Problem with SSL in OpenESB 3.0.5 SE

classic Classic list List threaded Threaded
59 messages Options
123
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Problem with SSL in OpenESB 3.0.5 SE

Pavel Rybakov
This post has NOT been accepted by the mailing list yet.
Hello friends,

I've met a trouble while trying to use SSL protocol for HTTP BC in OpenESB Standalone 3.0.5.
The problem is that when I send any request to the HTTPS port 9081 there is no reply (browser is waiting) and only "Using SSLEngineImpl." appears on the OpenESB console.
Below is the console log from deploing the assembly to the "Using SSLEngineImpl." message.
This problem does not depend on JDK version (1.7 or 1.8).
Please give me any clue what can be a cause of my trouble.

Best regards,
Pavel.


2016-12-11T20:59:47.309+0300 INFO [com.sun.jbi.management] (Grizzly(3)) Deploying service assembly TestSSL-CA to target
server.
Cannot find CatalogManager.properties
2016-12-11T20:59:47.481+0300 INFO [com.sun.jbi.management.DeploymentService] (Grizzly(3)) JBIMA0402: Service Assembly fi
le:/C:/OpenESB-SE-3.0.5/OE-Instance/server/jbi/tmp/upload/TestSSL-CA.zip has been deployed.
2016-12-11T20:59:50.199+0300 INFO [com.sun.jbi.management] (Grizzly(3)) Starting service assembly TestSSL-CA on target s
erver.
2016-12-11T20:59:50.215+0300 INFO [com.sun.jbi.engine.bpel.BPELSEDeployer] (TestSSL-CA-TestSSL) BPJBI-5009: SU.init for
TestSSL-CA-TestSSL is started, Business Process packaged in this SU will be deployed
2016-12-11T20:59:50.215+0300 INFO [com.sun.jbi.engine.bpel.EngineHelper] (TestSSL-CA-TestSSL) BPJBI-4010: Loaded BPEL, W
SDL and XSD documents for TestSSL-CA-TestSSL.
2016-12-11T20:59:50.231+0300 INFO [com.sun.jbi.engine.bpel.BPELSEDeployer] (TestSSL-CA-TestSSL) BPJBI-5008: Activated an
 endpoint. Service name {http://enterprise.netbeans.org/bpel/TestSSL/testSSL}PartnerLink1, endpoint name testSslHttpPort
TypeRole_myRole
2016-12-11T20:59:50.231+0300 INFO [com.sun.jbi.engine.bpel.BPELSEDeployer] (TestSSL-CA-TestSSL) BPJBI-5008: Activated an
 endpoint. Service name {http://enterprise.netbeans.org/bpel/TestSSL/testSSL_SOAP}PartnerLink1SOAP, endpoint name testSS
L_SOAPPortTypeRole_myRole
2016-12-11T20:59:50.231+0300 INFO [com.sun.jbi.engine.bpel.BPELSEDeployer] (TestSSL-CA-TestSSL) BPJBI-5010: SU.init for
TestSSL-CA-TestSSL is completed, Business Process packaged in this SU are deployed
Cannot find CatalogManager.properties
2016-12-11T20:59:50.262+0300 INFO [com.sun.jbi.engine.bpel.BPELSEDeployer] (TestSSL-CA-TestSSL) BPJBI-5011: SU.start for
 TestSSL-CA-TestSSL is started
2016-12-11T20:59:50.262+0300 INFO [com.sun.jbi.engine.bpel.BPELSEDeployer] (TestSSL-CA-TestSSL) BPJBI-5012: SU.start for
 TestSSL-CA-TestSSL is completed
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_anon_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_DH_anon_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
***
found key for : s1as
chain [0] = [
[
  Version: V3
  Subject: CN=gfnode2-t.zenit.ru, OU=IT Department, O="Bank ZENIT, PJSC", C=RU
  Signature Algorithm: SHA512withRSA, OID = 1.2.840.113549.1.1.13

  Key:  Sun RSA public key, 2048 bits
  modulus: 1897998903405341541162154986746456507217632419560115120902886365989296276524300619654874079306798343875802038
523126426192396812398481863447470171703790492740944567366272662750446550446075928640585421603458687411434335475313800962
263637313035670439047448770544863888683949998947579288734922249161379651474046258085895729376668691757084975943047165595
792588906139579242736325063705822994128374599483530242814254591885447736839265043634081706926888313264230703373162016861
465796666086824953944093561700237391988645623952822714407463385878518005732489261796141590599997158114681930089517178536
7775500447636540643658475803
  public exponent: 65537
  Validity: [From: Fri Oct 21 02:14:01 MSK 2016,
               To: Sun Jun 30 02:14:01 MSK 2030]
  Issuer: CN=gfnode2-t.zenit.ru, OU=IT Department, O="Bank ZENIT, PJSC", C=RU
  SerialNumber: [    58094fb9]

Certificate Extensions: 2
[1]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 0D 3B 46 0E 70 75 5C C4                            .;F.pu\.
]
]

[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 0D 3B 46 0E 70 75 5C C4                            .;F.pu\.
]
]

]
  Algorithm: [SHA512withRSA]
  Signature:
0000: 42 2E F3 C4 9B 46 38 81   A4 8C 18 9F 67 66 24 EC  B....F8.....gf$.
0010: 67 E5 98 08 F2 4D 77 E4   F3 EE 23 3A B8 CC 21 1F  g....Mw...#:..!.
0020: D7 98 1E C7 62 D0 C9 64   6A D4 15 7F 1F 0C 63 01  ....b..dj.....c.
0030: 23 90 77 70 33 11 14 26   CF D9 28 CB 18 5A 0D D1  #.wp3..&..(..Z..
0040: 27 54 65 4D DD 74 8D EB   F3 6A 5C D9 18 72 8A 4A  'TeM.t...j\..r.J
0050: 92 AC 27 76 85 FE 44 D9   D2 6E 18 B9 72 3E 42 A4  ..'v..D..n..r>B.
0060: 0D A6 C3 87 D3 4E D3 01   3F 01 AA BA 7D A7 FD 98  .....N..?.......
0070: 54 73 A8 1C 02 7B 79 F6   DC C6 E8 98 92 72 50 3E  Ts....y......rP>
0080: C5 A8 C6 2A 27 70 EE 37   55 11 B8 21 B2 16 6F 27  ...*'p.7U..!..o'
0090: 13 EE 08 76 C8 E4 99 BF   AF 40 7B 3F BE 8F 04 FE  ...v.....@.?....
00A0: 3E EF 48 20 9A E1 FF 43   7A EC 0D AB BE FF A5 6B  >.H ...Cz......k
00B0: C6 B8 F8 AE 81 68 46 12   DB DE B7 51 6D 40 B0 5F  .....hF....Qm@._
00C0: F4 BB CA EF 85 E1 29 40   67 D2 3F F3 07 4F 9A BA  ......)@g.?..O..
00D0: E1 65 7D 2D 8E A8 C7 A1   99 2E AA 61 20 2E 1A 15  .e.-.......a ...
00E0: C8 86 0E D8 5B EB 75 EE   09 5C 80 1A 67 DC 14 31  ....[.u..\..g..1
00F0: 26 F7 7C 8A 03 86 01 8A   81 0C ED 80 F1 A6 31 97  &.............1.

]
***
adding as trusted cert:
  Subject: CN=gfnode2-t.zenit.ru, OU=IT Department, O="Bank ZENIT, PJSC", C=RU
  Issuer:  CN=gfnode2-t.zenit.ru, OU=IT Department, O="Bank ZENIT, PJSC", C=RU
  Algorithm: RSA; Serial number: 0x58094fb9
  Valid from Fri Oct 21 02:14:01 MSK 2016 until Sun Jun 30 02:14:01 MSK 2030

adding as trusted cert:
  Subject: CN=Pavel Rybakov, OU=IT Department, O="Bank ZENIT, PJSC", C=RU
  Issuer:  CN=Pavel Rybakov, OU=IT Department, O="Bank ZENIT, PJSC", C=RU
  Algorithm: RSA; Serial number: 0x58093786
  Valid from Fri Oct 21 00:30:46 MSK 2016 until Sun Jun 30 00:30:46 MSK 2030

trigger seeding of SecureRandom
done seeding SecureRandom
2016-12-11T20:59:50.543+0300 INFO [org.apache.coyote.tomcat5.CoyoteConnector] (TestSSL-CA-sun-http-binding) PWC3982: Can
not register MBean for the Protocol
2016-12-11T20:59:50.543+0300 INFO [GRIZZLY] (TestSSL-CA-sun-http-binding) grizzlyHttpProtocol.selectorRegisterProtocol
2016-12-11T20:59:50.543+0300 INFO [GRIZZLY] (TestSSL-CA-sun-http-binding) grizzlyHttpProtocol.start
2016-12-11T20:59:50.560+0300 INFO [com.sun.xml.ws.monitoring] (TestSSL-CA-sun-http-binding) Metro monitoring rootname su
ccessfully set to: com.sun.metro:pp=/,type=WSEndpoint,name=testSslHttpService-testSslHttpPort
2016-12-11T20:59:50.606+0300 INFO [com.sun.xml.ws.monitoring] (TestSSL-CA-sun-http-binding) Metro monitoring rootname su
ccessfully set to: com.sun.metro:pp=/,type=WSEndpoint,name=testSSL_SOAPService-testSSL_SOAPPort
Using SSLEngineImpl.

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Problem with SSL in OpenESB 3.0.5 SE

David BRASSELY
Administrator
This post has NOT been accepted by the mailing list yet.
Hi Pavel,

Please share a project to reproduce your problem.

Regards,
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Problem with SSL in OpenESB 3.0.5 SE

Pavel Rybakov
This post has NOT been accepted by the mailing list yet.
Hi David,

Please find the project attached.

Best regards,

Pavel.TestSSL.zip
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Problem with SSL in OpenESB 3.0.5 SE

Pavel Rybakov
This post has NOT been accepted by the mailing list yet.
In reply to this post by David BRASSELY
Hi David,

By the way, I believe that the project does not matter because when I use URL like https://gfnode2-t.zenit.ru:9081/blah-blah-blah the result is the same.

Regards, Pavel.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Problem with SSL in OpenESB 3.0.5 SE

Akshay
This post has NOT been accepted by the mailing list yet.
Hello David,

I am also facing same issue, any inputs ?

Regards,
Akshay
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Problem with SSL in OpenESB 3.0.5 SE

Akshay
This post has NOT been accepted by the mailing list yet.
Hello Friends,

Any input on this ?

Akshay
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Problem with SSL in OpenESB 3.0.5 SE

Pavel Rybakov
This post has NOT been accepted by the mailing list yet.
In reply to this post by David BRASSELY
Hello David,

I turned on "ALL" HTTP BC logging option, got some more log records:

Using SSLEngineImpl.
2016-12-18T04:15:44.822+0300 FINER [com.sun.jbi.httpsoapbc.embedded.LinkedListThrottlePipeline] (SelectorThread-9181)Cla
ssName=com.sun.jbi.httpsoapbc.embedded.LinkedListThrottlePipeline;MethodName=addTask; addTask called with Task [com.sun.
enterprise.web.connector.grizzly.ssl.SSLAsyncReadTask@1511f1e2]

Regards,

Pavel
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Problem with SSL in OpenESB 3.0.5 SE

Akshay
This post has NOT been accepted by the mailing list yet.
It seems nobody has tried HTTPs option in Open ESB by using their default 9081 HTTPs port.

If anyone know about this issue then please let me know how to handle it. Your help will be highly appreciated.

Regards,
Akshay 

On Dec 18, 2016 6:54 AM, "Pavel Rybakov [via OpenESB Community Forum]" <[hidden email]> wrote:
Hello David,

I turned on "ALL" HTTP BC logging option, got some more log records:

Using SSLEngineImpl.
2016-12-18T04:15:44.822+0300 FINER [com.sun.jbi.httpsoapbc.embedded.LinkedListThrottlePipeline] (SelectorThread-9181)Cla
ssName=com.sun.jbi.httpsoapbc.embedded.LinkedListThrottlePipeline;MethodName=addTask; addTask called with Task [com.sun.
enterprise.web.connector.grizzly.ssl.SSLAsyncReadTask@1511f1e2]

Regards,

Pavel


If you reply to this email, your message will be added to the discussion below:
http://openesb-community-forum.794670.n2.nabble.com/Problem-with-SSL-in-OpenESB-3-0-5-SE-tp7581355p7581399.html
To unsubscribe from Problem with SSL in OpenESB 3.0.5 SE, click here.
NAML

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Problem with SSL in OpenESB 3.0.5 SE

Stefan Müller-Wilken
Well, just as I have not seen this mentioned above: are you sure you have the required policy extensions installed? See http://stackoverflow.com/a/30760134 for one of the many SO discussions around the subject. I have definitely had all OpenESB SE revisions up to 3.0.4 running under HTTPS... Cheers Stefan
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Problem with SSL in OpenESB 3.0.5 SE

Akshay
This post has NOT been accepted by the mailing list yet.
Hello Stefan,

I did installed the JCE policy extension by downloading from Oracle website specific to my Jdk which I was using it. (Jdk 1.7). After replacing those file, I am get rid of those ignoring cipher suites messages from console but when I am trying to access the application url on my browser, no response is coming.  It is just loading but no response.

Any other inputs on this ?

Regards,
Akshay
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Problem with SSL in OpenESB 3.0.5 SE

Stefan Müller-Wilken
Are you on Linux/Unix with your installation? If so, use openssl to connect to your OpenESB installation and check the results, e.g:

$ openssl s_client -host www.google.de -port 443
CONNECTED(00000004)
depth=2 /C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
 0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=google.com
   i:/C=US/O=Google Inc/CN=Google Internet
...
SSL-Session:
    Protocol  : TLSv1
    Cipher    : AES128-SHA
    Session-ID: ECC979C41B778219D74BC7B705CECD0E7532570BCC6688A7FEEEEDBD0F098BE6
    Session-ID-ctx:
    Master-Key: 1B3ADC78616958C4AC2B3381A913F60701DD9B0FADF7B7A94B7F3BCA248B675550ADCF76B611A3F90120E8DAE834947A
    Key-Arg   : None
    Start Time: 1482156460
    Timeout   : 300 (sec)
    Verify return code: 20 (unable to get local issuer certificate)
---
GET / HTTP/1.0

HTTP/1.0 302 Found
Cache-Control: private
...
</BODY></HTML>
read:errno=0
$
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Problem with SSL in OpenESB 3.0.5 SE

Akshay
This post has NOT been accepted by the mailing list yet.
Hello Stefan,

I am using windows for Open ESB and I have openssl installed on my machine. Let me try connecting the way you showed and update you.

Regards,
Akshay
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Problem with SSL in OpenESB 3.0.5 SE

Akshay
This post has NOT been accepted by the mailing list yet.
Hello Stefan,

I tried with openssl command after starting my Open ESB but i am just getting CONNECTED as output but no certificate getting loaded the way it happens while trying google host URL.

This is the output :
c:\OpenSSL\bin>openssl s_client -host 192.168.0.104:9081/newWSDLService/newWSDLPort?wsdl -port 9081

CONNECTED(0000013C)

Is it something certificate issue ?

Regards,
Akshay
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Problem with SSL in OpenESB 3.0.5 SE

Stefan Müller-Wilken
Could you please try

C:\OpenSSL\bin> openssl s_client -host 192.168.0.104 -port 9081
...
GET /newWSDLService/newWSDLPort?wsdl HTTP/1.0

What do you get?

Cheers
 Stefan
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Problem with SSL in OpenESB 3.0.5 SE

Akshay
This post has NOT been accepted by the mailing list yet.
Hello Stefan,

I tried with the requested command but still the window stays with message as CONNECTED. Nothing else is loading. When i am trying to press Ctl + C key to end the connection then I could see below output.

c:\OpenSSL\bin>openssl s_client -host 192.168.0.104 -port 9081
CONNECTED(00000148)
write:errno=10053
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 308 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : 0000
    Session-ID:
    Session-ID-ctx:
    Master-Key:
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1482157539
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Problem with SSL in OpenESB 3.0.5 SE

Stefan Müller-Wilken
Following the three dashes you should now enter

the GET /...?wsdl HTTP/1.0

and press return twice...
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Problem with SSL in OpenESB 3.0.5 SE

Akshay
This post has NOT been accepted by the mailing list yet.
Can you provide me complete command in one line, I am little confused.

Akshay
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Problem with SSL in OpenESB 3.0.5 SE

Stefan Müller-Wilken
C:\OpenSSL\bin> openssl s_client -host 192.168.0.104 -port 9081
...
---
GET /newWSDLService/newWSDLPort?wsdl HTTP/1.0


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Problem with SSL in OpenESB 3.0.5 SE

Akshay
This post has NOT been accepted by the mailing list yet.
Hello Stefan,

When I am pressing enter after the command openssl s_client -host 192.168.0.104 -port 9081, it shows CONNECTED and after that I am not able to type anything. Even though I press return nothing happens, there is no chance to type any further command after CONNECTED message.

Akshay
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Problem with SSL in OpenESB 3.0.5 SE

Stefan Müller-Wilken
Well, if you get a complete SSL handshake and three dashes in the end, it should work. But just to make sure: try it with a target known to work well and use www.google.com with port 443 and a "GET / HTTP/1.0" input. What do you get there?
123
Loading...