-
Bug
-
Resolution: Duplicate
-
P4
-
None
-
1.0.2
-
None
-
generic
-
generic
I'm using IE5.5/Netscape 4.75 as an SSL client (both are 128-bit SSL), which connects via HTTP/SSL to a server application that uses JSSE1.0.2. I have configured Netscape with a key and cert for client authentication.
When I switch client authentication off, everything works fine.
However, when I switch client authentication on, the SSL negotiation breaks down.
The browser doesn't even prompt for a certificate to be used, which implies that the problem is occurring before the CertificateRequest message is sent to the client.
I get the following debug output:
Thread-204, READ: SSL v3.0 Handshake, length = 59
*** ClientHello, v3.1
RandomCookie: GMT: -1986624722 bytes = { 150, 8, 11, 26, 158, 133, 199, 138, 132, 1, 46, 134, 88, 101, 218, 120, 204, 201, 54, 217, 168, 148, 159, 129, 133, 151, 251, 74 }
Session ID: {}
Cipher Suites: { 0, 4, 0, 5, 0, 10, 0, 9, 0, 100, 0, 98, 0, 3, 0, 6 }
Compression Methods: { 0 }
***
[read] MD5 and SHA1 hashes: len = 59
0000: 01 00 00 37 03 01 8A 97 83 2E 96 08 0B 1A 9E 85 ...7............
0010: C7 8A 84 01 2E 86 58 65 DA 78 CC C9 36 D9 A8 94 ......Xe.x..6...
0020: 9F 81 85 97 FB 4A 00 00 10 00 04 00 05 00 0A 00 .....J..........
0030: 09 00 64 00 62 00 03 00 06 01 00 ..d.b......
%% Created: [Session-1, SSL_NULL_WITH_NULL_NULL]
*** ServerHello, v3.1
RandomCookie: GMT: 975883971 bytes = { 51, 31, 170, 219, 251, 73, 142, 99, 133, 148, 32, 40, 33, 52, 172, 189, 168, 143, 80, 48, 76, 164, 106, 106, 142, 120, 156, 185 }
Session ID: {58, 43, 207, 195, 44, 51, 115, 186, 136, 46, 247, 137, 10, 251, 137, 235, 184, 60, 132, 83, 126, 26, 185, 123, 112, 45, 252, 127, 102, 99, 201, 65}
Cipher Suite: { 0, 10 }
Compression Method: 0
***
Cipher suite: SSL_RSA_WITH_3DES_EDE_CBC_SHA
*** Certificate chain
chain [0] = Version: 3
Serial number: 201046550917202338498243546010493351923
Signature algorithm: md5WithRSAEncryption
Issuer: CN=Test Root CA, OU=Security, O=SSE, C=IE
Valid not before: Mon Nov 13 12:56:24 GMT+00:00 2000
not after: Tue Nov 13 12:56:24 GMT+00:00 2001
Subject: CN=Test Java Proxy, OU=Security, O=SSE, C=IE
public exponent: 5
modulus: b1e54950095403217df622bcb10f49b3e74b28ca692aa3b98472c595f0bda070593a0bc3e7a6a68985465fdb81055187864a074b6310fd5988cee254dc87c034b13a2ce49acbf2a34dc8da0d5e52273f580cb4402aa51d0dc904f001499e01fcd6302414725adaba650fcc0dbf43fdb86d1e9dabc98c0a5fb26cddf684059405
Extensions: 8
Certificate Fingerprint: 68:09:33:CC:9F:A4:15:E6:CF:ED:DC:76:E7:E1:05:8F
chain [1] = Version: 3
Serial number: 279691260028111291166974459632045429631
Signature algorithm: md5WithRSAEncryption
Issuer: CN=Test Root CA, OU=Security, O=SSE, C=IE
Valid not before: Mon Nov 13 12:54:15 GMT+00:00 2000
not after: Wed Nov 13 12:54:15 GMT+00:00 2002
Subject: CN=Test Root CA, OU=Security, O=SSE, C=IE
public exponent: 3
modulus: ce983651bfc73dbeeae2e8992457debf1292280216e7d71ac269f01c1182a9ab6713aaf7f3005d63a46df90b2e849621f7f84a24de42e1c94227db27babf5e1dbfc35b2a5d4bc258da70c4aa8d3f8a761277dad5edb82a9d1e6b0103e6963f093fe6860197ec552c26571afbeb13e9d7ff3114a4de64233c1736cdedfe11468b
Extensions: 4
Certificate Fingerprint: EB:F3:CF:EF:95:16:0B:D5:C2:57:AC:68:44:AB:93:AF
***
java.lang.NullPointerException
at com.sun.net.ssl.internal.ssl.m.<init>([DashoPro-V1.2-120198])
at com.sun.net.ssl.internal.ssl.ServerHandshaker.b([DashoPro-V1.2-120198
])
at com.sun.net.ssl.internal.ssl.ServerHandshaker.processMessage([DashoPr
o-V1.2-120198])
at com.sun.net.ssl.internal.ssl.Handshaker.process_record([DashoPro-V1.2
-120198])
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a([DashoPro-V1.2-120198])
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a([DashoPro-V1.2-120198])
at com.sun.net.ssl.internal.ssl.AppOutputStream.write([DashoPro-V1.2-120
198])
at java.io.OutputStream.write(OutputStream.java:61)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake([DashoPro-V
1.2-120198])
at mycode.....
Any help would be appreciated!
Cheers,
Andy Dowling
P.S. If this helps to narrow anything down:
Before using JSSE1.0.2 reference implementation, I've managed to get SSL working with and without client authentication using a third party JSSE implementation.
When I switch client authentication off, everything works fine.
However, when I switch client authentication on, the SSL negotiation breaks down.
The browser doesn't even prompt for a certificate to be used, which implies that the problem is occurring before the CertificateRequest message is sent to the client.
I get the following debug output:
Thread-204, READ: SSL v3.0 Handshake, length = 59
*** ClientHello, v3.1
RandomCookie: GMT: -1986624722 bytes = { 150, 8, 11, 26, 158, 133, 199, 138, 132, 1, 46, 134, 88, 101, 218, 120, 204, 201, 54, 217, 168, 148, 159, 129, 133, 151, 251, 74 }
Session ID: {}
Cipher Suites: { 0, 4, 0, 5, 0, 10, 0, 9, 0, 100, 0, 98, 0, 3, 0, 6 }
Compression Methods: { 0 }
***
[read] MD5 and SHA1 hashes: len = 59
0000: 01 00 00 37 03 01 8A 97 83 2E 96 08 0B 1A 9E 85 ...7............
0010: C7 8A 84 01 2E 86 58 65 DA 78 CC C9 36 D9 A8 94 ......Xe.x..6...
0020: 9F 81 85 97 FB 4A 00 00 10 00 04 00 05 00 0A 00 .....J..........
0030: 09 00 64 00 62 00 03 00 06 01 00 ..d.b......
%% Created: [Session-1, SSL_NULL_WITH_NULL_NULL]
*** ServerHello, v3.1
RandomCookie: GMT: 975883971 bytes = { 51, 31, 170, 219, 251, 73, 142, 99, 133, 148, 32, 40, 33, 52, 172, 189, 168, 143, 80, 48, 76, 164, 106, 106, 142, 120, 156, 185 }
Session ID: {58, 43, 207, 195, 44, 51, 115, 186, 136, 46, 247, 137, 10, 251, 137, 235, 184, 60, 132, 83, 126, 26, 185, 123, 112, 45, 252, 127, 102, 99, 201, 65}
Cipher Suite: { 0, 10 }
Compression Method: 0
***
Cipher suite: SSL_RSA_WITH_3DES_EDE_CBC_SHA
*** Certificate chain
chain [0] = Version: 3
Serial number: 201046550917202338498243546010493351923
Signature algorithm: md5WithRSAEncryption
Issuer: CN=Test Root CA, OU=Security, O=SSE, C=IE
Valid not before: Mon Nov 13 12:56:24 GMT+00:00 2000
not after: Tue Nov 13 12:56:24 GMT+00:00 2001
Subject: CN=Test Java Proxy, OU=Security, O=SSE, C=IE
public exponent: 5
modulus: b1e54950095403217df622bcb10f49b3e74b28ca692aa3b98472c595f0bda070593a0bc3e7a6a68985465fdb81055187864a074b6310fd5988cee254dc87c034b13a2ce49acbf2a34dc8da0d5e52273f580cb4402aa51d0dc904f001499e01fcd6302414725adaba650fcc0dbf43fdb86d1e9dabc98c0a5fb26cddf684059405
Extensions: 8
Certificate Fingerprint: 68:09:33:CC:9F:A4:15:E6:CF:ED:DC:76:E7:E1:05:8F
chain [1] = Version: 3
Serial number: 279691260028111291166974459632045429631
Signature algorithm: md5WithRSAEncryption
Issuer: CN=Test Root CA, OU=Security, O=SSE, C=IE
Valid not before: Mon Nov 13 12:54:15 GMT+00:00 2000
not after: Wed Nov 13 12:54:15 GMT+00:00 2002
Subject: CN=Test Root CA, OU=Security, O=SSE, C=IE
public exponent: 3
modulus: ce983651bfc73dbeeae2e8992457debf1292280216e7d71ac269f01c1182a9ab6713aaf7f3005d63a46df90b2e849621f7f84a24de42e1c94227db27babf5e1dbfc35b2a5d4bc258da70c4aa8d3f8a761277dad5edb82a9d1e6b0103e6963f093fe6860197ec552c26571afbeb13e9d7ff3114a4de64233c1736cdedfe11468b
Extensions: 4
Certificate Fingerprint: EB:F3:CF:EF:95:16:0B:D5:C2:57:AC:68:44:AB:93:AF
***
java.lang.NullPointerException
at com.sun.net.ssl.internal.ssl.m.<init>([DashoPro-V1.2-120198])
at com.sun.net.ssl.internal.ssl.ServerHandshaker.b([DashoPro-V1.2-120198
])
at com.sun.net.ssl.internal.ssl.ServerHandshaker.processMessage([DashoPr
o-V1.2-120198])
at com.sun.net.ssl.internal.ssl.Handshaker.process_record([DashoPro-V1.2
-120198])
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a([DashoPro-V1.2-120198])
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a([DashoPro-V1.2-120198])
at com.sun.net.ssl.internal.ssl.AppOutputStream.write([DashoPro-V1.2-120
198])
at java.io.OutputStream.write(OutputStream.java:61)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake([DashoPro-V
1.2-120198])
at mycode.....
Any help would be appreciated!
Cheers,
Andy Dowling
P.S. If this helps to narrow anything down:
Before using JSSE1.0.2 reference implementation, I've managed to get SSL working with and without client authentication using a third party JSSE implementation.
- duplicates
-
-
- Resolved
-