4 Replies Latest reply on Dec 16, 2004 9:03 AM by 666705

    Security error in Weblogic

    666705
      Configured security with the following message

      <Oct 28, 2004 8:00:55 PM PDT> <Debug> <TLS> <000000> <Found private key in keyst

      ore>

      <Oct 28, 2004 8:00:55 PM PDT> <Debug> <TLS> <000000> <SSLManager.getServerCertif

      icate()>

      <Oct 28, 2004 8:00:55 PM PDT> <Debug> <TLS> <000000> <Server identity successful

      ly loaded>

      <Oct 28, 2004 8:00:55 PM PDT> <Debug> <TLS> <000000> <SSLManager.getService(KEYM

      ANAGER)>

      <Oct 28, 2004 8:00:55 PM PDT> <Debug> <TLS> <000000> <SSLManager, getting truste

      d CAs from TrustedCAFile: cacert512.pem>

      <Oct 28, 2004 8:00:55 PM PDT> <Debug> <TLS> <000000> <Checking certificate chain

      , 1 certs>

      <Oct 28, 2004 8:00:55 PM PDT> <Debug> <TLS> <000000> <Cipher suites enabled:>


      <Oct 28, 2004 8:00:56 PM PDT> <Notice> <WebLogicServer> <000354> <Thread "SSLLis

      tenThread.Default" listening on port 7002>

      <Oct 28, 2004 8:00:56 PM PDT> <Notice> <WebLogicServer> <000354> <Thread "Listen

      Thread.Default" listening on port 7001>

      <Oct 28, 2004 8:00:56 PM PDT> <Notice> <WebLogicServer> <000329> <Started WebLog

      ic Admin Server "myserver" for domain "mydomain" running in Production Mode>

      <Oct 28, 2004 8:00:57 PM PDT> <Notice> <WebLogicServer> <000365> <Server state c

      hanged to RUNNING>

      <Oct 28, 2004 8:00:57 PM PDT> <Notice> <WebLogicServer> <000360> <Server started

      in RUNNING mode>

      https://localhost:7002

      gives this error

      <Oct 28, 2004 8:02:23 PM PDT> <Debug> <TLS> <000000> <4998018 readRecord()>

      <Oct 28, 2004 8:02:23 PM PDT> <Debug> <TLS> <000000> <4998018 received CHANGE_CI

      PHER_SPEC>

      <Oct 28, 2004 8:02:23 PM PDT> <Debug> <TLS> <000000> <NEW ALERT: com.certicom.tl

      s.record.alert.Alert@103ad6 Severity: 1 Type: 0

      java.lang.Throwable: Stack trace

      at weblogic.security.utils.SSLSetup.debug(SSLSetup.java:241)

      at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)

      at com.certicom.tls.interfaceimpl.TLSConnectionImpl.closeWriteHandler(Un

      known Source)

      at com.certicom.tls.interfaceimpl.TLSConnectionImpl.close(Unknown Source

      )

      at javax.net.ssl.impl.SSLSocketImpl.close(Unknown Source)

      at weblogic.t3.srvr.ListenThread.rejectCatastrophe(ListenThread.java:436

      )

      at weblogic.t3.srvr.SSLListenThread$1.execute(SSLListenThread.java:419)

      at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:251)

      at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:219)

      >

      <Oct 28, 2004 8:02:23 PM PDT> <Debug> <TLS> <000000> <NEW ALERT: com.certicom.tl

      s.record.alert.Alert@3bdbbd Severity: 2 Type: 70

      java.lang.Throwable: Stack trace

      at weblogic.security.utils.SSLSetup.debug(SSLSetup.java:241)

      at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)

      at com.certicom.tls.record.handshake.HandshakeHandler.handleVersion2Hand

      shakeMessages(Unknown Source)

      at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)

      at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)

      at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknow

      n Source)

      at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Un

      known Source)

      at com.certicom.net.ssl.CerticomContextWrapper.forceHandshakeOnAcceptedS

      ocket(Unknown Source)

      at weblogic.t3.srvr.SSLListenThread$1.execute(SSLListenThread.java:399)

      at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:251)

      at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:219)

      >

      <Oct 28, 2004 8:02:23 PM PDT> <Debug> <TLS> <000000> <write ALERT offset = 0 len

      gth = 2>

      <Oct 28, 2004 8:02:23 PM PDT> <Debug> <TLS> <000000> <close(): 7195959>

      <Oct 28, 2004 8:02:23 PM PDT> <Debug> <TLS> <000000> <SSLIOContextTable.removeCo

      ntext(ctx): 3199646>

      <Oct 28, 2004 8:02:23 PM PDT> <Error> <kernel> <000802> <ExecuteRequest failed

      java.lang.IndexOutOfBoundsException

      java.lang.IndexOutOfBoundsException

      at java.io.ByteArrayInputStream.read(ByteArrayInputStream.java:164)

      at com.certicom.tls.record.Util.readFully(Unknown Source)

      at com.certicom.tls.record.Util.readFully(Unknown Source)

      at com.certicom.tls.record.Util.readBytesLength24(Unknown Source)

      at com.certicom.tls.record.handshake.HandshakeMessage.create(Unknown Sou

      rce)

      at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMes

      sages(Unknown Source)

      at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)

      at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)

      at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknow

      n Source)

      at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Un

      known Source)

      at com.certicom.tls.record.ReadHandler.read(Unknown Source)

      at com.certicom.tls.interfaceimpl.TLSConnectionImpl.closeWriteHandler(Un

      known Source)

      at com.certicom.tls.interfaceimpl.TLSConnectionImpl.close(Unknown Source

      )

      at javax.net.ssl.impl.SSLSocketImpl.close(Unknown Source)

      at weblogic.t3.srvr.ListenThread.rejectCatastrophe(ListenThread.java:436

      )

      at weblogic.t3.srvr.SSLListenThread$1.execute(SSLListenThread.java:419)

      at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:251)

      at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:219)
        • 1. Re: Security error in Weblogic
          666705
          Is there anything unusual with your SSL configuration? Maybe JRE has some non-default JCE providers installed?

          Pavel.
          • 2. Re: Security error in Weblogic
            666705
            Hi

            I am getting the same errors. I am using weblogic 8.1 sp2 on solaris 9. I am using the SSL cert that comes with the bea installation. The https access will work if I restart the weblogic server. However, after a few hours, the https access will hang and the following error messages appear in the log. Any help will be appreciated. Thanks.

            regards
            Beng Hee

            <Dec 14, 2004 9:26:24 AM SGT> <Error> <Kernel> <BEA-000802> <ExecuteRequest failed
            java.lang.IndexOutOfBoundsException.
            java.lang.IndexOutOfBoundsException
            at java.io.ByteArrayInputStream.read(ByteArrayInputStream.java:159)
            at com.certicom.tls.record.Util.readFully(Unknown Source)
            at com.certicom.tls.record.Util.readFully(Unknown Source)
            at com.certicom.tls.record.Util.readBytesLength24(Unknown Source)
            at com.certicom.tls.record.handshake.HandshakeMessage.create(Unknown Source)
            at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
            at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)
            at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
            at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
            at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
            at com.certicom.net.ssl.CerticomContextWrapper.forceHandshakeOnAcceptedSocket(Unknown Source)
            at weblogic.t3.srvr.SSLListenThread$1.execute(SSLListenThread.java:514)
            at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
            at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)
            • 3. Re: Security error in Weblogic
              666705
              The server in this case is trying to read SSL record, and it looks like it is not receiving the complete record. Could it be that the client stopped writing in the middle of an ssl record? Are you saying after some time all the ssl connections are failing like this, even from different clients? Does your server configuration envolve some non-default jce providers?

              Pavel.
              • 4. Re: Security error in Weblogic
                666705
                Yes. After a restart, https access from MS internet explorer or mozilla from RedHat will be fine. But after a few hours, the https access will hung.
                Fortunately, BEA support has managed to resolve this problem. BEA support said that I am using DES ciphers and ask me to change the SSL entry in my config.xml to Ciphersuites="TLS_RSA_EXPORT_WITH_RC4_40_MD5". I do not have the https hanging issue after that.
                Thanks you for your help.