axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Gylling Jørgensen <...@frv.dk>
Subject SV: SSL Handshake failure
Date Wed, 21 Mar 2007 15:07:32 GMT
Dear users,

I have discovered, that my error is due to the fact that my client application isn't sending
the correct certificate back, infact it's not sending any certificate.

I can list the correct client certificate in my keystore before the SSL handskake starts.


What can be the cause to the error? A self signed certificate?

\pgj 

> -----Oprindelig meddelelse-----
> Fra: Erwin Reinhoud [mailto:Erwin.Reinhoud@gbo.overheid.nl] 
> Sendt: 20. marts 2007 16:05
> Til: axis-user@ws.apache.org
> Emne: RE: SSL Handshake failure
> 
> To test weather my certificates are trusted on both sides i 
> import the client cert in the browser and call the uri. This 
> way you know it is not the app, but related to cert (chain) 
> not being trusted.
> 
> Greetings,
> 
> erwin
> 
> -----Oorspronkelijk bericht-----
> Van: Peter Gylling Jørgensen [mailto:Peg@frv.dk]
> Verzonden: dinsdag 20 maart 2007 14:31
> Aan: axis-user@ws.apache.org
> Onderwerp: SSL Handshake failure
> 
> 
> Dear users,
> 
> Please enligthen me upon the error shown below. 
> 
> I have a axis2 v. 1.1.1 java client which must talk to a 
> HTTPS soap service, which I have no access to, so I need your 
> help to understand the cause of the error.
> 
> According to this site, the first 3 steps is accepted.
>  - 
> http://www.owasp.org/index.php/Using_the_Java_Secure_Socket_Ex
> tensions#SSL_Handshake_Protocol
> 
> I have no clue for what is causing this situation.
> 
> CLIENT LOG:
> *** ClientHello, TLSv1
> ***
> *** ServerHello, TLSv1
> ***
> %% Created:  [Session-1, SSL_RSA_WITH_RC4_128_MD5]
> ** SSL_RSA_WITH_RC4_128_MD5
> ***
> Found trusted certificate:
> *** CertificateRequest
> Cert Types: RSA, DSS, 
> Cert Authorities:
> <CN=Root CA, O=Gatehouse, L=Aalborg, ST=Denmark, C=DK>
> [read] MD5 and SHA1 hashes:  len = 100
> 0000: 0D 00 00 60 02 01 02 00   5B 00 59 30 57 31 0B 30  
> ...`....[.Y0W1.0
> 0010: 09 06 03 55 04 06 13 02   44 4B 31 10 30 0E 06 03  
> ...U....DK1.0...
> 0020: 55 04 08 13 07 44 65 6E   6D 61 72 6B 31 10 30 0E  
> U....Denmark1.0.
> 0030: 06 03 55 04 07 13 07 41   61 6C 62 6F 72 67 31 12  
> ..U....Aalborg1.
> 0040: 30 10 06 03 55 04 0A 13   09 47 61 74 65 68 6F 75  
> 0...U....Gatehou
> 0050: 73 65 31 10 30 0E 06 03   55 04 03 13 07 52 6F 6F  
> se1.0...U....Roo
> 0060: 74 20 43 41                                        t CA
> *** ServerHelloDone
> [read] MD5 and SHA1 hashes:  len = 4
> 0000: 0E 00 00 00                                        ....
> *** Certificate chain
> ***
> *** ClientKeyExchange, RSA PreMasterSecret, TLSv1
> Random Secret:  { 3, 1, 212, 44, 183, 122, 241, 233, 175, 80, 
> 37, 92, 0, 43, 126, 93, 21, 145, 112, 41, 29, 102, 127, 195, 
> 208, 133, 61, 104, 106, 6, 38, 4, 70, 112, 225, 27, 195, 200, 
> 215, 61, 235, 73, 71, 27, 99, 148, 90, 100 }
> [write] MD5 and SHA1 hashes:  len = 269
> 0000: 0B 00 00 03 00 00 00 10   00 01 02 01 00 55 28 7D  
> .............U(.
> 0010: CB 2E 1A 6B 73 DC 92 68   EE E3 1C A4 2D 79 8D 16  
> ...ks..h....-y..
> 0020: F4 C8 E7 65 7E D3 59 DF   49 54 C0 DD FC AA B9 7A  
> ...e..Y.IT.....z
> 0030: 4D A4 5D E6 DE 87 B6 F1   67 5C ED 2F 87 8C F3 8E  
> M.].....g\./....
> 0040: 9C 5C 04 32 5F F0 E6 DD   6D 40 1A CD 73 80 D9 97  
> .\.2_...m@..s...
> 0050: 39 13 3F 36 D0 FA A7 C7   3F 5C 41 16 BF 94 5B DF  
> 9.?6....?\A...[.
> 0060: A6 67 53 CE 72 09 C1 E2   89 84 CF 0F 0B 17 E7 9B  
> .gS.r...........
> 0070: B0 66 EF 24 2F 08 E5 65   7B 13 A0 A7 2D 92 12 1D  
> .f.$/..e....-...
> 0080: A7 1B E2 C2 4E B7 A6 7A   63 D6 1E 9B D5 25 4D 3F  
> ....N..zc....%M?
> 0090: 58 01 53 FE B5 85 D5 74   DC 17 87 CC 02 76 7D 0E  
> X.S....t.....v..
> 00A0: DE 8B 60 E5 30 B2 93 AF   D8 D4 27 3F 34 CA 99 76  
> ..`.0.....'?4..v
> 00B0: 1E 25 2B 8D 20 73 87 E4   C5 A9 65 0A 87 43 C3 B7  .%+. 
> s....e..C..
> 00C0: 3B 88 80 DD 27 12 57 88   74 C4 83 B5 1B 1E F6 6F  
> ;...'.W.t......o
> 00D0: D9 BE CA 70 50 52 7D 25   C2 5A 66 07 1F 14 F7 8B  
> ...pPR.%.Zf.....
> 00E0: 4A 2D B6 40 56 DC AD 30   19 EC E9 F6 42 62 52 26  
> J-.@V..0....BbR&
> 00F0: DA 5D 8C D8 F7 BB E2 9D   94 66 AC 6B 1B D0 D8 4A  
> .].......f.k...J
> 0100: 83 BA 0F B7 D2 D4 13 78   12 D2 4D CA DE           .......x..M..
> main, WRITE: TLSv1 Handshake, length = 269
> SESSION KEYGEN:
> PreMaster Secret:
> 0000: 03 01 D4 2C B7 7A F1 E9   AF 50 25 5C 00 2B 7E 5D  
> ...,.z...P%\.+.]
> 0010: 15 91 70 29 1D 66 7F C3   D0 85 3D 68 6A 06 26 04  
> ..p).f....=hj.&.
> 0020: 46 70 E1 1B C3 C8 D7 3D   EB 49 47 1B 63 94 5A 64  
> Fp.....=.IG.c.Zd
> CONNECTION KEYGEN:
> Client Nonce:
> 0000: 45 FF DB 0A 27 BC 27 6B   07 6C 6B D7 EE 8B 1A 50  
> E...'.'k.lk....P
> 0010: 10 F9 AA B9 9A DD 73 79   E7 02 22 16 34 C7 B5 D6  
> ......sy..".4...
> Server Nonce:
> 0000: 45 FF DB 0A 5F E7 57 9C   50 BF B1 11 42 D7 F5 B9  
> E..._.W.P...B...
> 0010: 9F F0 E9 3C B2 3E AB 97   83 A5 D7 E3 6A DD 4B F3  
> ...<.>......j.K.
> Master Secret:
> 0000: 14 9B 1D 9E AD 37 92 FD   24 CD E2 8E 76 18 01 05  
> .....7..$...v...
> 0010: F7 A8 65 5F FC 84 AF 40   AA 1E 7D 62 CD 9D 53 33  
> ..e_...@...b..S3
> 0020: 72 F7 D2 E6 1D 84 A5 BD   ED C4 17 6E 7A AD B0 C2  
> r..........nz...
> Client MAC write Secret:
> 0000: D4 9A 7D AF AC 7D 5E 1E   FE 94 3D 9F 56 BC 7C AA  
> ......^...=.V...
> Server MAC write Secret:
> 0000: 52 24 6A 22 93 C3 FA 8D   24 42 97 87 BD 76 FD 4A  
> R$j"....$B...v.J
> Client write key:
> 0000: E1 05 86 3C D5 B6 3E B1   16 5E B6 14 F1 19 EE 5A  
> ...<..>..^.....Z
> Server write key:
> 0000: 84 BB 0F 1D BD 4A F2 D7   3D BF 24 AF 5B 82 5D D0  
> .....J..=.$.[.].
> ... no IV for cipher
> main, WRITE: TLSv1 Change Cipher Spec, length = 1
> *** Finished
> verify_data:  { 218, 47, 227, 191, 234, 255, 74, 74, 91, 233, 
> 177, 110 }
> ***
> [write] MD5 and SHA1 hashes:  len = 16
> 0000: 14 00 00 0C DA 2F E3 BF   EA FF 4A 4A 5B E9 B1 6E  
> ...../....JJ[..n
> main, WRITE: TLSv1 Handshake, length = 32
> main, READ: TLSv1 Alert, length = 2
> main, RECV TLSv1 ALERT:  fatal, handshake_failure
> main, called closeSocket()
> main, handling exception: 
> javax.net.ssl.SSLHandshakeException: Received fatal alert: 
> handshake_failure
> main, called close()
> main, called closeInternal(true)
> main, called close()
> main, called closeInternal(true)
> main, called close()
> main, called closeInternal(true)
> [ERROR] 20 mar 2007 14:00:58,618 
> se.smhi.seatrack.ais.DbserverStubTest.testConnection
> 	IOException: Received fatal alert: handshake_failure
> [DEBUG] 20 mar 2007 14:00:58,618 
> se.smhi.seatrack.ais.DbserverStubTest.testConnection
> 	StackTrace: 
> javax.net.ssl.SSLHandshakeException: Received fatal alert: 
> handshake_failure
> 	at 
> com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
> 
> \pgj
> --
> Peter Gylling Jørgensen
> Modelling group, section of Oceanography
> Royal Danish Administration of Navigation and Hydrography 
> Overgaden o. Vandet 62B DK-1023 København K 
> Phone: +45 32 68 96 85
> Email: peg@frv.dk
> www: http://www.frv.dk/ 
>  
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-user-help@ws.apache.org
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-user-help@ws.apache.org
> 
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org


Mime
View raw message