mina-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andre de C. Rodrigues" <andre.rodrigue...@gmail.com>
Subject Re: trouble working with SSL
Date Thu, 10 May 2007 19:16:05 GMT
Actually, I was using the latest stable release (1.1). I just tried
using the current trunk, though, and still no success.

I've also tried using another security certificate, the one generated by:
keytool -genkey -keystore mySrvKeystore -keyalg RSA
To do this, I changed the BOGUS_KEYSTORE variable in
BogusSSLContextFactory.java to  mySrvKeystore, placed the
mySvrKeystore file in this project's src folder and changed the
BOGUS_PW array to mySrvKeystore's password.

I'm getting the same error as before: the server console throws an
exception caused by "no cipher suites in common" and firefox's error
message states that "Firefox can't connect securely to localhost
because the site uses a security protocol which isn't enabled".


Andre



2007/5/10, Mark <elihusmails@gmail.com>:
> Have you tried the code from the trunk with actual certificates?  I am
> having problems with a server cert I generated using OpenSSL.
>
> --
> ..Cheers
> Mark
>
> On 5/10/07, Niklas Therning <niklas@trillian.se> wrote:
> >
> > What version of MINA are you using? I can connect with Firefox (both
> > SSL/no SSL) without any problems when using the current trunk (latest
> > version from the source code repository).
> >
> > /Niklas
> >
> > Andre de C. Rodrigues wrote:
> > > I'm not sure if the problem is only my client... I've tried using the
> > > HTTP Server mina example instead, that uses SSL too, and it didn't
> > > work. I downloaded the example, compiled and runned the code just as
> > > it is in the site (only fixing the outdated
> > > "org.apache.mina.util.CharsetUtil" import) and it works with SSL
> > > turned off, but if I set the USE_SSL = true; in the main.java file, it
> > > stops working (https://localhost:8080/ doesn't load on firefox).
> > >
> > > I thought it might be because the SSLContextFactory class seems to
> > > import a bogus.cert file that doesn't exist. I created it with keytool
> > > using the
> > >    keytool -genkey -alias bogus -keysize 512 -validity 3650 -keyalg
> > > RSA -dname "CN=bogus.com, OU=XXX CA, O=Bogus Inc, L=Stockholm,
> > > S=Stockholm, C=SE" -keypass boguspw -storepass boguspw -keystore
> > > bogus.cert
> > > command, just like the comment on SSLContextFactory class says, and
> > > copied the file keytool generated into my src folder. It still didn't
> > > work.
> > >
> > > I'm somewhat new to this whole SSL thing, so I think I might be doing
> > > something terribly wrong (I can't even make the MINA example work)...
> > > does anybody have any insight on this?
> > >
> > > Thanks for the feedback,
> > > Andre
> > >
> > > 2007/5/9, Gaston Dombiak <gaston@jivesoftware.com>:
> > >> The "no cipher suites in common" means that there is a problem with the
> > >> certificates. For instance, your client is probably needing RSA certs
> > >> and in your store you only have DSA certs.
> > >>
> > >>   -- Gato
> > >>
> > >>
> > >> -----Original Message-----
> > >> From: Andre de C. Rodrigues [mailto:andre.rodriguesv2@gmail.com]
> > >> Sent: Wednesday, May 09, 2007 2:27 PM
> > >> To: dev@mina.apache.org
> > >> Subject: trouble working with SSL
> > >>
> > >> I'm having some trouble making the echo example with SSL enabled work.
> > >> I'm getting an exception caused by "no cipher suites in common":
> > >>
> > >>
> > >>
> > >> javax.net.ssl.SSLHandshakeException: Initial SSL handshake failed.
> > >>         at
> > >> org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:440)
> > >>         at
> > >>
> > org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageRece
> > >> ived(AbstractIoFilterChain.java:362)
> > >>         at
> > >> org.apache.mina.common.support.AbstractIoFilterChain.access$1100
> > (Abstrac
> > >> tIoFilterChain.java:54)
> > >>         at
> > >>
> > org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.message
> > >> Received(AbstractIoFilterChain.java:800)
> > >>         at
> > >> org.apache.mina.filter.executor.ExecutorFilter.processEvent
> > (ExecutorFilt
> > >> er.java:247)
> > >>         at
> > >>
> > org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run
> > >> (ExecutorFilter.java:307)
> > >>         at
> > >> java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)
> > >>         at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown
> > >> Source)
> > >>         at java.lang.Thread.run(Unknown Source)
> > >> Caused by: javax.net.ssl.SSLHandshakeException: no cipher suites in
> > >> common
> > >>         at com.sun.net.ssl.internal.ssl.Handshaker.checkThrown(Unknown
> > >> Source)
> > >>         at
> > >> com.sun.net.ssl.internal.ssl.SSLEngineImpl.checkTaskThrown(Unknown
> > >> Source)
> > >>         at
> > >> com.sun.net.ssl.internal.ssl.SSLEngineImpl.writeAppRecord(Unknown
> > >> Source)
> > >>         at com.sun.net.ssl.internal.ssl.SSLEngineImpl.wrap(Unknown
> > >> Source)
> > >>         at javax.net.ssl.SSLEngine.wrap(Unknown Source)
> > >>         at
> > >> org.apache.mina.filter.support.SSLHandler.handshake(SSLHandler.java
> > :555)
> > >>         at
> > >> org.apache.mina.filter.support.SSLHandler.messageReceived(
> > SSLHandler.jav
> > >> a:330)
> > >>         at
> > >> org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:408)
> > >>         ... 8 more
> > >>
> > >>
> > >>
> > >>
> > >> I've tried setting the enabled cipher suites:
> > >> sslsocket.setEnabledCipherSuites(new String[]
> > >> "SSL_RSA_EXPORT_WITH_RC4_40_MD5", "SSL_RSA_WITH_RC4_128_MD5"});
> > >>
> > >> and
> > >>
> > >> sslFilter.setEnabledCipherSuites(new String[] {
> > >> "SSL_RSA_WITH_RC4_128_MD5", "SSL_RSA_WITH_RC4_128_MD5"},
> > >>
> > >> and then printing on System.out the
> > >> sslFilter.getEnabledCipherSuites();  array, and both the client and
> > >> server seem to support both ciphers. What am I doing wrong?
> > >>
> > >> Thanks in advance,
> > >> Andre
> > >>
> > >>
> > >>
> > >> PS: Here's the code for my addSSLSupport() method in the server app
> > >> and the client app:
> > >>
> > >>
> > >>
> > >> // CLIENT APLICATION
> > >> import javax.net.ssl.SSLSocket;
> > >> import javax.net.ssl.SSLSocketFactory;
> > >> import java.io.*;
> > >>
> > >> public
> > >> class EchoClient {
> > >>     public
> > >>             static
> > >>     void
> > >>             main(String[] arstring) {
> > >>         try {
> > >>             SSLSocketFactory sslsocketfactory = (SSLSocketFactory)
> > >> SSLSocketFactory.getDefault();
> > >>             SSLSocket sslsocket = (SSLSocket)
> > >> sslsocketfactory.createSocket("localhost", 9999);
> > >>                 sslsocket.setEnabledCipherSuites(new String[]
> > >> {"SSL_RSA_EXPORT_WITH_RC4_40_MD5", "SSL_RSA_WITH_RC4_128_MD5"});
> > >>                 String[] suported =
> > >> sslsocket.getSupportedCipherSuites();
> > >>
> > >>                 System.out.println("\n\n\n\n\n\n");
> > >>
> > >>                 for(int i=0; i<suported.length; i++)
> > >> System.out.println("Supported
> > >> Cipher Suites: " + suported[i]);
> > >>
> > >>             InputStream inputstream = System.in;
> > >>             InputStreamReader inputstreamreader = new
> > >> InputStreamReader(inputstream);
> > >>             BufferedReader bufferedreader = new
> > >> BufferedReader(inputstreamreader);
> > >>
> > >>             OutputStream outputstream = sslsocket.getOutputStream();
> > >>             OutputStreamWriter outputstreamwriter = new
> > >> OutputStreamWriter(outputstream);
> > >>             BufferedWriter bufferedwriter = new
> > >> BufferedWriter(outputstreamwriter);
> > >>
> > >>             String string = null;
> > >>             while ((string = bufferedreader.readLine()) != null) {
> > >>                 bufferedwriter.write(string + '\n');
> > >>                 bufferedwriter.flush();
> > >>             }
> > >>         } catch (Exception exception) {
> > >>             exception.printStackTrace();
> > >>         }
> > >>     }
> > >> }
> > >>
> > >>
> > >>
> > >>
> > >>
> > >> //SERVER APLICATION
> > >>     private static void addSSLSupport( DefaultIoFilterChainBuilder
> > chain
> > >> )
> > >>         throws Exception
> > >>     {
> > >>         SSLFilter sslFilter =
> > >>             new SSLFilter( BogusSSLContextFactory.getInstance( true )
> > );
> > >>             sslFilter.setEnabledCipherSuites(new String[] {
> > >>                         "SSL_RSA_EXPORT_WITH_RC4_40_MD5",
> > >> "SSL_RSA_WITH_RC4_128_MD5"
> > >>                         });
> > >>
> > >>         String[] suported = sslFilter.getEnabledCipherSuites();
> > >>                 System.out.println("\n\n\n\n\n\n");
> > >>                 for(int i=0; i<suported.length; i++)
> > >> System.out.println("Supported
> > >> Cipher Suites: " + suported[i]);
> > >>                 System.out.println("\n\n\n\n\n\n");
> > >>
> > >>
> > >>         chain.addLast( "sslFilter", sslFilter );
> > >>
> > >>         System.out.println( "SSL ON" );
> > >>     }
> > >>
> > >
> >
> >
> > --
> > Niklas Therning
> > www.spamdrain.net
> >
> >
>

Mime
View raw message