[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AW: [iaik-ssl]cu|| SSL illegal parameter



Hello,

according to the TLS specification an illegal_parameter alert indicates
a a field in the handshake was out of range or inconsistent with
other fields. Does this only occur when connecting to one specific
server?

Regards,
Dieter Bratko

-----Ursprüngliche Nachricht-----
Von: iaik-ssl-owner@iaik.at [mailto:iaik-ssl-owner@iaik.at]Im Auftrag
von Stickley, Jim
Gesendet: Dienstag, 19. März 2002 21:31
An: 'iaik-ssl@iaik.at'; jacorb-developer@lists.spline.inf.fu-berlin.de
Betreff: [iaik-ssl]cu|| SSL illegal parameter


Can anyone help me understand what an "illegal parameter" means?

	- I am using jdk 1.3.1 with Sun's JCE removed from the class path.
	- I am also Using JacORB 1.3.30 with IAIK SSL.
	- My IAIK KeyStore is setup with one key and a certificate chain
signed by verisign.
	  The cert chain contains my certificate first and then verisigns
certificate (CA cert) second.
	- I wrote a test program that load the KeyStore and pulls the public
and private keys out and performs
	  a quick encryption/decryption to ensure that the keys are correct
(and they work).

SSL debug logs from my JacORB based app are below:

Thanks.

[ starting authentication ]
[ added Provider IAIK ]
[ authentication succeeded ]
[ AuthenticationStatus.SecAuthSuccess ]
Configuring SSL socket to log its debug info to System.out
Initializing ClientConnection!
ssl_debug(1): Starting handshake (iSaSiLk 3.03)...
ssl_debug(1): Sending v3 client_hello message, requesting version 3.1...
ssl_debug(1): Received v3 server_hello handshake message.
ssl_debug(1): Server selected SSL version 3.0.
ssl_debug(1): Server created new session 00:00:00:02:00:00:00:13...
ssl_debug(1): CipherSuite selected by server: SSL_RSA_WITH_3DES_EDE_CBC_SHA
ssl_debug(1): CompressionMethod selected by server: NULL
ssl_debug(1): Received certificate handshake message with server
certificate.
ssl_debug(1): Server sent a 1024 bit RSA certificate, chain has 2 elements.
ssl_debug(1): ChainVerifier: Found a trusted certificate, returning true
ssl_debug(1): Received certificate_request handshake message.
ssl_debug(1): Accepted certificate types: RSA, DSA
ssl_debug(1): Accepted certificate authorities:
ssl_debug(1):   OU=Secure Server Certification Authority,O=RSA Data
Security, Inc.,C=US
ssl_debug(1): Received server_hello_done handshake message.
ssl_debug(1): Sending certificate handshake message with RSA client
certificate...
ssl_debug(1): Sending client_key_exchange handshake message (1024 bit)...
ssl_debug(1): Sending certificate_verify handshake message...
ssl_debug(1): Sending change_cipher_spec message...
ssl_debug(1): Sending finished message...
ssl_debug(1): Received alert message: Alert Fatal: illegal parameter
ssl_debug(1): SSLException while handshaking: Peer sent alert: Alert Fatal:
illegal parameter
ssl_debug(1): Shutting down SSL layer...
Exception initializing ClientConnection!
iaik.security.ssl.SSLException: Peer sent alert: Alert Fatal: illegal
parameter
        at iaik.security.ssl.r.f(Unknown Source)
        at iaik.security.ssl.x.b(Unknown Source)
        at iaik.security.ssl.x.a(Unknown Source)
        at iaik.security.ssl.r.d(Unknown Source)
        at iaik.security.ssl.SSLTransport.startHandshake(Unknown Source)
        at iaik.security.ssl.SSLTransport.getInputStream(Unknown Source)
        at iaik.security.ssl.SSLSocket.getInputStream(Unknown Source)
        at org.jacorb.orb.connection.ClientConnection.<init>(Unknown Source)
        at
org.jacorb.orb.connection.ConnectionManager._getConnection(Unknown Source)
        at
org.jacorb.orb.connection.ConnectionManager._getConnection(Unknown Source)
        at org.jacorb.orb.connection.ConnectionManager.getConnection(Unknown
Source)
        at org.jacorb.orb.Delegate.bind(Unknown Source)
        at org.jacorb.orb.Delegate.request(Unknown Source)
        at org.omg.CORBA.portable.ObjectImpl._request(ObjectImpl.java:433)
        at
ansi_t1_267.LSOG6._CustomerServiceInformationStub.submit(_CustomerServiceInf
ormationStub.java:28)
        at
com.Birch.Preorder.TestClient.ClientMain_JacORB_iaik.main(ClientMain_JacORB_
iaik.java:271)

Jim Stickley
Birch Telecom
jstickley@birch.com
office: (816) 300-6743
mobile: (816) 213-4878


--
Mailinglist-archive at
http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content:
UNSUBSCRIBE iaik-ssl


--
Mailinglist-archive at http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content: UNSUBSCRIBE iaik-ssl