Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.java.programmer > #4147

Re: SSL client program

From Lothar Kimmeringer <news200709@kimmeringer.de>
Newsgroups comp.lang.java.programmer
Subject Re: SSL client program
Date 2011-05-16 08:46 +0200
Organization Organization?! Only chaos here!
Message-ID <l9barsyg4bpz$.dlg@kimmeringer.de> (permalink)
References <3af63731-b09e-44ff-bf37-1ffebdf80f60@o7g2000vbn.googlegroups.com> <o36z94keqaxr.dlg@kimmeringer.de> <3f2ddc05-19e1-4458-8fae-370cbf818a1f@l30g2000vbn.googlegroups.com>

Show all headers | View raw

Stone wrote:

> On May 15, 1:52 pm, Lothar Kimmeringer <news200...@kimmeringer.de>
> wrote:
>> Stone wrote:
[...]
>>
>> I filed a bugreport about two years ago showing that the JSSE is
>> creating TLSv1-messages in some circumstances but since this falled
>> within the Oracle-takeover of SUN it seems that it has been ignored.

> Is it possible to send me that bugreport?

In short: If a session is reused, TLSv1 will be used for client
hello instead of SSLv3. Most servers can cope with that since
TLSv1 is constructed the same way SSLv3 is but some servers are
too strict and expect a specific header-size.

> Does it mean that when I will change SSLv3 to TLSv1 as on the Java
> side as on the C++ daemon then all will work w/o problems?

Depends on two things: The client really sends TLSv1 and the
server has no other problem and only returns a wrong error-message.

> Is it possible to make some workaround so that all will work fine?

Disable session-reusage (which is not possible with the API
of the JSSE...)

> What in the case that will change JRE from SUN to IBM?

I don't know, I haven't tested IBM JVM at that point of time but
if the JSSE-provider is the same (which I doubt) you should have
the same effect.

> If the provider is SunJSSE as a default one is it possible to exchange
> them?

I'm not sure and you shouldn't start introducing dependencies into
your Java-program (which is supposed to work without system-de-
pendencies).

> I have made some test so that instead of port 5000 I used to port 443
> for detection whether problem is on the applet side (from the
> programmer point of view) and all was working OK.

Hm, that shouldn't be the case but who knows.

> How can I detect whether problem is in the programming language or in
> the bugreport?

As I said: Use Wireshark to see the actual communication between
client and server and check if TLSv1 is used instead of SSLv3.


Regards, Lothar
-- 
Lothar Kimmeringer                E-Mail: spamfang@kimmeringer.de
               PGP-encrypted mails preferred (Key-ID: 0x8BC3CD81)

Always remember: The answer is forty-two, there can only be wrong
                 questions!

Back to comp.lang.java.programmer | Previous | NextPrevious in thread | Find similar

Thread

SSL client program Stone <phracek2@gmail.com> - 2011-05-13 01:09 -0700
  Re: SSL client program Daniele Futtorovic <da.futt.news@laposte-dot-net.invalid> - 2011-05-13 18:39 +0200
    Re: SSL client program Daniele Futtorovic <da.futt.news@laposte-dot-net.invalid> - 2011-05-13 18:57 +0200
      Re: SSL client program Stone <phracek2@gmail.com> - 2011-05-14 01:54 -0700
        Re: SSL client program Daniele Futtorovic <da.futt.news@laposte-dot-net.invalid> - 2011-05-14 17:34 +0200
          Re: SSL client program Stone <phracek2@gmail.com> - 2011-05-14 09:45 -0700
          Re: SSL client program Stone <phracek2@gmail.com> - 2011-05-14 09:48 -0700
            Re: SSL client program Daniele Futtorovic <da.futt.news@laposte-dot-net.invalid> - 2011-05-14 21:23 +0200
              Re: SSL client program Stone <phracek2@gmail.com> - 2011-05-14 12:34 -0700
          Re: SSL client program Stone <phracek2@gmail.com> - 2011-05-14 11:35 -0700
        Re: SSL client program Esmond Pitt <esmond.pitt@bigpond.com> - 2011-05-16 16:54 +1000
          Re: SSL client program Stone <phracek2@gmail.com> - 2011-05-16 03:08 -0700
            Re: SSL client program Stone <phracek2@gmail.com> - 2011-05-16 05:22 -0700
              Re: SSL client program Esmond Pitt <esmond.pitt@bigpond.com> - 2011-05-17 09:33 +1000
                Re: SSL client program Stone <phracek2@gmail.com> - 2011-05-19 01:46 -0700
                Re: SSL client program Esmond Pitt <esmond.pitt@bigpond.com> - 2011-05-20 14:15 +1000
                Re: SSL client program Stone <phracek2@gmail.com> - 2011-05-20 01:56 -0700
                Re: SSL client program Stone <phracek2@gmail.com> - 2011-05-20 02:00 -0700
    Re: SSL client program Stone <phracek2@gmail.com> - 2011-05-14 01:49 -0700
  Re: SSL client program Lothar Kimmeringer <news200709@kimmeringer.de> - 2011-05-15 13:52 +0200
    Re: SSL client program Stone <phracek2@gmail.com> - 2011-05-15 11:05 -0700
      Re: SSL client program Lothar Kimmeringer <news200709@kimmeringer.de> - 2011-05-16 08:46 +0200

csiph-web