Article delegate-en <_A3526@delegate-en.ML_>
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[delegate-en/3526]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: DeleGate with SSL encryption for a MSSQL
05 Oct 2006 03:50:25 GMT "Jae Hwang" <pyugqbdyi.ml@ml.delegate.org>



Hi, Yutaka,

The suggested args (both STLS and FCL with -dv) have been tried, and the
related logs are shown below.

thanks,
Jae

-----------


(1) delegated.exe -P11433 SERVER="tcprelay://localhost:1433" STLS=fcl
-vd

10/04 23:21:14.30 [7456] 1+1: SSL_isrecord? 8 [12  1  0 29  0]
10/04 23:21:14.30 [7456] 1+1: # SSL record head[12  1  0 29  0] SSL2
8?/4612
10/04 23:21:14.30 [7456] 1+1: isinSSL ? [12] from client
10/04 23:21:14.30 [7456] 1+1: ERROR: SSL/cl is not detected


(2) delegated.exe -P11433 SERVER="tcprelay://localhost:1433" FCL=sslway
-vd

10/04 23:16:41.51 [2816] 1+0: #### newRoute[USERIDENT] 0/16
10/04 23:16:41.51 [2816] 1+0: [0] USERIDENT=://:0-_-{}:{}
10/04 23:16:41.51 [2816] 1+0: -- SockHost: [127.0.0.1] localhost:11433
10/04 23:16:41.51 [2816] 1+0: [FCL] callFilter2: 29=1 30=1 sslway
10/04 23:16:41.51 [2816] 1+0: TCP_NODELAY[33] 0 -> 1
10/04 23:16:41.51 [2816] 1+0: TCP_NODELAY[34] 0 -> 1
10/04 23:16:41.51 [2816] 1+0: ## SSLway loadSession 0.000000 (0 0) / -1
10/04 23:16:41.55 [2816] 1+0: ## SSLway accept failed
10/04 23:16:41.55 [2816] 1+0: ## SSLway SSL-ERRCODE: 140760FC^M
2816:error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown
protocol:::
10/04 23:16:41.55 [2816] 1+0: builtin-SSLway: ssl_acc() failed
10/04 23:16:41.61 [7164] 1+1: relays[0]: [27->EOF] 0(0i+0o)
10/04 23:16:41.61 [7164] 1+1: relays[0]: [27->28] 0 bytes / 1 -> 0
10/04 23:16:41.61 [7164] 1+1: relays[1]: [28->27] 0 bytes / 0 -> 0


(3) Client Info:

A client utilizes a JAVA JDBC driver (jTDS:
http://jtds.sourceforge.net/) with an option forcing SSL. When this
jTDS/SSL communicates directly to MSSQL/SSL, it actually works fine.  I
was trying to move this encryption works to DeleGate, and let MSSQL
operate in a normal mode.  The Java stacktrace also shows that it fails
a SSL-handshake when the client tries to communicate with DeleGate.

Caused by: java.net.SocketException: Connection reset 	at 
....    
   net.sourceforge.jtds.jdbc.TdsCore.negotiateSSL(TdsCore.java:532)





"Yutaka Sato" <feedback@delegate.org> wrote in message
news:<_A3522@delegate-en.ML_>...
> Hi,
> 
> In message <_A3520@delegate-en.ML_> on 10/05/06(04:31:17)
> you "Jae Hwang" <pxygqbdyi-tguqzg65cjyw.ml@delegate.org> wrote:
>  |Just curious if it is possible to estblish a SSL-encrypted
connection between a MSSQL client and the DeleGate, and a normal
connection between the DeleGate and a MSSQL server.
>  |
>  |I have tried:
>  |
>  |delegated -P1433 SERVER=tcprelay://sqlserver:1433 STLS="fcl"
>  |
>  |(all cert/key pem files are properly installed on the server, and
works fine for other protocol such as https..)
>  |
>  |but unfortunately, I have been unable to establish a conneciton.
The log shows:
>  |
>  |10/04 15:01:11.34 [840] 1+1: isinSSL ? [12] from client
>  |10/04 15:01:11.34 [840] 1+1: ERROR: SSL/cl is not detected
> 
> The problem is whether or not the client is talking in SSL.  If the
client
> is talking in SSL, the problem is what "[12]", 0x12, sent from the
client
> means.  It is not a SSLv3 packet, but it can be a SSLv2 packet.
> 
> BTW, which version of DeleGate are you using?
> Just recently (in 9.2.5-pre9) I refined the detection of SSLv3 packet
on
> the client-side connection.  With it or later versions, and given
"-vd"
> option, DeleGate logs the head part of a SSL packet as follows:
> 
>   10/05 08:32:19.28 [8569] 1+1: SSL_isrecord? 2 [ 12 XX XX XX XX ]
> 
> Seeing this information in your case will helpful to see what is the
> problem.  If your client is talking in SSL, FCL="sslway" instead of
> STLS="fcl" will be useful to escape the problem.
> 
> Cheers,
> Yutaka
> --
>   9 9   Yutaka Sato <pfqcabdyi-tguqzg65cjyw.ml@delegate.org>
http://delegate.org/y.sato/
>  ( ~ )  National Institute of Advanced Industrial Science and
Technology
> _<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
> Do the more with the less -- B. Fuller
> 

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V