Return-Path: X-Original-To: apmail-hc-httpclient-users-archive@www.apache.org Delivered-To: apmail-hc-httpclient-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 4849E9FE6 for ; Thu, 4 Oct 2012 14:25:01 +0000 (UTC) Received: (qmail 33952 invoked by uid 500); 4 Oct 2012 14:25:00 -0000 Delivered-To: apmail-hc-httpclient-users-archive@hc.apache.org Received: (qmail 33881 invoked by uid 500); 4 Oct 2012 14:25:00 -0000 Mailing-List: contact httpclient-users-help@hc.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "HttpClient User Discussion" Delivered-To: mailing list httpclient-users@hc.apache.org Received: (qmail 33873 invoked by uid 99); 4 Oct 2012 14:25:00 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 04 Oct 2012 14:25:00 +0000 X-ASF-Spam-Status: No, hits=2.2 required=5.0 tests=HTML_MESSAGE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: local policy) Received: from [66.109.41.228] (HELO mx1-sch.ltionline.com) (66.109.41.228) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 04 Oct 2012 14:24:56 +0000 X-ASG-Debug-ID: 1349360673-23ed00340000-tPwLzd X-Barracuda-URL: http://10.1.1.20:8000/cgi-bin/mark.cgi Received: from ltischcsx01.lti.int (localhost [127.0.0.1]) by mx1-sch.ltionline.com (Spam Firewall) with ESMTP id C0E672CDB0C; Thu, 4 Oct 2012 10:24:33 -0400 (EDT) Received: from ltischcsx01.lti.int ([192.168.161.13]) by mx1-sch.ltionline.com with ESMTP id 4a5gVM7fQ97vb8gI; Thu, 04 Oct 2012 10:24:33 -0400 (EDT) X-Barracuda-Envelope-From: rwelty@ltionline.com X-ASG-Whitelist: Client Received: from ltischcorpx01.lti.int ([fe80::45a5:bd67:cfd3:8b45]) by ltischcsx01.lti.int ([fe80::f1fc:63ee:4cde:2d18%12]) with mapi id 14.01.0355.002; Thu, 4 Oct 2012 10:24:07 -0400 From: "Welty, Richard" To: Susanta Mohapatra CC: HttpClient User Discussion X-ASG-Orig-Subj: RE: how to work around javax.net.ssl.SSLKeyException: RSA premaster Subject: RE: how to work around javax.net.ssl.SSLKeyException: RSA premaster Thread-Topic: how to work around javax.net.ssl.SSLKeyException: RSA premaster Thread-Index: AQHNnc9YWoY0f0kEjE6xnJPQjKyZcZekdigwgAT6/JCAAAxLgP//vdig Date: Thu, 4 Oct 2012 14:24:06 +0000 Message-ID: <1579549587CEA24C85CE49CE261FA5E10FD61716@ltischcorpx01.lti.int> References: <1579549587CEA24C85CE49CE261FA5E10FD5E5CD@ltischcorpx01.lti.int> <1579549587CEA24C85CE49CE261FA5E10FD616B5@ltischcorpx01.lti.int> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [192.168.100.119] Content-Type: multipart/alternative; boundary="_000_1579549587CEA24C85CE49CE261FA5E10FD61716ltischcorpx01lt_" MIME-Version: 1.0 X-Barracuda-Connect: UNKNOWN[192.168.161.13] X-Barracuda-Start-Time: 1349360673 X-Barracuda-Virus-Scanned: by Barracuda Spam & Virus Firewall at ltionline.com X-Virus-Checked: Checked by ClamAV on apache.org --_000_1579549587CEA24C85CE49CE261FA5E10FD61716ltischcorpx01lt_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable The jdk is sun/oracle 6u35 (the most recent 1.6) The server I'm trying to talk to is a demo server for the service now produ= ct, the url is https://demo04.service-now.com/cmdb_ci_list.do?XML&sysparm_query=3Dname=3D with username/password of admin/admin I can access it fine with curl on the linux box, specifying the username/pa= ssword on the command line (the service now server won't do interactive pro= mpting for username/password.) The authentication scheme at servicenow is basic I'll try the wirelog output momentarily. Thanks, richard From: Susanta Mohapatra [mailto:mohapatra.susanta@gmail.com] Sent: Thursday, October 04, 2012 10:18 AM To: Welty, Richard Cc: HttpClient User Discussion Subject: Re: how to work around javax.net.ssl.SSLKeyException: RSA premaste= r This is strange... can you provide more info? - what is the jdk version ? - which server are you trying to connect? apache httpd or any thing else? - are you using any authentication scheme with ssl ? like basic/digest/ntlm= etc try to start jvm with following flag: -Djavax.net.debug=3Dall This will generate wire log output in console. Send the wire log result. -Susanta On Thu, Oct 4, 2012 at 7:03 PM, Welty, Richard > wrote: Welty, Richard [mailto:rwelty@ltionline.com] = wrote: >Susanta Mohapatra [mailto:mohapatra.susanta@gmail.com] writes: >> You need to add the unlimited strength JCE files. Google it, you can fin= d the download link easily. >I saw discussion of that in the context of Oracle/Sun environments, and IB= M environments. It wasn't clear it applied to >openjdk, but I'll try it and= see. I have ended up switching from openjdk to an oracle/sun jdk, 6u35, and have= installed the unlimited JCE policy files as specified. I am still getting = the error: javax.net.ssl.SSLKeyException: RSA premaster secret error at com.sun.net.ssl.internal.ssl.RSAClientKeyExchange.(RSAClie= ntKe\ yExchange.java:97)[:1.6] at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverHelloDone(Cl= ient\ Handshaker.java:744)[:1.6] at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Cli= entH\ andshaker.java:238)[:1.6] any suggestions on how to diagnose this? Richard --_000_1579549587CEA24C85CE49CE261FA5E10FD61716ltischcorpx01lt_--