> > > > >>>>> I have a soap client using python ZSI, the other end is oracle soa > > > > >>>>> 10.1.3.1.0 all works fine since some months. The last week oracle soa > > > > >>>>> was configured to accept client certificate authentication over https. > > > > >>>>> If I try to use the standard python httplib.HTTPSConnection library it > > > > >>>>> fails with the infamous "bad record mac" error and so also ZSI that use > > > > >>>>> httplib. Other java tools such as soapui works just fine with oracle > > > > >>>>> soa. > > > > >>>>> > > > > >>>>> Can squid do the hard work for me in the following configuration? > > > > >>>>> > > > > >>>>> ZSI soap client -> squid proxy over http -> oracle soa https > > > > >>>>> > > > > >>>>> however squid could be authenticate to oracle soa loading the cert file > > > > >>>>> and the cert key from a local file. > > > > >>>>> > > > > >>>>> So I would like to send my soap request to squid over http and squid > > > > >>>>> could connect to oracle soa over https presenting its own client > > > > >>>>> certificate (not send from my application but load from local file). > > > > >>>>> > > > > >>>>> Is this configuration possible? [...] > > With oracle soa I have the following error: > > > > fwdNegotiateSSL: Error negotiating SSL connection on FD 15: > > error:140943FC:SSL routines:SSL3_READ_BYTES:sslv3 alert bad record mac > > (1/0/0) On 03.02.09 12:21, Mailing List SVR wrote: > Solved, I have to force squid to use ssl version 2 only and now works > fine, SSL2 is unsecure. Did you tru forcing tls1 or ssl3? -- Matus UHLAR - fantomas, uhlar@xxxxxxxxxxx ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I wonder how much deeper the ocean would be without sponges.
