7 Replies Latest reply: Dec 14, 2011 3:56 AM by 687626 RSS

    [OSB] "SSL renegotiation" issue during HTTPS web service invocation

    872531
      Hi all,

      I have to call a third party web service and during the invocation, the server "renegotiates"[1] the ssl connection. I know that it is a security vulnerability but the owners of the web service cannot make any change (or they don't want, I'm not sure) on their systems.

      I have done some test in the past with this web service and a plain Java client and I could connect with this web services adding the property "-Dsun.security.ssl.allowUnsafeRenegotiation=true" to the JVM in wich my web service client runs, so I have tried do something similar in the OSB:
      - I have added this property to the OSB (modifing the start script)
      - I have selected the SSL configuration option "Use JSSE SSL".
      After do that, when I invoke my proxy service I get this error[2] but I can see nothing in the logs.

      I have enabled the "SSL debug" [3] but I cannot see errors during the SSL handshake.

      My questions are:

      Is possible "do the trick" to allow ssl renegotiation in the OSB?

      Where should I look to see the stacktrace associated with the NPE?

      Any tip or hint is welcome,

      Thanks in advance,

      Agus

      [1] http://www.sslshopper.com/article-ssl-and-tls-renegotiation-vulnerability-discovered.html

      [2]<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
      <soapenv:Body>
      <soapenv:Fault>
      <faultcode>soapenv:Server</faultcode>
      <faultstring>BEA-380000: General runtime error: java.lang.NullPointerException</faultstring>
      <detail>
      <con:fault xmlns:con="http://www.bea.com/wli/sb/context">
      <con:errorCode>BEA-380000</con:errorCode>
      <con:reason>General runtime error: java.lang.NullPointerException</con:reason>
      <con:location>
      <con:node>RouteNode1</con:node>
      <con:path>request-pipeline</con:path>
      </con:location>
      </con:fault>
      </detail>
      </soapenv:Fault>
      </soapenv:Body>
      </soapenv:Envelope>

      [3]
      ####<Aug 5, 2011 9:47:56 AM CEST> <Debug> <SecuritySSL> <orasoadev.tecsisa.com> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <1312530476735> <BEA-000000> <weblogic user specified trustmanager validation status 0>
      ####<Aug 5, 2011 9:47:56 AM CEST> <Debug> <SecuritySSL> <orasoadev.tecsisa.com> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <1312530476735> <BEA-000000> <SSLTrustValidator returns: 0>
      ####<Aug 5, 2011 9:47:56 AM CEST> <Debug> <SecuritySSL> <orasoadev.tecsisa.com> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <1312530476735> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE: No trust failure, validateErr=0.>
      ####<Aug 5, 2011 9:47:56 AM CEST> <Debug> <SecuritySSL> <orasoadev.tecsisa.com> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <1312530476735> <BEA-000000> <Performing hostname validation checks: www.mysite.com>
      ####<Aug 5, 2011 9:47:56 AM CEST> <Debug> <SecuritySSL> <orasoadev.tecsisa.com> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <1312530476736> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE: Successfully completed post-handshake processing.>
      ####<Aug 5, 2011 9:47:56 AM CEST> <Debug> <SecuritySSL> <orasoadev.tecsisa.com> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <1312530476737> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE: SSLEngine.wrap(ByteBuffer,ByteBuffer) called: result=Status = OK HandshakeStatus = NOT_HANDSHAKING
      bytesConsumed = 293 bytesProduced = 314.>
      ####<Aug 5, 2011 9:47:56 AM CEST> <Debug> <SecuritySSL> <orasoadev.tecsisa.com> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <1312530476740> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE: SSLEngine.wrap(ByteBuffer,ByteBuffer) called: result=Status = OK HandshakeStatus = NOT_HANDSHAKING
      bytesConsumed = 245 bytesProduced = 266.>
      ####<Aug 5, 2011 9:47:56 AM CEST> <Debug> <SecuritySSL> <orasoadev.tecsisa.com> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <1312530476741> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE: SSLEngine.wrap(ByteBuffer,ByteBuffer) called: result=Status = OK HandshakeStatus = NOT_HANDSHAKING
      bytesConsumed = 8 bytesProduced = 29.>
        • 1. Re: [OSB] "SSL renegotiation" issue during HTTPS web service invocation
          Anuj Dwivedi-Oracle
          Is possible "do the trick" to allow ssl renegotiation in the OSB?
          Yes because OSB relies on Weblogic for SSL. You may refer -

          http://www.oracle.com/technetwork/java/javase/documentation/tlsreadme2-176330.html
          Where should I look to see the stacktrace associated with the NPE?
          The fault code (<faultcode>soapenv:Server</faultcode>) in the fault you are receiving, gives an impression that something went wrong at server side and not at client side(OSB). Check the OSB server log to find more information/stacktrace.

          Regards,
          Anuj
          • 2. Re: [OSB] "SSL renegotiation" issue during HTTPS web service invocation
            872531
            Hi Anuj,

            Thanks for your response. I'm looking at the logs and I cannot see any stack trace related with the NPE. Do you know if there is some way to trace the SOAP messages exchanged with the server (to verify if I get a response or a fault)?
            • 3. Re: [OSB] "SSL renegotiation" issue during HTTPS web service invocation
              872531
              Hi again,

              I have done some investigation and I think that I have failed on my first diagnosis. I have simulated the third party web service (without SSL renegotiation, only for testing purpose) and I'm getting the same error that with the real web service.

              In addition, if I invoke the same web service through HTTP (without SSL) the invocation works correctly.

              After enabling the message tracing in the proxy and bussines service, I can see that the error comes when the bussines service call the web service [1] but I cannot see any stacktrace or error log related with this fail.

              Has someone faced an error like this?any idea?


              *(For clarification, I've remove the soap body and soap header content)*
              [1] ####<Aug 10, 2011 11:04:30 AM CEST> <Info> <OSB Kernel> <orasoadev.com> <osb_server1> <[ACTIVE] ExecuteThread: '8' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <> <1312967070061> <BEA-398072> <
              [OSB Tracing] Routing to SSLProject/SSLBussines with message context:
              $body = <soapenv:Body xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
              .
              .
              .
              </soapenv:Body>
              $header = <soapenv:Header xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
              .
              .
              .
              </soapenv:Header>
              $attachments = <con:attachments xmlns:con="http://www.bea.com/wli/sb/context"/>
              >
              ####<Aug 10, 2011 11:04:30 AM CEST> <Info> <OSB Kernel> <orasoadev.com> <osb_server1> <[ACTIVE] ExecuteThread: '8' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <> <1312967070062> <BEA-398202> <
              [OSB Tracing] Outbound request was sent.

              Service Ref = SSLProject/SSLBussines
              URI = https://192.168.0.121:7007/Servicio
              >
              ####<Aug 10, 2011 11:04:30 AM CEST> <Info> <OSB Kernel> <orasoadev.com> <osb_server1> <[ACTIVE] ExecuteThread: '8' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <> <1312967070312> <BEA-398205> <
              [OSB Tracing] Outbound request caused an exception

              Service Ref = SSLProject/SSLBussines
              URI = https://192.168.0.121:7007/Servicio
              Error Message = java.lang.NullPointerException
              >
              ####<Aug 10, 2011 11:04:30 AM CEST> <Info> <OSB Kernel> <orasoadev.com> <osb_server1> <[ACTIVE] ExecuteThread: '8' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <> <1312967070333> <BEA-398102> <
              [OSB Tracing] Exiting route node with fault:
              <con:fault xmlns:con="http://www.bea.com/wli/sb/context">
              <con:errorCode>BEA-380000</con:errorCode>
              <con:reason>General runtime error: java.lang.NullPointerException</con:reason>
              <con:location>
              <con:node>RutaPeticionFechaHora</con:node>
              <con:path>request-pipeline</con:path>
              </con:location>
              </con:fault>>
              • 4. Re: [OSB] "SSL renegotiation" issue during HTTPS web service invocation
                Anuj Dwivedi-Oracle
                It looks like a SSL handshake issue to me. In Weblogic 10.3.3 there was a similar bug. Can you check the validity of server certificate (of the server to which you are sending request from OSB)? Post the dates (valid from and valid to ) here.

                Enable the SSL debug and test again and see if you get any exception in log.

                Regards,
                Anuj
                • 5. Re: [OSB] "SSL renegotiation" issue during HTTPS web service invocation
                  872531
                  Hi again Anuj,

                  After some time debugging, I have found that the origin of the NPE is the "Use JSSE SSL" that I had selected in the OSB configuration.
                  After uncheck this option, the test goes succesfull against the simulated server.

                  When I try it with the real server (the one tath renegotiates the ssl connection), there is no response, the client hangs waiting for something (a response or a fault) that never comes.

                  I have disabled the "Use JSEE SSL" option in the OSB configuration and added the system property "sun.security.ssl.allowUnsafeRenegotiation" to the JVM tath runs the OSB.

                  The server certificate validity dates are from 7 October 2009 to 23 May 2029. After enabling "ssl debug" I can see this exception in the osb logs[1].

                  Has anyone an idea of the origin of this error?

                  Thanks in advance,

                  P.S.- some names in the stack trace have been substituted with xxxxx and yyyy for security reasons.

                  [1]
                  ####<Aug 12, 2011 10:33:12 AM CEST> <Debug> <SecuritySSL> <xxxxxxxxxx> <osb_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1313137992293> <BEA-000000> <weblogic user specified trustmanager validation status 0>
                  ####<Aug 12, 2011 10:33:12 AM CEST> <Debug> <SecuritySSL> <xxxxxxxxxx> <osb_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1313137992293> <BEA-000000> <SSLTrustValidator returns: 0>
                  ####<Aug 12, 2011 10:33:12 AM CEST> <Debug> <SecuritySSL> <xxxxxxxxxx> <osb_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1313137992293> <BEA-000000> <Trust status (0): NONE>
                  ####<Aug 12, 2011 10:33:12 AM CEST> <Debug> <SecuritySSL> <xxxxxxxxxx> <osb_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1313137992293> <BEA-000000> <Performing hostname validation checks: yyyyyyyyyyy>
                  ####<Aug 12, 2011 10:33:12 AM CEST> <Debug> <SecuritySSL> <xxxxxxxxxx> <osb_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1313137992295> <BEA-000000> <isMuxerActivated: false>
                  ####<Aug 12, 2011 10:33:12 AM CEST> <Debug> <SecuritySSL> <xxxxxxxxxx> <osb_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1313137992295> <BEA-000000> <1149518354 SSL3/TLS MAC>
                  ####<Aug 12, 2011 10:33:12 AM CEST> <Debug> <SecuritySSL> <xxxxxxxxxx> <osb_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1313137992295> <BEA-000000> <1149518354 received HANDSHAKE>
                  ####<Aug 12, 2011 10:33:12 AM CEST> <Debug> <SecuritySSL> <xxxxxxxxxx> <osb_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1313137992295> <BEA-000000> <HANDSHAKEMESSAGE: ServerHelloDone>
                  ####<Aug 12, 2011 10:33:12 AM CEST> <Debug> <SecuritySSL> <xxxxxxxxxx> <osb_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1313137992297> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacMD5>
                  ####<Aug 12, 2011 10:33:12 AM CEST> <Debug> <SecuritySSL> <xxxxxxxxxx> <osb_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1313137992298> <BEA-000000> <Will use default Mac for algorithm HmacMD5>
                  ####<Aug 12, 2011 10:33:12 AM CEST> <Debug> <SecuritySSL> <xxxxxxxxxx> <osb_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1313137992298> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacSHA1>
                  ####<Aug 12, 2011 10:33:12 AM CEST> <Debug> <SecuritySSL> <xxxxxxxxxx> <osb_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1313137992298> <BEA-000000> <Will use default Mac for algorithm HmacSHA1>
                  ####<Aug 12, 2011 10:33:12 AM CEST> <Debug> <SecuritySSL> <xxxxxxxxxx> <osb_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1313137992299> <BEA-000000> <Will use default Mac for algorithm MD5>
                  ####<Aug 12, 2011 10:33:12 AM CEST> <Debug> <SecuritySSL> <xxxxxxxxxx> <osb_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1313137992300> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RC4>
                  ####<Aug 12, 2011 10:33:12 AM CEST> <Debug> <SecuritySSL> <xxxxxxxxxx> <osb_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1313137992300> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacMD5>
                  ####<Aug 12, 2011 10:33:12 AM CEST> <Debug> <SecuritySSL> <xxxxxxxxxx> <osb_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1313137992300> <BEA-000000> <Will use default Mac for algorithm HmacMD5>
                  ####<Aug 12, 2011 10:33:12 AM CEST> <Debug> <SecuritySSL> <xxxxxxxxxx> <osb_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1313137992301> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacSHA1>
                  ####<Aug 12, 2011 10:33:12 AM CEST> <Debug> <SecuritySSL> <xxxxxxxxxx> <osb_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1313137992301> <BEA-000000> <Will use default Mac for algorithm HmacSHA1>
                  ####<Aug 12, 2011 10:33:12 AM CEST> <Debug> <SecuritySSL> <xxxxxxxxxx> <osb_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1313137992302> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RSA>
                  ####<Aug 12, 2011 10:33:12 AM CEST> <Debug> <SecuritySSL> <xxxxxxxxxx> <osb_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1313137992303> <BEA-000000> <write HANDSHAKE, offset = 0, length = 262>
                  ####<Aug 12, 2011 10:33:12 AM CEST> <Debug> <SecuritySSL> <xxxxxxxxxx> <osb_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1313137992304> <BEA-000000> <write CHANGE_CIPHER_SPEC, offset = 0, length = 1>
                  ####<Aug 12, 2011 10:33:12 AM CEST> <Debug> <SecuritySSL> <xxxxxxxxxx> <osb_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1313137992305> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RC4>
                  ####<Aug 12, 2011 10:33:12 AM CEST> <Debug> <SecuritySSL> <xxxxxxxxxx> <osb_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1313137992305> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HMACMD5>
                  ####<Aug 12, 2011 10:33:12 AM CEST> <Debug> <SecuritySSL> <xxxxxxxxxx> <osb_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1313137992305> <BEA-000000> <Will use default Mac for algorithm HMACMD5>
                  ####<Aug 12, 2011 10:33:12 AM CEST> <Debug> <SecuritySSL> <xxxxxxxxxx> <osb_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1313137992306> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacMD5>
                  ####<Aug 12, 2011 10:33:12 AM CEST> <Debug> <SecuritySSL> <xxxxxxxxxx> <osb_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1313137992306> <BEA-000000> <Will use default Mac for algorithm HmacMD5>
                  ####<Aug 12, 2011 10:33:12 AM CEST> <Debug> <SecuritySSL> <xxxxxxxxxx> <osb_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1313137992307> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacSHA1>
                  ####<Aug 12, 2011 10:33:12 AM CEST> <Debug> <SecuritySSL> <xxxxxxxxxx> <osb_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1313137992307> <BEA-000000> <Will use default Mac for algorithm HmacSHA1>
                  ####<Aug 12, 2011 10:33:12 AM CEST> <Debug> <SecuritySSL> <xxxxxxxxxx> <osb_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1313137992308> <BEA-000000> <write HANDSHAKE, offset = 0, length = 16>
                  ####<Aug 12, 2011 10:33:12 AM CEST> <Debug> <SecuritySSL> <xxxxxxxxxx> <osb_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1313137992309> <BEA-000000> <isMuxerActivated: false>
                  ####<Aug 12, 2011 10:33:12 AM CEST> <Debug> <SecuritySSL> <xxxxxxxxxx> <osb_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1313137992380> <BEA-000000> <1149518354 SSL3/TLS MAC>
                  ####<Aug 12, 2011 10:33:12 AM CEST> <Debug> <SecuritySSL> <xxxxxxxxxx> <osb_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1313137992381> <BEA-000000> <1149518354 received CHANGE_CIPHER_SPEC>
                  ####<Aug 12, 2011 10:33:12 AM CEST> <Debug> <SecuritySSL> <xxxxxxxxxx> <osb_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1313137992381> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RC4>
                  ####<Aug 12, 2011 10:33:12 AM CEST> <Debug> <SecuritySSL> <xxxxxxxxxx> <osb_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1313137992381> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HMACMD5>
                  ####<Aug 12, 2011 10:33:12 AM CEST> <Debug> <SecuritySSL> <xxxxxxxxxx> <osb_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1313137992381> <BEA-000000> <Will use default Mac for algorithm HMACMD5>
                  ####<Aug 12, 2011 10:33:12 AM CEST> <Debug> <SecuritySSL> <xxxxxxxxxx> <osb_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1313137992382> <BEA-000000> <isMuxerActivated: false>
                  ####<Aug 12, 2011 10:33:12 AM CEST> <Debug> <SecuritySSL> <xxxxxxxxxx> <osb_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1313137992382> <BEA-000000> <1149518354 SSL3/TLS MAC>
                  ####<Aug 12, 2011 10:33:12 AM CEST> <Debug> <SecuritySSL> <xxxxxxxxxx> <osb_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1313137992382> <BEA-000000> <1149518354 received HANDSHAKE>
                  ####<Aug 12, 2011 10:33:12 AM CEST> <Debug> <SecuritySSL> <xxxxxxxxxx> <osb_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1313137992382> <BEA-000000> <HANDSHAKEMESSAGE: Finished>
                  ####<Aug 12, 2011 10:33:12 AM CEST> <Debug> <SecuritySSL> <xxxxxxxxxx> <osb_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1313137992383> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacMD5>
                  ####<Aug 12, 2011 10:33:12 AM CEST> <Debug> <SecuritySSL> <xxxxxxxxxx> <osb_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1313137992383> <BEA-000000> <Will use default Mac for algorithm HmacMD5>
                  ####<Aug 12, 2011 10:33:12 AM CEST> <Debug> <SecuritySSL> <xxxxxxxxxx> <osb_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1313137992383> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacSHA1>
                  ####<Aug 12, 2011 10:33:12 AM CEST> <Debug> <SecuritySSL> <xxxxxxxxxx> <osb_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1313137992383> <BEA-000000> <Will use default Mac for algorithm HmacSHA1>
                  ####<Aug 12, 2011 10:33:12 AM CEST> <Debug> <SecuritySSL> <xxxxxxxxxx> <osb_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1313137992384> <BEA-000000> <write APPLICATION_DATA, offset = 0, length = 293>
                  ####<Aug 12, 2011 10:33:12 AM CEST> <Debug> <SecuritySSL> <xxxxxxxxxx> <osb_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1313137992386> <BEA-000000> <write APPLICATION_DATA, offset = 0, length = 279>
                  ####<Aug 12, 2011 10:33:12 AM CEST> <Debug> <SecuritySSL> <xxxxxxxxxx> <osb_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1313137992386> <BEA-000000> <write APPLICATION_DATA, offset = 0, length = 8>
                  ####<Aug 12, 2011 10:33:12 AM CEST> <Debug> <SecuritySSL> <xxxxxxxxxx> <osb_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1313137992390> <BEA-000000> <SSLIOContextTable.findContext(sock): 1943972921>
                  ####<Aug 12, 2011 10:33:12 AM CEST> <Debug> <SecuritySSL> <xxxxxxxxxx> <osb_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1313137992391> <BEA-000000> <SSLIOContextTable.findContext(sock): 1943972921>
                  ####<Aug 12, 2011 10:33:12 AM CEST> <Debug> <SecuritySSL> <xxxxxxxxxx> <osb_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1313137992393> <BEA-000000> <activateNoRegister()>
                  ####<Aug 12, 2011 10:33:12 AM CEST> <Debug> <SecuritySSL> <xxxxxxxxxx> <osb_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1313137992394> <BEA-000000> <SSLFilterImpl.activate(): activated: 1840560387 1056821854>
                  ####<Aug 12, 2011 10:33:12 AM CEST> <Debug> <SecuritySSL> <xxxxxxxxxx> <osb_server1> <ExecuteThread: '0' for queue: 'weblogic.socket.Muxer'> <<WLS Kernel>> <> <> <1313137992450> <BEA-000000> <1272141047 read(offset=0, length=4080)>
                  ####<Aug 12, 2011 10:33:12 AM CEST> <Debug> <SecuritySSL> <xxxxxxxxxx> <osb_server1> <ExecuteThread: '0' for queue: 'weblogic.socket.Muxer'> <<WLS Kernel>> <> <> <1313137992450> <BEA-000000> <isMuxerActivated: true>
                  ####<Aug 12, 2011 10:33:12 AM CEST> <Debug> <SecuritySSL> <xxxxxxxxxx> <osb_server1> <ExecuteThread: '0' for queue: 'weblogic.socket.Muxer'> <<WLS Kernel>> <> <> <1313137992450> <BEA-000000> <hasSSLRecord()>
                  ####<Aug 12, 2011 10:33:12 AM CEST> <Debug> <SecuritySSL> <xxxxxxxxxx> <osb_server1> <ExecuteThread: '0' for queue: 'weblogic.socket.Muxer'> <<WLS Kernel>> <> <> <1313137992450> <BEA-000000> <hasSSLRecord returns true>
                  ####<Aug 12, 2011 10:33:12 AM CEST> <Debug> <SecuritySSL> <xxxxxxxxxx> <osb_server1> <ExecuteThread: '0' for queue: 'weblogic.socket.Muxer'> <<WLS Kernel>> <> <> <1313137992450> <BEA-000000> <1149518354 SSL3/TLS MAC>
                  ####<Aug 12, 2011 10:33:12 AM CEST> <Debug> <SecuritySSL> <xxxxxxxxxx> <osb_server1> <ExecuteThread: '0' for queue: 'weblogic.socket.Muxer'> <<WLS Kernel>> <> <> <1313137992451> <BEA-000000> <1149518354 received HANDSHAKE>
                  ####<Aug 12, 2011 10:33:12 AM CEST> <Debug> <SecuritySSL> <xxxxxxxxxx> <osb_server1> <ExecuteThread: '0' for queue: 'weblogic.socket.Muxer'> <<WLS Kernel>> <> <> <1313137992451> <BEA-000000> <NEW ALERT with Severity: WARNING, Type: 100
                  java.lang.Exception: New alert stack
                       at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
                       at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
                       at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
                       at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
                       at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
                       at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
                       at com.certicom.tls.record.ReadHandler.read(Unknown Source)
                       at com.certicom.io.InputSSLIOStreamWrapper.read(Unknown Source)
                       at weblogic.socket.SSLFilterImpl.isMessageComplete(SSLFilterImpl.java:202)
                       at weblogic.socket.SocketMuxer.readReadySocketOnce(SocketMuxer.java:945)
                       at weblogic.socket.SocketMuxer.readReadySocket(SocketMuxer.java:898)
                       at weblogic.socket.PosixSocketMuxer.processSockets(PosixSocketMuxer.java:130)
                       at weblogic.socket.SocketReaderRequest.run(SocketReaderRequest.java:29)
                       at weblogic.socket.SocketReaderRequest.execute(SocketReaderRequest.java:42)
                       at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:145)
                       at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:117)
                  ####<Aug 12, 2011 10:33:12 AM CEST> <Debug> <SecuritySSL> <xxxxxxxxxx> <osb_server1> <ExecuteThread: '0' for queue: 'weblogic.socket.Muxer'> <<WLS Kernel>> <> <> <1313137992453> <BEA-000000> <write ALERT, offset = 0, length = 2>
                  ####<Aug 12, 2011 10:33:12 AM CEST> <Debug> <SecuritySSL> <xxxxxxxxxx> <osb_server1> <ExecuteThread: '0' for queue: 'weblogic.socket.Muxer'> <<WLS Kernel>> <> <> <1313137992454> <BEA-000000> <isMuxerActivated: true>
                  ####<Aug 12, 2011 10:33:12 AM CEST> <Debug> <SecuritySSL> <xxxxxxxxxx> <osb_server1> <ExecuteThread: '0' for queue: 'weblogic.socket.Muxer'> <<WLS Kernel>> <> <> <1313137992454> <BEA-000000> <hasSSLRecord()>
                  ####<Aug 12, 2011 10:33:12 AM CEST> <Debug> <SecuritySSL> <xxxxxxxxxx> <osb_server1> <ExecuteThread: '0' for queue: 'weblogic.socket.Muxer'> <<WLS Kernel>> <> <> <1313137992454> <BEA-000000> <hasSSLRecord returns false 1>
                  ####<Aug 12, 2011 10:33:12 AM CEST> <Debug> <SecuritySSL> <xxxxxxxxxx> <osb_server1> <ExecuteThread: '0' for queue: 'weblogic.socket.Muxer'> <<WLS Kernel>> <> <> <1313137992454> <BEA-000000> <1272141047 Rethrowing InterruptedIOException>
                  ####<Aug 12, 2011 10:33:12 AM CEST> <Debug> <SecuritySSL> <xxxxxxxxxx> <osb_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1313137992525> <BEA-000000> <1272141047 read(offset=0, length=8192)>
                  ####<Aug 12, 2011 10:33:12 AM CEST> <Debug> <SecuritySSL> <xxxxxxxxxx> <osb_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1313137992525> <BEA-000000> <isMuxerActivated: false>

                  Edited by: agus_gr on Aug 12, 2011 11:38 AM
                  • 6. Re: [OSB] "SSL renegotiation" issue during HTTPS web service invocation
                    872531
                    A little more info:

                    I have the same error with the "-Dsun.security.ssl.allowUnsafeRenegotiation=true" property and without it, so I'm not sure tath I am adding the property correctly.

                    What I have done is modify the startManagedWeblogic script and add to the JAVA_OPTS the property:

                    Before:

                    JAVA_OPTIONS="-Dweblogic.security.SSL.trustedCAKeyStore="/home/oracle/Oracle/Middleware/wlserver_10.3/server/lib/cacerts" ${JAVA_OPTIONS}"
                    export JAVA_OPTIONS

                    After:

                    JAVA_OPTIONS="-Dssl.debug=true -Dsun.security.ssl.allowUnsafeRenegotiation=true -Dweblogic.security.SSL.trustedCAKeyStore="/home/oracle/Oracle/Middleware/wlserver_10.3/server/lib/cacerts" ${JAVA_OPTIONS}"
                    export JAVA_OPTIONS


                    Is this the correct way?
                    • 7. Re: [OSB] "SSL renegotiation" issue during HTTPS web service invocation
                      687626
                      For fixing this issue with SSL renegotiation which occurs in scenarios like OSB to IIS 2 way SSL using default certicom implementation , set the flag -Dweblogic.security.SSL.enable.renegotiation=true

                      does certicom implementation support ssl renegotiation ?