[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
AW: AW: AW: [iaik-ssl]cu|| Intermittent SSL connections from an Applet
> When installing iaik as first provider, I still got the stack overflow
Ok, seems to be a general failure in JDK jar file verification mechanism.
> I am using jdk1.3.1_rc02 (and plugin) on w32, and iaik_jce_full.jar. I
> have everything repackaged into a single jar file, and signed by our
> code signing certs. It's not clear to me how to check the version of
> my iaik JCE (the file is dated 9/25/2000.
So it seems that you are using IAIK-JCE2.61 and iSaSiLk 3.02 or 3.03.
You may try the most recent versions (IAIK-JCE3.0, unsigned) and
iSaSiLk 3.04. However, since you wrote that it works when running
as application only, the problem may not be due to IAIK-JCE/iSaSiLk;
may be it is due to the VM/environment.
Do you get some more information when observing the debug outputs
of all handshakes performed until you get a successful handshake?
Is it possible for you to run an iSaSiLk demo server and try to
connect to it from your applet, so that we might get a server
handshake debug output?
Von: firstname.lastname@example.org [mailto:email@example.com]Im Auftrag
von Timothy Wall
Gesendet: Dienstag, 16. April 2002 15:26
Betreff: Re: AW: AW: [iaik-ssl]cu|| Intermittent SSL connections from an
This is the result of SSLClientContext.toString:
Enabled cipher suites:
Enabled compression methods:
1024 bit key, 1 certificates.
I am using jdk1.3.1_rc02 (and plugin) on w32, and iaik_jce_full.jar. I
have everything repackaged into a single jar file, and signed by our
code signing certs. It's not clear to me how to check the version of
my iaik JCE (the file is dated 9/25/2000. We last licensed the code for
distribution sometime last year. I grant the browser permission to
trust the signed jar (single session grant only).
I don't have the server output, unfortunately, since the MICO + SSL code
is poorly instrumented right now. The failures aren't server-specific.
The behavior I'm seeing now is that the client will experience some
number of failures (sometimes large, sometimes small) before being able
to successfully connect.
When installing iaik as first provider, I still got the stack overflow
errors; I changed some of the startup sequence and avoided the stack
overflow, but ended up getting untraceable failures somewhere in the JDK.
On Tuesday, April 16, 2002, at 06:16 AM, Dieter Bratko wrote:
> the attachment still shows the client SSL handshake debug output,
> but not the SSLClientContext information. Do you have a server
> handshake output, too. Or does the problem only occur when connecting to
> one specific server?
>> I installed the stack overflow workaround (putting the IAIK provider
> So I assume that you are using the signed version of IAIK-JCE 3.0.
> Since you are using JDK1.3 did you try to install IAIK as first
> provider? What JCE framework are you using?
>> I'm trying to get a signed applet to communicate with my server
> Did you yourself sign the IAIK-JCE jar, too; or do you let the
> browser trust the original signature?
> -----Ursprungliche Nachricht-----
> Von: Timothy Wall [mailto:firstname.lastname@example.org]
> Gesendet: Montag, 15. April 2002 20:00
> An: Dieter Bratko
> Cc: email@example.com
> Betreff: Re: AW: [iaik-ssl]cu|| Intermittent SSL connections from an
> Attached is the SSLClientContext information
To unsubscribe send an email to firstname.lastname@example.org with the folowing content:
Mailinglist-archive at http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html
To unsubscribe send an email to email@example.com with the folowing content: UNSUBSCRIBE iaik-ssl