Skip to Main Content
Forums

Integration

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

[OSB] "SSL renegotiation" issue during HTTPS web service invocation

872531Aug 8 2011 — edited Dec 14 2011
Hi all,

I have to call a third party web service and during the invocation, the server "renegotiates"[1] the ssl connection. I know that it is a security vulnerability but the owners of the web service cannot make any change (or they don't want, I'm not sure) on their systems.

I have done some test in the past with this web service and a plain Java client and I could connect with this web services adding the property "-Dsun.security.ssl.allowUnsafeRenegotiation=true" to the JVM in wich my web service client runs, so I have tried do something similar in the OSB:
- I have added this property to the OSB (modifing the start script)
- I have selected the SSL configuration option "Use JSSE SSL".
After do that, when I invoke my proxy service I get this error[2] but I can see nothing in the logs.

I have enabled the "SSL debug" [3] but I cannot see errors during the SSL handshake.

My questions are:

Is possible "do the trick" to allow ssl renegotiation in the OSB?

Where should I look to see the stacktrace associated with the NPE?

Any tip or hint is welcome,

Thanks in advance,

Agus

[1] http://www.sslshopper.com/article-ssl-and-tls-renegotiation-vulnerability-discovered.html

[2]<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Body>
<soapenv:Fault>
<faultcode>soapenv:Server</faultcode>
<faultstring>BEA-380000: General runtime error: java.lang.NullPointerException</faultstring>
<detail>
<con:fault xmlns:con="http://www.bea.com/wli/sb/context">
<con:errorCode>BEA-380000</con:errorCode>
<con:reason>General runtime error: java.lang.NullPointerException</con:reason>
<con:location>
<con:node>RouteNode1</con:node>
<con:path>request-pipeline</con:path>
</con:location>
</con:fault>
</detail>
</soapenv:Fault>
</soapenv:Body>
</soapenv:Envelope>

[3]
####<Aug 5, 2011 9:47:56 AM CEST> <Debug> <SecuritySSL> <orasoadev.tecsisa.com> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <1312530476735> <BEA-000000> <weblogic user specified trustmanager validation status 0>
####<Aug 5, 2011 9:47:56 AM CEST> <Debug> <SecuritySSL> <orasoadev.tecsisa.com> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <1312530476735> <BEA-000000> <SSLTrustValidator returns: 0>
####<Aug 5, 2011 9:47:56 AM CEST> <Debug> <SecuritySSL> <orasoadev.tecsisa.com> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <1312530476735> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE: No trust failure, validateErr=0.>
####<Aug 5, 2011 9:47:56 AM CEST> <Debug> <SecuritySSL> <orasoadev.tecsisa.com> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <1312530476735> <BEA-000000> <Performing hostname validation checks: www.mysite.com>
####<Aug 5, 2011 9:47:56 AM CEST> <Debug> <SecuritySSL> <orasoadev.tecsisa.com> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <1312530476736> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE: Successfully completed post-handshake processing.>
####<Aug 5, 2011 9:47:56 AM CEST> <Debug> <SecuritySSL> <orasoadev.tecsisa.com> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <1312530476737> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE: SSLEngine.wrap(ByteBuffer,ByteBuffer) called: result=Status = OK HandshakeStatus = NOT_HANDSHAKING
bytesConsumed = 293 bytesProduced = 314.>
####<Aug 5, 2011 9:47:56 AM CEST> <Debug> <SecuritySSL> <orasoadev.tecsisa.com> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <1312530476740> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE: SSLEngine.wrap(ByteBuffer,ByteBuffer) called: result=Status = OK HandshakeStatus = NOT_HANDSHAKING
bytesConsumed = 245 bytesProduced = 266.>
####<Aug 5, 2011 9:47:56 AM CEST> <Debug> <SecuritySSL> <orasoadev.tecsisa.com> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <1312530476741> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE: SSLEngine.wrap(ByteBuffer,ByteBuffer) called: result=Status = OK HandshakeStatus = NOT_HANDSHAKING
bytesConsumed = 8 bytesProduced = 29.>
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Jan 11 2012
Added on Aug 8 2011
#osb, #soa-process-management, #soa-suite-discusssions, #ssl
7 comments
8,319 views