Wesley De Keirsmaeker from

We are having troubles with sending a 'large' SOAP request to one of our sources over SSL. When we send the same request, but with less data in it, it works without any problems. The small file is 10kb, the larger file is 30kb. The SOAP requests are send from OSB (11.1.1.4) in Weblogic (10.3.4).

Our source has checked what happens in their proxy and they see that the proxy waits for a part of the message, but never receives it:

[14/Sep/2016:11:04:56 +0200] [someurl.something.com/sid#7fcdebef0ae8][rid#7fcdebe080a0][/cxf/someServiceService-01-01][4] Input filter: Reading request body.
[14/Sep/2016:11:04:56 +0200] [someurl.something.com/sid#7fcdebef0ae8][rid#7fcdebe080a0][/cxf/someServiceService-01-01][9] Input filter: Bucket type HEAP contains 1 bytes.
[14/Sep/2016:11:04:56 +0200] [someurl.something.com/sid#7fcdebef0ae8][rid#7fcdebe080a0][/cxf/someServiceService-01-01][9] Input filter: Bucket type HEAP contains 8000 bytes.
[14/Sep/2016:11:04:56 +0200] [someurl.something.com/sid#7fcdebef0ae8][rid#7fcdebe080a0][/cxf/someServiceService-01-01][9] Input filter: Bucket type HEAP contains 192 bytes.
[14/Sep/2016:11:04:56 +0200] [someurl.something.com/sid#7fcdebef0ae8][rid#7fcdebe080a0][/cxf/someServiceService-01-01][9] Input filter: Bucket type HEAP contains 534 bytes.
[14/Sep/2016:11:04:56 +0200] [someurl.something.com/sid#7fcdebef0ae8][rid#7fcdebe080a0][/cxf/someServiceService-01-01][9] Input filter: Bucket type HEAP contains 7376 bytes.
[14/Sep/2016:11:05:38 +0200] [someurl.something.com/sid#7fcdebef0ae8][rid#7fcdebe080a0][/cxf/someServiceService-01-01][4] Error reading request body: The timeout specified has expired

We have HTTP dump on our server and from the logging I can see that the SSL handshaking is ok, we start sending our message, but it stops before it's completly done.

Padded plaintext before ENCRYPTION:  len = 328
0000: 50 4F 53 54 20 2F 63 78   00 00 00 00 00 00 00 00  POST /cxf/
0010: 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  some
0020: 53 65 72 76 69 63 65 2D   30 31 2D 30 31 20 48 54  Service-01-01 HT
0030: 54 50 2F 31 2E 31 0D 0A   43 6F 6E 74 65 6E 74 2D  TP/1.1..Content-
0040: 54 79 70 65 3A 20 74 65   78 74 2F 78 6D 6C 3B 20  Type: text/xml; 
0050: 63 68 61 72 73 65 74 3D   75 74 66 2D 38 0D 0A 53  charset=utf-8..S
0060: 4F 41 50 41 63 74 69 6F   6E 3A 20 22 42 65 77 61  OAPAction: "
0070: 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  someAction"..
0080: 55 73 65 72 2D 41 67 65   6E 74 3A 20 4A 61 76 61  User-Agent: Java
0090: 31 2E 36 2E 30 5F 33 31   0D 0A 48 6F 73 74 3A 20  1.6.0_31..Host: 
00A0: 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  some.host
00B0: 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  
00C0: 6E 65 74 2E 62 65 0D 0A   41 63 63 65 70 74 3A 20  ..Accept: 
00D0: 74 65 78 74 2F 68 74 6D   6C 2C 20 69 6D 61 67 65  text/html, image
00E0: 2F 67 69 66 2C 20 69 6D   61 67 65 2F 6A 70 65 67  /gif, image/jpeg
00F0: 2C 20 2A 2F 2A 3B 20 71   3D 2E 32 0D 0A 43 6F 6E  , */*; q=.2..Con
0100: 6E 65 63 74 69 6F 6E 3A   20 4B 65 65 70 2D 41 6C  nection: Keep-Al
0110: 69 76 65 0D 0A 43 6F 6E   74 65 6E 74 2D 4C 65 6E  ive..Content-Len
0120: 67 74 68 3A 20 34 32 35   39 36 0D 0A 0D 0A CB F2  gth: 42596......
0130: DB 39 D1 16 D4 4C D3 05   BB 08 3C 2B A0 1E 39 BF  .9...L....<+..9.
0140: A9 15 05 05 05 05 05 05                            ........

Padded plaintext before ENCRYPTION:  len = 16128
0000: 3F 78 6D 6C 20 76 65 72   73 69 6F 6E 3D 22 31 2E  ?xml version="1.
0010: 30 22 20 65 6E 63 6F 64   69 6E 67 3D 22 55 54 46  0" encoding="UTF
0020: 2D 38 22 3F 3E 0A 3C 73   6F 61 70 65 6E 76 3A 45  -8"?>.<soapenv:E
0030: 6E 76 65 6C 6F 70 65 20   78 6D 6C 6E 73 3A 73 6F  nvelope xmlns:so
0040: 61 70 65 6E 76 3D 22 68   74 74 70 3A 2F 2F 73 63  apenv="http://sc
... and so forth

This ends before I've seen the complete SOAP request pass through. And we receive:

Padded plaintext after DECRYPTION:  len = 328
0000: 48 54 54 50 2F 31 2E 31   20 34 30 30 20 42 61 64  HTTP/1.1 400 Bad
0010: 20 52 65 71 75 65 73 74   0D 0A 44 61 74 65 3A 20   Request..Date: 
0020: 4D 6F 6E 2C 20 31 30 20   4F 63 74 20 32 30 31 36  Mon, 10 Oct 2016
0030: 20 30 37 3A 35 32 3A 30   37 20 47 4D 54 0D 0A 53   07:52:07 GMT..S
0040: 65 72 76 65 72 3A 20 41   70 61 63 68 65 0D 0A 53  erver: Apache..S
0050: 74 72 69 63 74 2D 54 72   61 6E 73 70 6F 72 74 2D  trict-Transport-
0060: 53 65 63 75 72 69 74 79   3A 20 6D 61 78 2D 61 67  Security: max-ag
0070: 65 3D 33 31 35 33 36 30   30 30 3B 20 69 6E 63 6C  e=31536000; incl
0080: 75 64 65 53 75 62 44 6F   6D 61 69 6E 73 0D 0A 4C  udeSubDomains..L
0090: 61 73 74 2D 4D 6F 64 69   66 69 65 64 3A 20 54 75  ast-Modified: Tu
00A0: 65 2C 20 30 33 20 4D 61   72 20 32 30 31 35 20 31  e, 03 Mar 2015 1
00B0: 32 3A 32 35 3A 32 31 20   47 4D 54 0D 0A 45 54 61  2:25:21 GMT..ETa
00C0: 67 3A 20 22 62 65 38 2D   35 31 30 36 31 36 64 61  g: "be8-510616da
00D0: 38 63 62 31 64 22 0D 0A   41 63 63 65 70 74 2D 52  8cb1d"..Accept-R
00E0: 61 6E 67 65 73 3A 20 62   79 74 65 73 0D 0A 43 6F  anges: bytes..Co
00F0: 6E 74 65 6E 74 2D 4C 65   6E 67 74 68 3A 20 33 30  ntent-Length: 30
0100: 34 38 0D 0A 43 6F 6E 6E   65 63 74 69 6F 6E 3A 20  48..Connection: 
0110: 63 6C 6F 73 65 0D 0A 43   6F 6E 74 65 6E 74 2D 54  close..Content-T
0120: 79 70 65 3A 20 74 65 78   74 2F 68 74 6D 6C 0D 0A  ype: text/html..
0130: 0D 0A 7E 01 14 86 D8 1F   DA 05 97 49 26 2B 2F 65  ...........I&+/e
0140: DB 5E ED 05 F2 AA 01 01                            .^......

Our server team has already tried increasing the timeouts in weblogic under Servers - Protocols - HTTP by a factor of 10, but with no success.

Increasing any possible timeout settings in OSB didn't help.

We are pretty sure it is a Weblogic (maybe OSB) issue as sending the larger request from the same server with curl doesn't give any problems.

Our Development environment does NOT have this issue. The problem is, we currently have an upgraded Weblogic (10.3.6)/OSB (11.1.1.7) installed there for an upcoming upgrade of the software on other environments. Same configuration though.

Any insight on what could be going wrong or what we could try would be helpfull. Let me know if you need any additional information.

answered 7 days ago JulieTovit #

This message is posted here using XRumer + XEvil 4.0 XEvil 4.0 is a revolutionary application that can bypass almost any anti-botnet protection. Captcha Recognition Google (ReCaptcha-1, ReCaptcha-2), Facebook, Yandex, VKontakte, Captcha Com and over 8.4 million other types! You read this - it means it works! ;) Details on the official website of XEvil.Net, there is a free demo version.


Leave a answer: