You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@mina.apache.org by parki <pa...@avaning.com> on 2007/11/10 04:45:30 UTC

Help with getting https running

Hi!

I just put together a really basic HTTP server on top of mina, and it works
great - http://localhost:1234 is serving up a really dumb static page. I'd
like to get SSL working, to test out https from the browser (we're building
a hardware device which will talk https to the server I'm implementing on
mina). So, grabbed the BogusSSLContextFactory and BogusTrustManagerFactory
(and the two factories) from the echoserver example. So in my code:

SSLFilter sslFilter = new
SSLFilter(BogusSSLContextFactory.getInstance(true));
chain.addLast("sslFilter", sslFilter);

Now, when I surf to the server (https://localhost:1234) and exception gets
thrown.

I'm probably missing something basic, as my networking chops are not great.

If anyone can help out, it would be appreciated.

Programming a simple HTTP server in mina was a breeze - very cool.

Cheers,

parki...


The stack trace is below:

ERROR 22:40:42:776 Exception thrown executing
'com.avaning.communicator.engine.HttpEngine@69c6f2.webReadSocketState'.
{engine.standard.StateRunnable.run}
  Trace java.lang.reflect.InvocationTargetException:
    sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
   
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
   
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    java.lang.reflect.Method.invoke(Method.java:585)
>>> com.whatevernot.engine.standard.StateRunnable.run(StateRunnable.java:56)
   
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:650)
   
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:675)
    java.lang.Thread.run(Thread.java:613)
  Message: SSL handshake failed.
  Nested exception trace javax.net.ssl.SSLHandshakeException:
    org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:416)
   
org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:299)
   
org.apache.mina.common.support.AbstractIoFilterChain.access$1100(AbstractIoFilterChain.java:53)
   
org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:648)
   
org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilter.java:220)
   
org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(ExecutorFilter.java:264)
   
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:650)
   
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:675)
   
org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:51)
    java.lang.Thread.run(Thread.java:613)
  Message: no cipher suites in common
  Nested exception trace javax.net.ssl.SSLHandshakeException:
    com.sun.net.ssl.internal.ssl.Handshaker.checkThrown(Handshaker.java:994)
...
   
org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:51)
    java.lang.Thread.run(Thread.java:613)
  Message: no cipher suites in common
  Nested exception trace javax.net.ssl.SSLHandshakeException:
    com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
   
com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1356)
...
   
org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:51)
    java.lang.Thread.run(Thread.java:613)




-- 
View this message in context: http://www.nabble.com/Help-with-getting-https-running-tf4781472s16868.html#a13679052
Sent from the Apache MINA Support Forum mailing list archive at Nabble.com.

Re: Help with getting https running

Posted by parki <pa...@avaning.com>.

Hi Trustin:

Thanks for the reply. I'm a bit outta my league when it comes to the SSL
stuff - never done much security, so enjoying this part of the learning
curve. But unable to make a connection between Safari (web browser) and this
little test app.

Here's the setup code:

IoAcceptor acceptor = new SocketAcceptor();
IoAcceptorConfig config = new SocketAcceptorConfig();
DefaultIoFilterChainBuilder chain = config.getFilterChain();
chain.addFirst("sslFilter",  new
SSLFilter(BogusSSLContextFactory.getInstance(true)));
acceptor.bind(new InetSocketAddress(port_), new HttpHandler(engine),
config);

The HttpHandlerEngine is my *basic* HTTP server handler, which works great
in non-SSL mode (ie. comment out the "chain.addFirst" line above). The guts
of the stack trace are below.

I don't really know what to do with the message "no cipher suites in
common".

Is there something I need to set up in the web browser?

Any help is appreciated.

Cheers,

parki...

--- x8 snip


Nov 12, 2007 1:27:50 PM class com.avaning.communicator.HttpHandler
processStreamIo
INFO: At start of method :
org.apache.mina.handler.support.IoSessionInputStream
Nov 12, 2007 1:27:50 PM class com.avaning.communicator.HttpHandler
processStreamIo
INFO: At end of method.
Nov 12, 2007 1:27:51 PM class com.whatevernot.engine.standard.StateRunnable
run
WARNING: Exception thrown executing
'com.avaning.communicator.engine.HttpEngine@6489f0.webReadSocketState'.
java.lang.reflect.InvocationTargetException
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
	at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
	at java.lang.reflect.Method.invoke(Method.java:585)
	at com.whatevernot.engine.standard.StateRunnable.run(StateRunnable.java:56)
	at
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:650)
	at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:675)
	at java.lang.Thread.run(Thread.java:613)
Caused by: javax.net.ssl.SSLHandshakeException: SSL handshake failed.
	at org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:416)
	at
org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:299)
	at
org.apache.mina.common.support.AbstractIoFilterChain.access$1100(AbstractIoFilterChain.java:53)
	at
org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:648)
	at
org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilter.java:220)
	at
org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(ExecutorFilter.java:264)
	at
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:650)
	at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:675)
	at
org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:51)
	... 1 more
Caused by: javax.net.ssl.SSLHandshakeException: no cipher suites in common
	at com.sun.net.ssl.internal.ssl.Handshaker.checkThrown(Handshaker.java:994)
	at
com.sun.net.ssl.internal.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:459)
	at
com.sun.net.ssl.internal.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1058)
	at com.sun.net.ssl.internal.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1030)
	at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:411)
	at org.apache.mina.filter.support.SSLHandler.handshake(SSLHandler.java:514)
	at
org.apache.mina.filter.support.SSLHandler.messageReceived(SSLHandler.java:306)
	at org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:392)
	... 9 more
Caused by: javax.net.ssl.SSLHandshakeException: no cipher suites in common
	at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
	at
com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1356)
	at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:176)
	at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:164)
	at
com.sun.net.ssl.internal.ssl.ServerHandshaker.chooseCipherSuite(ServerHandshaker.java:639)
	at
com.sun.net.ssl.internal.ssl.ServerHandshaker.clientHello(ServerHandshaker.java:450)
	at
com.sun.net.ssl.internal.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:178)
	at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
	at com.sun.net.ssl.internal.ssl.Handshaker$1.run(Handshaker.java:437)
	at java.security.AccessController.doPrivileged(Native Method)
	at
com.sun.net.ssl.internal.ssl.Handshaker$DelegatedTask.run(Handshaker.java:932)
	at org.apache.mina.filter.support.SSLHandler.doTasks(SSLHandler.java:685)
	at org.apache.mina.filter.support.SSLHandler.handshake(SSLHandler.java:486)
	... 11 more
^Ccommunicator: 


-- 
View this message in context: http://www.nabble.com/Help-with-getting-https-running-tf4781472s16868.html#a13711275
Sent from the Apache MINA Support Forum mailing list archive at Nabble.com.

Re: Help with getting https running

Posted by Trustin Lee <tr...@gmail.com>.

Hi Parki,

On Nov 10, 2007 12:45 PM, parki <pa...@avaning.com> wrote:
> I just put together a really basic HTTP server on top of mina, and it works
> great - http://localhost:1234 is serving up a really dumb static page. I'd
> like to get SSL working, to test out https from the browser (we're building
> a hardware device which will talk https to the server I'm implementing on
> mina). So, grabbed the BogusSSLContextFactory and BogusTrustManagerFactory
> (and the two factories) from the echoserver example. So in my code:
>
> SSLFilter sslFilter = new
> SSLFilter(BogusSSLContextFactory.getInstance(true));
> chain.addLast("sslFilter", sslFilter);
>
> Now, when I surf to the server (https://localhost:1234) and exception gets
> thrown.

The cause might be your browser is not accepting the bogus
certificate.  Otherwise, please make sure you added the SslFilter
*before* any other filter.  I actually modified the httpserver example
and it works fine with my browser after adding localhost to the
exception list.

> Programming a simple HTTP server in mina was a breeze - very cool.

Great!  If you find any inconvenience, please let us know.  We have
active community and want to fix all inconveniences and oddities users
encounter.

Cheers,
Trustin
-- 
what we call human nature is actually human habit
--
http://gleamynode.net/
--
PGP Key ID: 0x0255ECA6

Re: Help with getting https running

Posted by Trustin Lee <tr...@gmail.com>.

Hi Parki,

On Nov 13, 2007 7:34 AM, parki <pa...@avaning.com> wrote:
>
> One further question:
>
> Once the SSL stuff gets figured out, I have one more issue with respect to
> long running connections - we want to use a long running connection over
> HTTPS, and send/receive messages asynchronously. In other words, the client
> is not always initiating the request (although it will initiate the
> connection at the start) so we can push data in either direction. We own the
> client and server, so we intend to use the client-initiated HTTPS connection
> as a two way chat.
>
> I am currently using a StreamIoHandler to handle the connection, but the
> problem now is that there will be one thread per socket connection, unless I
> layer NIO stuff on top of this and use a selector instead of blocking on
> read or polling.
>
> I'm happy to do that, but it seems that I might be missing something here -
> there may be a mina-centric way of doing something like this.

You could take a look at the AsyncWeb in our sandbox
(http://svn.apache.org/repos/asf/mina/sandbox/asyncweb) or refer to
the simpler HTTP server example at
org.apache.mina.example.httpserver.codec.  These don't use
StreamIoHandler so one thread can handle multiple connections, which
means optimal resource consumption.

> I hope this makes sense - in a nutshell, we want HTTPS connection initiated
> from the client (to get out through the firewall) and then set up a
> long-running connection and push encrypted data back and forth.

Yes, it makes a lot of sense, and that's why other web application
servers are trying to add similar features.

HTH,
Trustin
-- 
what we call human nature is actually human habit
--
http://gleamynode.net/
--
PGP Key ID: 0x0255ECA6

Re: Help with getting https running

Posted by parki <pa...@avaning.com>.

One further question:

Once the SSL stuff gets figured out, I have one more issue with respect to
long running connections - we want to use a long running connection over
HTTPS, and send/receive messages asynchronously. In other words, the client
is not always initiating the request (although it will initiate the
connection at the start) so we can push data in either direction. We own the
client and server, so we intend to use the client-initiated HTTPS connection
as a two way chat.

I am currently using a StreamIoHandler to handle the connection, but the
problem now is that there will be one thread per socket connection, unless I
layer NIO stuff on top of this and use a selector instead of blocking on
read or polling.

I'm happy to do that, but it seems that I might be missing something here -
there may be a mina-centric way of doing something like this. 

I hope this makes sense - in a nutshell, we want HTTPS connection initiated
from the client (to get out through the firewall) and then set up a
long-running connection and push encrypted data back and forth.

Any help/guidance, as always, appreciated muchly.

Thanks.

parki...


-- 
View this message in context: http://www.nabble.com/Help-with-getting-https-running-tf4781472s16868.html#a13715818
Sent from the Apache MINA Support Forum mailing list archive at Nabble.com.