GoogleCodeExporter
commented
8 years ago
Similar to this technet post:
http://social.technet.microsoft.com/Forums/forefront/en-US/e59c702f-af5b-4d67-bf
e5-d41d854251ea/java-queries-suffixed-domains-in-dns-before-going-to-proxy?forum
=Forefrontedgegeneral
- If Kerberos succeeding would fix this, you may be able to set a krb5.ini in
the Windows directory for Java to read. I have no experience with this and
there is almost no documentation about this for clients (mostly Java Enterprise
Edition systems that use this).
https://forums.oracle.com/message/6387311
- If network permits bypassing of proxy, it can be disabled it in the Java
Control panel (assuming you network access restrictions preventing computers
from doing this)
- If the timeout is actually caused by the OCSP requests, you may have luck
with running OCSP Stapling locally.
http://en.wikipedia.org/wiki/OCSP_stapling
- A possible solution is to add exceptions for the machine's IP Address to the
company firewall. (not ideal)
- (Again) If OCSP is the cause, one could try disabling OCSP in the Advanced
tab of the Java Control panel, and/or Do Not Check revocations at all. (not
ideal)
- Is there a chance PKINIT is using Kerberos to cache OCSPs and in result is
blocking the OCSP request?
http://tools.ietf.org/html/rfc4557
- Last, a solution may be to offer a second proxy o the environment which uses
a different authentication method (and set that in the Java Proxy settings).
(or debug with fiddler, etc)
Original comment by tres.fin...@gmail.com on 12 Dec 2013 at 5:30
Original issue reported on code.google.com by
tres.fin...@gmail.comon 12 Dec 2013 at 5:29