Hi Jamie, We have observed that the same OpenSSL handshake details are working for the CXF 4.0.0 version as well. This led us to believe that this area might not be the cause of the issue related to self-signed certificates.
Given this observation, we did not initially suspect this aspect as a potential root cause. However, we are open to exploring other areas that could contribute to the issue. Do you have any suggestions or other areas of suspicion that we should investigate? Thank you for your guidance and support. Best Regards, Lakshmi. -----Original Message----- From: Jamie G. <jamie.goody...@gmail.com> Sent: Friday, January 3, 2025 5:48 PM To: dev@cxf.apache.org Subject: Re: [EXTERNAL] - Re: Assistance Required: Intermittent SSL Communication Issue Between CXF Versions 4.0.0 and 4.0.5 CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. If you feel that the email is suspicious, please report it using PhishAlarm. Reading the OpenSSL output provided, the line "verify error:num=18:self-signed certificate" indicates an issue here. Can you run the OpenSSL verify as per this SO thread: https://urldefense.com/v3/__https://stackoverflow.com/questions/19726138/openssl-error-18-at-0-depth-lookupself-signed-certificate__;!!Obbck6kTJA!YEDrN99vyU2v7LyoSfhHtQFqrOnIQRkcSk6xPz8SI-EeiIIog7F_b84o8fAyyNSi9qhDJPBCye1xjh47hlI1Dr2ONCM$ openssl verify -CAfile ca-cert.pem server-cert.pem client-cert.pem This may be an issue with the self signed cert construction (also ensure your local OpenSSL is up to date). --Jamie On Fri, Jan 3, 2025 at 7:40 AM Sivanagalakshmi Bandreddy <sbandre...@opentext.com.invalid> wrote: > > Hi Team, > > As suggested in below mail we tried with CXF 4.0.4 and issue still persists. > > He are the details : > JVM Vendor: Eclipse Adoptium > JVM Version: 17.0.10 > OS Name: Windows Server 2022 > OS Version: 10.0 > OS Architecture: amd64 > > To check SSL Handshake details used open ssl connect: openssl > s_client -connect <hostname>:<port> Below data it gave verify > error:num=18:self-signed certificate verify return:1 > depth=0 ST=CA, C=US, O=OpenText, OU=admin@localhost, > CN=mdd-newwin.lab.opentext.com verify return:1 > 40320000:error:0A000126:SSL routines::unexpected eof while > reading:ssl/record/rec_layer_s3.c:687: > > Attaching CXF call stack during failure by enabling > -Djavax.net.debug=all > > Please help us if you can get any insights on this issue. > > Thanks, > Lakshmi. > > -----Original Message----- > From: Jamie G. <jamie.goody...@gmail.com> > Sent: Thursday, January 2, 2025 6:35 PM > To: dev@cxf.apache.org > Subject: [EXTERNAL] - Re: Assistance Required: Intermittent SSL > Communication Issue Between CXF Versions 4.0.0 and 4.0.5 > > CAUTION: This email originated from outside of the organization. Do not click > links or open attachments unless you recognize the sender and know the > content is safe. If you feel that the email is suspicious, please report it > using PhishAlarm. > > > In CXF 4.0.5 we updated a few test certs - this was in respect to IBM Semeru > & RedHat JDKs: > https://urldefense.com/v3/__https://issues.apache.org/jira/secure/Rele > aseNote.jspa?projectId=12310511&version=12354390__;!!Obbck6kTJA!dV5pTf > SnIXBDxuHz-4gZb7VQpfsh6cl876Qkxx4cUGIJyAYRvjUwUOrqxQSmMl_RNno7Vw-jKteB > GpnseGAbhx2a3pI$ > > These should not have caused any particular issues for regular runtime. You > can test with CXF 4.0.4 to rule out those cert updates. > > Getting zero content I'd be looking into if the Hand Shake completed. > Which JVM Vendor/Version/ISA/OS is in use here? > > On the command line pass in the following parameters: > -Djavax.net.debug=all > > This will output a lot of tracing data, etc.
