mina-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Niklas Therning <nik...@trillian.se>
Subject Re: trouble working with SSL
Date Fri, 11 May 2007 06:41:36 GMT
All I did was to run the org.apache.mina.example.httpserver.stream.Main
example (after setting USE_SSL=true) from within Eclipse. I'm using
Firefox 2.0 in Ubuntu Feisty. It's using the bogus certificate. I've
tried both with Sun's Java 1.5 and Java 1.6:

java version "1.5.0_11"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_11-b03)
Java HotSpot(TM) Client VM (build 1.5.0_11-b03, mixed mode, sharing)

java version "1.6.0"
Java(TM) SE Runtime Environment (build 1.6.0-b105)
Java HotSpot(TM) Client VM (build 1.6.0-b105, mixed mode, sharing)

You could also try to connect using openssl and see what it says:

openssl s_client -connect localhost:8081

Enter GET / followed by enter twice

/Niklas

Mark wrote:
> Seems like no matter what I try or do, the cipher from the SSLSession
> object
> in SSLHandler.handshake always says that the cipher is
> SSL_NULL_WITH_NULL_NULL.  I have tried using the
> BogusSSLContextFactory and
> SSLContext.getDefault() in the SSLFilter with no luck.  When I try to set
> SSL_NULL_WITH_NULL_NULL as a supported cipher in the SSLFilter, I get an
> exception stating "Unsupported ciphersuite SSL_NULL_WITH_NULL_NULL".
>
> I have tried Firefox on Linux and Windows, Internet Explorer on
> Windows and
> SeaMonkey on Linux.
>
>
> On 5/10/07, Mark <elihusmails@gmail.com> wrote:
>>
>> what version of Firefox and what cipher suites is Firefox set up to
>> accept?  I cannot get the trunk working.
>>
>> On 5/10/07, Niklas Therning < niklas@trillian.se> wrote:
>> >
>> > What version of MINA are you using? I can connect with Firefox (both
>> > SSL/no SSL) without any problems when using the current trunk (latest
>> > version from the source code repository).
>> >
>> > /Niklas
>> >
>> > Andre de C. Rodrigues wrote:
>> > > I'm not sure if the problem is only my client... I've tried using
>> the
>> > > HTTP Server mina example instead, that uses SSL too, and it didn't
>> > > work. I downloaded the example, compiled and runned the code just as
>> > > it is in the site (only fixing the outdated
>> > > " org.apache.mina.util.CharsetUtil" import) and it works with SSL
>> > > turned off, but if I set the USE_SSL = true; in the main.java
>> file, it
>> > > stops working (https://localhost:8080/ doesn't load on firefox).
>> > >
>> > > I thought it might be because the SSLContextFactory class seems to
>> > > import a bogus.cert file that doesn't exist. I created it with
>> keytool
>> > > using the
>> > >    keytool -genkey -alias bogus -keysize 512 -validity 3650 -keyalg
>> > > RSA -dname "CN=bogus.com, OU=XXX CA, O=Bogus Inc, L=Stockholm,
>> > > S=Stockholm, C=SE" -keypass boguspw -storepass boguspw -keystore
>> > > bogus.cert
>> > > command, just like the comment on SSLContextFactory class says, and
>> > > copied the file keytool generated into my src folder. It still
>> didn't
>> > > work.
>> > >
>> > > I'm somewhat new to this whole SSL thing, so I think I might be
>> doing
>> > > something terribly wrong (I can't even make the MINA example
>> work)...
>> > > does anybody have any insight on this?
>> > >
>> > > Thanks for the feedback,
>> > > Andre
>> > >
>> > > 2007/5/9, Gaston Dombiak < gaston@jivesoftware.com>:
>> > >> The "no cipher suites in common" means that there is a problem with
>> > the
>> > >> certificates. For instance, your client is probably needing RSA
>> certs
>> >
>> > >> and in your store you only have DSA certs.
>> > >>
>> > >>   -- Gato
>> > >>
>> > >>
>> > >> -----Original Message-----
>> > >> From: Andre de C. Rodrigues [mailto: andre.rodriguesv2@gmail.com]
>> > >> Sent: Wednesday, May 09, 2007 2:27 PM
>> > >> To: dev@mina.apache.org
>> > >> Subject: trouble working with SSL
>> > >>
>> > >> I'm having some trouble making the echo example with SSL enabled
>> > work.
>> > >> I'm getting an exception caused by "no cipher suites in common":
>> > >>
>> > >>
>> > >>
>> > >> javax.net.ssl.SSLHandshakeException: Initial SSL handshake failed.
>> > >>         at
>> > >>
>> org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:440)
>> > >>         at
>> > >>
>> >
>> org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageRece
>> > >> ived(AbstractIoFilterChain.java:362)
>> > >>         at
>> > >> org.apache.mina.common.support.AbstractIoFilterChain.access$1100
>> > (Abstrac
>> > >> tIoFilterChain.java:54)
>> > >>         at
>> > >>
>> >
>> org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.message
>> > >> Received(AbstractIoFilterChain.java:800)
>> > >>         at
>> > >>
>> org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilt
>> >
>> > >> er.java:247)
>> > >>         at
>> > >>
>> >
>> org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run
>> > >> (ExecutorFilter.java:307)
>> > >>         at
>> > >> java.util.concurrent.ThreadPoolExecutor$Worker.runTask (Unknown
>> > Source)
>> > >>         at
>> java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown
>> > >> Source)
>> > >>         at java.lang.Thread.run(Unknown Source)
>> > >> Caused by: javax.net.ssl.SSLHandshakeException : no cipher
>> suites in
>> > >> common
>> > >>         at com.sun.net.ssl.internal.ssl.Handshaker.checkThrown
>> > (Unknown
>> > >> Source)
>> > >>         at
>> > >> com.sun.net.ssl.internal.ssl.SSLEngineImpl.checkTaskThrown (Unknown
>> > >> Source)
>> > >>         at
>> > >> com.sun.net.ssl.internal.ssl.SSLEngineImpl.writeAppRecord(Unknown
>> > >> Source)
>> > >>         at com.sun.net.ssl.internal.ssl.SSLEngineImpl.wrap(Unknown
>> > >> Source)
>> > >>         at javax.net.ssl.SSLEngine.wrap(Unknown Source)
>> > >>         at
>> > >> org.apache.mina.filter.support.SSLHandler.handshake(SSLHandler.java
>> > :555)
>> > >>         at
>> > >> org.apache.mina.filter.support.SSLHandler.messageReceived(
>> > SSLHandler.jav
>> > >> a:330)
>> > >>         at
>> > >>
>> org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:408)
>> > >>         ... 8 more
>> > >>
>> > >>
>> > >>
>> > >>
>> > >> I've tried setting the enabled cipher suites:
>> > >> sslsocket.setEnabledCipherSuites(new String[]
>> > >> "SSL_RSA_EXPORT_WITH_RC4_40_MD5", "SSL_RSA_WITH_RC4_128_MD5"});
>> > >>
>> > >> and
>> > >>
>> > >> sslFilter.setEnabledCipherSuites(new String[] {
>> > >> "SSL_RSA_WITH_RC4_128_MD5", "SSL_RSA_WITH_RC4_128_MD5"},
>> > >>
>> > >> and then printing on System.out the
>> > >> sslFilter.getEnabledCipherSuites();  array, and both the client and
>> > >> server seem to support both ciphers. What am I doing wrong?
>> > >>
>> > >> Thanks in advance,
>> > >> Andre
>> > >>
>> > >>
>> > >>
>> > >> PS: Here's the code for my addSSLSupport() method in the server app
>> > >> and the client app:
>> > >>
>> > >>
>> > >>
>> > >> // CLIENT APLICATION
>> > >> import javax.net.ssl.SSLSocket;
>> > >> import javax.net.ssl.SSLSocketFactory;
>> > >> import java.io.*;
>> > >>
>> > >> public
>> > >> class EchoClient {
>> > >>     public
>> > >>             static
>> > >>     void
>> > >>             main(String[] arstring) {
>> > >>         try {
>> > >>             SSLSocketFactory sslsocketfactory = (SSLSocketFactory)
>> > >> SSLSocketFactory.getDefault();
>> > >>             SSLSocket sslsocket = (SSLSocket)
>> > >> sslsocketfactory.createSocket("localhost", 9999);
>> > >>                 sslsocket.setEnabledCipherSuites(new String[]
>> > >> {"SSL_RSA_EXPORT_WITH_RC4_40_MD5", "SSL_RSA_WITH_RC4_128_MD5"});
>> > >>                 String[] suported =
>> > >> sslsocket.getSupportedCipherSuites();
>> > >>
>> > >>                 System.out.println("\n\n\n\n\n\n");
>> > >>
>> > >>                 for(int i=0; i< suported.length; i++)
>> > >> System.out.println("Supported
>> > >> Cipher Suites: " + suported[i]);
>> > >>
>> > >>             InputStream inputstream = System.in ;
>> > >>             InputStreamReader inputstreamreader = new
>> > >> InputStreamReader(inputstream);
>> > >>             BufferedReader bufferedreader = new
>> > >> BufferedReader(inputstreamreader);
>> > >>
>> > >>             OutputStream outputstream =
>> sslsocket.getOutputStream();
>> > >>             OutputStreamWriter outputstreamwriter = new
>> > >> OutputStreamWriter(outputstream);
>> > >>             BufferedWriter bufferedwriter = new
>> > >> BufferedWriter(outputstreamwriter);
>> > >>
>> > >>             String string = null;
>> > >>             while ((string = bufferedreader.readLine()) != null) {
>> > >>                 bufferedwriter.write (string + '\n');
>> > >>                 bufferedwriter.flush();
>> > >>             }
>> > >>         } catch (Exception exception) {
>> > >>             exception.printStackTrace();
>> > >>         }
>> > >>     }
>> > >> }
>> > >>
>> > >>
>> > >>
>> > >>
>> > >>
>> > >> //SERVER APLICATION
>> > >>     private static void addSSLSupport( DefaultIoFilterChainBuilder
>> > chain
>> > >> )
>> > >>         throws Exception
>> > >>     {
>> > >>         SSLFilter sslFilter =
>> > >>             new SSLFilter( BogusSSLContextFactory.getInstance(
>> true )
>> > );
>> > >>             sslFilter.setEnabledCipherSuites (new String[] {
>> > >>                         "SSL_RSA_EXPORT_WITH_RC4_40_MD5",
>> > >> "SSL_RSA_WITH_RC4_128_MD5"
>> > >>                         });
>> > >>
>> > >>         String[] suported = sslFilter.getEnabledCipherSuites();
>> > >>                 System.out.println("\n\n\n\n\n\n");
>> > >>                 for(int i=0; i<suported.length; i++)
>> > >> System.out.println("Supported
>> > >> Cipher Suites: " + suported[i]);
>> > >>                 System.out.println("\n\n\n\n\n\n");
>> > >>
>> > >>
>> > >>         chain.addLast( "sslFilter", sslFilter );
>> > >>
>> > >>         System.out.println( "SSL ON" );
>> > >>     }
>> > >>
>> > >
>> >
>> >
>> > --
>> > Niklas Therning
>> > www.spamdrain.net
>> >
>> >
>>
>>
>> -- 
>> ..Cheers
>> Mark
>
>
>
>


-- 
Niklas Therning
www.spamdrain.net


Mime
View raw message