[prev in list] [next in list] [prev in thread] [next in thread] 

List:       httpclient-users
Subject:    Re: HttpClient & bad_record_mac error
From:       Oleg Kalnichevski <olegk () apache ! org>
Date:       2006-02-16 15:46:11
Message-ID: 1140104772.8423.55.camel () localhost ! localdomain
[Download RAW message or body]

On Thu, 2006-02-16 at 10:29 -0500, jwa@urbancode.com wrote:
> > On Thu, 2006-02-16 at 09:05 -0500, jwa@urbancode.com wrote:
> > ...
> >> I had tried that before and the test-code for verisign works fine.  I am
> >> using java 1.4.2-02, so most of the known issues don't apply for that
> >> reason, and the last known issue is not the error I am getting.
> >>
> >> The socket-based test code also works for the intranet server when I add
> >> the line:
> >>     ((SSLSocket)ssl).setEnabledProtocols(new String[] {"SSLv3"});
> >
> > Implement a custom SSL socket factory that does that same.
> >
> > Oleg
> >
> >> excpet that it takes 10-15 secs to finally terminate unless I make the
> >> loop condition:
> >>     while ((line = in.readLine()) != null && line.length()>0)
> >>
> >> Based upon the setEnabledProtocols line, I tried restricting the Cipher
> >> protocols that the apache server would use in it's conf file by:
> >>     SSLProtocol -All +SSLv3
> >>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> >> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
> >>
> >>
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
> >
> >
> 
> Thank you very much.
> 
> From an academic perspective and a practical one too, this really doesn't
> address what is causing the problem.  Is it the fault of httpclient or
> some error in the server.  Which is still of interest to me.
> 

HttpClient does not implement its own SSL/TLS layer. It can simply use a
JSSE provider or any other Java 1.2 compatible SSL library to create
secure sockets. This problem has nothing to do with HttpClient. To find
out the cause of the problem active the SSL debugging and see at which
point the SSL session terminates abnormally. Refer to the documentation
of the SSL library for explanations.

Oleg 


> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org


[prev in list] [next in list] [prev in thread] [next in thread]