I’ve been using an iPhone sinceFebruary and over that time I have used a bunch of websites running on Oracle. Such as Grid Control, custom applications deployed on Weblogic and Oracle Application Server, etc all which work fine. I wasn’t asked to test our applications but happened to be in situations where my iPhone was quickly available.
I was kind of surprised when I was told one of our applications didn’t work properly on the iPhone or iPad. When a user tried to access the site a Safari error would pop up:
“Safari can’t open the page <website> because Safari can’t establish a secure connection to the server <website>”
We also verified the problem existed on the desktop with Safari 5.
A quick search on Google turns out a ton of hits, none of them solved the problem but provided us with some ideas to try out. We contracted our SSL certificate provider and they sent us another chain certificate and a different root certificate which they said would resolve any issues we were having Apple products.
We loaded them into Oracle Wallet manager but unfortunately that didn’t work either. Back to square one.
A coworker enabled tracing in Webcache and noticed the following in the logfile:
[17/Jun/2010:10:48:46 -0400] [warning 11904] [ecid: 104838150494,0] SSL handshake fails NZE-29048
Since it was an obvious error on the client side I was surprised to see this as a warning. It just goes to show that if your trying to troubleshoot a problem, always enable tracing.
This error led me to Metalink note:
Internet Explorer Fails To Connect To Web Cache Via SSL If SSLV2.0 Is Unchecked - NZE-29048 [ID 342626.1]
By default Webcache sets SSL_ENABLED to SSLV3_V2H which only supports SSL V2.0 and SSLV3.0 not TLSv1. In the Metalink note they did an Ethereal Sniff and found that IE tries to use TLSv1 but since by default its not supported, it can’t connect. I also found a post in the Safari forum of Apple Discussions which basically talks about the same problem.
In our staging environment I tried the fix, changing SSLENABLED in $ORACLE_HOME/webcache/webcache.xml from SSLV3_V2H to SSL, restarted Webcache and success!
What made this problem slightly more confusing to troubleshoot was that we have another environment with the same version of Webcache. We could access that application from our iPhone/iPad successfully. The only difference is in that case SSL isn’t handled by Webcache but by an SSL accelerator.
7 comments:
OMG...it works, just a little change in webcache.xml and it fixes all safari issues. Thanks
Good catch! Oracle support was clueless on this one, thanks!
Awesome! I have been blaming this on the iPad for weeks. Now I am hanging my head in shame...
No problem... This one was a little tricky to figure out. Since other mobile devices and browsers worked fine I dismissed it as a Safari issue. But i'm glad I found the problem after since more and more of our users access our websites from mobile devices.
What version of web cache did this work for you in?
pgtaviator, I am wondering the same. I tried to make this change in 10g r2 (10.1.2) and while the Webcache service comes back up after being restarted, I see no change in the osberved behavior. The document at https://docs.oracle.com/cd/B14099_19/caching.1012/b14046.pdf (page 207, CLUSTER_INV_SSL sub-element) is virtually the only mention of the original value that I can find, and the cited table implies that this version of Webcache simply does not support any version of TLS. Period. At this point, I am considering removing Webcache from the equation entirely. Who knows what other havoc doing so might wreak on the larger system...
VSCO is a highly rated iPhone camera app with a cool minimalist interface and a social twist. In addition to giving users extensive manual controls, the app allows them to also explore and find curated photographic content from a vibrant international community. More VSCO features are available via an in-app purchase.
Post a Comment