 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Java Forum / General / June 2007https problem, should I go back to 1.3?
I am having trouble posting data via https: I am attempting to log into remote sites with a user/password. I can get the login page vis https: with jre 1.5 or 1.6. In deed it looks like the jre is doing the handshakes and decryption. But when I construct the post, it fails. 1. I did check the cookies and set those to the values returned on the log in page (Do these get encrypted?) 2. I wrote a servlet to display the cookies and post data. They look correct. (I downloaded the login in page, changed the https reference to http://localhost:8080/ etc. This actually test any javaScript on the page.) I have read various comments on the web from 2001, 2002, 2003 saying that java version 1.3 uses the browser to manage the https process. Does any one have an idea how to disable the JSSE stuff in jre 1.5 or 1.6 so that I can test that old procedure? Any ideas on comparing the browser https exchange and comparing in to the jsse transmissions? Could the remote site be detecting the transmission from jre and saying "I don't like communicate with java, I will disable the post!" Doing the transaction via the browser is OK. How is the posted data encrypted? Do I actually need a local certificate? The browser does not seem to need anything special. ___________ I is especially had to diagnose something which is encrypted! Thanks for any suggestions Garrett > But when I construct the post, it fails. Fails *how*? > I have read various comments on the web from 2001, 2002, 2003 saying that > java version > 1.3 uses the browser to manage the https process. Java 1.3 had the JSSE package for SSL, and it was folded into 1.4. What they may have meant was that Java 1.3 running in a browser might use the browser's SSL if JSSE wasn't present. > Does any one have an idea how to disable the JSSE stuff in jre 1.5 or 1.6 so > that I can test that > old procedure? There's no advantage in going back to that even if you could. > Any ideas on comparing the browser https exchange and comparing in to the > jsse transmissions? Why? What actual problem are you having? If the handshake succeeded, JSSE or SSL is not the culprit here. > Could the remote site be detecting the transmission from jre and saying "I > don't like communicate > with java, I will disable the post!" Doing the transaction via the browser > is OK. It could be deciding that based on the User-agent heading in HTTP. Again this is nothing to do with SSL. > How is the posted data encrypted? By SSL depending on the negotiated cipher suite. > Do I actually need a local certificate? > The browser does not > seem to need anything special. If the server asks for a certificate and you don't have one the handshake will fail. If the handshake succeeds, the certificate isn't the problem. > I is especially had to diagnose something which is encrypted! Not really. If the handshake succeeds you can get the plaintext. If it fails you need to trace the handshake and find out why. Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.