db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bernt M. Johnsen (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DERBY-2796) Obscure error messages when using SSL in various combinations
Date Mon, 11 Jun 2007 09:13:26 GMT

    [ https://issues.apache.org/jira/browse/DERBY-2796?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12503338

Bernt M. Johnsen commented on DERBY-2796:

Thanks for your input.  

1) When you have a plaintext server/client communication with an ssl peer, the plaintext side
will just see garbage. That garbage, may be SSL-encoded communication or it might be something
else. It is hard to give meaningful error-messages and it would require a major rewrite of
the DRDA code, since this is detected way donw in the call stack. I think documentation is
the proper solution here for the time being.

2) The SSLException "javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?"
I think is ok, but it might be good to get rid of the stack trace. We have to propagate the
text out to the user, since that is the only clue the user might get of what went wrong. Is
this an doc issue too?

> Obscure error messages when using SSL in various combinations
> -------------------------------------------------------------
>                 Key: DERBY-2796
>                 URL: https://issues.apache.org/jira/browse/DERBY-2796
>             Project: Derby
>          Issue Type: Bug
>          Components: Security
>    Affects Versions:
>            Reporter: Rick Hillegas
>             Fix For:
>         Attachments: ssltest.html
> I ran clients with various ssl configurations on their urls and startup options against
servers with various ssl configurations. I will attach an html file recording my results.
I feel that many of the error conditions raised diagnostics which were too obscure to be helpful.
I think this will be burdensome to tech support.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message