|
From: | Martin Egholm Nielsen |
Subject: | Re: [Jessie-discuss] Jessie 1.0.1 not working with Internet Explorer |
Date: | Wed, 19 Oct 2005 08:54:19 +0200 |
User-agent: | Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.6) Gecko/20050319 |
Hi Casey,
Now, everything seemed just fine - until I tried connecting to my Jessie-server with IE... It just rejects immediately, giving a standard "The page cannot be displayed"-page suggesting this and that...Mozilla and Opera works fine, however...
Yeah, but if they're 'static final,' the compiler can optimize away the debug statements. ;-)Setting 'SSLSocket.DEBUG_HANDSHAKE_LAYER' and 'SSLSocket.DEBUG_KEY_EXCHANGE' to 'true' and recompiling will produce some debug output that might prove useful (posting the output of a run with these enabled may reveal something to me, if I can't get a chance to try this out myself).Here it goes (if you hadn't made them final, I could have changed through reflection :-))
Right!
I think the problem is that Jessie is set up by default to emit empty records (this is a countermeasure against (theoretical?) attacks against the way SSL uses the CBC block cipher mode). This makes IE on OSX crash, at least. I'm pretty sure that IE is one of the browsers with such a broken SSL stack that it doesn't support this edge case.Try this: Security.setProperty ("jessie.emit.empty.records", "false"); I can (sometimes) get IE to connect to jessie with that set.
That works! Great! But I'm a little worried about the "(sometimes)" you write... :-) Hopefully it should work all the time... Thx, Martin
[Prev in Thread] | Current Thread | [Next in Thread] |