H
Harri Hohteri
Hello!
We are having the following setup:
IE6 as the client, Apache 2.0 and Tomcat + JBoss as the server. We are using
SSL + client certificate required and 128-bit encryption.
The browser access a servlet which contains references to about 20 files of
which 3 are applets with object tags and 1 is stylesheet and couple of gifs
and the rest are javascript files.
The Java Plugin used is 1.3.1 series so it uses the browsers HTTP connection
to download the jar files.
Accessing the web page works fine if done without proxy: gifs, stylesheet,
jars download all fine.
If a proxy is configured in between, things start to fail. Most of the time
the big jar files fail to download. Sometimes few gif files and the
stylesheet fail to load. Rarely one particular javascript file fails to
load.
Looking at the apache ssl_access.log one can notice that the failing request
are not secured (how to know they are failing? the browser sends a
concequent request for a class file in the jar archive):
[21/Jan/2004:10:46:47 +0200] 127.0.0.1 SSLv3 RC4-MD5 "GET
/tomcat/whitetransparent.gif HTTP/1.0" 77
[21/Jan/2004:10:46:47 +0200] 127.0.0.1 - - "GET /tomcat/hsql-wrapper.jar
HTTP/1.0" 354
[21/Jan/2004:10:46:47 +0200] 127.0.0.1 - - "GET /tomcat/SoapClient.jar
HTTP/1.0" 352
[21/Jan/2004:10:46:49 +0200] 127.0.0.1 SSLv3 RC4-MD5 "GET
/tomcat/fi/mediweb/soap/Soap.class HTTP/1.0" 788
[21/Jan/2004:10:46:51 +0200] 127.0.0.1 - - "GET
/tomcat/fi/mediweb/security/signer/SignerApplet.class HTTP/1.0" 383
[21/Jan/2004:10:46:52 +0200] 127.0.0.1 SSLv3 RC4-MD5 "GET
/tomcat/fi/mediweb/soap/Soap.class HTTP/1.0" 788
[21/Jan/2004:10:46:54 +0200] 127.0.0.1 - - "GET /tomcat/hsql/Database.class
HTTP/1.0" 357
[21/Jan/2004:10:46:57 +0200] 127.0.0.1 - - "GET
/tomcat/fi/mediweb/security/signer/SignerApplet.class HTTP/1.0" 383
At the same time in error_log which show errors of failed handshaking.
[Wed Jan 21 10:46:49 2004] [error] Re-negotiation handshake failed: Not
accepted by client!?
[Wed Jan 21 10:46:49 2004] [error] Re-negotiation handshake failed: Not
accepted by client!?
[Wed Jan 21 10:46:49 2004] [notice] child pid 25465 exit signal Segmentation
fault (11)
[Wed Jan 21 10:46:50 2004] [notice] workerEnv.init() ok
/etc/httpd2/conf/workers2.properties
[Wed Jan 21 10:46:50 2004] [notice] mod_jk child init 1 -1
[Wed Jan 21 10:46:52 2004] [notice] service.init() Found child in scoreboard
25524 1
[Wed Jan 21 10:46:52 2004] [notice] workerEnv.init() create slot epStat.1
[Wed Jan 21 10:46:52 2004] [error] Re-negotiation handshake failed: Not
accepted by client!?
[Wed Jan 21 10:46:53 2004] [notice] child pid 25524 exit signal Segmentation
fault (11)
[Wed Jan 21 10:46:54 2004] [notice] workerEnv.init() ok
/etc/httpd2/conf/workers2.properties
[Wed Jan 21 10:46:54 2004] [notice] mod_jk child init 1 -1
[Wed Jan 21 10:46:55 2004] [notice] service.init() Found child in scoreboard
25553 0
[Wed Jan 21 10:46:55 2004] [notice] workerEnv.init() create slot epStat.0
[Wed Jan 21 10:46:55 2004] [error] Re-negotiation handshake failed: Not
accepted by client!?
[Wed Jan 21 10:46:56 2004] [notice] child pid 25553 exit signal Segmentation
fault (11)
[Wed Jan 21 10:46:57 2004] [notice] workerEnv.init() ok
/etc/httpd2/conf/workers2.properties
[Wed Jan 21 10:46:57 2004] [notice] mod_jk child init 1 -1
[Wed Jan 21 10:46:59 2004] [error] Re-negotiation handshake failed: Not
accepted by client!?
[Wed Jan 21 10:46:59 2004] [notice] child pid 25582 exit signal Segmentation
fault (11)
[Wed Jan 21 10:47:00 2004] [notice] workerEnv.init() ok
/etc/httpd2/conf/workers2.properties
[Wed Jan 21 10:47:00 2004] [notice] mod_jk child init 1 -1
Just to summarize:
This does not happen if proxy is not used. This happens only if using SSL
(we are not sure if it will occur if using SSL without client certificate
required option). This happens with different proxies. This does not happen
with Mozilla.
Harri
We are having the following setup:
IE6 as the client, Apache 2.0 and Tomcat + JBoss as the server. We are using
SSL + client certificate required and 128-bit encryption.
The browser access a servlet which contains references to about 20 files of
which 3 are applets with object tags and 1 is stylesheet and couple of gifs
and the rest are javascript files.
The Java Plugin used is 1.3.1 series so it uses the browsers HTTP connection
to download the jar files.
Accessing the web page works fine if done without proxy: gifs, stylesheet,
jars download all fine.
If a proxy is configured in between, things start to fail. Most of the time
the big jar files fail to download. Sometimes few gif files and the
stylesheet fail to load. Rarely one particular javascript file fails to
load.
Looking at the apache ssl_access.log one can notice that the failing request
are not secured (how to know they are failing? the browser sends a
concequent request for a class file in the jar archive):
[21/Jan/2004:10:46:47 +0200] 127.0.0.1 SSLv3 RC4-MD5 "GET
/tomcat/whitetransparent.gif HTTP/1.0" 77
[21/Jan/2004:10:46:47 +0200] 127.0.0.1 - - "GET /tomcat/hsql-wrapper.jar
HTTP/1.0" 354
[21/Jan/2004:10:46:47 +0200] 127.0.0.1 - - "GET /tomcat/SoapClient.jar
HTTP/1.0" 352
[21/Jan/2004:10:46:49 +0200] 127.0.0.1 SSLv3 RC4-MD5 "GET
/tomcat/fi/mediweb/soap/Soap.class HTTP/1.0" 788
[21/Jan/2004:10:46:51 +0200] 127.0.0.1 - - "GET
/tomcat/fi/mediweb/security/signer/SignerApplet.class HTTP/1.0" 383
[21/Jan/2004:10:46:52 +0200] 127.0.0.1 SSLv3 RC4-MD5 "GET
/tomcat/fi/mediweb/soap/Soap.class HTTP/1.0" 788
[21/Jan/2004:10:46:54 +0200] 127.0.0.1 - - "GET /tomcat/hsql/Database.class
HTTP/1.0" 357
[21/Jan/2004:10:46:57 +0200] 127.0.0.1 - - "GET
/tomcat/fi/mediweb/security/signer/SignerApplet.class HTTP/1.0" 383
At the same time in error_log which show errors of failed handshaking.
[Wed Jan 21 10:46:49 2004] [error] Re-negotiation handshake failed: Not
accepted by client!?
[Wed Jan 21 10:46:49 2004] [error] Re-negotiation handshake failed: Not
accepted by client!?
[Wed Jan 21 10:46:49 2004] [notice] child pid 25465 exit signal Segmentation
fault (11)
[Wed Jan 21 10:46:50 2004] [notice] workerEnv.init() ok
/etc/httpd2/conf/workers2.properties
[Wed Jan 21 10:46:50 2004] [notice] mod_jk child init 1 -1
[Wed Jan 21 10:46:52 2004] [notice] service.init() Found child in scoreboard
25524 1
[Wed Jan 21 10:46:52 2004] [notice] workerEnv.init() create slot epStat.1
[Wed Jan 21 10:46:52 2004] [error] Re-negotiation handshake failed: Not
accepted by client!?
[Wed Jan 21 10:46:53 2004] [notice] child pid 25524 exit signal Segmentation
fault (11)
[Wed Jan 21 10:46:54 2004] [notice] workerEnv.init() ok
/etc/httpd2/conf/workers2.properties
[Wed Jan 21 10:46:54 2004] [notice] mod_jk child init 1 -1
[Wed Jan 21 10:46:55 2004] [notice] service.init() Found child in scoreboard
25553 0
[Wed Jan 21 10:46:55 2004] [notice] workerEnv.init() create slot epStat.0
[Wed Jan 21 10:46:55 2004] [error] Re-negotiation handshake failed: Not
accepted by client!?
[Wed Jan 21 10:46:56 2004] [notice] child pid 25553 exit signal Segmentation
fault (11)
[Wed Jan 21 10:46:57 2004] [notice] workerEnv.init() ok
/etc/httpd2/conf/workers2.properties
[Wed Jan 21 10:46:57 2004] [notice] mod_jk child init 1 -1
[Wed Jan 21 10:46:59 2004] [error] Re-negotiation handshake failed: Not
accepted by client!?
[Wed Jan 21 10:46:59 2004] [notice] child pid 25582 exit signal Segmentation
fault (11)
[Wed Jan 21 10:47:00 2004] [notice] workerEnv.init() ok
/etc/httpd2/conf/workers2.properties
[Wed Jan 21 10:47:00 2004] [notice] mod_jk child init 1 -1
Just to summarize:
This does not happen if proxy is not used. This happens only if using SSL
(we are not sure if it will occur if using SSL without client certificate
required option). This happens with different proxies. This does not happen
with Mozilla.
Harri