[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AW: AW: AW: [iaik-ssl]cu|| Intermittent SSL connections from an Applet



Hello,

> When installing iaik as first provider, I still got the stack overflow
> errors;
Ok, seems to be a general failure in JDK jar file verification mechanism.

> I am using jdk1.3.1_rc02 (and plugin) on w32, and iaik_jce_full.jar.  I
> have everything repackaged into a single jar file, and signed by our
> code signing certs.   It's not clear to me how to check the version of
> my iaik JCE (the file is dated 9/25/2000.
So it seems that you are using IAIK-JCE2.61 and iSaSiLk 3.02 or 3.03.
You may try the most recent versions (IAIK-JCE3.0, unsigned) and
iSaSiLk 3.04. However, since you wrote that it works when running
as application only, the problem may not be due to IAIK-JCE/iSaSiLk;
may be it is due to the VM/environment.
Do you get some more information when observing the debug outputs
of all handshakes performed until you get a successful handshake?
Is it possible for you to run an iSaSiLk demo server and try to
connect to it from your applet, so that we might get a server
handshake debug output?

Regards,
Dieter

-----Ursprungliche Nachricht-----
Von: iaik-ssl-owner@iaik.at [mailto:iaik-ssl-owner@iaik.at]Im Auftrag
von Timothy Wall
Gesendet: Dienstag, 16. April 2002 15:26
An: Dieter.Bratko@iaik.at
Cc: iaik-ssl@iaik.at
Betreff: Re: AW: AW: [iaik-ssl]cu|| Intermittent SSL connections from an
Applet


This is the result of SSLClientContext.toString:
Enabled cipher suites:
   SSL_RSA_WITH_3DES_EDE_CBC_SHA
   SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
   SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
   SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA
   SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA
   SSL_RSA_WITH_RC4_128_SHA
   SSL_RSA_WITH_IDEA_CBC_SHA
   SSL_DHE_DSS_WITH_RC4_128_SHA
   SSL_RSA_WITH_RC4_128_MD5
   SSL_RSA_WITH_DES_CBC_SHA
   SSL_DHE_DSS_WITH_DES_CBC_SHA
   SSL_DHE_RSA_WITH_DES_CBC_SHA
   SSL_DH_DSS_WITH_DES_CBC_SHA
   SSL_DH_RSA_WITH_DES_CBC_SHA
   SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA
   SSL_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA
   SSL_RSA_EXPORT1024_WITH_RC4_56_SHA
   SSL_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA
   SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
   SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
   SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
   SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA
   SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA
   SSL_RSA_EXPORT_WITH_RC4_40_MD5
   SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5
Enabled compression methods:
   NULL

Available certificates:
RSA credentials:
   1024 bit key, 1 certificates.

I am using jdk1.3.1_rc02 (and plugin) on w32, and iaik_jce_full.jar.  I
have everything repackaged into a single jar file, and signed by our
code signing certs.   It's not clear to me how to check the version of
my iaik JCE (the file is dated 9/25/2000.  We last licensed the code for
distribution sometime last year.  I grant the browser permission to
trust the signed jar (single session grant only).

I don't have the server output, unfortunately, since the MICO + SSL code
is poorly instrumented right now.  The failures aren't server-specific.
The behavior I'm seeing now is that the client will experience some
number of failures (sometimes large, sometimes small) before being able
to successfully connect.

When installing iaik as first provider, I still got the stack overflow
errors; I changed some of the startup sequence and avoided the stack
overflow, but ended up getting untraceable failures somewhere in the JDK.

T.

On Tuesday, April 16, 2002, at 06:16 AM, Dieter Bratko wrote:

> Hello,
>
> the attachment still shows the client SSL handshake debug output,
> but not the SSLClientContext information. Do you have a server
> handshake output, too. Or does the problem only occur when connecting to
> one specific server?
>
>> I installed the stack overflow workaround (putting the IAIK provider
>> second).
> So I assume that you are using the signed version of IAIK-JCE 3.0.
> Since you are using JDK1.3 did you try to install IAIK as first
> provider? What JCE framework are you using?
>
>> I'm trying to get a signed applet to communicate with my server
> Did you yourself sign the IAIK-JCE jar, too; or do you let the
> browser trust the original signature?
>
> Regards,
> Dieter
>
>
>
>
>
> -----Ursprungliche Nachricht-----
> Von: Timothy Wall [mailto:twall@domesolutions.com]
> Gesendet: Montag, 15. April 2002 20:00
> An: Dieter Bratko
> Cc: iaik-ssl@iaik.at
> Betreff: Re: AW: [iaik-ssl]cu|| Intermittent SSL connections from an
> Applet
>
>
> Attached is the SSLClientContext information
>
>

--
Mailinglist-archive at
http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content:
UNSUBSCRIBE iaik-ssl


--
Mailinglist-archive at http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content: UNSUBSCRIBE iaik-ssl