Yes, probably a good idea. -Danny
-----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Will Thompson Sent: Monday, January 07, 2013 3:37 PM To: MarkLogic Developer Discussion Subject: Re: [MarkLogic Dev General] GET over SSL with self-signed cert Danny - FIPS mode on the ML6 server doesn't seem to have an effect. Should I contact support? -Will On 1/7/13 2:30 PM, "Danny Sokolsky" <[email protected]> wrote: >This is just a guess, but my guess is that this has to do with >MarkLogic >6 running in FIPS mode. Here is some description of the >incompatibilities: > >http://docs.marklogic.com/guide/relnotes/chap4#id_13394 > >I am theorizing that MarkLogic 5 is using a less secure cipher for this. >One thing you could try is turning FIPS mode off on 6 and see if that >makes the error go away. > >But the error message you are getting does not quite mesh with my >guess, so it might be something else. > >-Danny > >-----Original Message----- >From: [email protected] >[mailto:[email protected]] On Behalf Of Michael >Blakeley >Sent: Monday, January 07, 2013 1:36 PM >To: MarkLogic Developer Discussion >Subject: Re: [MarkLogic Dev General] GET over SSL with self-signed cert > >Sounds like a bug to me. Searching for that code turns up some messages >about SSL3 handshake errors, some related to session reuse. > >Which server releases are you running? I think there have been a few >SSL/TLS fixes in recent releases. One of them might help with this. > >-- Mike > >On 7 Jan 2013, at 13:07 , Will Thompson <[email protected]> >wrote: > >> This is a another bug or feature question. We do some GET calls from >>one ML app server to another over SSL, the latter of which is using a >>self-signed certificate. The verify-cert option is included to ignore >>the warning: >> >> <options xmlns="xdmp:document-get" xmlns:http="xdmp:http"> >> <http:authentication>...</http:authentication> >> <http:verify-cert>false</http:verify-cert> >> </options> >> >> However, when the client is ML5 and the server is ML6, this throws an >>exception. ML5->ML5, ML6->ML5, and ML6->ML6 all behave as expected. >>Here is the exception detail: >> >> 1.0-ml] SVC-SOCCONN: xdmp:document-get("/path/document.xml", <options >>xmlns:http="xdmp:http" >>xmlns="xdmp:document-get"><http:verify-cert>false</http:verify-cert><h >>ttp >>:authentication><...</options>) -- Socket connect error: SSL_connect >>192.168.X.61:50042-192.168.X.34:443: unexpected message (0x1408e0f4) >> >> -Will >> _______________________________________________ >> General mailing list >> [email protected] >> http://developer.marklogic.com/mailman/listinfo/general > >_______________________________________________ >General mailing list >[email protected] >http://developer.marklogic.com/mailman/listinfo/general >_______________________________________________ >General mailing list >[email protected] >http://developer.marklogic.com/mailman/listinfo/general _______________________________________________ General mailing list [email protected] http://developer.marklogic.com/mailman/listinfo/general _______________________________________________ General mailing list [email protected] http://developer.marklogic.com/mailman/listinfo/general
