Hi, In fact, I think you should have a look at java SSL mailing list because JSSE is java. Apache is using openssl, so you should have a look at apache ssl_error.log or ssl_engine.log. As far as I know it RC4 alogorithm does not required any IV (at DES or 3DES opposite for example) that's why you have a 'no IV for cipher' message (you do not need to derive IV from the dat-block made with pre-master secret etc.. cf SSL v3 draft).
What I do not understand, is what your apache looks into a java keystore for certificate? Tell me if I'm wrong but your apache should look into certificate file server.crt key.crt... (as detailed in apache httpd.conf file) Maybe your client is using java? That's why you have to import the server certificate un the keystore in order to be able to trust it, to accept SSL connection to the server. Hope the few info I give could help. Fred -----Message d'origine----- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de Srikrishna Kalavacharla Envoyé : mardi 22 juin 2004 23:56 À : [EMAIL PROTECTED] Objet : no IV for cipher Hi, I'm trying to configure an apache axis client over ssl. We were provided a server certificate, which I have imported into a new keystore and I'm using it with my client. It looks like the server is able to find the certificate in the client keystore and is identifying the client. However after a while it throws me the following error: *** ServerHelloDone *** Certificate chain *** JsseJCE: Using JSSE internal implementation for cipher RSA/ECB/PKCS1Padding *** ClientKeyExchange, RSA PreMasterSecret, TLSv1 Random Secret: { 3, 1, 24, 242, 151, 18, 228, 195, 58, 0, 49, 86, 179, 199, 206, 0, 16, 92, 62, 102, 142, 87, 218, 255, 49, 169, 200, 73, 240, 7, 10, 180, 224, 30, 208, 139, 25, 152, 82, 40, 183, 219, 236, 179, 73, 251, 185, 236 } main, WRITE: TLSv1 Handshake, length = 157 SESSION KEYGEN: PreMaster Secret: 0000: 03 01 18 F2 97 12 E4 C3 3A 00 31 56 B3 C7 CE 00 ........:.1V.... 0010: 10 5C 3E 66 8E 57 DA FF 31 A9 C8 49 F0 07 0A B4 .\>f.W..1..I.... 0020: E0 1E D0 8B 19 98 52 28 B7 DB EC B3 49 FB B9 EC ......R(....I... CONNECTION KEYGEN: Client Nonce: 0000: 40 D8 87 6E 63 A5 9A 1A F9 0E 0A C2 D7 0F DF C6 @..nc........... 0010: 4A 96 99 22 18 3B D7 FD C4 23 7F 36 78 DF 99 2E J..".;...#.6x... Server Nonce: 0000: 40 D8 84 8F D5 DA 0E F6 75 A8 D2 D2 4B 64 E3 00 @.......u...Kd.. 0010: B4 58 79 9A 41 7C E9 B0 30 76 20 EC A8 E9 43 02 .Xy.A...0v ...C. Master Secret: 0000: 97 91 53 62 EC 9B 2C 17 C3 52 6D 77 82 93 F8 E1 ..Sb..,..Rmw.... 0010: 1D E4 BD E6 51 AB 6E 86 02 CD 1A E3 64 E9 8C D5 ....Q.n.....d... 0020: BB 2C 6F FA 08 C7 A3 85 CB D2 1E 41 A9 07 EC F3 .,o........A.... Client MAC write Secret: 0000: E4 CF 51 64 86 85 4F FC 68 91 B0 C9 69 18 E0 20 ..Qd..O.h...i.. Server MAC write Secret: 0000: 2C 04 1D E6 36 ED 85 D2 17 39 7A 28 29 60 3A A0 ,...6....9z()`:. Client write key: 0000: 5A 60 6E 64 4B ED 6E 4D 4F 7C F5 4B 47 CF C6 31 Z`ndK.nMO..KG..1 Server write key: 0000: 94 CF 96 D0 97 46 FB 5C 43 EB 88 07 3A CC A7 0C .....F.\C...:... ... no IV for cipher main, WRITE: TLSv1 Change Cipher Spec, length = 17 JsseJCE: Using JSSE internal implementation for cipher RC4 *** Finished verify_data: { 148, 19, 181, 235, 164, 123, 252, 64, 197, 126, 162, 6 } *** main, WRITE: TLSv1 Handshake, length = 32 main, READ: TLSv1 Alert, length = 18 main, RECV TLSv1 ALERT: fatal, handshake_failure %% Invalidated: [Session-1, SSL_RSA_WITH_RC4_128_MD5] main, called closeSocket() main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure what does "no IV for cipher" means and how can I solve this? A.H.A.(any help appreciated) srikrishna _________________________________________________________________ >From 'will you?' to 'I do,' MSN Life Events is your resource for Getting Married. http://lifeevents.msn.com/category.aspx?cid=married ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]