This is just a guess, but my guess is that this has to do with MarkLogic 6 running in FIPS mode. Here is some description of the incompatibilities:
http://docs.marklogic.com/guide/relnotes/chap4#id_13394 I am theorizing that MarkLogic 5 is using a less secure cipher for this. One thing you could try is turning FIPS mode off on 6 and see if that makes the error go away. But the error message you are getting does not quite mesh with my guess, so it might be something else. -Danny -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Michael Blakeley Sent: Monday, January 07, 2013 1:36 PM To: MarkLogic Developer Discussion Subject: Re: [MarkLogic Dev General] GET over SSL with self-signed cert Sounds like a bug to me. Searching for that code turns up some messages about SSL3 handshake errors, some related to session reuse. Which server releases are you running? I think there have been a few SSL/TLS fixes in recent releases. One of them might help with this. -- Mike On 7 Jan 2013, at 13:07 , Will Thompson <[email protected]> wrote: > This is a another bug or feature question. We do some GET calls from one ML > app server to another over SSL, the latter of which is using a self-signed > certificate. The verify-cert option is included to ignore the warning: > > <options xmlns="xdmp:document-get" xmlns:http="xdmp:http"> > <http:authentication>...</http:authentication> > <http:verify-cert>false</http:verify-cert> > </options> > > However, when the client is ML5 and the server is ML6, this throws an > exception. ML5->ML5, ML6->ML5, and ML6->ML6 all behave as expected. Here is > the exception detail: > > 1.0-ml] SVC-SOCCONN: xdmp:document-get("/path/document.xml", <options > xmlns:http="xdmp:http" > xmlns="xdmp:document-get"><http:verify-cert>false</http:verify-cert><http:authentication><...</options>) > -- Socket connect error: SSL_connect 192.168.X.61:50042-192.168.X.34:443: > unexpected message (0x1408e0f4) > > -Will > _______________________________________________ > General mailing list > [email protected] > http://developer.marklogic.com/mailman/listinfo/general _______________________________________________ General mailing list [email protected] http://developer.marklogic.com/mailman/listinfo/general _______________________________________________ General mailing list [email protected] http://developer.marklogic.com/mailman/listinfo/general
