i am not able to run my web application on HTTPS port (secure port through SSL) although it run fine on normal HTTP port. Environment used to run web application is as- GNU Classpath ver 0.98 JamVm ver 1.53 Jetty 1.6.8 Linux Debian based IE and mozilla browser keystore- type GKR Crypto and SSL implementation- in GNU Classpath ver 0.98 Basically i got multiple issues while trying to run application on HTTPS ports, some of them i was able to resolve after debugging GNU classpath source code. Problems faced by me are described below- Problem # 1 ---------------------- -Server socket listening on HTTPS port (8443 in our case) not responding to requests coming from browser. After analysis, i have found that SSL server socket has been listening on HTTPS port 8443 and accepting initial request coming from browser for connection and creating SSL client socket in response. but after this there is no response from SSL client socket created earlier. It seem that no input stream is open to the client socket to read data coming from browser. I think above issue is coming due to some bug in the SSLSocketImpl class under gnu.javax.net.ssl.provider package. In constructor of this class,a new Socket is created (i do not know why??) which is stored in underlyingSocket variable of SSLSocketImpl class. All requests of read and write is then delegated to member variable underlyingSocket. I think after copying new socket reference to underlyingSocket variable, this socket(underlyingSocket) is not connected to same native socket which is created in response of initial request from browser therefore SSL client socket is not responding to the browser request. I have fixed this issue by not setting underlyingSocket variable to new Socket and adding check for null at all places where underlyingSocket is refereed. I have diverted all calls on underlyingSocket to super class of SSLSocketImpl. Please confirm whether is this a bug in the SSLSocketImpl class or have i done something wrong? Problem # 2 ----------------------- SSL handshake starts working but IllegalArgumentException exception is coming from setLength API in Record class under gnu.javax.net.ssl.provider package. i think length check (between 0 and 16384 (2^14)) on SSL record is not correct. As per SSL RFC, length of final SSL record after encryption and compression may exceed by 2048 bytes. I have fixed this issue by changing maximum length to 17408. Please confirm is this the bug in the Record class? Problem # 3 ------------------------ In decrypt API of InputSecurityParameters class under gnu.javax.net.ssl.provider package, sometimes length calculated for padding in case of block cipher is more then size of SSL record/fragment resulting in IllegalArgumentException. I have seen this issue only with Internet explorer browser. At line # 173 in this class, IllegalArgumentException comes on calling positing API of ByteBuffer due to passing negative index. else if (record.version().compareTo(ProtocolVersion.TLS_1) >= 0) { // In TLSv1 and later, the padding must be `padlen' copies of the // value `padlen'. byte[] pad = new byte[padlen]; //IllegalArgumentException comes at below line ((ByteBuffer) fragment.duplicate().position(record.length() - padlen - 1)).get(pad); for (int i = 0; i < pad.length; i++) if ((pad[i] & 0xFF) != padlen) badPadding = true; if (Debug.DEBUG) logger.logv(Component.SSL_RECORD_LAYER, "TLSv1.x padding\n{0}", new ByteArray(pad)); } To resolve this issue, time being i have put safe check of positive index before the line where exception is coming. Now even after resolving all above mentioned issues, sometimes bad certificate or not valid signature error is coming on browser on opening pages using HTTPS. I have to provide HTTPS support and now i am really stuck. please guide me in resolving SSL related issues. -- View this message in context: http://www.nabble.com/Does-SSL--works-at-all-in-classpath-version-0.98-----tp24515738p24515738.html Sent from the Gnu - Classpath - General mailing list archive at Nabble.com.