Hi Lewis,
The Weblogic logs show the following ciphers on startup:
<Sep 18, 2014 2:05:52 PM EDT> <Debug> <SecuritySSL> <BEA-000000>
<TLS_RSA_WITH_RC4_128_SHA>
<Sep 18, 2014 2:05:52 PM EDT> <Debug> <SecuritySSL> <BEA-000000>
<TLS_RSA_WITH_RC4_128_MD5>
<Sep 18, 2014 2:05:52 PM EDT> <Debug> <SecuritySSL> <BEA-000000>
<TLS_RSA_WITH_AES_128_CBC_SHA>
<Sep 18, 2014 2:05:52 PM EDT> <Debug> <SecuritySSL> <BEA-000000>
<TLS_RSA_WITH_AES_256_CBC_SHA>
Based on the error, it looks to be a CertiCom SSL provider which supports
TLSv1/SSLv3 and SSLv2.
I had tried to experiment with SSLCipherSuite but met no success. Last value I
attempted was ALL:RC4+RSA:+HIGH:+MEDIUM:+LOW:!NULL:+SSLv2:+EXP
This is what I see in the Weblogic log:
<Sep 18, 2014 3:01:42 PM EDT> <Debug> <SecuritySSL> <BEA-000000> <Filtering
JSSE SSLSocket>
<Sep 18, 2014 3:01:42 PM EDT> <Debug> <SecuritySSL> <BEA-000000>
<SSLIOContextTable.addContext(ctx): 23944274>
<Sep 18, 2014 3:01:42 PM EDT> <Debug> <SecuritySSL> <BEA-000000> <SSLSocket
will be Muxing>
<Sep 18, 2014 3:01:42 PM EDT> <Debug> <SecuritySSL> <BEA-000000>
<isMuxerActivated: false>
<Sep 18, 2014 3:01:42 PM EDT> <Debug> <SecuritySSL> <BEA-000000> <27112312
SSL3/TLS MAC>
<Sep 18, 2014 3:01:42 PM EDT> <Debug> <SecuritySSL> <BEA-000000> <27112312
received HANDSHAKE>
<Sep 18, 2014 3:01:42 PM EDT> <Debug> <SecuritySSL> <BEA-000000>
<HANDSHAKEMESSAGE: ClientHello>
<Sep 18, 2014 3:01:42 PM EDT> <Debug> <SecuritySSL> <BEA-000000> <NEW ALERT
with Severity: FATAL, Type: 40
java.lang.Exception: New alert stack
at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
at
com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown
Source)
at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown
Source)
at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown
Source)
at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at
com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
at
com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown
Source)
at javax.net.ssl.impl.SSLSocketImpl.startHandshake(Unknown Source)
at
weblogic.server.channels.DynamicSSLListenThread$1.run(DynamicSSLListenThread.java:130)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173
Best regards,
-a
Aaron Stromas | RSA The Security Division of EMC | Practice Consultant |
Identity & Fraud Protection Practice | M – 240 271 64 58 |
[email protected]
-----Original Message-----
From: [email protected] [mailto:[email protected]]
On Behalf Of Lewis Rosenthal
Sent: Friday, 19 September, 2014 14:11
To: [email protected]
Subject: Re: Apache SSL proxy to Weblogic fails
Hi, Aaron...
On 09/19/2014 01:04 PM, Stromas, Aaron wrote:
>
> Greetings,
>
> I am looking for help with a problem I've ran into a using
> mod_proxy/mod_ssl. The Apache HTTP server on SLES 11 SP3 64 bit,
> OpenSSL 1.0.1.f acts as SSL proxy to the Weblogic 10.3 running on
> Redhat. The mod_ssl is configured correctly - it works when proxying
> to SSL connections to non-SSL serves. Also, the certificate on the
> proxy was issued with extensions allowing it to be used as both SSL
> client and server.
>
> Yet, the Apache proxy fails connection over SSL to the Weblogic’s
> HTTPS port. Below is the excerpt from the Apache errors log. Any
> advice will be gerately appreciated. TIA
>
<snip>
> [Thu Sep 18 09:32:14 2014] [debug] ssl_engine_kernel.c(1940): OpenSSL:
> Exit: error in SSLv2/v3 read server hello A
>
> [Thu Sep 18 09:32:14 2014] [info] [client 10.40.0.224] SSL Proxy
> connect failed
>
> [Thu Sep 18 09:32:14 2014] [info] SSL Library Error: 336032784
> error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert
> handshake failure
>
> [Thu Sep 18 09:32:14 2014] [info] [client 10.40.0.224] Connection
> closed to child 0 with abortive shutdown (server aaproxiedel1:443)
>
> [Thu Sep 18 09:32:14 2014] [error] (502)Unknown error 502: proxy: pass
> request body failed to 10.40.0.224:8102 (appdev2.example.com)
>
> [Thu Sep 18 09:32:14 2014] [error] [client 141.1.3.134] proxy: Error
> during SSL Handshake with remote server returned by /auth/logon.jsp
>
> [Thu Sep 18 09:32:14 2014] [error] proxy: pass request body failed to
> 10.40.0.224:8102 (appdev2.example.com) from 141.1.3.134 ()
>
> [Thu Sep 18 09:32:14 2014] [debug] proxy_util.c(2040): proxy: HTTPS:
> has released connection for (appdev2.example.com)
>
> [Thu Sep 18 09:32:14 2014] [debug] ssl_engine_kernel.c(1921): OpenSSL:
> Write: SSL negotiation finished successfully
>
> [Thu Sep 18 09:32:14 2014] [info] [client 141.1.3.134] Connection
> closed to child 2 with standard shutdown (server aaproxiedel1:443)
>
What cipher suites is the server behind the proxy set to accept, and what
version of SSL is that server using?
--
Lewis
-------------------------------------------------------------
Lewis G Rosenthal, CNA, CLP, CLE, CWTS, EA
Rosenthal & Rosenthal, LLC
www.2rosenthals.com<http://www.2rosenthals.com>
visit my IT blog
www.2rosenthals.net/wordpress<http://www.2rosenthals.net/wordpress>
IRS Circular 230 Disclosure applies see
www.2rosenthals.com<http://www.2rosenthals.com>
-------------------------------------------------------------
--
This email was Anti Virus checked by Astaro Security Gateway.
http://www.astaro.com
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List
[email protected]<mailto:[email protected]>
Automated List Manager
[email protected]<mailto:[email protected]>
