[jira] [Commented] (HTTPCORE-267) SSL handshake is failing when unsafe re-negotiation is enabled

Wed, 30 Dec 2015 06:53:44 -0800 

    [ 
https://issues.apache.org/jira/browse/HTTPCORE-267?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15075080#comment-15075080
 ] 

Gabriel Vince commented on HTTPCORE-267:
----------------------------------------

Looks like I'm waking up a zombie, but I have to
tested with Java 1.7
this issue appears when the server requires renegotiation with the client 
certificates  (e.g. when only some URLs/folders require the client certificate)

When the SSL client works (e.g. SoapUI):
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: false
Is secure renegotiation: true
*** HelloRequest (empty)
%% Client cached [Session-1, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA]
%% Try resuming [Session-1, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA] from port 56874

WSO2 PassthroughHttpSSLSender:
Allow unsafe renegotiation: true
Allow legacy hello messages: true
Is initial handshake: false
Is secure renegotiation: true
.. and then no communication whatsoever is logged for the session from the 
service side...

Indeed I assume it's related to the SSLEngine or SSLContext and how it is used 
(?), but all other Java products we use have no problem with it.

Gabriel






> SSL handshake is failing when unsafe re-negotiation is enabled
> --------------------------------------------------------------
>
>                 Key: HTTPCORE-267
>                 URL: https://issues.apache.org/jira/browse/HTTPCORE-267
>             Project: HttpComponents HttpCore
>          Issue Type: Bug
>          Components: HttpCore NIO
>    Affects Versions: 4.1
>         Environment: Java version "1.6.0_26"
> Client OS - Ubuntu
> Server - IIS 7 (Web service which uses HTTPS - HTTPS configuration is set to 
> request client certificate
>            Reporter: Amila Jayasekara
>         Attachments: NIO-SSL-Logs.txt, Normal-Transport-Logs.txt, 
> nio-ssl-new.txt
>
>
> I have a .Net web service which communicates through https transport.
> On .Net web service end I have enabled "Require client certificate"
> option. In which, connecting client needs to provide a valid
> certificate.
> In the client side i specified 
> -Dsun.security.ssl.allowUnsafeRenegotiation=true. Still i am not able to 
> properly handshake.
> Logs are attached.
> Same was tested with normal transport. That worked without an issue. I will 
> also attach SSL logs with normal transport.
> Thanks
> AmilaJ



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to