Path: csiph.com!x330-a1.tempe.blueboxinc.net!usenet.pasdenom.info!aioe.org!feeder.news-service.com!kanaga.switch.ch!news-zh.switch.ch!switch.ch!news.belwue.de!rz.uni-karlsruhe.de!feed.news.schlund.de!schlund.de!news.online.de!not-for-mail From: Lothar Kimmeringer Newsgroups: comp.lang.java.programmer Subject: Re: SSL client program Date: Mon, 16 May 2011 08:46:19 +0200 Organization: Organization?! Only chaos here! Lines: 62 Message-ID: References: <3af63731-b09e-44ff-bf37-1ffebdf80f60@o7g2000vbn.googlegroups.com> <3f2ddc05-19e1-4458-8fae-370cbf818a1f@l30g2000vbn.googlegroups.com> Reply-To: news@kimmeringer.de NNTP-Posting-Host: mnch-5d85e7dd.pool.mediaways.net Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Trace: online.de 1305528379 4948 93.133.231.221 (16 May 2011 06:46:19 GMT) X-Complaints-To: abuse@einsundeins.com NNTP-Posting-Date: Mon, 16 May 2011 06:46:19 +0000 (UTC) User-Agent: 40tude_Dialog/2.0.15.1de Xref: x330-a1.tempe.blueboxinc.net comp.lang.java.programmer:4147 Stone wrote: > On May 15, 1:52 pm, Lothar Kimmeringer > wrote: >> Stone wrote: [...] >> >> I filed a bugreport about two years ago showing that the JSSE is >> creating TLSv1-messages in some circumstances but since this falled >> within the Oracle-takeover of SUN it seems that it has been ignored. > Is it possible to send me that bugreport? In short: If a session is reused, TLSv1 will be used for client hello instead of SSLv3. Most servers can cope with that since TLSv1 is constructed the same way SSLv3 is but some servers are too strict and expect a specific header-size. > Does it mean that when I will change SSLv3 to TLSv1 as on the Java > side as on the C++ daemon then all will work w/o problems? Depends on two things: The client really sends TLSv1 and the server has no other problem and only returns a wrong error-message. > Is it possible to make some workaround so that all will work fine? Disable session-reusage (which is not possible with the API of the JSSE...) > What in the case that will change JRE from SUN to IBM? I don't know, I haven't tested IBM JVM at that point of time but if the JSSE-provider is the same (which I doubt) you should have the same effect. > If the provider is SunJSSE as a default one is it possible to exchange > them? I'm not sure and you shouldn't start introducing dependencies into your Java-program (which is supposed to work without system-de- pendencies). > I have made some test so that instead of port 5000 I used to port 443 > for detection whether problem is on the applet side (from the > programmer point of view) and all was working OK. Hm, that shouldn't be the case but who knows. > How can I detect whether problem is in the programming language or in > the bugreport? As I said: Use Wireshark to see the actual communication between client and server and check if TLSv1 is used instead of SSLv3. Regards, Lothar -- Lothar Kimmeringer E-Mail: spamfang@kimmeringer.de PGP-encrypted mails preferred (Key-ID: 0x8BC3CD81) Always remember: The answer is forty-two, there can only be wrong questions!