)
--A4930338 ?
9F93C0AF (NILE.NLM|RSA_free+2E)
--046F21BC ?
--FFFFFFFF ?
--00000009 (LOADER.NLM|KernelAddressSpace+9)
-A007C114 (NILE.NLM|RSA_version+28)
--000000F6 (LOADER.NLM|KernelAddressSpace+F6)
-A00A9448 (NILE.NLM|serverPostFix+1968)
--04719004 ?
--04719004 ?
--A4930348 ?
9F943A81 (NILE.NLM|EVP_PKEY_free+97)
--046F2184 ?
--00000002 (LOADER.NLM|KernelAddressSpace+2)
--A493035C ?
9F943A2A (NILE.NLM|EVP_PKEY_free+40)
--04790FC4 ?
9F954F2C (NILE.NLM|ASN1_template_free+8A)
--00000000 (LOADER.NLM|KernelAddressSpace+0)
--A4930370 ?
9F94F660 (NILE.NLM|PKCS7_DIGEST_free+35)
--04790FC4 ?
-A0082C70 (NILE.NLM|X509_PUBKEY_it+0)
--047571A4 ?
--A49303B4 ?
9F954E7A (NILE.NLM|ASN1_item_ex_free+2A6)
--00000003 (LOADER.NLM|KernelAddressSpace+3)
--046C809C ?
-A0082C70 (NILE.NLM|X509_PUBKEY_it+0)
--9FD8FB40 ?
-A0082C28 (NILE.NLM|PKCS7_ATTR_VERIFY_it+34)
-A0082C3C (NILE.NLM|PKCS7_ATTR_VERIFY_it+48)
--9FD8FB40 ?
--A49303B0 ?
-A0082C10 (NILE.NLM|PKCS7_ATTR_VERIFY_it+1C)
9F94F641 (NILE.NLM|PKCS7_DIGEST_free+16)
--00000002 (LOADER.NLM|KernelAddressSpace+2)
--04772F24 ?
--047571A4 ?
--04719004 ?
--00000003 (LOADER.NLM|KernelAddressSpace+3)
--A49303D8 ?
9F954F2C (NILE.NLM|ASN1_template_free+8A)
--046C809C ?
-A0082C70 (NILE.NLM|X509_PUBKEY_it+0)
--00000000 (LOADER.NLM|KernelAddressSpace+0)
--04748004 ?
--00000005 (LOADER.NLM|KernelAddressSpace+5)
--046C809C ?
--00000003 (LOADER.NLM|KernelAddressSpace+3)
--A4930418 ?
9F954E55 (NILE.NLM|ASN1_item_exMaybe Hamish Speirs can explain it - it was his post in another thread that gave me the idea and commands to try (see http://forums.novell.com/forums/nove...r-10038-a.html).
We had a confluence of changes at the beginning of the semester (Sept) that no doubt helped contribute to the problem and yet also mask the real cause to a certain extent.
1. The Thawte cert expired and was replaced with a new cert - Thawte does not support doing renewals on NetWare. This happened around the start of Sept.
2. School semester begins. Thousands of students return.
3. We use Pcounter for pay-for-print and it uses httpstk to provide a webpage for students to authorize print jobs.
4. Printing activity in general goes way up.
5. All printers are Secure.
6. Apache, iPrint and httpstk all use the same Thawte certificate
7. The print server was also hosting the netstorage service which also uses the Thawte cert (via apache).
8. The print server was recently (August) virtualized (via p2v using the excellent Portlock Storage Manager)
Eventually I built a new NetWare vm to host print services and got a new cert so at least the netstorage and print services were no longer running together. I suspected at that point that the likely source of the abends was NetStorage since Nile and SSL were almost always involved in the abends.
After the separation the issues continued - so it wasn't netstorage's fault. Desparate searching of the 'net lead to H.'s post. The rest is history!
It has now been 9 days up uptime without a single nile/ssl related abend ( I had one abend in pcounter but services survived).
Ron
"Seasoned Greasings and Happy New Rear!" -
Problem in Authenticating Clients using SSL certificates in EP 7.0
Hi all,
Our team is configuring client authentication using ssl certificates to Enterprise Portal 7.0. We have exhausted our search on SDN and have also brought SAP on board to resolve this issue.
We have completed our configuration as defined in following links
http://help.sap.com/saphelp_nw04/helpdata/en/8a/8bc061dcf64638aa695f250ce7ca78/content.htm
http://help.sap.com/saphelp_nw2004s/helpdata/en/b0/881e3e3986f701e10000000a114084/content.htm
and SAP note 583439.
But once a client types in the portal URL a message is shown that your certificate will be mapped to your user. Although we have manually mapped our certificate to a particular user but every time it asks for user ID and password.
So in short it dosent authenticate users on their certicates.
Following are snaps that I have taken from my default logs.
Latest snap.
Date , Time , Message , Severity , Category , Location , Application , User
02/27/2007 , 15:14:28:296 , ssl_debug(74): Closing transport... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:28:296 , ssl_debug(74): Closing transport... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:28:296 , ssl_debug(74): Closing transport... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:28:281 , ssl_debug(74): Wrote 147 bytes in 1 records, 126 bytes net, 126 average. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:28:281 , ssl_debug(74): Read 672 bytes in 1 records, 651 bytes net, 651 average. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:28:281 , ssl_debug(74): Sending alert: Alert Warning: close notify , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:28:281 , ssl_debug(74): Shutting down SSL layer... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:28:281 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:28:281 , ssl_debug(73): Closing transport... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:28:281 , ssl_debug(73): Closing transport... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:28:281 , ssl_debug(73): Closing transport... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:28:281 , ssl_debug(73): Wrote 9523 bytes in 24 records, 9019 bytes net, 375 average. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:28:281 , ssl_debug(73): Read 11234 bytes in 21 records, 10793 bytes net, 513 average. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:28:281 , ssl_debug(73): Sending alert: Alert Warning: close notify , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:28:281 , ssl_debug(73): Shutting down SSL layer... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:28:250 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:27:953 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:27:921 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:27:624 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:27:593 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:27:296 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:27:265 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:26:952 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:26:921 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:26:624 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:26:593 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:26:296 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:26:264 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:25:967 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:25:936 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:25:623 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:25:592 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:25:295 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:25:264 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:24:967 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:24:936 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:24:639 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:24:607 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:24:295 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:24:264 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:23:967 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:23:935 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:23:638 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:23:607 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:23:310 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:23:279 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:22:966 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:22:935 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:22:638 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:22:607 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:22:310 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:22:278 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:21:981 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:21:950 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:21:637 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:21:606 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:21:309 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:21:278 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:20:981 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:20:950 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:20:653 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:20:621 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:20:309 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:20:278 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:19:981 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:19:949 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:19:652 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:19:621 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:19:324 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:19:293 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:18:980 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:18:949 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:18:652 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:18:621 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:18:324 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:18:292 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:17:995 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:17:964 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:17:652 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:17:620 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:17:323 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:17:292 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:16:995 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:16:964 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:16:667 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:16:635 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:16:323 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:16:292 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:15:995 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:15:963 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:15:666 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:15:635 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:15:322 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:15:291 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:14:979 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:14:963 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:14:635 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:14:619 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:14:291 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:14:275 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:13:947 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:13:931 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:13:603 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:13:587 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:13:259 , ssl_debug(74): Read 153 bytes in 3 records, wrote 130 bytes in 3 records. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:13:259 , ssl_debug(74): Handshake completed, statistics: , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:13:259 , ssl_debug(74): Session added to session cache. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:13:259 , ssl_debug(74): Received finished message. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:13:259 , ssl_debug(74): Received change_cipher_spec message. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:13:259 , ssl_debug(74): Sending finished message... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:13:259 , ssl_debug(74): Sending change_cipher_spec message... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:13:243 , ssl_debug(74): Selecting CompressionMethod: NULL , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:13:243 , ssl_debug(74): Selecting CipherSuite: SSL_RSA_WITH_RC4_128_MD5 , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:13:243 , ssl_debug(74): Sending server_hello handshake message. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:13:243 , ssl_debug(74): Resuming previous session... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:13:243 , ssl_debug(74): Client is trying to resume session 79:5C:C5:27:04:EB:FC:68... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:13:243 , ssl_debug(74): Client requested SSL version 3.0, selecting version 3.0. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:13:243 , ssl_debug(74): Received v3 client_hello handshake message. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:13:243 , ssl_debug(74): Starting handshake (iSaSiLk 3.06)... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:12:462 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:12:118 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:11:774 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:11:446 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:11:102 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:10:758 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:10:414 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:10:086 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:09:742 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:09:398 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:09:054 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:08:726 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:08:382 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:08:038 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:07:694 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:07:366 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:07:022 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:06:678 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:06:334 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:06:006 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:05:662 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:05:318 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:04:834 , ssl_debug(73): Read 153 bytes in 3 records, wrote 130 bytes in 3 records. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:04:834 , ssl_debug(73): Handshake completed, statistics: , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:04:834 , ssl_debug(73): Session added to session cache. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:04:834 , ssl_debug(73): Received finished message. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:04:834 , ssl_debug(73): Received change_cipher_spec message. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:04:834 , ssl_debug(73): Sending finished message... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:04:834 , ssl_debug(73): Sending change_cipher_spec message... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:04:834 , ssl_debug(73): Selecting CompressionMethod: NULL , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:04:834 , ssl_debug(73): Selecting CipherSuite: SSL_RSA_WITH_RC4_128_MD5 , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:04:834 , ssl_debug(73): Sending server_hello handshake message. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:04:834 , ssl_debug(73): Resuming previous session... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:04:834 , ssl_debug(73): Client is trying to resume session 79:5C:C5:27:04:EB:FC:68... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:04:834 , ssl_debug(73): Client requested SSL version 3.0, selecting version 3.0. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:04:834 , ssl_debug(73): Received v3 client_hello handshake message. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:04:834 , ssl_debug(73): Starting handshake (iSaSiLk 3.06)... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:286 , ssl_debug(72): Closing transport... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:286 , ssl_debug(72): Closing transport... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:286 , ssl_debug(72): Closing transport... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:286 , ssl_debug(72): Wrote 0 bytes in 0 records, 0 bytes net, 0 average. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:286 , ssl_debug(72): Read 0 bytes in 0 records, 0 bytes net, 0 average. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:286 , ssl_debug(72): Shutting down SSL layer... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:286 , ssl_debug(72): Exception reading SSL message: java.io.EOFException: Connection closed by remote host. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:239 , ssl_debug(72): Read 943 bytes in 3 records, wrote 861 bytes in 3 records. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:239 , ssl_debug(72): Handshake completed, statistics: , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:239 , ssl_debug(72): Session added to session cache. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:239 , ssl_debug(72): Sending finished message... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:239 , ssl_debug(72): Sending change_cipher_spec message... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:239 , ssl_debug(72): Received finished message. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:239 , ssl_debug(72): Received change_cipher_spec message. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:239 , Exiting method , Path , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:239 , oid: OBJECT ID = SubjectKeyIdentifier , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:239 , Certificate: Version: 3
Serial number: 4123385933
Signature algorithm: md5WithRSAEncryption (1.2.840.113549.1.1.4)
Issuer: CN=usmdlsdowa123.dow.com,OU=JV,O=Dow,L=Midland,C=US
Valid not before: Tue Feb 20 09:17:00 EST 2007
not after: Wed Feb 20 09:17:00 EST 2008
Subject: CN=nai2626,OU=J V,O=DOW,L=Midland,ST=MI,C=US
RSA public key (1024 bits):
public exponent: 10001
modulus: c1f13eb65d6d1f934c6504427dedfd963284979fd61e5d64ac8de1c647f85085f84e173d3bee65837aa97030ebfa6b9521e042b1244de3444e7e82a26a3542a419d6f0bbf276b71e0fb3083a5ed8353852816deec7dd9ceb5ded748ec4a52cb068af1a5e93299f882ee9cb531a60cb0e4b77372c832556e8d993a601d7214741
Certificate Fingerprint (MD5) : BD:B4:9E:51:A9:FA:8B:9B:40:5B:85:6E:5A:CC:B1:68
Certificate Fingerprint (SHA-1): 4B:BB:43:8C:CC:DC:A1:92:56:40:CE:0B:8E:88:DA:28:EC:2A:46:52
Extensions: 1
, Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:239 , ssl_debug(72): ChainVerifier: Found a trusted certificate, returning true , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:239 , Not after: Wed Feb 20 09:17:00 EST 2008 , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:239 , Not before: Tue Feb 20 09:17:00 EST 2007 , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:239 , Serial: f5c5e04d , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:239 , Issuer: CN=usmdlsdowa123.dow.com,OU=JV,O=Dow,L=Midland,C=US , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:239 , Subject: CN=nai2626,OU=J V,O=DOW,L=Midland,ST=MI,C=US , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:239 , cert [0 of 1] , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:239 , Entering method with ([Ljava.security.cert.X509Certificate;@7bc735, iaik.security.ssl.SSLTransport@539802) , Path , , com.sap.engine.services.ssl.verifyChain () , ,
02/27/2007 , 15:14:03:239 , ssl_debug(72): Received certificate_verify handshake message. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:224 , ssl_debug(72): Received client_key_exchange handshake message. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:224 , ssl_debug(72): Client sent a 1024 bit RSA certificate, chain has 1 elements. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:224 , ssl_debug(72): Received certificate handshake message with client certificate. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:224 , ssl_debug(72): Sending server_hello_done handshake message... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:224 , ssl_debug(72): Sending certificate_request handshake message... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:224 , ssl_debug(72): Sending certificate handshake message with server certificate... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:224 , ssl_debug(72): Selecting CompressionMethod: NULL , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:224 , ssl_debug(72): Selecting CipherSuite: SSL_RSA_WITH_RC4_128_MD5 , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:224 , ssl_debug(72): Sending server_hello handshake message. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:224 , ssl_debug(72): NULL , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:224 , ssl_debug(72): CompressionMethods supported by the client: , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:224 , ssl_debug(72): SSL_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:224 , ssl_debug(72): SSL_DHE_DSS_WITH_DES_CBC_SHA , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:224 , ssl_debug(72): SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:224 , ssl_debug(72): SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:224 , ssl_debug(72): SSL_RSA_EXPORT_WITH_RC4_40_MD5 , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:224 , ssl_debug(72): SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:224 , ssl_debug(72): SSL_RSA_EXPORT1024_WITH_RC4_56_SHA , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:224 , ssl_debug(72): SSL_RSA_WITH_DES_CBC_SHA , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:224 , ssl_debug(72): SSL_RSA_WITH_3DES_EDE_CBC_SHA , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:224 , ssl_debug(72): SSL_RSA_WITH_RC4_128_SHA , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:224 , ssl_debug(72): SSL_RSA_WITH_RC4_128_MD5 , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:224 , ssl_debug(72): CipherSuites supported by the client: , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:224 , ssl_debug(72): Creating new session 79:5C:C5:27:04:EB:FC:68... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:224 , ssl_debug(72): Client requested SSL version 3.0, selecting version 3.0. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:224 , ssl_debug(72): Received v2 client hello message. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:146 , ssl_debug(72): Starting handshake (iSaSiLk 3.06)... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:535 , Error in resource clean up for a disconnected client
java.lang.NullPointerException
at com.sap.engine.services.httpserver.dispatcher.Processor.closeConnection(Processor.java:1684)
at com.sap.engine.services.httpserver.dispatcher.Processor.fail(Processor.java:518)
at com.sap.engine.core.manipulator.TCPRunnableConnection.disposeConnection(TCPRunnableConnection.java:470)
at com.sap.engine.core.manipulator.TCPRunnableConnection$CloseThread.run(TCPRunnableConnection.java:1031)
at com.sap.engine.core.manipulator.TCPRunnableConnection.run(TCPRunnableConnection.java:525)
at com.sap.engine.frame.core.thread.Task.run(Task.java:64)
at com.sap.engine.core.thread.impl6.SingleThread.execute(SingleThread.java:78)
at com.sap.engine.core.thread.impl6.SingleThread.run(SingleThread.java:148)
, Error , , com.sap.engine.services.httpserver.dispatcher , ,
02/27/2007 , 15:13:59:535 , ssl_debug(71): Closing transport... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:535 , Cannot get input and output streams from socket. ConnectionsManipulator is not initialized.
[EXCEPTION]
java.io.EOFException: Connection closed by remote host.
at iaik.security.ssl.Utils.a(Unknown Source)
at iaik.security.ssl.o.b(Unknown Source)
at iaik.security.ssl.o.c(Unknown Source)
at iaik.security.ssl.r.f(Unknown Source)
at iaik.security.ssl.f.c(Unknown Source)
at iaik.security.ssl.f.a(Unknown Source)
at iaik.security.ssl.r.d(Unknown Source)
at iaik.security.ssl.SSLTransport.startHandshake(Unknown Source)
at iaik.security.ssl.SSLSocket.startHandshake(Unknown Source)
at com.sap.engine.services.ssl.factory.SSLSocket.startHandshake(SSLSocket.java:139)
at com.sap.engine.services.ssl.factory.SSLSocket.getInputStream(SSLSocket.java:257)
at com.sap.engine.core.manipulator.TCPRunnableConnection.init(TCPRunnableConnection.java:324)
at com.sap.engine.core.manipulator.TCPRunnableConnection.run(TCPRunnableConnection.java:524)
at com.sap.engine.frame.core.thread.Task.run(Task.java:64)
at com.sap.engine.core.thread.impl6.SingleThread.execute(SingleThread.java:78)
at com.sap.engine.core.thread.impl6.SingleThread.run(SingleThread.java:148)
, Error , /System/Network , com.sap.engine.core.manipulator.TCPRunnableConnection.init() , ,
02/27/2007 , 15:13:59:535 , Handshake failed
[EXCEPTION]
java.io.EOFException: Connection closed by remote host.
at iaik.security.ssl.Utils.a(Unknown Source)
at iaik.security.ssl.o.b(Unknown Source)
at iaik.security.ssl.o.c(Unknown Source)
at iaik.security.ssl.r.f(Unknown Source)
at iaik.security.ssl.f.c(Unknown Source)
at iaik.security.ssl.f.a(Unknown Source)
at iaik.security.ssl.r.d(Unknown Source)
at iaik.security.ssl.SSLTransport.startHandshake(Unknown Source)
at iaik.security.ssl.SSLSocket.startHandshake(Unknown Source)
at com.sap.engine.services.ssl.factory.SSLSocket.startHandshake(SSLSocket.java:139)
at com.sap.engine.services.ssl.factory.SSLSocket.getInputStream(SSLSocket.java:257)
at com.sap.engine.core.manipulator.TCPRunnableConnection.init(TCPRunnableConnection.java:324)
at com.sap.engine.core.manipulator.TCPRunnableConnection.run(TCPRunnableConnection.java:524)
at com.sap.engine.frame.core.thread.Task.run(Task.java:64)
at com.sap.engine.core.thread.impl6.SingleThread.execute(SingleThread.java:78)
at com.sap.engine.core.thread.impl6.SingleThread.run(SingleThread.java:148)
, Info , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:535 , ssl_debug(71): Shutting down SSL layer... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:535 , ssl_debug(71): Sending alert: Alert Fatal: handshake failure , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:535 , ssl_debug(71): IOException while handshaking: Connection closed by remote host. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:504 , ssl_debug(71): Sending server_hello_done handshake message... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:504 , ssl_debug(71): Sending certificate_request handshake message... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:504 , ssl_debug(71): Sending certificate handshake message with server certificate... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:504 , ssl_debug(71): Selecting CompressionMethod: NULL , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:504 , ssl_debug(71): Selecting CipherSuite: SSL_RSA_WITH_RC4_128_MD5 , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:504 , ssl_debug(71): Sending server_hello handshake message. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:504 , ssl_debug(71): NULL , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:504 , ssl_debug(71): CompressionMethods supported by the client: , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:504 , ssl_debug(71): SSL_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:504 , ssl_debug(71): SSL_DHE_DSS_WITH_DES_CBC_SHA , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:504 , ssl_debug(71): SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:504 , ssl_debug(71): SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:504 , ssl_debug(71): SSL_RSA_EXPORT_WITH_RC4_40_MD5 , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:504 , ssl_debug(71): SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:504 , ssl_debug(71): SSL_RSA_EXPORT1024_WITH_RC4_56_SHA , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:504 , ssl_debug(71): SSL_RSA_WITH_DES_CBC_SHA , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:504 , ssl_debug(71): SSL_RSA_WITH_3DES_EDE_CBC_SHA , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:504 , ssl_debug(71): SSL_RSA_WITH_RC4_128_SHA , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:504 , ssl_debug(71): SSL_RSA_WITH_RC4_128_MD5 , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:504 , ssl_debug(71): CipherSuites supported by the client: , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:504 , ssl_debug(71): Creating new session 65:0B:55:9C:7D:29:83:F8... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:504 , ssl_debug(71): Client requested SSL version 3.0, selecting version 3.0. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:504 , ssl_debug(71): Received v2 client hello message. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:504 , ssl_debug(71): Starting handshake (iSaSiLk 3.06)... , Debug , , com.sap.engine.services.ssl , ,
Regards,
Atif MukhtarAtif,
Did you get a solution to the problem you were having? We have a similar problem.
Thanks,
Dave -
Weblogic server 10.3.5 error during SSL handshake
Please some one help to figure the issue with following logs.
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <Filtering JSSE SSLSocket>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.addContext(ctx): 33092690>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <SSLSocket will be Muxing>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <Filtering JSSE SSLSocket>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.addContext(ctx): 33095418>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <SSLSocket will be Muxing>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <33092490 SSL Version data invalid>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <Connection to SSL port from Sa-PC - 150.1.104.124 appears to be either unknown SSL version or maybe is plaintext>
<16-Jan-2013 18:40:40 o'clock GMT> <Warning> <Security> <BEA-090476> <Invalid/unknown SSL header was received from peer Sa-PC - 150.1.104.124 during SSL handshake.>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <NEW ALERT with Severity: FATAL, Type: 70
java.lang.Exception: New alert stack
at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
at com.certicom.tls.record.ReadHandler.getProtocolVersion(Unknown Source)
at com.certicom.tls.record.ReadHandler.checkVersion(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
at javax.net.ssl.impl.SSLSocketImpl.startHandshake(Unknown Source)
at weblogic.server.channels.DynamicSSLListenThread$1.run(DynamicSSLListenThread.java:130)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <write ALERT, offset = 0, length = 2>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <close(): 33092490>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <close(): 33092490>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.removeContext(ctx): 33092690>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <33095215 SSL Version data invalid>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <Connection to SSL port from Sa-PC - 150.1.104.124 appears to be either unknown SSL version or maybe is plaintext>
<16-Jan-2013 18:40:40 o'clock GMT> <Warning> <Security> <BEA-090476> <Invalid/unknown SSL header was received from peer Sa-PC - 150.1.104.124 during SSL handshake.>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <NEW ALERT with Severity: FATAL, Type: 70
java.lang.Exception: New alert stack
at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
at com.certicom.tls.record.ReadHandler.getProtocolVersion(Unknown Source)
at com.certicom.tls.record.ReadHandler.checkVersion(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
at javax.net.ssl.impl.SSLSocketImpl.startHandshake(Unknown Source)
at weblogic.server.channels.DynamicSSLListenThread$1.run(DynamicSSLListenThread.java:130)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <write ALERT, offset = 0, length = 2>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <close(): 33095215>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <close(): 33095215>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.removeContext(ctx): 33095418>
I just created domain with http and https ports. I installed an web app. When I am trying to access the app from browser through https the above error is occurring.
Please somebody help me.
Thanks in advance.
SKThis message indicates that the SSL connection is closed successfully. It is a warning message and normal to see in the logs when you enable the SSL debug flags. This is an expected behavior. If you see alerts when SSL debug is NOT ENABLED then it is a real alert and we need to take care of those issues. Also, it is not a real alert, it is a caught and handled exception from the certicom code which is not harmful and should be ignored, just because you have enabled the SSL debug flag. Once you turn it off, you won't see it in the logs.
Edited by: sharmela on Jan 22, 2013 4:55 AM -
Bridge JMS on SSL Mutual authenticathed Servers
Hi all,
I'm facing a problem on bridging JMS message with WLS bridge on SSL Mutual authenticathed Servers
I configured two WLS (8.1 SP6), say "ALICE" and "BOB", with SSL listen port and I enabled "Two Way Client Cert Behavior" with "Client Certs Requested and Enforced" for both servers.
I configured a WLS bridge on ALICE with source destination on ALICE itself and target destination on BOB.
When I start this bridge it cannot connect to BOB. I enabled SSL debug and I found that ALICE didn't send CLIENT certificate to BOB.
Here is BOB's log:
<22-mag-2008 14.56.10 CEST> <Debug> <TLS> <000000> <Filtering JSSE SSLSocket>
<22-mag-2008 14.56.10 CEST> <Debug> <TLS> <000000> <SSLIOContextTable.addContext(ctx): 32975481>
<22-mag-2008 14.56.10 CEST> <Debug> <TLS> <000000> <SSLSocket will be Muxing>
<22-mag-2008 14.56.10 CEST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<22-mag-2008 14.56.10 CEST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<22-mag-2008 14.56.10 CEST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<22-mag-2008 14.56.12 CEST> <Debug> <TLS> <000000> <7192496 SSL Version 2 with no padding>
<22-mag-2008 14.56.12 CEST> <Debug> <TLS> <000000> <21231495 SSL3/TLS MAC>
<22-mag-2008 14.56.12 CEST> <Debug> <TLS> <000000> <21231495 received SSL_20_RECORD>
<22-mag-2008 14.56.12 CEST> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: ClientHelloV2>
<22-mag-2008 14.56.12 CEST> <Debug> <TLS> <000000> <write HANDSHAKE, offset = 0, length = 58>
<22-mag-2008 14.56.12 CEST> <Debug> <TLS> <000000> <write HANDSHAKE, offset = 0, length = 566>
<22-mag-2008 14.56.12 CEST> <Debug> <TLS> <000000> <write HANDSHAKE, offset = 0, length = 260>
<22-mag-2008 14.56.12 CEST> <Debug> <TLS> <000000> <write HANDSHAKE, offset = 0, length = 4>
<22-mag-2008 14.56.12 CEST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<22-mag-2008 14.56.12 CEST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<22-mag-2008 14.56.12 CEST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<22-mag-2008 14.56.13 CEST> <Debug> <TLS> <000000> <21231495 SSL3/TLS MAC>
<22-mag-2008 14.56.13 CEST> <Debug> <TLS> <000000> <21231495 received HANDSHAKE>
<22-mag-2008 14.56.13 CEST> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: Certificate>
<22-mag-2008 14.56.13 CEST> <Debug> <TLS> <000000> <validationCallback: validateErr = 0>
<22-mag-2008 14.56.13 CEST> <Debug> <TLS> <000000> <Required peer certificates not supplied by peer>
<22-mag-2008 14.56.13 CEST> <Warning> <Security> <BEA-090508> <Certificate chain received from localhost - 127.0.0.1 was incomplete.>
<22-mag-2008 14.56.13 CEST> <Debug> <TLS> <000000> <Validation error = 4>
<22-mag-2008 14.56.13 CEST> <Debug> <TLS> <000000> <Certificate chain is incomplete>
<22-mag-2008 14.56.13 CEST> <Debug> <TLS> <000000> <User defined JSSE trustmanagers not allowed to override>
<22-mag-2008 14.56.13 CEST> <Debug> <TLS> <000000> <SSLTrustValidator returns: 68>
<22-mag-2008 14.56.13 CEST> <Debug> <TLS> <000000> <Trust failure (68): CERT_CHAIN_INCOMPLETE>
<22-mag-2008 14.56.13 CEST> <Debug> <TLS> <000000> <NEW ALERT with Severity: FATAL, Type: 40
and here is ALICE's log:
<22-mag-2008 15.28.01 CEST> <Warning> <Connector> <BEA-190032> << Weblogic Messaging Bridge Adapter (XA)_eis/jms/WLSConnectionFactoryJNDIXA > ResourceAllocationException of javax.resource.ResourceException: ConnectionFactory: failed to get
initial context (InitialContextFactory =weblogic.jndi.WLInitialContextFactory, url = t3s://localhost:7002, user name = jmsbob) on createManagedConnection.>
<22-mag-2008 15.28.01 CEST> <Info> <MessagingBridge> <BEA-200043> <Bridge "AliceToBobMessagingBridge" failed to connect to the target destination and will try again in 25 seconds. (java.lang.Exception: javax.resource.ResourceException: Conn
ectionFactory: failed to get initial context (InitialContextFactory =weblogic.jndi.WLInitialContextFactory, url = t3s://localhost:7002, user name = jmsbob)
at weblogic.jms.adapter.JMSBaseConnection.throwResourceException(JMSBaseConnection.java:1386)
at weblogic.jms.adapter.JMSBaseConnection.throwResourceException(JMSBaseConnection.java:1366)
at weblogic.jms.adapter.JMSBaseConnection.startInternal(JMSBaseConnection.java:345)
at weblogic.jms.adapter.JMSBaseConnection.start(JMSBaseConnection.java:219)
at weblogic.jms.adapter.JMSManagedConnectionFactory.createManagedConnection(JMSManagedConnectionFactory.java:188)
at weblogic.connector.common.internal.ConnectionFactory.createResource(ConnectionFactory.java:127)
at weblogic.common.resourcepool.ResourcePoolImpl.makeResources(ResourcePoolImpl.java:1193)
at weblogic.common.resourcepool.ResourcePoolImpl.reserveResource(ResourcePoolImpl.java:345)
at weblogic.common.resourcepool.ResourcePoolImpl.reserveResource(ResourcePoolImpl.java:286)
at weblogic.connector.common.internal.ConnectionPool.reserveResource(ConnectionPool.java:567)
at weblogic.common.resourcepool.ResourcePoolImpl.reserveResource(ResourcePoolImpl.java:280)
at weblogic.connector.common.internal.ConnectionPoolManager.getConnection(ConnectionPoolManager.java:650)
at weblogic.connector.common.internal.ConnectionManagerImpl.allocateConnection(ConnectionManagerImpl.java:106)
at weblogic.jms.adapter.JMSBaseConnectionFactory.getTargetConnection(JMSBaseConnectionFactory.java:120)
at weblogic.jms.bridge.internal.MessagingBridge.getConnections(MessagingBridge.java:809)
at weblogic.jms.bridge.internal.MessagingBridge.execute(MessagingBridge.java:991)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:224)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:183)
-------------- Linked Exception ------------
javax.naming.CommunicationException [Root exception is java.net.ConnectException: t3s://localhost:7002: Destination unreachable; nested exception is:
javax.net.ssl.SSLHandshakeException: [Security:090497]HANDSHAKE_FAILURE alert received from localhost - 127.0.0.1. Check both sides of the SSL configuration for mismatches in supported ciphers, supported protocol versions, trusted C
As, and hostname verification settings.; No available router to destination]
at weblogic.jndi.internal.ExceptionTranslator.toNamingException(ExceptionTranslator.java:47)
at weblogic.jndi.WLInitialContextFactoryDelegate.toNamingException(WLInitialContextFactoryDelegate.java:651)
at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:320)
at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:253)
at weblogic.jndi.WLInitialContextFactory.getInitialContext(WLInitialContextFactory.java:135)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:662)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:243)
at javax.naming.InitialContext.init(InitialContext.java:219)
at javax.naming.InitialContext.<init>(InitialContext.java:195)
at weblogic.jms.adapter.JMSBaseConnection.getInitialContext(JMSBaseConnection.java:1967)
at weblogic.jms.adapter.JMSBaseConnection.startInternal(JMSBaseConnection.java:233)
at weblogic.jms.adapter.JMSBaseConnection.start(JMSBaseConnection.java:219)
at weblogic.jms.adapter.JMSManagedConnectionFactory.createManagedConnection(JMSManagedConnectionFactory.java:188)
at weblogic.connector.common.internal.ConnectionFactory.createResource(ConnectionFactory.java:127)
at weblogic.common.resourcepool.ResourcePoolImpl.makeResources(ResourcePoolImpl.java:1193)
at weblogic.common.resourcepool.ResourcePoolImpl.reserveResource(ResourcePoolImpl.java:345)
at weblogic.common.resourcepool.ResourcePoolImpl.reserveResource(ResourcePoolImpl.java:286)
at weblogic.connector.common.internal.ConnectionPool.reserveResource(ConnectionPool.java:567)
at weblogic.common.resourcepool.ResourcePoolImpl.reserveResource(ResourcePoolImpl.java:280)
at weblogic.connector.common.internal.ConnectionPoolManager.getConnection(ConnectionPoolManager.java:650)
at weblogic.connector.common.internal.ConnectionManagerImpl.allocateConnection(ConnectionManagerImpl.java:106)
at weblogic.jms.adapter.JMSBaseConnectionFactory.getTargetConnection(JMSBaseConnectionFactory.java:120)
at weblogic.jms.bridge.internal.MessagingBridge.getConnections(MessagingBridge.java:809)
at weblogic.jms.bridge.internal.MessagingBridge.execute(MessagingBridge.java:991)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:224)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:183)
Caused by: java.net.ConnectException: t3s://localhost:7002: Destination unreachable; nested exception is:
javax.net.ssl.SSLHandshakeException: [Security:090497]HANDSHAKE_FAILURE alert received from localhost - 127.0.0.1. Check both sides of the SSL configuration for mismatches in supported ciphers, supported protocol versions, trusted C
As, and hostname verification settings.; No available router to destination
at weblogic.rjvm.RJVMFinder.findOrCreate(RJVMFinder.java:200)
at weblogic.rjvm.ServerURL.findOrCreateRJVM(ServerURL.java:125)
at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:310)
... 23 more
)>
<22-mag-2008 15.28.09 CEST> <Info> <MessagingBridge> <BEA-200036> <The Started attribute of Bridge "AliceToBobMessagingBridge" has been changed from "true" to "false".>
What I need to do to avoid this problem?
Nathan65I checked my configuration. ALICE's keystores are
IDENTITY
Tipo keystore: jks
Provider keystore: SUN
Il keystore contiene 2 entry
Nome alias: certgenca
Data di creazione: 21-mag-2008
Tipo entry: trustedCertEntry
Proprietario: CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US
Organismo di emissione: CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US
Numero di serie: 234b5559d1fa0f3ff5c82bdfed032a87
Valido da Thu Oct 24 17:54:45 CEST 2002 a Tue Oct 25 17:54:45 CEST 2022
Impronte digitali certificato:
MD5: A2:18:4C:E0:1C:AB:82:A7:65:86:86:03:D0:B3:D8:FE
SHA1: F8:5D:49:A4:12:54:78:C7:BA:42:A7:14:3E:06:F5:1E:A0:D4:C6:59
Nome alias: alicecert
Data di creazione: 21-mag-2008
Tipo entry: keyEntry
Lunghezza catena certificati: 1
Certificato[1]:
Proprietario: [email protected], OU=CompetenceCenter, O=ValueTeam, L=Rome, ST=IT, C=IT
Organismo di emissione: CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US
Numero di serie: -1dbb65eaa595141fa1e44ba5856d65e4
Valido da Tue May 20 09:39:25 CEST 2008 a Sun May 21 09:39:25 CEST 2023
Impronte digitali certificato:
MD5: BA:01:C2:E3:CC:92:C4:99:F7:8C:28:FF:C1:16:88:D9
SHA1: C0:D8:E8:B6:C2:62:03:90:3F:23:3C:FA:A8:C8:0A:00:FA:96:5A:4E
TRUST
Tipo keystore: jks
Provider keystore: SUN
Il keystore contiene 1 entry
Nome alias: certgenca
Data di creazione: 21-mag-2008
Tipo entry: trustedCertEntry
Proprietario: CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US
Organismo di emissione: CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US
Numero di serie: 234b5559d1fa0f3ff5c82bdfed032a87
Valido da Thu Oct 24 17:54:45 CEST 2002 a Tue Oct 25 17:54:45 CEST 2022
Impronte digitali certificato:
MD5: A2:18:4C:E0:1C:AB:82:A7:65:86:86:03:D0:B3:D8:FE
SHA1: F8:5D:49:A4:12:54:78:C7:BA:42:A7:14:3E:06:F5:1E:A0:D4:C6:59
BOB's keystores are:
IDENTITY
Tipo keystore: jks
Provider keystore: SUN
Il keystore contiene 2 entry
Nome alias: certgenca
Data di creazione: 21-mag-2008
Tipo entry: trustedCertEntry
Proprietario: CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US
Organismo di emissione: CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US
Numero di serie: 234b5559d1fa0f3ff5c82bdfed032a87
Valido da Thu Oct 24 17:54:45 CEST 2002 a Tue Oct 25 17:54:45 CEST 2022
Impronte digitali certificato:
MD5: A2:18:4C:E0:1C:AB:82:A7:65:86:86:03:D0:B3:D8:FE
SHA1: F8:5D:49:A4:12:54:78:C7:BA:42:A7:14:3E:06:F5:1E:A0:D4:C6:59
Nome alias: bobcert
Data di creazione: 21-mag-2008
Tipo entry: keyEntry
Lunghezza catena certificati: 1
Certificato[1]:
Proprietario: [email protected], OU=CompetenceCenter, O=ValueTeam, L=Rome, ST=IT, C=IT
Organismo di emissione: CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US
Numero di serie: 26ccb8983c1cd0dc2eb6b0c7019eddb2
Valido da Tue May 20 09:53:38 CEST 2008 a Sun May 21 09:53:38 CEST 2023
Impronte digitali certificato:
MD5: 6C:B3:9D:02:6E:CD:F4:04:C2:76:F2:92:97:39:66:7E
SHA1: D1:07:5A:64:79:2F:FE:35:4D:D4:FD:7E:42:FC:D3:9C:68:6B:EE:B8
TRUST (same as ALICE's TRUST)
Tipo keystore: jks
Provider keystore: SUN
Il keystore contiene 1 entry
Nome alias: certgenca
Data di creazione: 21-mag-2008
Tipo entry: trustedCertEntry
Proprietario: CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US
Organismo di emissione: CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US
Numero di serie: 234b5559d1fa0f3ff5c82bdfed032a87
Valido da Thu Oct 24 17:54:45 CEST 2002 a Tue Oct 25 17:54:45 CEST 2022
Impronte digitali certificato:
MD5: A2:18:4C:E0:1C:AB:82:A7:65:86:86:03:D0:B3:D8:FE
SHA1: F8:5D:49:A4:12:54:78:C7:BA:42:A7:14:3E:06:F5:1E:A0:D4:C6:59
Here is a FRAGMENT of ALICE's "config.xml" (I use custom identity and custom trust)
<Server
CustomIdentityKeyStoreFileName="C:\bea\wlp81sp6\user_projects\domains\ALICE\CERTIFICATI\alice.jks"
CustomIdentityKeyStorePassPhraseEncrypted="{3DES}/q7+XXkrvz0zncx18PjDug=="
CustomIdentityKeyStoreType="JKS"
CustomTrustKeyStoreFileName="C:\bea\wlp81sp6\user_projects\domains\ALICE\CERTIFICATI\certgenca.jks"
CustomTrustKeyStorePassPhraseEncrypted="{3DES}/q7+XXkrvz0zncx18PjDug=="
CustomTrustKeyStoreType="JKS" ExpectedToRun="false"
JavaStandardTrustKeyStorePassPhraseEncrypted="{3DES}CVtHlHaDky1XKC1QZVz2Kw=="
KeyStores="CustomIdentityAndCustomTrust" ListenAddress=""
ListenPort="7011" Name="alice" NativeIOEnabled="true"
ReliableDeliveryPolicy="RMDefaultPolicy" ServerVersion="8.1.6.0"
StdoutDebugEnabled="true" StdoutSeverityLevel="64">
<SSL ClientCertificateEnforced="true" Enabled="true"
HostnameVerificationIgnored="true"
IdentityAndTrustLocations="KeyStores" ListenPort="7012"
Name="alice" ServerPrivateKeyAlias="alicecert"
ServerPrivateKeyPassPhraseEncrypted="{3DES}/q7+XXkrvz0zncx18PjDug==" TwoWaySSLEnabled="true"/>
<Log FileCount="2" FileMinSize="5000" Name="alice" NumberOfFilesLimited="true"/>
</Server>
and also here is a fragment of BOB's "config.xml" (same of ALICE's keystores configuration)
<Server
CustomIdentityKeyStoreFileName="C:\bea\wlp81sp6\user_projects\domains\BOB\CERTIFICATI\bob.jks"
CustomIdentityKeyStorePassPhraseEncrypted="{3DES}PJMoAH+j5jeVWzQfY8Gf2w=="
CustomIdentityKeyStoreType="JKS"
CustomTrustKeyStoreFileName="C:\bea\wlp81sp6\user_projects\domains\BOB\CERTIFICATI\certgenca.jks"
CustomTrustKeyStorePassPhraseEncrypted="{3DES}PJMoAH+j5jeVWzQfY8Gf2w=="
CustomTrustKeyStoreType="JKS" ExpectedToRun="false"
JavaStandardTrustKeyStorePassPhraseEncrypted="{3DES}TXgi1bpazzUgtLpwMy9q9Q=="
KeyStores="CustomIdentityAndCustomTrust" ListenAddress=""
ListenPort="7001" Name="bob" NativeIOEnabled="true"
ReliableDeliveryPolicy="RMDefaultPolicy" ServerVersion="8.1.6.0"
StdoutDebugEnabled="true" StdoutSeverityLevel="64">
<SSL ClientCertificateEnforced="true" Enabled="true"
HostnameVerificationIgnored="true"
IdentityAndTrustLocations="KeyStores" ListenPort="7002"
Name="bob" ServerPrivateKeyAlias="bobcert"
ServerPrivateKeyPassPhraseEncrypted="{3DES}PJMoAH+j5jeVWzQfY8Gf2w==" TwoWaySSLEnabled="true"/>
<Log FileCount="2" FileMinSize="5000" Name="bob" NumberOfFilesLimited="true"/>
</Server>
PS: I used a JNDI Client to access to BOB configured with ALICE's keystores and I got a success.
Nat. -
Hi All
I am seeing the below event appearing in the system log on all our Exchange 2013 servers regularly. I am not seeing any connectivity issues between any clients and the servers and no other issues have been reported at this stage.
Log Name: System
Source: Schannel
Date: 10/04/2015 9:21:17 AM
Event ID: 36871
Task Category: None
Level: Error
Keywords:
User: SYSTEM
Computer:
Description:
A fatal error occurred while creating an SSL client credential. The internal error state is 10013.
I am not sure if its related to the public certificate we are using or if its related to the one provided from the local CA.I have searched and found other links that suggest it could be related to SSL versions being disabled etc.
All servers are running Windows 2012 R2 Datacenter. The Exchange CAS servers do also sit behind a pair of F5 BIG IP Load Balancers
Any suggestions on where to look?
ThanksHi,
According to the event log, the issue is related to Schannel instead of Exchange.
Please try the following steps:
1.In Control Panel, click Administrative Tools, and then double-click Local Security Policy.
2.In Local Security Settings, expand Local Policies, and then click Security Options.
3.Under Policy in the right pane, double-click System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing, and then click Enabled.
4. Ran gpupdate /force
If it doesn’t work, please go to C:\ProgramData\Microsoft\Crypto\RSA and grant "Network Services" Read permission to "MachineKeys" folder. Then restart server to have a try.
Here is a similar thread for your reference:
https://social.technet.microsoft.com/Forums/lync/en-US/e70a8dbc-6f48-4fde-a93b-783554344822/a-fatal-error-occurred-when-attempting-to-access-the-ssl-client-credential-private-key?forum=ocscertificates
Regards,
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
Winnie Liang
TechNet Community Support -
Testing SSL Connections, differences between ABAP and JAVA stacks
Hello,
I am trying to test an outbound SSL connection to a partner. I already have multiple outbound connections to many partners, but this new one is causing an issue. Our firewalls between the two sites are opened as required, I verified that I can telnet to the 443 port of their sever. I then attempted to connect to their URL, via a Java SOAP message, and it is rejected. Some kind of error regarding our handshake.
In an attempt to troubleshoot the issue I entered their URL in SM59 as a HTTPS connection, tested it, it worked fine. Which indicates to me that the ABAP side works fine.
I do the same on the Java stack, via the SOA Manager: Destinations, and it fails.
"Error during ping operation: Error while silently connecting org.w3c.www.protocol.http.Http.Eception: Peer sent alert: Alert Fatal: unexpected message"
I was thinking that maybe the remote partner only allows specific types of SSL version connection, and the Java side is too low. i.e. the partner only allows TLS v1, and we are attempting to use SSL v2. Is there a place to set this on the Java side? I know I can set inbound parameters on ICM via SMICM.
Any help or assistance would be most appreciated.
Thanks,
Michael MontoneHi,
I suggest that you verify if you use the same release of the SAP Cryptolib for the ABAP and the Java stack.
This could explain a difference of support for SSL or TLS.
Regards,
Olivier -
Error with ddclient (Update fails loading IO::Socket::SSL)
Trying to run ddclient, I get the following error.
[root@Muspelheimr ddclient]# ddclient -daemon 0 --verbose --force
CONNECT: checkip.dyndns.org
CONNECTED: using HTTP
SENDING: GET / HTTP/1.0
SENDING: Host: checkip.dyndns.org
SENDING: User-Agent: ddclient/3.7.3
SENDING: Connection: close
SENDING:
RECEIVE: HTTP/1.1 200 OK
RECEIVE: Content-Type: text/html
RECEIVE: Server: DynDNS-CheckIP/1.0
RECEIVE: Connection: close
RECEIVE: Cache-Control: no-cache
RECEIVE: Pragma: no-cache
RECEIVE: Content-Length: 104
RECEIVE:
RECEIVE: <html><head><title>Current IP Check</title></head><body>Current IP Address: 24.63.25.139</body></html>
INFO: forcing update of daenyth.ath.cx.
INFO: setting IP address to 24.63.25.139 for daenyth.ath.cx
UPDATE: updating daenyth.ath.cx
Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/5.8.8/i686-linux-thread-multi/Scalar/Util.pm line 30.
FATAL: Error loading the Perl module IO::Socket::SSL needed for SSL connect.
FATAL: On Debian, the package libio-socket-ssl-perl must be installed.
Here's my conf file:
[root@Muspelheimr ddclient]# grep -v '^#' /etc/ddclient/ddclient.conf | grep -vi 'password'
daemon=600 # check every 300 seconds
syslog=yes # log update msgs to syslog
pid=/var/run/ddclient.pid # record PID in file.
ssl=yes # use ssl-support. Works with
# ssl-library
use=web, web=checkip.dyndns.org/, web-skip='IP Address' # found after IP Address
login=daenyth # default login
server=members.dyndns.org, \
protocol=dyndns2 \
daenyth.ath.cx
If I change ssl to "no" in the conf, it works, but that's really not acceptable. Has anyone else seen this problem or know how to work around it?It was already installed as a dependency of ddclient.
[root@Muspelheimr ddclient]# pacman -Qil perl-io-socket-ssl
Name : perl-io-socket-ssl
Version : 1.08-1
URL : http://search.cpan.org/dist/IO-Socket-SSL
Licenses : GPL PerlArtistic
Groups : None
Provides : io-socket-ssl
Depends On : perl-net-ssleay
Optional Deps : None
Required By : ddclient
Conflicts With : None
Replaces : None
Installed Size : 103.92 K
Packager : Jan de Groot <[email protected]>
Architecture : i686
Build Date : Sat 01 Sep 2007 09:09:31 PM EDT
Install Date : Sat 23 Feb 2008 08:12:29 PM EST
Install Reason : Installed as a dependency for another package
Install Script : No
Description : Perl/CPAN IO::Socket::SSL module: Nearly transparent SSL encapsulation for IO::Socket::INET.
perl-io-socket-ssl /usr/
perl-io-socket-ssl /usr/lib/
perl-io-socket-ssl /usr/lib/perl5/
perl-io-socket-ssl /usr/lib/perl5/site_perl/
perl-io-socket-ssl /usr/lib/perl5/site_perl/current/
perl-io-socket-ssl /usr/lib/perl5/site_perl/current/IO/
perl-io-socket-ssl /usr/lib/perl5/site_perl/current/IO/Socket/
perl-io-socket-ssl /usr/lib/perl5/site_perl/current/IO/Socket/SSL.pm
perl-io-socket-ssl /usr/man/
perl-io-socket-ssl /usr/man/man3/
perl-io-socket-ssl /usr/man/man3/IO::Socket::SSL.3.gz -
Trying to understand SSL sticky with CSS 11506 / ssl-l4-fallback behavior
Dear experts
I have a CSS 11506 (v7.50) which is used to load balance several SSL-based sites. We use the following textbook content rule:
content mysite-SSL
vip address 10.0.0.1
add service s01
add service s02
add service s03
port 443
protocol tcp
advanced-balance ssl
application ssl
flow-timeout-multiplier 225
active
If I read the manual correctly, SSL L3 session IDs are going to be used till a flow is set up. Then the ssl-l4-fallback (it is enabled) directive kicks in and load balancing is done based on the source IP, destination port.
However, my stats show:
Sticky Statistics - SFM Slot 1, Subslot 1:
Total number of new sticky entries is 4937735
Total number of sticky table hits is 33476045
Total number of sticky rejects (no entry) is 0
Total number of sticky collision is 0
Total number of available sticky entries is 0
Total number of used sticky entries is 131071
Total L3 sticky entries are 131
Total L4 sticky entries are 0
Total SSL sticky entries are 130940
Total WAP sticky entries are 0
Total number of SIPCID sticky entries is 0
So, why don't I see anything in the L4 sticky entries?
Also, I would expect that once the ssl-l4-fallback kicks in, a client will be always directed to the same server (since the CSS uses now source IP, dest port for load balancing). However, if I close and start again my browser I hit a different server.
Your thoughts and suggestions are highly appreciated.
John.Hi Gilles
Thank you for your response. If I may ask the group for a final further clarification, so as to put this matter to rest. Since there are a lot of frames transmitted in either direction, I would expect the following to be happening and overriding the use of SSLv3 session IDs. Following is the section of the manual that seems to contradict what you say (and I see on the stats). Am I reading the manual wrong?
"Cisco Content Services Switch
Content Load-Balancing
Configuration Guide
Software Version 8.20
November 2006
page 11-14
Configuring SSL-Layer 4 Fallback
Insertion of the Layer 4 hash value into the sticky table occurs when more than
three frames are transmitted in either direction (client-to-server, server-to-client)
or if SSL version 2 is in use on the network. If either condition occurs, the CSS
inserts the Layer 4 hash value into the sticky table, overriding the further use of
the SSL version 3 session ID." -
Hi all:
I am using WLS 8.1SP3 to do 2-Way SSL with client, and I am seeing the following SSL error. I have the SSL/Domestic BEA license. Pretty sure that the client uses 128-bit SSL.
Anyone seen this before? Your help would be appreciated.
Thanks
================
<Dec 5, 2005 8:53:58 PM EST> <Debug> <TLS> <000000> <Filtering JSSE SSLSocket>
<Dec 5, 2005 8:53:58 PM EST> <Debug> <TLS> <000000> <SSLIOContextTable.addContext(ctx): 770107>
<Dec 5, 2005 8:53:58 PM EST> <Debug> <TLS> <000000> <SSLSocket will be Muxing>
<Dec 5, 2005 8:53:58 PM EST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<Dec 5, 2005 8:53:58 PM EST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<Dec 5, 2005 8:53:58 PM EST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<Dec 5, 2005 8:53:58 PM EST> <Debug> <TLS> <000000> <15551322 SSL Version 2 with no padding>
<Dec 5, 2005 8:53:58 PM EST> <Debug> <TLS> <000000> <15607581 SSL3/TLS MAC>
<Dec 5, 2005 8:53:58 PM EST> <Debug> <TLS> <000000> <15607581 received SSL_20_RECORD>
<Dec 5, 2005 8:53:58 PM EST> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: ClientHelloV2>
<Dec 5, 2005 8:53:58 PM EST> <Debug> <TLS> <000000> <write HANDSHAKE, offset = 0, length = 58>
<Dec 5, 2005 8:53:58 PM EST> <Debug> <TLS> <000000> <write HANDSHAKE, offset = 0, length = 2027>
<Dec 5, 2005 8:53:58 PM EST> <Debug> <TLS> <000000> <write HANDSHAKE, offset = 0, length = 4>
<Dec 5, 2005 8:53:58 PM EST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<Dec 5, 2005 8:53:58 PM EST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<Dec 5, 2005 8:53:58 PM EST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<Dec 5, 2005 8:53:58 PM EST> <Debug> <TLS> <000000> <15607581 SSL3/TLS MAC>
<Dec 5, 2005 8:53:58 PM EST> <Debug> <TLS> <000000> <15607581 received HANDSHAKE>
<Dec 5, 2005 8:53:58 PM EST> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: ClientKeyExchange RSA>
<Dec 5, 2005 8:53:58 PM EST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<Dec 5, 2005 8:53:58 PM EST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<Dec 5, 2005 8:53:58 PM EST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<Dec 5, 2005 8:53:58 PM EST> <Debug> <TLS> <000000> <15607581 SSL3/TLS MAC>
<Dec 5, 2005 8:53:58 PM EST> <Debug> <TLS> <000000> <15607581 received CHANGE_CIPHER_SPEC>
<Dec 5, 2005 8:53:58 PM EST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<Dec 5, 2005 8:53:58 PM EST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<Dec 5, 2005 8:53:58 PM EST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<Dec 5, 2005 8:53:58 PM EST> <Debug> <TLS> <000000> <15607581 SSL3/TLS MAC>
<Dec 5, 2005 8:53:58 PM EST> <Debug> <TLS> <000000> <15607581 received HANDSHAKE>
<Dec 5, 2005 8:53:58 PM EST> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: Finished>
<Dec 5, 2005 8:53:58 PM EST> <Debug> <TLS> <000000> <write CHANGE_CIPHER_SPEC, offset = 0, length = 1>
<Dec 5, 2005 8:53:58 PM EST> <Debug> <TLS> <000000> <write HANDSHAKE, offset = 0, length = 16>
<Dec 5, 2005 8:53:58 PM EST> <Debug> <TLS> <000000> <SSLIOContextTable.findContext(sock): 5177735>
<Dec 5, 2005 8:53:58 PM EST> <Debug> <TLS> <000000> <activateNoRegister()>
<Dec 5, 2005 8:53:58 PM EST> <Debug> <TLS> <000000> <avalable(): 15551322 : 0 + 0 = 0>
<Dec 5, 2005 8:53:58 PM EST> <Debug> <TLS> <000000> <SSLFilter.activate(): activated: 24734398 21629812>
<Dec 5, 2005 8:53:58 PM EST> <Debug> <TLS> <000000> <15551322 read(offset=0, length=4080)>
<Dec 5, 2005 8:53:58 PM EST> <Debug> <TLS> <000000> <SSLFilter.isActivated: true>
<Dec 5, 2005 8:53:58 PM EST> <Debug> <TLS> <000000> <isMuxerActivated: true>
<Dec 5, 2005 8:53:58 PM EST> <Debug> <TLS> <000000> <SSLFilter.isActivated: true>
<Dec 5, 2005 8:53:58 PM EST> <Debug> <TLS> <000000> <hasSSLRecord()>
<Dec 5, 2005 8:53:58 PM EST> <Debug> <TLS> <000000> <hasSSLRecord returns true>
<Dec 5, 2005 8:53:58 PM EST> <Debug> <TLS> <000000> <15607581 SSL3/TLS MAC>
<Dec 5, 2005 8:53:58 PM EST> <Debug> <TLS> <000000> <15607581 received APPLICATION_DATA: databufferLen 0, contentLength 318>
<Dec 5, 2005 8:53:58 PM EST> <Debug> <TLS> <000000> <15551322 read databufferLen 318>
<Dec 5, 2005 8:53:58 PM EST> <Debug> <TLS> <000000> <15551322 read A returns 318>
<Dec 5, 2005 8:53:58 PM EST> <Debug> <TLS> <000000> <15551322 read(offset=318, length=3762)>
<Dec 5, 2005 8:53:58 PM EST> <Debug> <TLS> <000000> <SSLFilter.isActivated: true>
<Dec 5, 2005 8:53:58 PM EST> <Debug> <TLS> <000000> <isMuxerActivated: true>
<Dec 5, 2005 8:53:58 PM EST> <Debug> <TLS> <000000> <SSLFilter.isActivated: true>
<Dec 5, 2005 8:53:58 PM EST> <Debug> <TLS> <000000> <hasSSLRecord()>
<Dec 5, 2005 8:53:58 PM EST> <Debug> <TLS> <000000> <hasSSLRecord returns false 1>
<Dec 5, 2005 8:53:58 PM EST> <Debug> <TLS> <000000> <15551322 Rethrowing InterruptedIOException>
<Dec 5, 2005 8:53:58 PM EST> <Debug> <TLS> <000000> <SSLIOContextTable.findContext(sock): 5177735>
<Dec 5, 2005 8:53:58 PM EST> <Debug> <TLS> <000000> <activateNoRegister()>
<Dec 5, 2005 8:53:58 PM EST> <Debug> <TLS> <000000> <avalable(): 15551322 : 0 + 501 = 501>
<Dec 5, 2005 8:53:58 PM EST> <Debug> <TLS> <000000> <SSLFilter.activate(): activated: 24734398 9126243>
<Dec 5, 2005 8:53:58 PM EST> <Debug> <TLS> <000000> <15551322 read(offset=318, length=3762)>
<Dec 5, 2005 8:53:58 PM EST> <Debug> <TLS> <000000> <SSLFilter.isActivated: true>
<Dec 5, 2005 8:53:58 PM EST> <Debug> <TLS> <000000> <isMuxerActivated: true>
<Dec 5, 2005 8:53:58 PM EST> <Debug> <TLS> <000000> <SSLFilter.isActivated: true>
<Dec 5, 2005 8:53:58 PM EST> <Debug> <TLS> <000000> <hasSSLRecord()>
<Dec 5, 2005 8:53:58 PM EST> <Debug> <TLS> <000000> <hasSSLRecord returns false 1>
<Dec 5, 2005 8:53:58 PM EST> <Debug> <TLS> <000000> <15551322 Rethrowing InterruptedIOException>
<Dec 5, 2005 8:53:58 PM EST> <Debug> <Socket> <BEA-000430> <hasException
java.lang.NullPointerException
java.lang.NullPointerException
at weblogic.security.utils.SSLCipherUtility.getCompatabilityKeySize(SSLCipherUtility.java:80)
at weblogic.servlet.internal.MuxableSocketHTTP.dispatch(MuxableSocketHTTP.java:619)
at weblogic.socket.SSLFilter.dispatch(SSLFilter.java:281)
at weblogic.socket.MuxableSocketDiscriminator.dispatch(MuxableSocketDiscriminator.java:285)
at weblogic.socket.SSLFilter.dispatch(SSLFilter.java:281)
at weblogic.socket.SocketMuxer.readReadySocketOnce(SocketMuxer.java:702)
at weblogic.socket.SocketMuxer.readReadySocket(SocketMuxer.java:648)
at weblogic.socket.PosixSocketMuxer.processSockets(PosixSocketMuxer.java:123)
at weblogic.socket.SocketReaderRequest.execute(SocketReaderRequest.java:32)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)
>
<Dec 5, 2005 8:53:58 PM EST> <Error> <HTTP> <BEA-101083> <Connection failure.
java.lang.NullPointerException
at weblogic.security.utils.SSLCipherUtility.getCompatabilityKeySize(SSLCipherUtility.java:80)
at weblogic.servlet.internal.MuxableSocketHTTP.dispatch(MuxableSocketHTTP.java:619)
at weblogic.socket.SSLFilter.dispatch(SSLFilter.java:281)
at weblogic.socket.MuxableSocketDiscriminator.dispatch(MuxableSocketDiscriminator.java:285)
at weblogic.socket.SSLFilter.dispatch(SSLFilter.java:281)
at weblogic.socket.SocketMuxer.readReadySocketOnce(SocketMuxer.java:702)
at weblogic.socket.SocketMuxer.readReadySocket(SocketMuxer.java:648)
at weblogic.socket.PosixSocketMuxer.processSockets(PosixSocketMuxer.java:123)
at weblogic.socket.SocketReaderRequest.execute(SocketReaderRequest.java:32)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)
>
<Dec 5, 2005 8:53:58 PM EST> <Debug> <TLS> <000000> <NEW ALERT with Severity: WARNING, Type: 0
java.lang.Exception: New alert stack
at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.closeWriteHandler(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.close(Unknown Source)
at javax.net.ssl.impl.SSLSocketImpl.close(Unknown Source)
at weblogic.socket.SocketMuxer.closeSocket(SocketMuxer.java:287)
at weblogic.socket.SocketMuxer.cleanupSocket(SocketMuxer.java:625)
at weblogic.socket.SocketMuxer.deliverExceptionAndCleanup(SocketMuxer.java:589)
at weblogic.socket.SocketMuxer.deliverHasException(SocketMuxer.java:541)
at weblogic.socket.PosixSocketMuxer.processSockets(PosixSocketMuxer.java:125)
at weblogic.socket.SocketReaderRequest.execute(SocketReaderRequest.java:32)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)
>
<Dec 5, 2005 8:53:58 PM EST> <Debug> <TLS> <000000> <avalable(): 15551322 : 0 + 501 = 501>
<Dec 5, 2005 8:53:58 PM EST> <Debug> <TLS> <000000> <15551322 read(offset=0, length=501)>
<Dec 5, 2005 8:53:58 PM EST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<Dec 5, 2005 8:53:58 PM EST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<Dec 5, 2005 8:53:58 PM EST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<Dec 5, 2005 8:53:58 PM EST> <Debug> <TLS> <000000> <15607581 SSL3/TLS MAC>
<Dec 5, 2005 8:53:58 PM EST> <Debug> <TLS> <000000> <15607581 received APPLICATION_DATA: databufferLen 0, contentLength 460>
<Dec 5, 2005 8:53:58 PM EST> <Debug> <TLS> <000000> <15551322 read databufferLen 460>
<Dec 5, 2005 8:53:58 PM EST> <Debug> <TLS> <000000> <15551322 read A returns 460>
<Dec 5, 2005 8:53:58 PM EST> <Debug> <TLS> <000000> <write ALERT, offset = 0, length = 2>
<Dec 5, 2005 8:53:58 PM EST> <Debug> <TLS> <000000> <SSLIOContextTable.removeContext(ctx): 770107>
<Dec 5, 2005 8:54:02 PM EST> <Debug> <TLS> <000000> <Filtering JSSE SSLSocket>
<Dec 5, 2005 8:54:02 PM EST> <Debug> <TLS> <000000> <SSLIOContextTable.addContext(ctx): 7470368>
<Dec 5, 2005 8:54:02 PM EST> <Debug> <TLS> <000000> <SSLSocket will be Muxing>
<Dec 5, 2005 8:54:02 PM EST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<Dec 5, 2005 8:54:02 PM EST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<Dec 5, 2005 8:54:02 PM EST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<Dec 5, 2005 8:54:02 PM EST> <Debug> <TLS> <000000> <1759783 SSL3/TLS MAC>
<Dec 5, 2005 8:54:02 PM EST> <Debug> <TLS> <000000> <1759783 received ALERT>
<Dec 5, 2005 8:54:02 PM EST> <Debug> <TLS> <000000> <NEW ALERT with Severity: WARNING, Type: 0
java.lang.Exception: New alert stack
at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
at com.certicom.tls.record.alert.AlertHandler.handleAlertMessages(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
at javax.net.ssl.impl.SSLSocketImpl.startHandshake(Unknown Source)
at com.bea.sslplus.CerticomSSLContext.forceHandshakeOnAcceptedSocket(Unknown Source)
at weblogic.security.utils.SSLContextWrapper.forceHandshakeOnAcceptedSocket(SSLContextWrapper.java:128)
at weblogic.t3.srvr.SSLListenThread$1.execute(SSLListenThread.java:484)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)
>
<Dec 5, 2005 8:54:02 PM EST> <Debug> <TLS> <000000> <Alert received from peer, notifying peer we received it: com.certicom.tls.record.alert.Alert@e83a99>
<Dec 5, 2005 8:54:02 PM EST> <Debug> <TLS> <000000> <CLOSE_NOTIFY received from peer, closing connection: >
<Dec 5, 2005 8:54:02 PM EST> <Debug> <TLS> <000000> <close(): 6234268>
<Dec 5, 2005 8:54:02 PM EST> <Debug> <TLS> <000000> <NEW ALERT with Severity: WARNING, Type: 0
java.lang.Exception: New alert stack
at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.closeWriteHandler(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.close(Unknown Source)
at com.certicom.tls.record.alert.AlertHandler.handle(Unknown Source)
at com.certicom.tls.record.alert.AlertHandler.handleAlertMessages(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
at javax.net.ssl.impl.SSLSocketImpl.startHandshake(Unknown Source)
at com.bea.sslplus.CerticomSSLContext.forceHandshakeOnAcceptedSocket(Unknown Source)
at weblogic.security.utils.SSLContextWrapper.forceHandshakeOnAcceptedSocket(SSLContextWrapper.java:128)
at weblogic.t3.srvr.SSLListenThread$1.execute(SSLListenThread.java:484)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)
>
<Dec 5, 2005 8:54:02 PM EST> <Debug> <TLS> <000000> <write ALERT, offset = 0, length = 2>
<Dec 5, 2005 8:54:02 PM EST> <Debug> <TLS> <000000> <SSLIOContextTable.removeContext(ctx): 7470368>
<Dec 5, 2005 8:54:02 PM EST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<Dec 5, 2005 8:54:02 PM EST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<Dec 5, 2005 8:54:02 PM EST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<Dec 5, 2005 8:54:02 PM EST> <Debug> <TLS> <000000> <SSLIOContextTable.removeContext(ctx): 7470368>
<Dec 5, 2005 8:54:10 PM EST> <Debug> <TLS> <000000> <Filtering JSSE SSLSocket>
<Dec 5, 2005 8:54:10 PM EST> <Debug> <TLS> <000000> <SSLIOContextTable.addContext(ctx): 22406146>
<Dec 5, 2005 8:54:10 PM EST> <Debug> <TLS> <000000> <SSLSocket will be Muxing>
<Dec 5, 2005 8:54:10 PM EST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<Dec 5, 2005 8:54:10 PM EST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<Dec 5, 2005 8:54:10 PM EST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<Dec 5, 2005 8:54:10 PM EST> <Debug> <TLS> <000000> <24113997 SSL3/TLS MAC>
<Dec 5, 2005 8:54:10 PM EST> <Debug> <TLS> <000000> <24113997 received ALERT>
<Dec 5, 2005 8:54:10 PM EST> <Debug> <TLS> <000000> <NEW ALERT with Severity: WARNING, Type: 0
java.lang.Exception: New alert stack
at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
at com.certicom.tls.record.alert.AlertHandler.handleAlertMessages(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
at javax.net.ssl.impl.SSLSocketImpl.startHandshake(Unknown Source)
at com.bea.sslplus.CerticomSSLContext.forceHandshakeOnAcceptedSocket(Unknown Source)
at weblogic.security.utils.SSLContextWrapper.forceHandshakeOnAcceptedSocket(SSLContextWrapper.java:128)
at weblogic.t3.srvr.SSLListenThread$1.execute(SSLListenThread.java:484)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)
>
<Dec 5, 2005 8:54:10 PM EST> <Debug> <TLS> <000000> <Alert received from peer, notifying peer we received it: com.certicom.tls.record.alert.Alert@ce4f39>
<Dec 5, 2005 8:54:10 PM EST> <Debug> <TLS> <000000> <CLOSE_NOTIFY received from peer, closing connection: >
<Dec 5, 2005 8:54:10 PM EST> <Debug> <TLS> <000000> <close(): 11754736>
<Dec 5, 2005 8:54:10 PM EST> <Debug> <TLS> <000000> <NEW ALERT with Severity: WARNING, Type: 0
java.lang.Exception: New alert stack
at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.closeWriteHandler(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.close(Unknown Source)
at com.certicom.tls.record.alert.AlertHandler.handle(Unknown Source)
at com.certicom.tls.record.alert.AlertHandler.handleAlertMessages(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
at javax.net.ssl.impl.SSLSocketImpl.startHandshake(Unknown Source)
at com.bea.sslplus.CerticomSSLContext.forceHandshakeOnAcceptedSocket(Unknown Source)
at weblogic.security.utils.SSLContextWrapper.forceHandshakeOnAcceptedSocket(SSLContextWrapper.java:128)
at weblogic.t3.srvr.SSLListenThread$1.execute(SSLListenThread.java:484)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)
>
<Dec 5, 2005 8:54:10 PM EST> <Debug> <TLS> <000000> <write ALERT, offset = 0, length = 2>
<Dec 5, 2005 8:54:10 PM EST> <Debug> <TLS> <000000> <SSLIOContextTable.removeContext(ctx): 22406146>
<Dec 5, 2005 8:54:10 PM EST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<Dec 5, 2005 8:54:10 PM EST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<Dec 5, 2005 8:54:10 PM EST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<Dec 5, 2005 8:54:10 PM EST> <Debug> <TLS> <000000> <SSLIOContextTable.removeContext(ctx): 22406146>
================The problem was due to the fact that the client application was using the new AES128 SSL ciphersuites, which are not supported in SP3/SP4. Here's BEA support's response:
The following are the ssl cipher suite supported by weblogic server 8.1 sp4
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_DES_CBC_SHA
TLS_RSA_EXPORT_WITH_RC4_40_MD5
TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_NULL_SHA
TLS_RSA_WITH_NULL_MD5
TLS_RSA_WITH_NULL_MD5
TLS_RSA_EXPORT124_WITH_RC4_56_SHA
Support has been added for the following two AES cipher suites in WLS 8.1 SP5
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
In order to use TLS_RSA_WITH_ AES_ 256_CBC_SHA cipher suite, you need you install JCE unlimited strength jurisdiction policy files instead of the policy files that are shipped with the JDK by default The jurisdiction files can be found at <http://java.sun.com/products/jce/index-14.html>
Only TLS_RSA_WITH_AES_256_CBC_SHA requires the judisdiction files. TLS_RSA_WITH_AES_128_CBC_SHA does not
-------- -
Ssl-handshake fails with scandinavian chars in client certificate
Hello,
We've run into a problem with 2-way-ssl and certificates that have scandinavian
characters in the subject. The problem cert is used as client-certificate for
authentication and it goes like this:
1. Client surfs with http in our site, until clicks https-link that will immediately
start the ssl-handshake
2. Server presents it's trusted cert-list fine
3. PIN is being asked fine
4. Next the request processing stops on the exception below and nothing will happen
on the client side.
Certs without these äöå -chars work fine, so our guess is that they cause it,
but the certs ought to be according to specs: name-fields encoding is UTF-8 according
to RFC 2459 from year 1999. A failing example-cert is also below.
Would this be a problem with the certificate rather than BEA-implementation?
Same behavior on Windows and Solaris Weblogic 8.11 as such and with SP2 (and with
sp2 + CASE_ID_NUM: 501454 hotfix).
Best Regards,
Igor Styrman
<avalable(): 20303264 : 0 + 0 = 0>
<write ALERT offset = 0 length = 2>
<SSLIOContextTable.removeContext(ctx): 1765100>
PM EEST><SSLListenThread.Default> <<WLS Kernel>> <> <000000> <Filtering JSSE
SSLSocket>
PM EEST><SSLListenThread.Default> <<WLS Kernel>> <> <000000> <SSLIOContextTable.addContext(ctx):
6487148>
PM EEST><SSLListenThread.Default> <<WLS Kernel>> <> <000000> <SSLSocket will
be Muxing>
PM EEST><SSLListenThread.Default> <<WLS Kernel>> <> <000000> <SSLIOContextTable.findContext(is):
11153746>
<SSLFilter.isActivated: false>
<isMuxerActivated: false>
<SSLFilter.isActivated: false>
<21647856 readRecord()>
<21647856 SSL Version 2 with no padding>
<21647856 SSL3/TLS MAC>
<21647856 received SSL_20_RECORD>
<HANDSHAKEMESSAGE: ClientHelloV2>
<write HANDSHAKE offset = 0 length = 58>
<write HANDSHAKE offset = 0 length = 1789>
<Converting principal: OU=Class 4 Public Primary Certification Authority, O="VeriSign,
Inc.", C=US>
<Converting principal: CN=SHP ROOT CA, O=SHP, C=FI>
<Converting principal: CN=topsel, O=Fujitsu Services Oy, C=FI>
<Converting principal: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions,
Inc.", O=GTE Corporation, C=US>
<Converting principal: CN=SatShp CA, O=Satakunnan sairaanhoitopiiri, C=FI>
<Converting principal: OU=Class 1 Public Primary Certification Authority, O="VeriSign,
Inc.", C=US>
<Converting principal: [email protected], CN=Thawte Personal
Basic CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town,
ST=Western Cape, C=ZA>
<Converting principal: [email protected], CN=Thawte Personal
Freemail CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town,
ST=Western Cape, C=ZA>
<Converting principal: OU=Class 3 Public Primary Certification Authority, O="VeriSign,
Inc.", C=US>
<Converting principal: CN=GTE CyberTrust Root, O=GTE Corporation, C=US>
<Converting principal: [email protected], CN=Thawte Server
CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western
Cape, C=ZA>
<Converting principal: [email protected], CN=Thawte Personal
Premium CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town,
ST=Western Cape, C=ZA>
<Converting principal: [email protected], CN=Thawte Premium
Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape
Town, ST=Western Cape, C=ZA>
<Converting principal: OU=Secure Server Certification Authority, O="RSA Data Security,
Inc.", C=US>
<Converting principal: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore,
C=IE>
<Converting principal: CN=Fujitsu Test CA, O=Fujitsu Services Oy, C=FI>
<Converting principal: CN=GTE CyberTrust Root 5, OU="GTE CyberTrust Solutions,
Inc.", O=GTE Corporation, C=US>
<Converting principal: CN=PSHP CA, O=Pirkanmaan sairaanhoitopiiri, C=FI>
<Converting principal: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust,
O=Baltimore, C=IE>
<Converting principal: OU=Class 2 Public Primary Certification Authority, O="VeriSign,
Inc.", C=US>
<write HANDSHAKE offset = 0 length = 2409>
<write HANDSHAKE offset = 0 length = 4>
<SSLFilter.isActivated: false>
<isMuxerActivated: false>
<SSLFilter.isActivated: false>
<21647856 readRecord()>
<21647856 SSL3/TLS MAC>
<21647856 received HANDSHAKE>
<HANDSHAKEMESSAGE: Certificate>
PM EEST> <Error> <Kernel> <> <satshpeduServer> <ExecuteThread: '14' for queue:
'weblogic.kernel.Default'> <<WLS Kernel>> <> <BEA-000802> <ExecuteRequest failed
java.lang.NullPointerException: Could not set value for ASN.1 string object..
java.lang.NullPointerException: Could not set value for ASN.1 string object.
at com.certicom.security.asn1.ASN1String.setValue(Unknown Source)
at com.certicom.security.asn1.ASN1String.setBufferTo(Unknown Source)
at com.certicom.security.asn1.DERInputStream.decodeString(Unknown Source)
at com.certicom.security.asn1.ASN1String.decode(Unknown Source)
at com.certicom.security.pkix.AttributeTypeAndValue.decodeContents(Unknown Source)
at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown Source)
at com.certicom.security.asn1.DERInputStream.decodeSequence(Unknown Source)
at com.certicom.security.asn1.ASN1Sequence.decode(Unknown Source)
at com.certicom.security.asn1.ASN1SetOf.decodeContents(Unknown Source)
at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown Source)
at com.certicom.security.asn1.DERInputStream.decodeSetOf(Unknown Source)
at com.certicom.security.asn1.ASN1SetOf.decode(Unknown Source)
at com.certicom.security.asn1.ASN1SequenceOf.decodeContents(Unknown Source)
at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown Source)
at com.certicom.security.asn1.DERInputStream.decodeSequence(Unknown Source)
at com.certicom.security.asn1.ASN1Sequence.decode(Unknown Source)
at com.certicom.security.pkix.Name.decodeContents(Unknown Source)
at com.certicom.security.asn1.ASN1Choice.decode(Unknown Source)
at com.certicom.security.pkix.TBSCertificate.decodeContents(Unknown Source)
at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown Source)
at com.certicom.security.asn1.DERInputStream.decodeSequence(Unknown Source)
at com.certicom.security.asn1.ASN1Sequence.decode(Unknown Source)
at com.certicom.security.pkix.Certificate.decodeContents(Unknown Source)
at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown Source)
at com.certicom.security.asn1.DERInputStream.decodeSequence(Unknown Source)
at com.certicom.security.asn1.ASN1Sequence.decode(Unknown Source)
at com.certicom.security.asn1.ASN1Type.decode(Unknown Source)
at com.certicom.security.cert.internal.x509.X509V3CertImpl.<init>(Unknown Source)
at com.certicom.tls.record.handshake.MessageCertificate.<init>(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeMessage.create(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown
Source)
at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown
Source)
at com.certicom.net.ssl.CerticomContextWrapper.forceHandshakeOnAcceptedSocket(Unknown
Source)
at weblogic.t3.srvr.SSLListenThread$1.execute(SSLListenThread.java:514)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)
-----BEGIN CERTIFICATE-----
MIID+zCCAuOgAwIBAgIDFm/PMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkZJ
MRwwGgYDVQQKExNGdWppdHN1IFNlcnZpY2VzIE95MRgwFgYDVQQDEw9GdWppdHN1
IFRlc3QgQ0EwHhcNMDQwNjAyMTE1MjE4WhcNMDYwNjAyMTIyMjE4WjB3MQswCQYD
VQQGEwJGSTEQMA4GA1UEChMHRnVqaXRzdTEgMB4GA1UEAwwXSMO2bG3DtmzDpGlu
ZW4gw4VrZSAwMDExDDAKBgNVBAUTAzAwMTEXMBUGA1UEBAwOSMO2bG3DtmzDpGlu
ZW4xDTALBgNVBCoMBMOFa2UwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAO44
Zm31uJb8048/6PByPyXzaW3gCz1mT02TuwVtjMRJ4ObbFCqMGC+YosA2kNKoW0Ef
C+YlKNqhvaid0bATQefdSHVQhzFL3HFIfZc3ONAJQ/U+I6W69r2JePoCvZppknmC
YrnCCDx3Ap27B7v57f/XTmdpiB8IdiCTl3PnV78PAgMBAAGjggFEMIIBQDAfBgNV
HSMEGDAWgBT8T+xYc3T6j89O8cZ4hC9r1e9DojAdBgNVHQ4EFgQUtS4z8K26uW2d
IeJ3aelDnqnkBnYwCwYDVR0PBAQDAgSwMFMGA1UdEQRMMEqgKwYKKwYBBAGCNxQC
A6AdDBtha2UuaG9sbW9sYWluZW5AZnVqaXRzdS5jb22BG2FrZS5ob2xtb2xhaW5l
bkBmdWppdHN1LmNvbTB9BgNVHR8EdjB0MHKgcKBuhmxsZGFwOi8vMjEyLjI0Ni4y
MjIuMTQyOjM4OS9DTj1GdWppdHN1JTIwVGVzdCUyMENBLE89RnVqaXRzdSUyMFNl
cnZpY2VzJTIwVGVzdCxDPUZJP2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3QwHQYD
VR0lBBYwFAYIKwYBBQUHAwQGCCsGAQUFBwMCMA0GCSqGSIb3DQEBBQUAA4IBAQAZ
KV3Og/y6zUOMwZGswUxAne5fe4Ab70bmX+z49MVeA0dfdQwQdR9GwFVF+fcK+q0T
3Lmcwpm5KiHWYoIOxPb6MqTTWxV7HSXWr7A7P4BbTGxsujpUULcmQGQFAd69R0Ur
JFDwYnDEP2+4RzrvlP6AWspyHJePYmCt9h3JfxYAqVLTL0suO1uh8hgtStujmqsI
0WNCfnQ+sURdDzp6WpVFcxFQa5aAcyx9sWWqV5Ta5l6JTCmoHth7qoV3BtUKv4+z
SqIHKA1ixrvlhqWkjYxg51N6ihbbR5shBRRinAqRIQjTzXmun2wJzwNigt4zWiNg
tvrGCMOrvrb5QTxVtLNr
-----END CERTIFICATE-----BMPString is another asn1 type that can be used for certificate attributes with
non-ascii characters. The workaround is simply to use the BMPString instead of
UTF8String for that subject name attribute in the certificate request. This off-course
assumes that you can replace the certificate, and have control over what asn1
type is used for the subject name attributes in the certificate request (via a
tool options, or by generating the request yourself), so it is probably not applicable.
Pavel.
"Ari Räisänen" <[email protected]> wrote:
>
Thanks again, Pavel!
I'm filing a support case about this. You talked about a workaround (BMPString).
Could you be more spesific? I haven't talked about this issue with Igor
yet.
Regards,
Ari
"Pavel" <[email protected]> wrote:
Sounds like a bug in certicom code. It should support UTF8String.
I'd file a support case.
You might be able to use BMPString instead as a workaround.
Pavel.
"Igor Styrman" <[email protected]> wrote:
Hello,
We've run into a problem with 2-way-ssl and certificates that have
scandinavian
characters in the subject. The problem cert is used as client-certificate
for
authentication and it goes like this:
1. Client surfs with http in our site, until clicks https-link thatwill
immediately
start the ssl-handshake
2. Server presents it's trusted cert-list fine
3. PIN is being asked fine
4. Next the request processing stops on the exception below and nothing
will happen
on the client side.
Certs without these äöå -chars work fine, so our guess is that they
cause it,
but the certs ought to be according to specs: name-fields encoding
is
UTF-8 according
to RFC 2459 from year 1999. A failing example-cert is also below.
Would this be a problem with the certificate rather than BEA-implementation?
Same behavior on Windows and Solaris Weblogic 8.11 as such and withSP2
(and with
sp2 + CASE_ID_NUM: 501454 hotfix).
Best Regards,
Igor Styrman
<avalable(): 20303264 : 0 + 0 = 0>
<write ALERT offset = 0 length = 2>
<SSLIOContextTable.removeContext(ctx): 1765100>
PM EEST><SSLListenThread.Default> <<WLS Kernel>> <> <000000> <Filtering
JSSE
SSLSocket>
PM EEST><SSLListenThread.Default> <<WLS Kernel>> <> <000000> <SSLIOContextTable.addContext(ctx):
6487148>
PM EEST><SSLListenThread.Default> <<WLS Kernel>> <> <000000> <SSLSocket
will
be Muxing>
PM EEST><SSLListenThread.Default> <<WLS Kernel>> <> <000000> <SSLIOContextTable.findContext(is):
11153746>
<SSLFilter.isActivated: false>
<isMuxerActivated: false>
<SSLFilter.isActivated: false>
<21647856 readRecord()>
<21647856 SSL Version 2 with no padding>
<21647856 SSL3/TLS MAC>
<21647856 received SSL_20_RECORD>
<HANDSHAKEMESSAGE: ClientHelloV2>
<write HANDSHAKE offset = 0 length = 58>
<write HANDSHAKE offset = 0 length = 1789>
<Converting principal: OU=Class 4 Public Primary Certification Authority,
O="VeriSign,
Inc.", C=US>
<Converting principal: CN=SHP ROOT CA, O=SHP, C=FI>
<Converting principal: CN=topsel, O=Fujitsu Services Oy, C=FI>
<Converting principal: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust
Solutions,
Inc.", O=GTE Corporation, C=US>
<Converting principal: CN=SatShp CA, O=Satakunnan sairaanhoitopiiri,
C=FI>
<Converting principal: OU=Class 1 Public Primary Certification Authority,
O="VeriSign,
Inc.", C=US>
<Converting principal: [email protected], CN=Thawte
Personal
Basic CA, OU=Certification Services Division, O=Thawte Consulting,
L=Cape
Town,
ST=Western Cape, C=ZA>
<Converting principal: [email protected], CN=Thawte
Personal
Freemail CA, OU=Certification Services Division, O=Thawte Consulting,
L=Cape Town,
ST=Western Cape, C=ZA>
<Converting principal: OU=Class 3 Public Primary Certification Authority,
O="VeriSign,
Inc.", C=US>
<Converting principal: CN=GTE CyberTrust Root, O=GTE Corporation, C=US>
<Converting principal: [email protected], CN=Thawte
Server
CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape
Town, ST=Western
Cape, C=ZA>
<Converting principal: [email protected], CN=Thawte
Personal
Premium CA, OU=Certification Services Division, O=Thawte Consulting,
L=Cape Town,
ST=Western Cape, C=ZA>
<Converting principal: [email protected], CN=Thawte
Premium
Server CA, OU=Certification Services Division, O=Thawte Consultingcc,
L=Cape
Town, ST=Western Cape, C=ZA>
<Converting principal: OU=Secure Server Certification Authority, O="RSA
Data Security,
Inc.", C=US>
<Converting principal: CN=Baltimore CyberTrust Root, OU=CyberTrust,O=Baltimore,
C=IE>
<Converting principal: CN=Fujitsu Test CA, O=Fujitsu Services Oy, C=FI>
<Converting principal: CN=GTE CyberTrust Root 5, OU="GTE CyberTrustSolutions,
Inc.", O=GTE Corporation, C=US>
<Converting principal: CN=PSHP CA, O=Pirkanmaan sairaanhoitopiiri,
C=FI>
<Converting principal: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust,
O=Baltimore, C=IE>
<Converting principal: OU=Class 2 Public Primary Certification Authority,
O="VeriSign,
Inc.", C=US>
<write HANDSHAKE offset = 0 length = 2409>
<write HANDSHAKE offset = 0 length = 4>
<SSLFilter.isActivated: false>
<isMuxerActivated: false>
<SSLFilter.isActivated: false>
<21647856 readRecord()>
<21647856 SSL3/TLS MAC>
<21647856 received HANDSHAKE>
<HANDSHAKEMESSAGE: Certificate>
PM EEST> <Error> <Kernel> <> <satshpeduServer> <ExecuteThread: '14'
for queue:
'weblogic.kernel.Default'> <<WLS Kernel>> <> <BEA-000802> <ExecuteRequest
failed
java.lang.NullPointerException: Could not set value for ASN.1 string
object..
java.lang.NullPointerException: Could not set value for ASN.1 string
object.
at com.certicom.security.asn1.ASN1String.setValue(Unknown Source)
at com.certicom.security.asn1.ASN1String.setBufferTo(Unknown Source)
at com.certicom.security.asn1.DERInputStream.decodeString(UnknownSource)
at com.certicom.security.asn1.ASN1String.decode(Unknown Source)
at com.certicom.security.pkix.AttributeTypeAndValue.decodeContents(Unknown
Source)
at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown
Source)
at com.certicom.security.asn1.DERInputStream.decodeSequence(Unknown
Source)
at com.certicom.security.asn1.ASN1Sequence.decode(Unknown Source)
at com.certicom.security.asn1.ASN1SetOf.decodeContents(Unknown Source)
at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown
Source)
at com.certicom.security.asn1.DERInputStream.decodeSetOf(Unknown Source)
at com.certicom.security.asn1.ASN1SetOf.decode(Unknown Source)
at com.certicom.security.asn1.ASN1SequenceOf.decodeContents(Unknown
Source)
at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown
Source)
at com.certicom.security.asn1.DERInputStream.decodeSequence(Unknown
Source)
at com.certicom.security.asn1.ASN1Sequence.decode(Unknown Source)
at com.certicom.security.pkix.Name.decodeContents(Unknown Source)
at com.certicom.security.asn1.ASN1Choice.decode(Unknown Source)
at com.certicom.security.pkix.TBSCertificate.decodeContents(Unknown
Source)
at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown
Source)
at com.certicom.security.asn1.DERInputStream.decodeSequence(Unknown
Source)
at com.certicom.security.asn1.ASN1Sequence.decode(Unknown Source)
at com.certicom.security.pkix.Certificate.decodeContents(Unknown Source)
at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown
Source)
at com.certicom.security.asn1.DERInputStream.decodeSequence(Unknown
Source)
at com.certicom.security.asn1.ASN1Sequence.decode(Unknown Source)
at com.certicom.security.asn1.ASN1Type.decode(Unknown Source)
at com.certicom.security.cert.internal.x509.X509V3CertImpl.<init>(Unknown
Source)
at com.certicom.tls.record.handshake.MessageCertificate.<init>(Unknown
Source)
at com.certicom.tls.record.handshake.HandshakeMessage.create(Unknown
Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown
Source)
at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown
Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown
Source)
at com.certicom.net.ssl.CerticomContextWrapper.forceHandshakeOnAcceptedSocket(Unknown
Source)
at weblogic.t3.srvr.SSLListenThread$1.execute(SSLListenThread.java:514)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)
-----BEGIN CERTIFICATE-----
MIID+zCCAuOgAwIBAgIDFm/PMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkZJ
MRwwGgYDVQQKExNGdWppdHN1IFNlcnZpY2VzIE95MRgwFgYDVQQDEw9GdWppdHN1
IFRlc3QgQ0EwHhcNMDQwNjAyMTE1MjE4WhcNMDYwNjAyMTIyMjE4WjB3MQswCQYD
VQQGEwJGSTEQMA4GA1UEChMHRnVqaXRzdTEgMB4GA1UEAwwXSMO2bG3DtmzDpGlu
ZW4gw4VrZSAwMDExDDAKBgNVBAUTAzAwMTEXMBUGA1UEBAwOSMO2bG3DtmzDpGlu
ZW4xDTALBgNVBCoMBMOFa2UwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAO44
Zm31uJb8048/6PByPyXzaW3gCz1mT02TuwVtjMRJ4ObbFCqMGC+YosA2kNKoW0Ef
C+YlKNqhvaid0bATQefdSHVQhzFL3HFIfZc3ONAJQ/U+I6W69r2JePoCvZppknmC
YrnCCDx3Ap27B7v57f/XTmdpiB8IdiCTl3PnV78PAgMBAAGjggFEMIIBQDAfBgNV
HSMEGDAWgBT8T+xYc3T6j89O8cZ4hC9r1e9DojAdBgNVHQ4EFgQUtS4z8K26uW2d
IeJ3aelDnqnkBnYwCwYDVR0PBAQDAgSwMFMGA1UdEQRMMEqgKwYKKwYBBAGCNxQC
A6AdDBtha2UuaG9sbW9sYWluZW5AZnVqaXRzdS5jb22BG2FrZS5ob2xtb2xhaW5l
bkBmdWppdHN1LmNvbTB9BgNVHR8EdjB0MHKgcKBuhmxsZGFwOi8vMjEyLjI0Ni4y
MjIuMTQyOjM4OS9DTj1GdWppdHN1JTIwVGVzdCUyMENBLE89RnVqaXRzdSUyMFNl
cnZpY2VzJTIwVGVzdCxDPUZJP2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3QwHQYD
VR0lBBYwFAYIKwYBBQUHAwQGCCsGAQUFBwMCMA0GCSqGSIb3DQEBBQUAA4IBAQAZ
KV3Og/y6zUOMwZGswUxAne5fe4Ab70bmX+z49MVeA0dfdQwQdR9GwFVF+fcK+q0T
3Lmcwpm5KiHWYoIOxPb6MqTTWxV7HSXWr7A7P4BbTGxsujpUULcmQGQFAd69R0Ur
JFDwYnDEP2+4RzrvlP6AWspyHJePYmCt9h3JfxYAqVLTL0suO1uh8hgtStujmqsI
0WNCfnQ+sURdDzp6WpVFcxFQa5aAcyx9sWWqV5Ta5l6JTCmoHth7qoV3BtUKv4+z
SqIHKA1ixrvlhqWkjYxg51N6ihbbR5shBRRinAqRIQjTzXmun2wJzwNigt4zWiNg
tvrGCMOrvrb5QTxVtLNr
-----END CERTIFICATE----- -
App Server 8.0 LDAP SSL Problems
Hello,
I have been able to get the following java code to connect to an LDAP server to work in a servlet (within a j2ee-module) under the Sun J2EE application server 8.0 when I am connecting to a non-ssl LDAP server:
LDAPConnection conn = new LDAPConnection();
conn.connect(ldap_host, Integer.parseInt(ldap_port));
StringBuffer sb = new StringBuffer("uid=");
sb.append(cuid).append(",").append(ldap_base);
String dn = sb.toString();
conn.authenticate(3, dn, password);
I have been having a bear of the time implementing the same thing but with SSL by changing the host and port to a SSL LDAP instance and substituting the following code:
LDAPConnection conn new LDAPConnection();
JSSESocketFactory jssf = new netscape.ldap.factory.JSSESocketFactory(null);
conn = new LDAPConnection(jssf);
I have used the following command to insert the cert from the LDAP server into the keystore:
keytool -import -trustcacerts -alias <ca-cert-alias> -file <cert>
I have also tried to inject the cert into the cacerts file found under the SUNWappserver/domains/domain1/config/cacerts.jks file directly using keytool.
No matter what I do, when the SSL version of the code is executed I get the following exception:
[#|2004-07-14T13:59:40.372-0400|INFO|sun-appserver-pe8.0.0_01|javax.enterprise.system.stream.out|_ThreadID=12;|
DEBUG Wed Jul 14 13:59:40 EDT 2004: <class removed for security purposes>.doPost:
Uncaptured Exception: JSSESocketFactory.makeSocket <host and port removed for security purposes>, Default SSL context init failed: Cannot recover key|#]
[#|2004-07-14T13:59:40.374-0400|INFO|sun-appserver-pe8.0.0_01|javax.enterprise.system.stream.out|_ThreadID=12;|
DEBUG Wed Jul 14 13:59:40 EDT 2004: <class removed for security purposes>.doPost:
netscape.ldap.LDAPException: JSSESocketFactory.makeSocket <host and port removed for security purposes>, Default SSL context init failed: Cannot recover key (91)
at netscape.ldap.factory.JSSESocketFactory.makeSocket(JSSESocketFactory.java:111)
at netscape.ldap.LDAPConnSetupMgr.connectServer(LDAPConnSetupMgr.java:509)
at netscape.ldap.LDAPConnSetupMgr.openSerial(LDAPConnSetupMgr.java:435)
at netscape.ldap.LDAPConnSetupMgr.connect(LDAPConnSetupMgr.java:274)
at netscape.ldap.LDAPConnSetupMgr.openConnection(LDAPConnSetupMgr.java:199)
at netscape.ldap.LDAPConnThread.connect(LDAPConnThread.java:109)
at netscape.ldap.LDAPConnection.connect(LDAPConnection.java:1067)
at netscape.ldap.LDAPConnection.connect(LDAPConnection.java:938)
at netscape.ldap.LDAPConnection.connect(LDAPConnection.java:781)
at com.qwest.nts.portal.LdapHelper.authenticate(LdapHelper.java:51)
at com.qwest.nts.portal.servlet.PortalServlet.doPost(PortalServlet.java:68)
at com.qwest.nts.portal.servlet.BaseServlet.doGet(BaseServlet.java:50)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:748)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:861)
at sun.reflect.GeneratedMethodAccessor68.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:246)
at java.security.AccessController.doPrivileged(Native Method)
Am I missing something here? What does one need to do to get the Sun application server to enable SSL connections to an LDAP server? I am a bit confused what keystore to use since there are numerous copies of cacerts.jks and keystore.jks among both the application server config files and the jdk/jre config files found under SUNWappserver.
I attempted to see debug messages by adding -Djavax.net.debug=all directly to the java command found in the startserv script for this web appliaction. I am not sure if this is the correct way to set system parameters when using the J2EE Sun application server, but it should work, no? When I do this I don't see any additional messages in the server's log file found at /SUNWappserver/domains/domain1/logs/server.log. All I see is System.out.println's from the java code and the exception.
Thanks in advance for any help.
- DanHarpreet,
Thanks for the reply. Yes I do just want to authenticate to the LDAP server from some code in my servlet. It is working against a non-ssl server right now. I guess I am not using the LDAPRealm that the appserver provides because I didn't now about it. I just pulled working LDAP code from another project (written for weblogic). As I said before all is working fine against the non-ssl server, however, I need to authenticate against a SSL server. As for your other question, why am I using JSSESocketFactory, I don't have a good answer. The application I am using as an example around here uses ldapsdk.jar. Are you saying that these LDAP classes are already built in?
Thanks
- Dan
Hi Dan
A couple of questions that will help me understand
this better.
1. It seems you just want to authenticate to the LDAP
server
from some code in your servlet - is that right?
(On a side note: why dont you use the LDAPRealm that
the appserver
provides? It currently does not perform SSL
authentication but that is
something we are looking at). This way you dont end up
reinventing the wheel.
2. Any particular reasons on not using J2SE Security
factory classes
(Since you use netscape JSSESocketFactory - you will
have to use
Netscape provided flags to see what is going on over
the wire). That
is the reason javax.net.debug flags are not showing
any useful output.
PS: javax.net.debug=ssl should suffice
Some comments and clarifications:
The truststore that you should bother about - is the
one under
domains/domain_name_of_the_domain_u_use/cacerts.jks.
Cacerts.jks has your imported(trusted certs) while
keystore.jks has
your server private keys and certificates.
(more info @
http://java.sun.com/j2ee/1.4/docs/tutorial/doc/Security
.html#wp142440)
There has been a relevant thread that you may look at
http://forum.java.sun.com/thread.jsp?forum=136&thread=5
1519
Hope that helps
- Regards
Harpreet
I have been able to get the following java code to
connect to an LDAP server to work in a servlet(within
a j2ee-module) under the Sun J2EE applicationserver
8.0 when I am connecting to a non-ssl LDAP server:
LDAPConnection conn = new LDAPConnection();
conn.connect(ldap_host,Integer.parseInt(ldap_port));
StringBuffer sb = new StringBuffer("uid=");
sb.append(cuid).append(",").append(ldap_base);
String dn = sb.toString();
conn.authenticate(3, dn, password);
I have been having a bear of the time implementingthe
same thing but with SSL by changing the host andport
to a SSL LDAP instance and substituting thefollowing
code:
LDAPConnection conn new LDAPConnection();
JSSESocketFactory jssf = new
netscape.ldap.factory.JSSESocketFactory(null);
conn = new LDAPConnection(jssf);
I have used the following command to insert the cert
from the LDAP server into the keystore:
keytool -import -trustcacerts -alias <ca-cert-alias>
-file <cert>
I have also tried to inject the cert into thecacerts
file found under the
SUNWappserver/domains/domain1/config/cacerts.jksfile
directly using keytool.
No matter what I do, when the SSL version of thecode
is executed I get the following exception:
[#|2004-07-14T13:59:40.372-0400|INFO|sun-appserver-pe8.
>
.0_01|javax.enterprise.system.stream.out|_ThreadID=12;|
DEBUG Wed Jul 14 13:59:40 EDT 2004: <class removedfor
security purposes>.doPost:
Uncaptured Exception: JSSESocketFactory.makeSocket
<host and port removed for security purposes>,Default
SSL context init failed: Cannot recover key|#]
[#|2004-07-14T13:59:40.374-0400|INFO|sun-appserver-pe8.
>
.0_01|javax.enterprise.system.stream.out|_ThreadID=12;|
DEBUG Wed Jul 14 13:59:40 EDT 2004: <class removedfor
security purposes>.doPost:
netscape.ldap.LDAPException:
JSSESocketFactory.makeSocket <host and port removed
for security purposes>, Default SSL context init
failed: Cannot recover key (91)
at
netscape.ldap.factory.JSSESocketFactory.makeSocket(JSSE
ocketFactory.java:111)
at
netscape.ldap.LDAPConnSetupMgr.connectServer(LDAPConnSe
upMgr.java:509)
at
netscape.ldap.LDAPConnSetupMgr.openSerial(LDAPConnSetup
gr.java:435)
at
netscape.ldap.LDAPConnSetupMgr.connect(LDAPConnSetupMgr
java:274)
at
netscape.ldap.LDAPConnSetupMgr.openConnection(LDAPConnS
tupMgr.java:199)
at
netscape.ldap.LDAPConnThread.connect(LDAPConnThread.jav
:109)
at
netscape.ldap.LDAPConnection.connect(LDAPConnection.jav
:1067)
at
netscape.ldap.LDAPConnection.connect(LDAPConnection.jav
:938)
at
netscape.ldap.LDAPConnection.connect(LDAPConnection.jav
:781)
at
com.qwest.nts.portal.LdapHelper.authenticate(LdapHelper
java:51)
at
com.qwest.nts.portal.servlet.PortalServlet.doPost(Porta
Servlet.java:68)
at
com.qwest.nts.portal.servlet.BaseServlet.doGet(BaseServ
et.java:50)
at
javax.servlet.http.HttpServlet.service(HttpServlet.java
748)
at
javax.servlet.http.HttpServlet.service(HttpServlet.java
861)
at
sun.reflect.GeneratedMethodAccessor68.invoke(Unknown
Source)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(Delegat
ngMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at
org.apache.catalina.security.SecurityUtil$1.run(Securit
Util.java:246)
atjava.security.AccessController.doPrivileged(Native
Method)
Am I missing something here? What does one need todo
to get the Sun application server to enable SSL
connections to an LDAP server? I am a bit confused
what keystore to use since there are numerous copies
of cacerts.jks and keystore.jks among both the
application server config files and the jdk/jreconfig
files found under SUNWappserver.
I attempted to see debug messages by adding
-Djavax.net.debug=all directly to the java command
found in the startserv script for this web
appliaction. I am not sure if this is the correctway
to set system parameters when using the J2EE Sun
application server, but it should work, no? When Ido
this I don't see any additional messages in the
server's log file found at
/SUNWappserver/domains/domain1/logs/server.log. AllI
see is System.out.println's from the java code andthe
exception.
Thanks in advance for any help.
- Dan -
Problem with 2 way SSL for JMS
Finally, there is some progress on my JMS over SSL (2 way with JNDI). I am able to send/receive JMS messages but there is an exception in Weblogic server log (see attached). Let me summarise all the steps involved:
(I have referred this doc http://java.sun.com/j2ee/1.4/docs/tutorial/doc/Security6.html as I found this more convenient)
1. Generate the server private key/public certificate pair:
C:\softwares\bea\satishb\ssl\3>keytool -genkey -alias serveralias -keyalg RSA -keypass password -storepass password -keystore .\server\svrkeystore.jks
2. Export the generated server certificate in svrkeystore.jks into the file server.cer:
C:\softwares\bea\satishb\ssl\3>keytool -export -alias serveralias -storepass password -file .\server\server.cer -keystore .\server\svrkeystore.jks
3. To create the trust-store file cacerts.jks and add the server certificate to the trust-store:
C:\softwares\bea\satishb\ssl\3>keytool -import -v -trustcacerts -alias serveralias -file .\server\server.cer -keystore .\server\cacerts.jks -keypass password -storepass password
Now Client part:
1. Generate the client key/cert pair:
C:\softwares\bea\satishb\ssl\3>keytool -genkey -alias clientalias -keyalg RSA -keypass password -storepass password -keystore .\client\cltkeystore.jks
2. Export the generated client certificate into file client.cer:
C:\softwares\bea\satishb\ssl\3>keytool -export -alias clientalias -storepass password -file .\client\client.cer -keystore .\client\cltkeystore.jks
3. Add the certificate to the trust-store file cltcacerts.jks (this trust-store will be used by weblogic server for client authentication):
C:\softwares\bea\satishb\ssl\3>keytool -import -v -trustcacerts -alias clientalias -file .\client\client.cer -keystore .\client\cltcacerts.jks -keypass password -storepass password
- I deployed svrkeystore.jks to weblogic server as the custom identity and cltcacerts.jks as the trust store (so that client au takes place).
- I use server\cacerts.jks file at the client side to authenticate the server as the custom trust store.
-Both the JMS client and the weblogic server are using the same Java ie C:\softwares\bea\jdk150_04.
I am now able to send/receive the JMS messages but in the Weblogic server logs, I see these which seems to me that the proper SSL handshake has not taken place:
####<Mar 5, 2007 3:54:12 PM IST> <Info> <Server> <sburnwal-wxp> <AdminServer> <DynamicSSLListenThread[DefaultSecure]> <<WLS Kernel>> <> <> <1173090252459> <BEA-002605> <Adding address: 192.168.4.223 to licensed client list>
####<Mar 5, 2007 3:54:12 PM IST> <Debug> <SecuritySSL> <sburnwal-wxp> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1173090252459> <000000> <isMuxerActivated: false>
####<Mar 5, 2007 3:54:12 PM IST> <Debug> <SecuritySSL> <sburnwal-wxp> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1173090252506> <000000> <5978326 SSL Version 2 with no padding>
####<Mar 5, 2007 3:54:12 PM IST> <Debug> <SecuritySSL> <sburnwal-wxp> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1173090252506> <000000> <24761471 SSL3/TLS MAC>
####<Mar 5, 2007 3:54:12 PM IST> <Debug> <SecuritySSL> <sburnwal-wxp> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1173090252506> <000000> <24761471 received SSL_20_RECORD>
####<Mar 5, 2007 3:54:12 PM IST> <Debug> <SecuritySSL> <sburnwal-wxp> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1173090252506> <000000> <HANDSHAKEMESSAGE: ClientHelloV2>
####<Mar 5, 2007 3:54:12 PM IST> <Debug> <SecuritySSL> <sburnwal-wxp> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1173090252506> <000000> <........... Eating Exception ..........
java.security.NoSuchAlgorithmException
at com.certicom.tls.ciphersuite.CipherSuiteSupport.getCipherSuite(Unknown Source)
at com.certicom.tls.ciphersuite.CipherSuiteSupport.getCipherSuite(Unknown Source)
at com.certicom.tls.record.handshake.MessageClientHelloVersion2.<init>(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeMessage.createVersion2(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleVersion2HandshakeMessages(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
at javax.net.ssl.impl.SSLSocketImpl.startHandshake(Unknown Source)
at weblogic.server.channels.DynamicSSLListenThread$1.run(DynamicSSLListenThread.java:130)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:207)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:179)
>
####<Mar 5, 2007 3:54:12 PM IST> <Debug> <SecuritySSL> <sburnwal-wxp> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1173090252506> <000000> <........... Eating Exception ..........
java.security.NoSuchAlgorithmException
at com.certicom.tls.ciphersuite.CipherSuiteSupport.getCipherSuite(Unknown Source)
at com.certicom.tls.ciphersuite.CipherSuiteSupport.getCipherSuite(Unknown Source)
at com.certicom.tls.record.handshake.MessageClientHelloVersion2.<init>(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeMessage.createVersion2(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleVersion2HandshakeMessages(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
at javax.net.ssl.impl.SSLSocketImpl.startHandshake(Unknown Source)
at weblogic.server.channels.DynamicSSLListenThread$1.run(DynamicSSLListenThread.java:130)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:207)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:179)
>
####<Mar 5, 2007 3:54:12 PM IST> <Debug> <SecuritySSL> <sburnwal-wxp> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1173090252506> <000000> <write HANDSHAKE, offset = 0, length = 58>
####<Mar 5, 2007 3:54:12 PM IST> <Debug> <SecuritySSL> <sburnwal-wxp> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1173090252506> <000000> <write HANDSHAKE, offset = 0, length = 602>
####<Mar 5, 2007 3:54:12 PM IST> <Debug> <SecuritySSL> <sburnwal-wxp> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1173090252506> <000000> <write HANDSHAKE, offset = 0, length = 4>
####<Mar 5, 2007 3:54:12 PM IST> <Debug> <SecuritySSL> <sburnwal-wxp> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1173090252506> <000000> <isMuxerActivated: false>
####<Mar 5, 2007 3:54:12 PM IST> <Debug> <SecuritySSL> <sburnwal-wxp> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1173090252521> <000000> <24761471 SSL3/TLS MAC>
####<Mar 5, 2007 3:54:12 PM IST> <Debug> <SecuritySSL> <sburnwal-wxp> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1173090252521> <000000> <24761471 received HANDSHAKE>
####<Mar 5, 2007 3:54:12 PM IST> <Debug> <SecuritySSL> <sburnwal-wxp> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1173090252521> <000000> <HANDSHAKEMESSAGE: ClientKeyExchange RSA>
####<Mar 5, 2007 3:54:12 PM IST> <Debug> <SecuritySSL> <sburnwal-wxp> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1173090252521> <000000> <Using JCE Cipher: SunJCE version 1.5 for algorithm RSA>
####<Mar 5, 2007 3:54:12 PM IST> <Debug> <SecuritySSL> <sburnwal-wxp> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1173090252537> <000000> <Ignoring not supported JCE Mac: SunJCE version 1.5 for algorithm HmacMD5>
####<Mar 5, 2007 3:54:12 PM IST> <Debug> <SecuritySSL> <sburnwal-wxp> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1173090252537> <000000> <Will use default Mac for algorithm HmacMD5>
####<Mar 5, 2007 3:54:12 PM IST> <Debug> <SecuritySSL> <sburnwal-wxp> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1173090252537> <000000> <Ignoring not supported JCE Mac: SunJCE version 1.5 for algorithm HmacSHA1>
####<Mar 5, 2007 3:54:12 PM IST> <Debug> <SecuritySSL> <sburnwal-wxp> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1173090252537> <000000> <Will use default Mac for algorithm HmacSHA1>
####<Mar 5, 2007 3:54:12 PM IST> <Debug> <SecuritySSL> <sburnwal-wxp> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1173090252537> <000000> <........... Eating Exception ..........
java.security.NoSuchAlgorithmException: Algorithm MD5 not available
at javax.crypto.Mac.getInstance(DashoA12275)
at com.certicom.tls.provider.Mac.getInstance(Unknown Source)
at com.certicom.tls.ciphersuite.SecurityParameters.makeKeys(Unknown Source)
at com.certicom.tls.ciphersuite.SecurityParameters.deriveKeys(Unknown Source)
at com.certicom.tls.ciphersuite.SecurityParameters.<init>(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.generateSecurityParameters(Unknown Source)
at com.certicom.tls.record.handshake.ServerStateSentHelloDone.handle(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
at javax.net.ssl.impl.SSLSocketImpl.startHandshake(Unknown Source)
at weblogic.server.channels.DynamicSSLListenThread$1.run(DynamicSSLListenThread.java:130)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:207)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:179)
>
####<Mar 5, 2007 3:54:12 PM IST> <Debug> <SecuritySSL> <sburnwal-wxp> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1173090252537> <000000> <Will use default Mac for algorithm MD5>
####<Mar 5, 2007 3:54:12 PM IST> <Debug> <SecuritySSL> <sburnwal-wxp> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1173090252537> <000000> <Using JCE Cipher: SunJCE version 1.5 for algorithm RC4>
####<Mar 5, 2007 3:54:12 PM IST> <Debug> <SecuritySSL> <sburnwal-wxp> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1173090252537> <000000> <Ignoring not supported JCE Mac: SunJCE version 1.5 for algorithm HmacMD5>
####<Mar 5, 2007 3:54:12 PM IST> <Debug> <SecuritySSL> <sburnwal-wxp> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1173090252537> <000000> <Will use default Mac for algorithm HmacMD5>
####<Mar 5, 2007 3:54:12 PM IST> <Debug> <SecuritySSL> <sburnwal-wxp> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1173090252537> <000000> <Ignoring not supported JCE Mac: SunJCE version 1.5 for algorithm HmacSHA1>
Pls let me know if there is anything I am missing here. Help is appreciated a lot.
Thanks
SatishIt is a domain wide setting. Can you not create a new domain? I do not think that you can handle it from web.xml. I have never seen such thing in web.xml.
Maybe you are looking for
-
HELP? PLEASE? I JUST WANT MY BROADBAND TO BE CONNE...
Help please. I placed an order with BT on the 6th May 2015 for a 'phone/broadband/tv package. All was set to go ahead on the 8th June. The 'phone was taken over by BT then, but NOTHING else. I only found out on the 9th as there was no broadband servi
-
Hi All, I have a cursor which is giving performance issues. The query executed by the cursor is as below. There is no Full table scan on the first part of the UNION. But on the second part, there is a Full table scan on AP_INVOICES_ALL. Could you ple
-
How we can create Oracle 9i Database through Commands.
How we can create Oracle 9i Database through Commands. We need step by step process and all the scripts.
-
Migrating from Sybase 11.9
Is there an Oracle tool still available for migrating Sybase release 11.9 databases to Oracle? I can't seem to find anything on the Oracle website. Thank you, Steve
-
Hello, The question is simple but the solution for me isn't so simple. An eps-file in Illustrator must be saved as an ai-file with the same name, but the extension must be ai instead of the original eps-file. Is it also possible to change the color p