RE: Q: server sends Change Cipher Spec when it should send HandShake

[Zhou, Yan]

Hi,   I am seeing the following SSL debug from client using Sun’s JSSE.  Our web service client is invoking web service calls on a cluster of WebLogic servers. The client will first reach a load balancer, which forwards the call to one of the two Apache servers, which in turn forwards the call to one of the two WebLogic servers hosting Web services. Client and Apache communicate via HTTPS, and Apache communicate with WebLogic via plain HTTP.   Randomly, we see SSL session aborted. Please see the following excerpt of a SSL debug output. Thread-1 is our client,  this is a session that failed.   I went through the debug log and noticed that all the successful sessions start with HandShake from server, once the session is created; but the failing one starts with ChangeCipherSpec from server. I do not why this is happening.   We are running Apache 2.0.47 with Open SSL 0.9.7.b. Any suggestion is appreciated.   Thanks. Yan %% Client cached [Session-3, SSL_RSA_WITH_RC4_128_MD5] %% Try resuming [Session-3, SSL_RSA_WITH_RC4_128_MD5] from port 1370 *** ClientHello, TLSv1   ... blar blar ...   *** Thread-1, WRITE: TLSv1 Handshake, length = 105     ß client send HandShake Thread-1, READ: TLSv1 Handshake, length = 74       ß server send HandShake *** ServerHello, TLSv1   ... blar blar ...   *** %% Created:  [Session-4, SSL_RSA_WITH_RC4_128_MD5] ** SSL_RSA_WITH_RC4_128_MD5 Thread-1, READ: TLSv1 Change Cipher Spec, length = 1         ß server should send the rest of HandShake, but it wants to reuse a cached session                                                                 Since thread-1 is reading, it should be from the server. JsseJCE: Using JSSE internal implementation for cipher RC4 Thread-1, handling exception: java.lang.IllegalArgumentException Thread-1, SEND TLSv1 ALERT:  fatal, description = internal_error Thread-1, WRITE: TLSv1 Alert, length = 2   Now compare to a successful session below   %% Client cached [Session-2, SSL_RSA_WITH_RC4_128_MD5] %% Try resuming [Session-2, SSL_RSA_WITH_RC4_128_MD5] from port 1361 *** ClientHello, TLSv1   ...   *** Thread-1, WRITE: TLSv1 Handshake, length = 105 Thread-1, READ: TLSv1 Handshake, length = 74 *** ServerHello, TLSv1   ...   *** %% Created:  [Session-3, SSL_RSA_WITH_RC4_128_MD5] ** SSL_RSA_WITH_RC4_128_MD5 Thread-1, READ: TLSv1 Handshake, length = 2023             ß this is the right message from server *** Certificate chain   ...