[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AW: [iaik-ssl]cu|| SSL illegal parameter

To: "Stickley, Jim" <JStickley@birch.com>,<iaik-ssl@iaik.at>,<jacorb-developer@lists.spline.inf.fu-berlin.de>
Subject: AW: [iaik-ssl]cu|| SSL illegal parameter
From: "Dieter Bratko" <Dieter.Bratko@iaik.at>
Date: Thu, 21 Mar 2002 13:12:00 +0100
Importance: Normal
In-reply-to: <61611E5D89EED511955000D0B7B9EDE9FA3FCC@kcdcex07.birch.com>
Sender: iaik-ssl-owner@iaik.at

Hello,

according to the TLS specification an illegal_parameter alert indicates
a a field in the handshake was out of range or inconsistent with
other fields. Does this only occur when connecting to one specific
server?

Regards,
Dieter Bratko

-----Ursprüngliche Nachricht-----
Von: iaik-ssl-owner@iaik.at [mailto:iaik-ssl-owner@iaik.at]Im Auftrag
von Stickley, Jim
Gesendet: Dienstag, 19. März 2002 21:31
An: 'iaik-ssl@iaik.at'; jacorb-developer@lists.spline.inf.fu-berlin.de
Betreff: [iaik-ssl]cu|| SSL illegal parameter


Can anyone help me understand what an "illegal parameter" means?

	- I am using jdk 1.3.1 with Sun's JCE removed from the class path.
	- I am also Using JacORB 1.3.30 with IAIK SSL.
	- My IAIK KeyStore is setup with one key and a certificate chain
signed by verisign.
	  The cert chain contains my certificate first and then verisigns
certificate (CA cert) second.
	- I wrote a test program that load the KeyStore and pulls the public
and private keys out and performs
	  a quick encryption/decryption to ensure that the keys are correct
(and they work).

SSL debug logs from my JacORB based app are below:

Thanks.

[ starting authentication ]
[ added Provider IAIK ]
[ authentication succeeded ]
[ AuthenticationStatus.SecAuthSuccess ]
Configuring SSL socket to log its debug info to System.out
Initializing ClientConnection!
ssl_debug(1): Starting handshake (iSaSiLk 3.03)...
ssl_debug(1): Sending v3 client_hello message, requesting version 3.1...
ssl_debug(1): Received v3 server_hello handshake message.
ssl_debug(1): Server selected SSL version 3.0.
ssl_debug(1): Server created new session 00:00:00:02:00:00:00:13...
ssl_debug(1): CipherSuite selected by server: SSL_RSA_WITH_3DES_EDE_CBC_SHA
ssl_debug(1): CompressionMethod selected by server: NULL
ssl_debug(1): Received certificate handshake message with server
certificate.
ssl_debug(1): Server sent a 1024 bit RSA certificate, chain has 2 elements.
ssl_debug(1): ChainVerifier: Found a trusted certificate, returning true
ssl_debug(1): Received certificate_request handshake message.
ssl_debug(1): Accepted certificate types: RSA, DSA
ssl_debug(1): Accepted certificate authorities:
ssl_debug(1):   OU=Secure Server Certification Authority,O=RSA Data
Security, Inc.,C=US
ssl_debug(1): Received server_hello_done handshake message.
ssl_debug(1): Sending certificate handshake message with RSA client
certificate...
ssl_debug(1): Sending client_key_exchange handshake message (1024 bit)...
ssl_debug(1): Sending certificate_verify handshake message...
ssl_debug(1): Sending change_cipher_spec message...
ssl_debug(1): Sending finished message...
ssl_debug(1): Received alert message: Alert Fatal: illegal parameter
ssl_debug(1): SSLException while handshaking: Peer sent alert: Alert Fatal:
illegal parameter
ssl_debug(1): Shutting down SSL layer...
Exception initializing ClientConnection!
iaik.security.ssl.SSLException: Peer sent alert: Alert Fatal: illegal
parameter
        at iaik.security.ssl.r.f(Unknown Source)
        at iaik.security.ssl.x.b(Unknown Source)
        at iaik.security.ssl.x.a(Unknown Source)
        at iaik.security.ssl.r.d(Unknown Source)
        at iaik.security.ssl.SSLTransport.startHandshake(Unknown Source)
        at iaik.security.ssl.SSLTransport.getInputStream(Unknown Source)
        at iaik.security.ssl.SSLSocket.getInputStream(Unknown Source)
        at org.jacorb.orb.connection.ClientConnection.<init>(Unknown Source)
        at
org.jacorb.orb.connection.ConnectionManager._getConnection(Unknown Source)
        at
org.jacorb.orb.connection.ConnectionManager._getConnection(Unknown Source)
        at org.jacorb.orb.connection.ConnectionManager.getConnection(Unknown
Source)
        at org.jacorb.orb.Delegate.bind(Unknown Source)
        at org.jacorb.orb.Delegate.request(Unknown Source)
        at org.omg.CORBA.portable.ObjectImpl._request(ObjectImpl.java:433)
        at
ansi_t1_267.LSOG6._CustomerServiceInformationStub.submit(_CustomerServiceInf
ormationStub.java:28)
        at
com.Birch.Preorder.TestClient.ClientMain_JacORB_iaik.main(ClientMain_JacORB_
iaik.java:271)

Jim Stickley
Birch Telecom
jstickley@birch.com
office: (816) 300-6743
mobile: (816) 213-4878


--
Mailinglist-archive at
http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content:
UNSUBSCRIBE iaik-ssl


--
Mailinglist-archive at http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content: UNSUBSCRIBE iaik-ssl

References:
- [iaik-ssl]cu|| SSL illegal parameter
  - From: "Stickley, Jim" <JStickley@birch.com>

Prev by Date: [iaik-ssl]cu|| JacORB and IAIK qualification.
Next by Date: [iaik-ssl]cu|| Security permissions changed by IAIK-SSL?
Previous by thread: [iaik-ssl]cu|| SSL illegal parameter
Next by thread: [iaik-ssl]cu|| JacORB and IAIK qualification.
Index(es):
- Date
- Thread