[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: AW: AW: AW: [iaik-ssl]cu|| Intermittent SSL connections from an Applet



I'm working on getting the server-side output.
I'll also try the updated jce/ssl packages.

T.

On Wednesday, April 17, 2002, at 09:11 AM, Dieter Bratko wrote:

> Hello,
>
>> When installing iaik as first provider, I still got the stack overflow
>> errors;
> Ok, seems to be a general failure in JDK jar file verification 
> mechanism.
>
>> I am using jdk1.3.1_rc02 (and plugin) on w32, and iaik_jce_full.jar.  I
>> have everything repackaged into a single jar file, and signed by our
>> code signing certs.   It's not clear to me how to check the version of
>> my iaik JCE (the file is dated 9/25/2000.
> So it seems that you are using IAIK-JCE2.61 and iSaSiLk 3.02 or 3.03.
> You may try the most recent versions (IAIK-JCE3.0, unsigned) and
> iSaSiLk 3.04. However, since you wrote that it works when running
> as application only, the problem may not be due to IAIK-JCE/iSaSiLk;
> may be it is due to the VM/environment.
> Do you get some more information when observing the debug outputs
> of all handshakes performed until you get a successful handshake?
> Is it possible for you to run an iSaSiLk demo server and try to
> connect to it from your applet, so that we might get a server
> handshake debug output?
>
> Regards,
> Dieter
>
> -----Ursprungliche Nachricht-----
> Von: iaik-ssl-owner@iaik.at [mailto:iaik-ssl-owner@iaik.at]Im Auftrag
> von Timothy Wall
> Gesendet: Dienstag, 16. April 2002 15:26
> An: Dieter.Bratko@iaik.at
> Cc: iaik-ssl@iaik.at
> Betreff: Re: AW: AW: [iaik-ssl]cu|| Intermittent SSL connections from an
> Applet
>
>
> This is the result of SSLClientContext.toString:
> Enabled cipher suites:
>    SSL_RSA_WITH_3DES_EDE_CBC_SHA
>    SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
>    SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
>    SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA
>    SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA
>    SSL_RSA_WITH_RC4_128_SHA
>    SSL_RSA_WITH_IDEA_CBC_SHA
>    SSL_DHE_DSS_WITH_RC4_128_SHA
>    SSL_RSA_WITH_RC4_128_MD5
>    SSL_RSA_WITH_DES_CBC_SHA
>    SSL_DHE_DSS_WITH_DES_CBC_SHA
>    SSL_DHE_RSA_WITH_DES_CBC_SHA
>    SSL_DH_DSS_WITH_DES_CBC_SHA
>    SSL_DH_RSA_WITH_DES_CBC_SHA
>    SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA
>    SSL_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA
>    SSL_RSA_EXPORT1024_WITH_RC4_56_SHA
>    SSL_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA
>    SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
>    SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
>    SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
>    SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA
>    SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA
>    SSL_RSA_EXPORT_WITH_RC4_40_MD5
>    SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5
> Enabled compression methods:
>    NULL
>
> Available certificates:
> RSA credentials:
>    1024 bit key, 1 certificates.
>
> I am using jdk1.3.1_rc02 (and plugin) on w32, and iaik_jce_full.jar.  I
> have everything repackaged into a single jar file, and signed by our
> code signing certs.   It's not clear to me how to check the version of
> my iaik JCE (the file is dated 9/25/2000.  We last licensed the code for
> distribution sometime last year.  I grant the browser permission to
> trust the signed jar (single session grant only).
>
> I don't have the server output, unfortunately, since the MICO + SSL code
> is poorly instrumented right now.  The failures aren't server-specific.
> The behavior I'm seeing now is that the client will experience some
> number of failures (sometimes large, sometimes small) before being able
> to successfully connect.
>
> When installing iaik as first provider, I still got the stack overflow
> errors; I changed some of the startup sequence and avoided the stack
> overflow, but ended up getting untraceable failures somewhere in the 
> JDK.
>
> T.
>
> On Tuesday, April 16, 2002, at 06:16 AM, Dieter Bratko wrote:
>
>> Hello,
>>
>> the attachment still shows the client SSL handshake debug output,
>> but not the SSLClientContext information. Do you have a server
>> handshake output, too. Or does the problem only occur when connecting 
>> to
>> one specific server?
>>
>>> I installed the stack overflow workaround (putting the IAIK provider
>>> second).
>> So I assume that you are using the signed version of IAIK-JCE 3.0.
>> Since you are using JDK1.3 did you try to install IAIK as first
>> provider? What JCE framework are you using?
>>
>>> I'm trying to get a signed applet to communicate with my server
>> Did you yourself sign the IAIK-JCE jar, too; or do you let the
>> browser trust the original signature?
>>
>> Regards,
>> Dieter
>>
>>
>>
>>
>>
>> -----Ursprungliche Nachricht-----
>> Von: Timothy Wall [mailto:twall@domesolutions.com]
>> Gesendet: Montag, 15. April 2002 20:00
>> An: Dieter Bratko
>> Cc: iaik-ssl@iaik.at
>> Betreff: Re: AW: [iaik-ssl]cu|| Intermittent SSL connections from an
>> Applet
>>
>>
>> Attached is the SSLClientContext information
>>
>>
>
> --
> Mailinglist-archive at
> http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html
>
> To unsubscribe send an email to listserv@iaik.at with the folowing 
> content:
> UNSUBSCRIBE iaik-ssl
>
>

--
Mailinglist-archive at http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content: UNSUBSCRIBE iaik-ssl