Just to close this thread down. This problem is caused by the latest version of openssl (1.0.0) i believe. It has to do with the encryption algorithm. A workaround for this problem is switching the keystore generated in fvconfig to DSA (maybe something other than RSA works, but I have not tested) and regenerating the keystore.
Hope this helps! Cheers. -- Ali On Sep 12, 2011, at 7:54 PM, Xu-Yang wrote: > Hi Nick, > Thanks for reply. > I'm sure that I run flowvisor. If I'm not running that, I'll get "....The > error message was: [Errno 111] Connection refused." at the opt-in manager > site instead of "tlsv1 alert internal error". > While at the flowvisor side, it got the following errors: > > ... > Sep 12, 2011 4:40:27 PM org.apache.xmlrpc.server.XmlRpcErrorLogger log > SEVERE: java.security.ProviderException: > sun.security.pkcs11.wrapper.PKCS11Exception: CKR_DOMAIN_PARAMS_INVALID > javax.net.ssl.SSLException: java.security.ProviderException: > sun.security.pkcs11.wrapper.PKCS11Exception: CKR_DOMAIN_PARAMS_INVALID > at sun.security.ssl.Alerts.getSSLException(Alerts.java:208) > at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1665) > at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1628) > at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1611) > at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1537) > at sun.security.ssl.AppInputStream.read(AppInputStream.java:105) > at java.io.BufferedInputStream.fill(BufferedInputStream.java:235) > at java.io.BufferedInputStream.read(BufferedInputStream.java:254) > at org.apache.xmlrpc.webserver.Connection.readLine(Connection.java:241) > at > org.apache.xmlrpc.webserver.Connection.getRequestConfig(Connection.java:150) > at org.apache.xmlrpc.webserver.Connection.run(Connection.java:204) > at org.apache.xmlrpc.util.ThreadPool$Poolable$1.run(ThreadPool.java:68) > Caused by: java.security.ProviderException: > sun.security.pkcs11.wrapper.PKCS11Exception: CKR_DOMAIN_PARAMS_INVALID > at > sun.security.pkcs11.P11KeyPairGenerator.generateKeyPair(P11KeyPairGenerator.java:323) > at > java.security.KeyPairGenerator$Delegate.generateKeyPair(KeyPairGenerator.java:673) > at sun.security.ssl.ECDHCrypt.<init>(ECDHCrypt.java:63) > at > sun.security.ssl.ServerHandshaker.setupEphemeralECDHKeys(ServerHandshaker.java:991) > at > sun.security.ssl.ServerHandshaker.trySetCipherSuite(ServerHandshaker.java:872) > at > sun.security.ssl.ServerHandshaker.chooseCipherSuite(ServerHandshaker.java:801) > at sun.security.ssl.ServerHandshaker.clientHello(ServerHandshaker.java:576) > at > sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:170) > at sun.security.ssl.Handshaker.processLoop(Handshaker.java:609) > at sun.security.ssl.Handshaker.process_record(Handshaker.java:545) > at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:913) > at > sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1158) > at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:773) > at sun.security.ssl.AppInputStream.read(AppInputStream.java:94) > ... 6 more > Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: > CKR_DOMAIN_PARAMS_INVALID > at sun.security.pkcs11.wrapper.PKCS11.C_GenerateKeyPair(Native Method) > at > sun.security.pkcs11.P11KeyPairGenerator.generateKeyPair(P11KeyPairGenerator.java:314) > ... 19 more > It seems to be a ssl issue, but I don't know how to fix it. > > Regards, > Xu Yang > > ------------------ Original ------------------ > From: "Nicholas Bastin"<[email protected]>; > Date: Mon, Sep 12, 2011 07:04 PM > To: "Xu-Yang"<[email protected]>; > Cc: "openflow-discuss"<[email protected]>; > Subject: Re: [openflow-discuss] Cannot set Flowvisor in Opt-in Manager > > On Mon, Sep 12, 2011 at 04:47, Xu-Yang <[email protected]> wrote: > And the problem is "The url https://localhost:8080/ could not be reached. > Check the url, username, and password. The error message was: tlsv1 alert > internal error." > > Besides, we've tried to connect to a remote flowvisor using 'fvctl > --url=https://192.168.2.100:8080/ --user=root listSlices' command. And then > got "error: java.net.ConnectException: Connection refused". I've checked the > user and password but it still can't work. > > Are you sure flowvisor is actually running? Both of these errors tend to > indicate that flowvisor is not actually started on the systems in question. > > -- > Nick > _______________________________________________ > openflow-discuss mailing list > [email protected] > https://mailman.stanford.edu/mailman/listinfo/openflow-discuss
_______________________________________________ openflow-discuss mailing list [email protected] https://mailman.stanford.edu/mailman/listinfo/openflow-discuss
