> > > > >>>>> I have a soap client using python ZSI, the other end is oracle soa
> > > > >>>>> 10.1.3.1.0 all works fine since some months. The last week oracle soa
> > > > >>>>> was configured to accept client certificate authentication over https.
> > > > >>>>> If I try to use the standard python httplib.HTTPSConnection library it
> > > > >>>>> fails with the infamous "bad record mac" error and so also ZSI that use
> > > > >>>>> httplib. Other java tools such as soapui works just fine with oracle
> > > > >>>>> soa.
> > > > >>>>>
> > > > >>>>> Can squid do the hard work for me in the following configuration?
> > > > >>>>>
> > > > >>>>> ZSI soap client -> squid proxy over http -> oracle soa https
> > > > >>>>>
> > > > >>>>> however squid could be authenticate to oracle soa loading the cert file
> > > > >>>>> and the cert key from a local file.
> > > > >>>>>
> > > > >>>>> So I would like to send my soap request to squid over http and squid
> > > > >>>>> could connect to oracle soa over https presenting its own client
> > > > >>>>> certificate (not send from my application but load from local file).
> > > > >>>>>
> > > > >>>>> Is this configuration possible?
[...]
> > With oracle soa I have the following error:
> >
> > fwdNegotiateSSL: Error negotiating SSL connection on FD 15:
> > error:140943FC:SSL routines:SSL3_READ_BYTES:sslv3 alert bad record mac
> > (1/0/0)
On 03.02.09 12:21, Mailing List SVR wrote:
> Solved, I have to force squid to use ssl version 2 only and now works
> fine,
SSL2 is unsecure. Did you tru forcing tls1 or ssl3?
-- Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I wonder how much deeper the ocean would be without sponges.Received on Tue Feb 03 2009 - 16:20:55 MST
This archive was generated by hypermail 2.2.0 : Wed Feb 04 2009 - 12:00:01 MST