Hi Aparna, We are using 4.3.1.
Thanks. On Mon, Oct 26, 2015 at 10:36 AM, Aparna Karunarathna <apa...@wso2.com> wrote: > Hi Kasun/Isuru, > > Currently ESB uses Apache httpclient 4.1.2, shouldn't it upgrade to newer > version? > > @Deep, Thanks for the clarification. > > Regards, > Aparna > > On Sat, Oct 24, 2015 at 11:38 AM, Deependra Ariyadewa <d...@wso2.com> > wrote: > >> Hi Aparna, >> >> This can happen when the client does not send the SNI[1][2] to the server >> side to select the proper HTTPS virtual host. In this case NGINX reverse >> proxy created in the vhost. Most of the modern browsers send SNI to server, >> therefore you will not observe this when you make the request via a modern >> browser. >> >> Most of the new Java HTTP client libraries also support SNI. As an >> example, Apache httpclient library support SNI from version 4.3.2 [3]. If >> you use a library which does not support SNI, you will get this error for >> HTTPS call going towards services hosted in virtual host environments. >> >> [1] https://en.wikipedia.org/wiki/Server_Name_Indication >> [2] https://www.ietf.org/rfc/rfc3546.txt >> [3] https://hc.apache.org/news.html >> >> On Fri, Oct 23, 2015 at 11:07 AM, Aparna Karunarathna <apa...@wso2.com> >> wrote: >> >>> Hi all, >>> >>> I have encountered a weird "hostname in certificate didn't match:" issue >>> when accessing IS dashboard. My setup details are as follows. >>> >>> *Setup Details* >>> *IS cluster* >>> - 3 nodes cluster >>> - Hostname - mgt.is.wso2.com >>> - Certificate CN - mgt.is.wso2.com >>> >>> *BPS cluster* >>> - 2 nodes cluster (manager/worker) >>> - Hostnames - Manager - mgt.bps.wso2.com / Worker - wrk.bps.wso2.com >>> - Certificate CN - *.bps.wso2.com >>> >>> * Both nodes are fronted by same Nginx plus load balancer. >>> >>> [1] >>> javax.net.ssl.SSLException: hostname in certificate didn't match: < >>> mgt.is.wso2.com> != <*.bps.wso2.com> >>> at >>> org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:238) >>> at >>> org.apache.http.conn.ssl.BrowserCompatHostnameVerifier.verify(BrowserCompatHostnameVerifier.java:54) >>> .... >>> .... >>> >>> When we check the browser cookie, it gave correct certificate. ( >>> mgt.is.wso2.com), but when we check it from java client[2] it gives the >>> bps certificate (*.bps.wso2.com) instead of IS. >>> >>> [2] >>> https://darray.wordpress.com/2015/07/12/freak-vulnerability-and-disabling-weak-export-cipher-suites-in-wso2-carbon-4-2-0-based-products/ >>> >>> What is the reason for this? Is it my config issue or Nginx issue or our >>> product issue? >>> >>> -- >>> *Regards,* >>> >>> *Aparna Karunarathna.* >>> >>> >>> *Associate Technical Lead - QAWSO2 Inc.Mobile: 0714002533 <0714002533>* >>> >> >> >> >> -- >> Deependra Ariyadewa >> WSO2, Inc. http://wso2.com/ http://wso2.org >> >> email d...@wso2.com; cell +94 71 403 5996 ; >> Blog http://risenfall.wordpress.com/ >> PGP info: KeyID: 'DC627E6F' >> >> *WSO2 - Lean . Enterprise . Middleware* >> > > > > -- > *Regards,* > > *Aparna Karunarathna.* > > > *Associate Technical Lead - QAWSO2 Inc.Mobile: 0714002533 <0714002533>* > -- *Isuru Udana* Associate Technical Lead WSO2 Inc.; http://wso2.com email: isu...@wso2.com cell: +94 77 3791887 blog: http://mytecheye.blogspot.com/
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
