You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@mina.apache.org by "Andre de C. Rodrigues" <an...@gmail.com> on 2007/05/09 23:27:26 UTC
trouble working with SSL
I'm having some trouble making the echo example with SSL enabled work.
I'm getting an exception caused by "no cipher suites in common":
javax.net.ssl.SSLHandshakeException: Initial SSL handshake failed.
at org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:440)
at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:362)
at org.apache.mina.common.support.AbstractIoFilterChain.access$1100(AbstractIoFilterChain.java:54)
at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:800)
at org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilter.java:247)
at org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(ExecutorFilter.java:307)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: javax.net.ssl.SSLHandshakeException: no cipher suites in common
at com.sun.net.ssl.internal.ssl.Handshaker.checkThrown(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.checkTaskThrown(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.writeAppRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.wrap(Unknown Source)
at javax.net.ssl.SSLEngine.wrap(Unknown Source)
at org.apache.mina.filter.support.SSLHandler.handshake(SSLHandler.java:555)
at org.apache.mina.filter.support.SSLHandler.messageReceived(SSLHandler.java:330)
at org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:408)
... 8 more
I've tried setting the enabled cipher suites:
sslsocket.setEnabledCipherSuites(new String[]
"SSL_RSA_EXPORT_WITH_RC4_40_MD5", "SSL_RSA_WITH_RC4_128_MD5"});
and
sslFilter.setEnabledCipherSuites(new String[] {
"SSL_RSA_WITH_RC4_128_MD5", "SSL_RSA_WITH_RC4_128_MD5"},
and then printing on System.out the
sslFilter.getEnabledCipherSuites(); array, and both the client and
server seem to support both ciphers. What am I doing wrong?
Thanks in advance,
Andre
PS: Here's the code for my addSSLSupport() method in the server app
and the client app:
// CLIENT APLICATION
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import java.io.*;
public
class EchoClient {
public
static
void
main(String[] arstring) {
try {
SSLSocketFactory sslsocketfactory = (SSLSocketFactory)
SSLSocketFactory.getDefault();
SSLSocket sslsocket = (SSLSocket)
sslsocketfactory.createSocket("localhost", 9999);
sslsocket.setEnabledCipherSuites(new String[]
{"SSL_RSA_EXPORT_WITH_RC4_40_MD5", "SSL_RSA_WITH_RC4_128_MD5"});
String[] suported = sslsocket.getSupportedCipherSuites();
System.out.println("\n\n\n\n\n\n");
for(int i=0; i<suported.length; i++) System.out.println("Supported
Cipher Suites: " + suported[i]);
InputStream inputstream = System.in;
InputStreamReader inputstreamreader = new
InputStreamReader(inputstream);
BufferedReader bufferedreader = new
BufferedReader(inputstreamreader);
OutputStream outputstream = sslsocket.getOutputStream();
OutputStreamWriter outputstreamwriter = new
OutputStreamWriter(outputstream);
BufferedWriter bufferedwriter = new
BufferedWriter(outputstreamwriter);
String string = null;
while ((string = bufferedreader.readLine()) != null) {
bufferedwriter.write(string + '\n');
bufferedwriter.flush();
}
} catch (Exception exception) {
exception.printStackTrace();
}
}
}
//SERVER APLICATION
private static void addSSLSupport( DefaultIoFilterChainBuilder chain )
throws Exception
{
SSLFilter sslFilter =
new SSLFilter( BogusSSLContextFactory.getInstance( true ) );
sslFilter.setEnabledCipherSuites(new String[] {
"SSL_RSA_EXPORT_WITH_RC4_40_MD5", "SSL_RSA_WITH_RC4_128_MD5"
});
String[] suported = sslFilter.getEnabledCipherSuites();
System.out.println("\n\n\n\n\n\n");
for(int i=0; i<suported.length; i++) System.out.println("Supported
Cipher Suites: " + suported[i]);
System.out.println("\n\n\n\n\n\n");
chain.addLast( "sslFilter", sslFilter );
System.out.println( "SSL ON" );
}
Re: trouble working with SSL
Posted by Mark Webb <el...@gmail.com>.
finally. I tried and tried to get the BogusSSLContextFactory class to work
as is, but could not. I had to change it to a FileInputStream. Glad to
finally get this working...
--
..Cheers
Mark
On 5/11/07, Mark Webb <el...@gmail.com> wrote:
>
> no. That still does not work. Also, I am using the Http Stream server
> and testing with Firefox in Linux.
>
> --
> ..Cheers
> Mark
>
> On 5/11/07, Andre de C. Rodrigues <an...@gmail.com> wrote:
> >
> > Have you tried adding the lines I did in my first question? Namely the
> > line:
> > sslFilter.setEnabledCipherSuites(new String[] {
> > "SSL_RSA_WITH_RC4_128_MD5", "SSL_RSA_WITH_RC4_128_MD5"};
> >
> > Maybe that'll work.
> >
> > 2007/5/11, Mark Webb <el...@gmail.com>:
> > > Class.getResourceAsStream(String) loads a file from the
> > classpath. Unless
> > > you are creating your own classloaders, you should be fine just
> > placing the
> > > directory that contains the bogus.cert file in your classpath.
> > >
> > > BTW, placing the bogus.cert file in my classpath still gives me "no
> > cipher
> > > suites in common" error messages. Not that I was surprised that this
> > > problem still exists, Its that I am still stuck.
> > >
> > > --
> > > ..Cheers
> > > Mark
> > >
> > > On 5/11/07, Andre de C. Rodrigues <andre.rodriguesv2@gmail.com >
> > wrote:
> > > >
> > > > I've just made it work... it seems that the problem was that the
> > > > bogus.cert file was not in the correct location.
> > > >
> > > > In the SSLContextFactory.java I have changed the line:
> > > > in = BogusSSLContextFactory.class.getResourceAsStream(
> > > > BOGUS_KEYSTORE );
> > > > to
> > > > in = new java.io.FileInputStream( BOGUS_KEYSTORE );
> > > >
> > > > When I tried to run the app, I got a file not found exception. I
> > > > placed the bogus.cert file in my project root folder (instead of my
> > > > src folder) and it worked!
> > > >
> > > > I tried changing the line back to what it was while keeping the
> > > > bogus.cert in my project root folder, but that didn't work either...
> > > > is there a correct location for bogus.cert when using the original
> > > > code?
> > > >
> > > > Thanks for all the feedback,
> > > > Andre
> > > >
> > >
> >
>
>
Re: trouble working with SSL
Posted by Mark Webb <el...@gmail.com>.
no. That still does not work. Also, I am using the Http Stream server and
testing with Firefox in Linux.
--
..Cheers
Mark
On 5/11/07, Andre de C. Rodrigues <an...@gmail.com> wrote:
>
> Have you tried adding the lines I did in my first question? Namely the
> line:
> sslFilter.setEnabledCipherSuites(new String[] {
> "SSL_RSA_WITH_RC4_128_MD5", "SSL_RSA_WITH_RC4_128_MD5"};
>
> Maybe that'll work.
>
> 2007/5/11, Mark Webb <el...@gmail.com>:
> > Class.getResourceAsStream(String) loads a file from the
> classpath. Unless
> > you are creating your own classloaders, you should be fine just placing
> the
> > directory that contains the bogus.cert file in your classpath.
> >
> > BTW, placing the bogus.cert file in my classpath still gives me "no
> cipher
> > suites in common" error messages. Not that I was surprised that this
> > problem still exists, Its that I am still stuck.
> >
> > --
> > ..Cheers
> > Mark
> >
> > On 5/11/07, Andre de C. Rodrigues <an...@gmail.com> wrote:
> > >
> > > I've just made it work... it seems that the problem was that the
> > > bogus.cert file was not in the correct location.
> > >
> > > In the SSLContextFactory.java I have changed the line:
> > > in = BogusSSLContextFactory.class.getResourceAsStream(
> > > BOGUS_KEYSTORE );
> > > to
> > > in = new java.io.FileInputStream( BOGUS_KEYSTORE );
> > >
> > > When I tried to run the app, I got a file not found exception. I
> > > placed the bogus.cert file in my project root folder (instead of my
> > > src folder) and it worked!
> > >
> > > I tried changing the line back to what it was while keeping the
> > > bogus.cert in my project root folder, but that didn't work either...
> > > is there a correct location for bogus.cert when using the original
> > > code?
> > >
> > > Thanks for all the feedback,
> > > Andre
> > >
> >
>
Re: trouble working with SSL
Posted by "Andre de C. Rodrigues" <an...@gmail.com>.
Have you tried adding the lines I did in my first question? Namely the line:
sslFilter.setEnabledCipherSuites(new String[] {
"SSL_RSA_WITH_RC4_128_MD5", "SSL_RSA_WITH_RC4_128_MD5"};
Maybe that'll work.
2007/5/11, Mark Webb <el...@gmail.com>:
> Class.getResourceAsStream(String) loads a file from the classpath. Unless
> you are creating your own classloaders, you should be fine just placing the
> directory that contains the bogus.cert file in your classpath.
>
> BTW, placing the bogus.cert file in my classpath still gives me "no cipher
> suites in common" error messages. Not that I was surprised that this
> problem still exists, Its that I am still stuck.
>
> --
> ..Cheers
> Mark
>
> On 5/11/07, Andre de C. Rodrigues <an...@gmail.com> wrote:
> >
> > I've just made it work... it seems that the problem was that the
> > bogus.cert file was not in the correct location.
> >
> > In the SSLContextFactory.java I have changed the line:
> > in = BogusSSLContextFactory.class.getResourceAsStream(
> > BOGUS_KEYSTORE );
> > to
> > in = new java.io.FileInputStream( BOGUS_KEYSTORE );
> >
> > When I tried to run the app, I got a file not found exception. I
> > placed the bogus.cert file in my project root folder (instead of my
> > src folder) and it worked!
> >
> > I tried changing the line back to what it was while keeping the
> > bogus.cert in my project root folder, but that didn't work either...
> > is there a correct location for bogus.cert when using the original
> > code?
> >
> > Thanks for all the feedback,
> > Andre
> >
>
Re: trouble working with SSL
Posted by Mark Webb <el...@gmail.com>.
Class.getResourceAsStream(String) loads a file from the classpath. Unless
you are creating your own classloaders, you should be fine just placing the
directory that contains the bogus.cert file in your classpath.
BTW, placing the bogus.cert file in my classpath still gives me "no cipher
suites in common" error messages. Not that I was surprised that this
problem still exists, Its that I am still stuck.
--
..Cheers
Mark
On 5/11/07, Andre de C. Rodrigues <an...@gmail.com> wrote:
>
> I've just made it work... it seems that the problem was that the
> bogus.cert file was not in the correct location.
>
> In the SSLContextFactory.java I have changed the line:
> in = BogusSSLContextFactory.class.getResourceAsStream(
> BOGUS_KEYSTORE );
> to
> in = new java.io.FileInputStream( BOGUS_KEYSTORE );
>
> When I tried to run the app, I got a file not found exception. I
> placed the bogus.cert file in my project root folder (instead of my
> src folder) and it worked!
>
> I tried changing the line back to what it was while keeping the
> bogus.cert in my project root folder, but that didn't work either...
> is there a correct location for bogus.cert when using the original
> code?
>
> Thanks for all the feedback,
> Andre
>
Re: trouble working with SSL
Posted by "Andre de C. Rodrigues" <an...@gmail.com>.
I've just made it work... it seems that the problem was that the
bogus.cert file was not in the correct location.
In the SSLContextFactory.java I have changed the line:
in = BogusSSLContextFactory.class.getResourceAsStream(
BOGUS_KEYSTORE );
to
in = new java.io.FileInputStream( BOGUS_KEYSTORE );
When I tried to run the app, I got a file not found exception. I
placed the bogus.cert file in my project root folder (instead of my
src folder) and it worked!
I tried changing the line back to what it was while keeping the
bogus.cert in my project root folder, but that didn't work either...
is there a correct location for bogus.cert when using the original
code?
Thanks for all the feedback,
Andre
Re: trouble working with SSL
Posted by Vinod Panicker <vi...@gmail.com>.
I have a feeling this is due to the high-strength ciphers not being
available, but I may be wrong. Can't recollect but I guess Sun
provides a download for the same.
Re: trouble working with SSL
Posted by Niklas Therning <ni...@trillian.se>.
All I did was to run the org.apache.mina.example.httpserver.stream.Main
example (after setting USE_SSL=true) from within Eclipse. I'm using
Firefox 2.0 in Ubuntu Feisty. It's using the bogus certificate. I've
tried both with Sun's Java 1.5 and Java 1.6:
java version "1.5.0_11"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_11-b03)
Java HotSpot(TM) Client VM (build 1.5.0_11-b03, mixed mode, sharing)
java version "1.6.0"
Java(TM) SE Runtime Environment (build 1.6.0-b105)
Java HotSpot(TM) Client VM (build 1.6.0-b105, mixed mode, sharing)
You could also try to connect using openssl and see what it says:
openssl s_client -connect localhost:8081
Enter GET / followed by enter twice
/Niklas
Mark wrote:
> Seems like no matter what I try or do, the cipher from the SSLSession
> object
> in SSLHandler.handshake always says that the cipher is
> SSL_NULL_WITH_NULL_NULL. I have tried using the
> BogusSSLContextFactory and
> SSLContext.getDefault() in the SSLFilter with no luck. When I try to set
> SSL_NULL_WITH_NULL_NULL as a supported cipher in the SSLFilter, I get an
> exception stating "Unsupported ciphersuite SSL_NULL_WITH_NULL_NULL".
>
> I have tried Firefox on Linux and Windows, Internet Explorer on
> Windows and
> SeaMonkey on Linux.
>
>
> On 5/10/07, Mark <el...@gmail.com> wrote:
>>
>> what version of Firefox and what cipher suites is Firefox set up to
>> accept? I cannot get the trunk working.
>>
>> On 5/10/07, Niklas Therning < niklas@trillian.se> wrote:
>> >
>> > What version of MINA are you using? I can connect with Firefox (both
>> > SSL/no SSL) without any problems when using the current trunk (latest
>> > version from the source code repository).
>> >
>> > /Niklas
>> >
>> > Andre de C. Rodrigues wrote:
>> > > I'm not sure if the problem is only my client... I've tried using
>> the
>> > > HTTP Server mina example instead, that uses SSL too, and it didn't
>> > > work. I downloaded the example, compiled and runned the code just as
>> > > it is in the site (only fixing the outdated
>> > > " org.apache.mina.util.CharsetUtil" import) and it works with SSL
>> > > turned off, but if I set the USE_SSL = true; in the main.java
>> file, it
>> > > stops working (https://localhost:8080/ doesn't load on firefox).
>> > >
>> > > I thought it might be because the SSLContextFactory class seems to
>> > > import a bogus.cert file that doesn't exist. I created it with
>> keytool
>> > > using the
>> > > keytool -genkey -alias bogus -keysize 512 -validity 3650 -keyalg
>> > > RSA -dname "CN=bogus.com, OU=XXX CA, O=Bogus Inc, L=Stockholm,
>> > > S=Stockholm, C=SE" -keypass boguspw -storepass boguspw -keystore
>> > > bogus.cert
>> > > command, just like the comment on SSLContextFactory class says, and
>> > > copied the file keytool generated into my src folder. It still
>> didn't
>> > > work.
>> > >
>> > > I'm somewhat new to this whole SSL thing, so I think I might be
>> doing
>> > > something terribly wrong (I can't even make the MINA example
>> work)...
>> > > does anybody have any insight on this?
>> > >
>> > > Thanks for the feedback,
>> > > Andre
>> > >
>> > > 2007/5/9, Gaston Dombiak < gaston@jivesoftware.com>:
>> > >> The "no cipher suites in common" means that there is a problem with
>> > the
>> > >> certificates. For instance, your client is probably needing RSA
>> certs
>> >
>> > >> and in your store you only have DSA certs.
>> > >>
>> > >> -- Gato
>> > >>
>> > >>
>> > >> -----Original Message-----
>> > >> From: Andre de C. Rodrigues [mailto: andre.rodriguesv2@gmail.com]
>> > >> Sent: Wednesday, May 09, 2007 2:27 PM
>> > >> To: dev@mina.apache.org
>> > >> Subject: trouble working with SSL
>> > >>
>> > >> I'm having some trouble making the echo example with SSL enabled
>> > work.
>> > >> I'm getting an exception caused by "no cipher suites in common":
>> > >>
>> > >>
>> > >>
>> > >> javax.net.ssl.SSLHandshakeException: Initial SSL handshake failed.
>> > >> at
>> > >>
>> org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:440)
>> > >> at
>> > >>
>> >
>> org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageRece
>> > >> ived(AbstractIoFilterChain.java:362)
>> > >> at
>> > >> org.apache.mina.common.support.AbstractIoFilterChain.access$1100
>> > (Abstrac
>> > >> tIoFilterChain.java:54)
>> > >> at
>> > >>
>> >
>> org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.message
>> > >> Received(AbstractIoFilterChain.java:800)
>> > >> at
>> > >>
>> org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilt
>> >
>> > >> er.java:247)
>> > >> at
>> > >>
>> >
>> org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run
>> > >> (ExecutorFilter.java:307)
>> > >> at
>> > >> java.util.concurrent.ThreadPoolExecutor$Worker.runTask (Unknown
>> > Source)
>> > >> at
>> java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown
>> > >> Source)
>> > >> at java.lang.Thread.run(Unknown Source)
>> > >> Caused by: javax.net.ssl.SSLHandshakeException : no cipher
>> suites in
>> > >> common
>> > >> at com.sun.net.ssl.internal.ssl.Handshaker.checkThrown
>> > (Unknown
>> > >> Source)
>> > >> at
>> > >> com.sun.net.ssl.internal.ssl.SSLEngineImpl.checkTaskThrown (Unknown
>> > >> Source)
>> > >> at
>> > >> com.sun.net.ssl.internal.ssl.SSLEngineImpl.writeAppRecord(Unknown
>> > >> Source)
>> > >> at com.sun.net.ssl.internal.ssl.SSLEngineImpl.wrap(Unknown
>> > >> Source)
>> > >> at javax.net.ssl.SSLEngine.wrap(Unknown Source)
>> > >> at
>> > >> org.apache.mina.filter.support.SSLHandler.handshake(SSLHandler.java
>> > :555)
>> > >> at
>> > >> org.apache.mina.filter.support.SSLHandler.messageReceived(
>> > SSLHandler.jav
>> > >> a:330)
>> > >> at
>> > >>
>> org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:408)
>> > >> ... 8 more
>> > >>
>> > >>
>> > >>
>> > >>
>> > >> I've tried setting the enabled cipher suites:
>> > >> sslsocket.setEnabledCipherSuites(new String[]
>> > >> "SSL_RSA_EXPORT_WITH_RC4_40_MD5", "SSL_RSA_WITH_RC4_128_MD5"});
>> > >>
>> > >> and
>> > >>
>> > >> sslFilter.setEnabledCipherSuites(new String[] {
>> > >> "SSL_RSA_WITH_RC4_128_MD5", "SSL_RSA_WITH_RC4_128_MD5"},
>> > >>
>> > >> and then printing on System.out the
>> > >> sslFilter.getEnabledCipherSuites(); array, and both the client and
>> > >> server seem to support both ciphers. What am I doing wrong?
>> > >>
>> > >> Thanks in advance,
>> > >> Andre
>> > >>
>> > >>
>> > >>
>> > >> PS: Here's the code for my addSSLSupport() method in the server app
>> > >> and the client app:
>> > >>
>> > >>
>> > >>
>> > >> // CLIENT APLICATION
>> > >> import javax.net.ssl.SSLSocket;
>> > >> import javax.net.ssl.SSLSocketFactory;
>> > >> import java.io.*;
>> > >>
>> > >> public
>> > >> class EchoClient {
>> > >> public
>> > >> static
>> > >> void
>> > >> main(String[] arstring) {
>> > >> try {
>> > >> SSLSocketFactory sslsocketfactory = (SSLSocketFactory)
>> > >> SSLSocketFactory.getDefault();
>> > >> SSLSocket sslsocket = (SSLSocket)
>> > >> sslsocketfactory.createSocket("localhost", 9999);
>> > >> sslsocket.setEnabledCipherSuites(new String[]
>> > >> {"SSL_RSA_EXPORT_WITH_RC4_40_MD5", "SSL_RSA_WITH_RC4_128_MD5"});
>> > >> String[] suported =
>> > >> sslsocket.getSupportedCipherSuites();
>> > >>
>> > >> System.out.println("\n\n\n\n\n\n");
>> > >>
>> > >> for(int i=0; i< suported.length; i++)
>> > >> System.out.println("Supported
>> > >> Cipher Suites: " + suported[i]);
>> > >>
>> > >> InputStream inputstream = System.in ;
>> > >> InputStreamReader inputstreamreader = new
>> > >> InputStreamReader(inputstream);
>> > >> BufferedReader bufferedreader = new
>> > >> BufferedReader(inputstreamreader);
>> > >>
>> > >> OutputStream outputstream =
>> sslsocket.getOutputStream();
>> > >> OutputStreamWriter outputstreamwriter = new
>> > >> OutputStreamWriter(outputstream);
>> > >> BufferedWriter bufferedwriter = new
>> > >> BufferedWriter(outputstreamwriter);
>> > >>
>> > >> String string = null;
>> > >> while ((string = bufferedreader.readLine()) != null) {
>> > >> bufferedwriter.write (string + '\n');
>> > >> bufferedwriter.flush();
>> > >> }
>> > >> } catch (Exception exception) {
>> > >> exception.printStackTrace();
>> > >> }
>> > >> }
>> > >> }
>> > >>
>> > >>
>> > >>
>> > >>
>> > >>
>> > >> //SERVER APLICATION
>> > >> private static void addSSLSupport( DefaultIoFilterChainBuilder
>> > chain
>> > >> )
>> > >> throws Exception
>> > >> {
>> > >> SSLFilter sslFilter =
>> > >> new SSLFilter( BogusSSLContextFactory.getInstance(
>> true )
>> > );
>> > >> sslFilter.setEnabledCipherSuites (new String[] {
>> > >> "SSL_RSA_EXPORT_WITH_RC4_40_MD5",
>> > >> "SSL_RSA_WITH_RC4_128_MD5"
>> > >> });
>> > >>
>> > >> String[] suported = sslFilter.getEnabledCipherSuites();
>> > >> System.out.println("\n\n\n\n\n\n");
>> > >> for(int i=0; i<suported.length; i++)
>> > >> System.out.println("Supported
>> > >> Cipher Suites: " + suported[i]);
>> > >> System.out.println("\n\n\n\n\n\n");
>> > >>
>> > >>
>> > >> chain.addLast( "sslFilter", sslFilter );
>> > >>
>> > >> System.out.println( "SSL ON" );
>> > >> }
>> > >>
>> > >
>> >
>> >
>> > --
>> > Niklas Therning
>> > www.spamdrain.net
>> >
>> >
>>
>>
>> --
>> ..Cheers
>> Mark
>
>
>
>
--
Niklas Therning
www.spamdrain.net
Re: New project on starting block: OpenLSD using MINA
Posted by Frédéric Brégier <fr...@free.fr>.
Hi Trustin again,
Perhaps you could use the picture on the web site
for the benchmark on http://openlsd.free.fr/en/res/openlsd/img10a.gif
The comment can be something (in MINA point of vue) as:
The import feature manages one client using a multithread connection
(from 1 to 8 on the example) that connects to one server using
a "Demuxing Io Handler" type of protocol. Each thread sends messages
containing the order for the server to import one file in its filesystem.
There are previously and after some database requests to keep
everything correct and MD5 computation on the file.
So the client and the server have heavy (relative) computation tasks.
The performance are about nearly 180 messages by second
(files imported by second) with 1 client thread and about 1400 messages
by second with 8 client threads, so almost linear performance.
Also, I update the documentation and code on website (sourceforge)
since my collegues say to me it was not at all obvious that the source
was in fact 3 eclipse projects...
Frederic
----- Original Message -----
Hi Trustin,
The integration process should end during summer time.
As for the "official" part, it is not published or whatever
relative thing, but I am working on it to made it one of
the choice for the public administration.
This project should replace a software which is very
expensive (I talk of millions of euro) and not totally
what we want/need to do as document archiving.
So for now it is a project that must make its proof
in the real world (after integration so sometime
from september 2007). Of course, like any project
and those in public administration, "official" publications
will take place... once it is in production and bug free. ;-)
But I think you can still reference it at least as an on going
project as well as the performance test result.
Of course, whenever I get some news I will try to inform
MINA list asap ;-)
For instance, the next step will be, during integration,
new benchmark but on a 32 Power5 server.
Thank again for Mina people, without Mina I was in trouble
to make my "network" protocol efficient and evolutive.
PS: I use demuxing Io Handler, just to point it since it is not
very usual as I saw from the mailing list.
Frederic
----- Original Message -----
From: "Trustin Lee"
Sent: Monday, May 14, 2007 4:05 AM
Subject: Re: New project on starting block: OpenLSD using MINA
Hi Frederic,
Thank you for sharing your test results, and I am very proud that MINA
is being used for such an important mission! :D
When will be the integration process end and when can we officially
list OpenLSD and Ministery of Finance in France as a reference and
post the performance test result?
Cheers,
Trustin
On 5/13/07, Frederic Bregier wrote:
> Hi all,
> I am using MINA for one year now and I finally arrived at a point
> where my project is reaching a level that start to satisfy me a little.
>
> I post this not to make some publicity on my project but in case
> Trustin wants to add it as one of the project that use MINA or some
> benchmarks (at the end of this mail) review.
>
> I have not finishing everything and of course I am sure that some
> parts could be better, but I think it was time to open it to the
> community.
> Of course I am open to any comment ! I do that on my spare time
> so obviously it is not perfect... ;-)
>
> This project, named OpenLSD, is about a framework for
> legal document archiving and specifically for huge amount of files,
> which stands for Open Legacy Storage Document.
> You can find some infor on it on sourceforge and/or on
> my web site : http://openlsd.free.fr/en/OpenLSDandCo.html
>
> My employer (Ministery of Finance in France) has, like a lot
> of administrations, some problems with electronic archiving:
> - How to archive in electronic form about hundred of TeraBytes
> or even thousand of Terabytes
> - How to be able to access them in a secure and in a performant way
> (well, Mina came here just at the right time)
> - How to enable to adapt the code as easy as possible to new
> problem (my next focus will be OpenLSM for Open Legacy
> Storage Mail for email legal archiving)
> - How to ensure security on storage (crypto on files for instance)
>
> So I decided to develop something that could answear to the
> various problems that we have to face.
> It is currently starting its integration in the Ministery IT.
> Of course, it should be also possible to use it for smaller storage
> like departemental archive.
>
> The project is not finished (will it be one day ?).
> Today there is an example of a simple application (simple business)
> based on this framework, using Oracle as database, MINA as network
> framework and NIO also on filesystem access.
> The next steps will be to correct MySQL support (my compagny has to use
> Oracle so the priority on this one but I merge regularly the
> capabilities),
> to enable cache support (read and write), to enable multiple OpenLSD
> server (mirroring by OpenLSD for security and performance aspect),
> to enable PostGreSQL also (I use JDBC but some optimization can be done
> with each database).
>
> Last but not least, my benchmark can be resume as follow :
> - Import of 10 KB documents at a rate of 1420 files/second
> (so 1420 messages by second using MINA as framework between
> 1 server and 8 MINA clients)
> The main time is in the file handling not in the MINA's part.
> The server was a 8 CPU Power5 AIX 5.3 IBM server using
> the IBM JVM 1.5.
> - Retrieve 1000 documents by second through network (3 Tomcat servers
> using servlet with MINA client connected to OpenLSD MINA server)
> with 88 Mbits of bandwith (fully using MINA support) with a mean time
> of 0,012 seconds by document
> The Tomcat servers are 2-Xeon CPU 64bits using Linux (Suse 10),
> IBM JDK 1.5 and Tomcat 5.5. The LSD Server (storage and MINA server)
> was on a 2 CPU Power5 AIX 5.3 IBM server using the IBM JVM 1.5.
> - Another simple test (without Database persistence) shows that I was
> able to
> get 2500 documents of 10KB by second using 1 Tomcat server with
> each servlet connecting to OpenLSD server using MINA, so
> 400 Mbits of bandwith.
> The Tomcat server is a 2-Xeon CPU 64bits using Linux (Suse 10),
> IBM JDK 1.5 and Tomcat 5.5. The LSD Server (storage and MINA server)
> was on a 2 CPU Power5 AIX 5.3 IBM server using the IBM JVM 1.5.
>
> Other benchmarks were done but are not relative to MINA, so I just put
> it here to be compelete:
> - Import in the same condition but in crypted mode (files are save using
> a key)
> gives 1290 files / second. (same condition as normal import)
> - Check of consistency database/filesystem is done at 2400 files/second
> when MD5 computation is done (50 MB/s or 400 Mbits on a 2Gb SAN)
> - Check of consistency database/filesystem is done at 30 000 files/second
> without MD5 computation is done (80 MB/s or 640 Mbits on a 2Gb SAN)
>
> Just to be complete, the version of MINA is the trunk one.
>
> I hope other projects will come on and on using MINA, a great piece of
> software!!!
> Thank you all, since MINA is powerful thanks to all its users.
>
> Frederic
>
--
what we call human nature is actually human habit
--
http://gleamynode.net/
--
PGP Key ID: 0x0255ECA6
Re: New project on starting block: OpenLSD using MINA
Posted by Frédéric Brégier <fr...@free.fr>.
Hi Trustin,
The integration process should end during summer time.
As for the "official" part, it is not published or whatever
relative thing, but I am working on it to made it one of
the choice for the public administration.
This project should replace a software which is very
expensive (I talk of millions of euro) and not totally
what we want/need to do as document archiving.
So for now it is a project that must make its proof
in the real world (after integration so sometime
from september 2007). Of course, like any project
and those in public administration, "official" publications
will take place... once it is in production and bug free. ;-)
But I think you can still reference it at least as an on going
project as well as the performance test result.
Of course, whenever I get some news I will try to inform
MINA list asap ;-)
For instance, the next step will be, during integration,
new benchmark but on a 32 Power5 server.
Thank again for Mina people, without Mina I was in trouble
to make my "network" protocol efficient and evolutive.
PS: I use demuxing Io Handler, just to point it since it is not
very usual as I saw from the mailing list.
Frederic
----- Original Message -----
From: "Trustin Lee"
Sent: Monday, May 14, 2007 4:05 AM
Subject: Re: New project on starting block: OpenLSD using MINA
Hi Frederic,
Thank you for sharing your test results, and I am very proud that MINA
is being used for such an important mission! :D
When will be the integration process end and when can we officially
list OpenLSD and Ministery of Finance in France as a reference and
post the performance test result?
Cheers,
Trustin
On 5/13/07, Frederic Bregier wrote:
> Hi all,
> I am using MINA for one year now and I finally arrived at a point
> where my project is reaching a level that start to satisfy me a little.
>
> I post this not to make some publicity on my project but in case
> Trustin wants to add it as one of the project that use MINA or some
> benchmarks (at the end of this mail) review.
>
> I have not finishing everything and of course I am sure that some
> parts could be better, but I think it was time to open it to the
> community.
> Of course I am open to any comment ! I do that on my spare time
> so obviously it is not perfect... ;-)
>
> This project, named OpenLSD, is about a framework for
> legal document archiving and specifically for huge amount of files,
> which stands for Open Legacy Storage Document.
> You can find some infor on it on sourceforge and/or on
> my web site : http://openlsd.free.fr/en/OpenLSDandCo.html
>
> My employer (Ministery of Finance in France) has, like a lot
> of administrations, some problems with electronic archiving:
> - How to archive in electronic form about hundred of TeraBytes
> or even thousand of Terabytes
> - How to be able to access them in a secure and in a performant way
> (well, Mina came here just at the right time)
> - How to enable to adapt the code as easy as possible to new
> problem (my next focus will be OpenLSM for Open Legacy
> Storage Mail for email legal archiving)
> - How to ensure security on storage (crypto on files for instance)
>
> So I decided to develop something that could answear to the
> various problems that we have to face.
> It is currently starting its integration in the Ministery IT.
> Of course, it should be also possible to use it for smaller storage
> like departemental archive.
>
> The project is not finished (will it be one day ?).
> Today there is an example of a simple application (simple business)
> based on this framework, using Oracle as database, MINA as network
> framework and NIO also on filesystem access.
> The next steps will be to correct MySQL support (my compagny has to use
> Oracle so the priority on this one but I merge regularly the
> capabilities),
> to enable cache support (read and write), to enable multiple OpenLSD
> server (mirroring by OpenLSD for security and performance aspect),
> to enable PostGreSQL also (I use JDBC but some optimization can be done
> with each database).
>
> Last but not least, my benchmark can be resume as follow :
> - Import of 10 KB documents at a rate of 1420 files/second
> (so 1420 messages by second using MINA as framework between
> 1 server and 8 MINA clients)
> The main time is in the file handling not in the MINA's part.
> The server was a 8 CPU Power5 AIX 5.3 IBM server using
> the IBM JVM 1.5.
> - Retrieve 1000 documents by second through network (3 Tomcat servers
> using servlet with MINA client connected to OpenLSD MINA server)
> with 88 Mbits of bandwith (fully using MINA support) with a mean time
> of 0,012 seconds by document
> The Tomcat servers are 2-Xeon CPU 64bits using Linux (Suse 10),
> IBM JDK 1.5 and Tomcat 5.5. The LSD Server (storage and MINA server)
> was on a 2 CPU Power5 AIX 5.3 IBM server using the IBM JVM 1.5.
> - Another simple test (without Database persistence) shows that I was
> able to
> get 2500 documents of 10KB by second using 1 Tomcat server with
> each servlet connecting to OpenLSD server using MINA, so
> 400 Mbits of bandwith.
> The Tomcat server is a 2-Xeon CPU 64bits using Linux (Suse 10),
> IBM JDK 1.5 and Tomcat 5.5. The LSD Server (storage and MINA server)
> was on a 2 CPU Power5 AIX 5.3 IBM server using the IBM JVM 1.5.
>
> Other benchmarks were done but are not relative to MINA, so I just put
> it here to be compelete:
> - Import in the same condition but in crypted mode (files are save using
> a key)
> gives 1290 files / second. (same condition as normal import)
> - Check of consistency database/filesystem is done at 2400 files/second
> when MD5 computation is done (50 MB/s or 400 Mbits on a 2Gb SAN)
> - Check of consistency database/filesystem is done at 30 000 files/second
> without MD5 computation is done (80 MB/s or 640 Mbits on a 2Gb SAN)
>
> Just to be complete, the version of MINA is the trunk one.
>
> I hope other projects will come on and on using MINA, a great piece of
> software!!!
> Thank you all, since MINA is powerful thanks to all its users.
>
> Frederic
>
--
what we call human nature is actually human habit
--
http://gleamynode.net/
--
PGP Key ID: 0x0255ECA6
Re: New project on starting block: OpenLSD using MINA
Posted by Trustin Lee <tr...@gmail.com>.
Hi Frederic,
Thank you for sharing your test results, and I am very proud that MINA
is being used for such an important mission! :D
When will be the integration process end and when can we officially
list OpenLSD and Ministery of Finance in France as a reference and
post the performance test result?
Cheers,
Trustin
On 5/13/07, Frederic Bregier <fr...@free.fr> wrote:
> Hi all,
> I am using MINA for one year now and I finally arrived at a point
> where my project is reaching a level that start to satisfy me a little.
>
> I post this not to make some publicity on my project but in case
> Trustin wants to add it as one of the project that use MINA or some
> benchmarks (at the end of this mail) review.
>
> I have not finishing everything and of course I am sure that some
> parts could be better, but I think it was time to open it to the community.
> Of course I am open to any comment ! I do that on my spare time
> so obviously it is not perfect... ;-)
>
> This project, named OpenLSD, is about a framework for
> legal document archiving and specifically for huge amount of files,
> which stands for Open Legacy Storage Document.
> You can find some infor on it on sourceforge and/or on
> my web site : http://openlsd.free.fr/en/OpenLSDandCo.html
>
> My employer (Ministery of Finance in France) has, like a lot
> of administrations, some problems with electronic archiving:
> - How to archive in electronic form about hundred of TeraBytes
> or even thousand of Terabytes
> - How to be able to access them in a secure and in a performant way
> (well, Mina came here just at the right time)
> - How to enable to adapt the code as easy as possible to new
> problem (my next focus will be OpenLSM for Open Legacy
> Storage Mail for email legal archiving)
> - How to ensure security on storage (crypto on files for instance)
>
> So I decided to develop something that could answear to the
> various problems that we have to face.
> It is currently starting its integration in the Ministery IT.
> Of course, it should be also possible to use it for smaller storage
> like departemental archive.
>
> The project is not finished (will it be one day ?).
> Today there is an example of a simple application (simple business)
> based on this framework, using Oracle as database, MINA as network
> framework and NIO also on filesystem access.
> The next steps will be to correct MySQL support (my compagny has to use
> Oracle so the priority on this one but I merge regularly the capabilities),
> to enable cache support (read and write), to enable multiple OpenLSD
> server (mirroring by OpenLSD for security and performance aspect),
> to enable PostGreSQL also (I use JDBC but some optimization can be done
> with each database).
>
> Last but not least, my benchmark can be resume as follow :
> - Import of 10 KB documents at a rate of 1420 files/second
> (so 1420 messages by second using MINA as framework between
> 1 server and 8 MINA clients)
> The main time is in the file handling not in the MINA's part.
> The server was a 8 CPU Power5 AIX 5.3 IBM server using
> the IBM JVM 1.5.
> - Retrieve 1000 documents by second through network (3 Tomcat servers
> using servlet with MINA client connected to OpenLSD MINA server)
> with 88 Mbits of bandwith (fully using MINA support) with a mean time
> of 0,012 seconds by document
> The Tomcat servers are 2-Xeon CPU 64bits using Linux (Suse 10),
> IBM JDK 1.5 and Tomcat 5.5. The LSD Server (storage and MINA server)
> was on a 2 CPU Power5 AIX 5.3 IBM server using the IBM JVM 1.5.
> - Another simple test (without Database persistence) shows that I was
> able to
> get 2500 documents of 10KB by second using 1 Tomcat server with
> each servlet connecting to OpenLSD server using MINA, so
> 400 Mbits of bandwith.
> The Tomcat server is a 2-Xeon CPU 64bits using Linux (Suse 10),
> IBM JDK 1.5 and Tomcat 5.5. The LSD Server (storage and MINA server)
> was on a 2 CPU Power5 AIX 5.3 IBM server using the IBM JVM 1.5.
>
> Other benchmarks were done but are not relative to MINA, so I just put
> it here to be compelete:
> - Import in the same condition but in crypted mode (files are save using
> a key)
> gives 1290 files / second. (same condition as normal import)
> - Check of consistency database/filesystem is done at 2400 files/second
> when MD5 computation is done (50 MB/s or 400 Mbits on a 2Gb SAN)
> - Check of consistency database/filesystem is done at 30 000 files/second
> without MD5 computation is done (80 MB/s or 640 Mbits on a 2Gb SAN)
>
> Just to be complete, the version of MINA is the trunk one.
>
> I hope other projects will come on and on using MINA, a great piece of
> software!!!
> Thank you all, since MINA is powerful thanks to all its users.
>
> Frederic
>
--
what we call human nature is actually human habit
--
http://gleamynode.net/
--
PGP Key ID: 0x0255ECA6
New project on starting block: OpenLSD using MINA
Posted by Frederic Bregier <fr...@free.fr>.
Hi all,
I am using MINA for one year now and I finally arrived at a point
where my project is reaching a level that start to satisfy me a little.
I post this not to make some publicity on my project but in case
Trustin wants to add it as one of the project that use MINA or some
benchmarks (at the end of this mail) review.
I have not finishing everything and of course I am sure that some
parts could be better, but I think it was time to open it to the community.
Of course I am open to any comment ! I do that on my spare time
so obviously it is not perfect... ;-)
This project, named OpenLSD, is about a framework for
legal document archiving and specifically for huge amount of files,
which stands for Open Legacy Storage Document.
You can find some infor on it on sourceforge and/or on
my web site : http://openlsd.free.fr/en/OpenLSDandCo.html
My employer (Ministery of Finance in France) has, like a lot
of administrations, some problems with electronic archiving:
- How to archive in electronic form about hundred of TeraBytes
or even thousand of Terabytes
- How to be able to access them in a secure and in a performant way
(well, Mina came here just at the right time)
- How to enable to adapt the code as easy as possible to new
problem (my next focus will be OpenLSM for Open Legacy
Storage Mail for email legal archiving)
- How to ensure security on storage (crypto on files for instance)
So I decided to develop something that could answear to the
various problems that we have to face.
It is currently starting its integration in the Ministery IT.
Of course, it should be also possible to use it for smaller storage
like departemental archive.
The project is not finished (will it be one day ?).
Today there is an example of a simple application (simple business)
based on this framework, using Oracle as database, MINA as network
framework and NIO also on filesystem access.
The next steps will be to correct MySQL support (my compagny has to use
Oracle so the priority on this one but I merge regularly the capabilities),
to enable cache support (read and write), to enable multiple OpenLSD
server (mirroring by OpenLSD for security and performance aspect),
to enable PostGreSQL also (I use JDBC but some optimization can be done
with each database).
Last but not least, my benchmark can be resume as follow :
- Import of 10 KB documents at a rate of 1420 files/second
(so 1420 messages by second using MINA as framework between
1 server and 8 MINA clients)
The main time is in the file handling not in the MINA's part.
The server was a 8 CPU Power5 AIX 5.3 IBM server using
the IBM JVM 1.5.
- Retrieve 1000 documents by second through network (3 Tomcat servers
using servlet with MINA client connected to OpenLSD MINA server)
with 88 Mbits of bandwith (fully using MINA support) with a mean time
of 0,012 seconds by document
The Tomcat servers are 2-Xeon CPU 64bits using Linux (Suse 10),
IBM JDK 1.5 and Tomcat 5.5. The LSD Server (storage and MINA server)
was on a 2 CPU Power5 AIX 5.3 IBM server using the IBM JVM 1.5.
- Another simple test (without Database persistence) shows that I was
able to
get 2500 documents of 10KB by second using 1 Tomcat server with
each servlet connecting to OpenLSD server using MINA, so
400 Mbits of bandwith.
The Tomcat server is a 2-Xeon CPU 64bits using Linux (Suse 10),
IBM JDK 1.5 and Tomcat 5.5. The LSD Server (storage and MINA server)
was on a 2 CPU Power5 AIX 5.3 IBM server using the IBM JVM 1.5.
Other benchmarks were done but are not relative to MINA, so I just put
it here to be compelete:
- Import in the same condition but in crypted mode (files are save using
a key)
gives 1290 files / second. (same condition as normal import)
- Check of consistency database/filesystem is done at 2400 files/second
when MD5 computation is done (50 MB/s or 400 Mbits on a 2Gb SAN)
- Check of consistency database/filesystem is done at 30 000 files/second
without MD5 computation is done (80 MB/s or 640 Mbits on a 2Gb SAN)
Just to be complete, the version of MINA is the trunk one.
I hope other projects will come on and on using MINA, a great piece of
software!!!
Thank you all, since MINA is powerful thanks to all its users.
Frederic
Re: trouble working with SSL
Posted by Mark <el...@gmail.com>.
Seems like no matter what I try or do, the cipher from the SSLSession object
in SSLHandler.handshake always says that the cipher is
SSL_NULL_WITH_NULL_NULL. I have tried using the BogusSSLContextFactory and
SSLContext.getDefault() in the SSLFilter with no luck. When I try to set
SSL_NULL_WITH_NULL_NULL as a supported cipher in the SSLFilter, I get an
exception stating "Unsupported ciphersuite SSL_NULL_WITH_NULL_NULL".
I have tried Firefox on Linux and Windows, Internet Explorer on Windows and
SeaMonkey on Linux.
On 5/10/07, Mark <el...@gmail.com> wrote:
>
> what version of Firefox and what cipher suites is Firefox set up to
> accept? I cannot get the trunk working.
>
> On 5/10/07, Niklas Therning < niklas@trillian.se> wrote:
> >
> > What version of MINA are you using? I can connect with Firefox (both
> > SSL/no SSL) without any problems when using the current trunk (latest
> > version from the source code repository).
> >
> > /Niklas
> >
> > Andre de C. Rodrigues wrote:
> > > I'm not sure if the problem is only my client... I've tried using the
> > > HTTP Server mina example instead, that uses SSL too, and it didn't
> > > work. I downloaded the example, compiled and runned the code just as
> > > it is in the site (only fixing the outdated
> > > " org.apache.mina.util.CharsetUtil" import) and it works with SSL
> > > turned off, but if I set the USE_SSL = true; in the main.java file, it
> > > stops working (https://localhost:8080/ doesn't load on firefox).
> > >
> > > I thought it might be because the SSLContextFactory class seems to
> > > import a bogus.cert file that doesn't exist. I created it with keytool
> > > using the
> > > keytool -genkey -alias bogus -keysize 512 -validity 3650 -keyalg
> > > RSA -dname "CN=bogus.com, OU=XXX CA, O=Bogus Inc, L=Stockholm,
> > > S=Stockholm, C=SE" -keypass boguspw -storepass boguspw -keystore
> > > bogus.cert
> > > command, just like the comment on SSLContextFactory class says, and
> > > copied the file keytool generated into my src folder. It still didn't
> > > work.
> > >
> > > I'm somewhat new to this whole SSL thing, so I think I might be doing
> > > something terribly wrong (I can't even make the MINA example work)...
> > > does anybody have any insight on this?
> > >
> > > Thanks for the feedback,
> > > Andre
> > >
> > > 2007/5/9, Gaston Dombiak < gaston@jivesoftware.com>:
> > >> The "no cipher suites in common" means that there is a problem with
> > the
> > >> certificates. For instance, your client is probably needing RSA certs
> >
> > >> and in your store you only have DSA certs.
> > >>
> > >> -- Gato
> > >>
> > >>
> > >> -----Original Message-----
> > >> From: Andre de C. Rodrigues [mailto: andre.rodriguesv2@gmail.com]
> > >> Sent: Wednesday, May 09, 2007 2:27 PM
> > >> To: dev@mina.apache.org
> > >> Subject: trouble working with SSL
> > >>
> > >> I'm having some trouble making the echo example with SSL enabled
> > work.
> > >> I'm getting an exception caused by "no cipher suites in common":
> > >>
> > >>
> > >>
> > >> javax.net.ssl.SSLHandshakeException: Initial SSL handshake failed.
> > >> at
> > >> org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:440)
> > >> at
> > >>
> > org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageRece
> > >> ived(AbstractIoFilterChain.java:362)
> > >> at
> > >> org.apache.mina.common.support.AbstractIoFilterChain.access$1100
> > (Abstrac
> > >> tIoFilterChain.java:54)
> > >> at
> > >>
> > org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.message
> > >> Received(AbstractIoFilterChain.java:800)
> > >> at
> > >> org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilt
> >
> > >> er.java:247)
> > >> at
> > >>
> > org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run
> > >> (ExecutorFilter.java:307)
> > >> at
> > >> java.util.concurrent.ThreadPoolExecutor$Worker.runTask (Unknown
> > Source)
> > >> at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown
> > >> Source)
> > >> at java.lang.Thread.run(Unknown Source)
> > >> Caused by: javax.net.ssl.SSLHandshakeException : no cipher suites in
> > >> common
> > >> at com.sun.net.ssl.internal.ssl.Handshaker.checkThrown
> > (Unknown
> > >> Source)
> > >> at
> > >> com.sun.net.ssl.internal.ssl.SSLEngineImpl.checkTaskThrown (Unknown
> > >> Source)
> > >> at
> > >> com.sun.net.ssl.internal.ssl.SSLEngineImpl.writeAppRecord(Unknown
> > >> Source)
> > >> at com.sun.net.ssl.internal.ssl.SSLEngineImpl.wrap(Unknown
> > >> Source)
> > >> at javax.net.ssl.SSLEngine.wrap(Unknown Source)
> > >> at
> > >> org.apache.mina.filter.support.SSLHandler.handshake(SSLHandler.java
> > :555)
> > >> at
> > >> org.apache.mina.filter.support.SSLHandler.messageReceived(
> > SSLHandler.jav
> > >> a:330)
> > >> at
> > >> org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:408)
> > >> ... 8 more
> > >>
> > >>
> > >>
> > >>
> > >> I've tried setting the enabled cipher suites:
> > >> sslsocket.setEnabledCipherSuites(new String[]
> > >> "SSL_RSA_EXPORT_WITH_RC4_40_MD5", "SSL_RSA_WITH_RC4_128_MD5"});
> > >>
> > >> and
> > >>
> > >> sslFilter.setEnabledCipherSuites(new String[] {
> > >> "SSL_RSA_WITH_RC4_128_MD5", "SSL_RSA_WITH_RC4_128_MD5"},
> > >>
> > >> and then printing on System.out the
> > >> sslFilter.getEnabledCipherSuites(); array, and both the client and
> > >> server seem to support both ciphers. What am I doing wrong?
> > >>
> > >> Thanks in advance,
> > >> Andre
> > >>
> > >>
> > >>
> > >> PS: Here's the code for my addSSLSupport() method in the server app
> > >> and the client app:
> > >>
> > >>
> > >>
> > >> // CLIENT APLICATION
> > >> import javax.net.ssl.SSLSocket;
> > >> import javax.net.ssl.SSLSocketFactory;
> > >> import java.io.*;
> > >>
> > >> public
> > >> class EchoClient {
> > >> public
> > >> static
> > >> void
> > >> main(String[] arstring) {
> > >> try {
> > >> SSLSocketFactory sslsocketfactory = (SSLSocketFactory)
> > >> SSLSocketFactory.getDefault();
> > >> SSLSocket sslsocket = (SSLSocket)
> > >> sslsocketfactory.createSocket("localhost", 9999);
> > >> sslsocket.setEnabledCipherSuites(new String[]
> > >> {"SSL_RSA_EXPORT_WITH_RC4_40_MD5", "SSL_RSA_WITH_RC4_128_MD5"});
> > >> String[] suported =
> > >> sslsocket.getSupportedCipherSuites();
> > >>
> > >> System.out.println("\n\n\n\n\n\n");
> > >>
> > >> for(int i=0; i< suported.length; i++)
> > >> System.out.println("Supported
> > >> Cipher Suites: " + suported[i]);
> > >>
> > >> InputStream inputstream = System.in ;
> > >> InputStreamReader inputstreamreader = new
> > >> InputStreamReader(inputstream);
> > >> BufferedReader bufferedreader = new
> > >> BufferedReader(inputstreamreader);
> > >>
> > >> OutputStream outputstream = sslsocket.getOutputStream();
> > >> OutputStreamWriter outputstreamwriter = new
> > >> OutputStreamWriter(outputstream);
> > >> BufferedWriter bufferedwriter = new
> > >> BufferedWriter(outputstreamwriter);
> > >>
> > >> String string = null;
> > >> while ((string = bufferedreader.readLine()) != null) {
> > >> bufferedwriter.write (string + '\n');
> > >> bufferedwriter.flush();
> > >> }
> > >> } catch (Exception exception) {
> > >> exception.printStackTrace();
> > >> }
> > >> }
> > >> }
> > >>
> > >>
> > >>
> > >>
> > >>
> > >> //SERVER APLICATION
> > >> private static void addSSLSupport( DefaultIoFilterChainBuilder
> > chain
> > >> )
> > >> throws Exception
> > >> {
> > >> SSLFilter sslFilter =
> > >> new SSLFilter( BogusSSLContextFactory.getInstance( true )
> > );
> > >> sslFilter.setEnabledCipherSuites (new String[] {
> > >> "SSL_RSA_EXPORT_WITH_RC4_40_MD5",
> > >> "SSL_RSA_WITH_RC4_128_MD5"
> > >> });
> > >>
> > >> String[] suported = sslFilter.getEnabledCipherSuites();
> > >> System.out.println("\n\n\n\n\n\n");
> > >> for(int i=0; i<suported.length; i++)
> > >> System.out.println("Supported
> > >> Cipher Suites: " + suported[i]);
> > >> System.out.println("\n\n\n\n\n\n");
> > >>
> > >>
> > >> chain.addLast( "sslFilter", sslFilter );
> > >>
> > >> System.out.println( "SSL ON" );
> > >> }
> > >>
> > >
> >
> >
> > --
> > Niklas Therning
> > www.spamdrain.net
> >
> >
>
>
> --
> ..Cheers
> Mark
--
..Cheers
Mark
Re: trouble working with SSL
Posted by Mark <el...@gmail.com>.
what version of Firefox and what cipher suites is Firefox set up to accept?
I cannot get the trunk working.
On 5/10/07, Niklas Therning <ni...@trillian.se> wrote:
>
> What version of MINA are you using? I can connect with Firefox (both
> SSL/no SSL) without any problems when using the current trunk (latest
> version from the source code repository).
>
> /Niklas
>
> Andre de C. Rodrigues wrote:
> > I'm not sure if the problem is only my client... I've tried using the
> > HTTP Server mina example instead, that uses SSL too, and it didn't
> > work. I downloaded the example, compiled and runned the code just as
> > it is in the site (only fixing the outdated
> > "org.apache.mina.util.CharsetUtil" import) and it works with SSL
> > turned off, but if I set the USE_SSL = true; in the main.java file, it
> > stops working (https://localhost:8080/ doesn't load on firefox).
> >
> > I thought it might be because the SSLContextFactory class seems to
> > import a bogus.cert file that doesn't exist. I created it with keytool
> > using the
> > keytool -genkey -alias bogus -keysize 512 -validity 3650 -keyalg
> > RSA -dname "CN=bogus.com, OU=XXX CA, O=Bogus Inc, L=Stockholm,
> > S=Stockholm, C=SE" -keypass boguspw -storepass boguspw -keystore
> > bogus.cert
> > command, just like the comment on SSLContextFactory class says, and
> > copied the file keytool generated into my src folder. It still didn't
> > work.
> >
> > I'm somewhat new to this whole SSL thing, so I think I might be doing
> > something terribly wrong (I can't even make the MINA example work)...
> > does anybody have any insight on this?
> >
> > Thanks for the feedback,
> > Andre
> >
> > 2007/5/9, Gaston Dombiak <ga...@jivesoftware.com>:
> >> The "no cipher suites in common" means that there is a problem with the
> >> certificates. For instance, your client is probably needing RSA certs
> >> and in your store you only have DSA certs.
> >>
> >> -- Gato
> >>
> >>
> >> -----Original Message-----
> >> From: Andre de C. Rodrigues [mailto:andre.rodriguesv2@gmail.com]
> >> Sent: Wednesday, May 09, 2007 2:27 PM
> >> To: dev@mina.apache.org
> >> Subject: trouble working with SSL
> >>
> >> I'm having some trouble making the echo example with SSL enabled work.
> >> I'm getting an exception caused by "no cipher suites in common":
> >>
> >>
> >>
> >> javax.net.ssl.SSLHandshakeException: Initial SSL handshake failed.
> >> at
> >> org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:440)
> >> at
> >>
> org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageRece
> >> ived(AbstractIoFilterChain.java:362)
> >> at
> >> org.apache.mina.common.support.AbstractIoFilterChain.access$1100
> (Abstrac
> >> tIoFilterChain.java:54)
> >> at
> >>
> org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.message
> >> Received(AbstractIoFilterChain.java:800)
> >> at
> >> org.apache.mina.filter.executor.ExecutorFilter.processEvent
> (ExecutorFilt
> >> er.java:247)
> >> at
> >>
> org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run
> >> (ExecutorFilter.java:307)
> >> at
> >> java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)
> >> at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown
> >> Source)
> >> at java.lang.Thread.run(Unknown Source)
> >> Caused by: javax.net.ssl.SSLHandshakeException: no cipher suites in
> >> common
> >> at com.sun.net.ssl.internal.ssl.Handshaker.checkThrown(Unknown
> >> Source)
> >> at
> >> com.sun.net.ssl.internal.ssl.SSLEngineImpl.checkTaskThrown(Unknown
> >> Source)
> >> at
> >> com.sun.net.ssl.internal.ssl.SSLEngineImpl.writeAppRecord(Unknown
> >> Source)
> >> at com.sun.net.ssl.internal.ssl.SSLEngineImpl.wrap(Unknown
> >> Source)
> >> at javax.net.ssl.SSLEngine.wrap(Unknown Source)
> >> at
> >> org.apache.mina.filter.support.SSLHandler.handshake(SSLHandler.java
> :555)
> >> at
> >> org.apache.mina.filter.support.SSLHandler.messageReceived(
> SSLHandler.jav
> >> a:330)
> >> at
> >> org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:408)
> >> ... 8 more
> >>
> >>
> >>
> >>
> >> I've tried setting the enabled cipher suites:
> >> sslsocket.setEnabledCipherSuites(new String[]
> >> "SSL_RSA_EXPORT_WITH_RC4_40_MD5", "SSL_RSA_WITH_RC4_128_MD5"});
> >>
> >> and
> >>
> >> sslFilter.setEnabledCipherSuites(new String[] {
> >> "SSL_RSA_WITH_RC4_128_MD5", "SSL_RSA_WITH_RC4_128_MD5"},
> >>
> >> and then printing on System.out the
> >> sslFilter.getEnabledCipherSuites(); array, and both the client and
> >> server seem to support both ciphers. What am I doing wrong?
> >>
> >> Thanks in advance,
> >> Andre
> >>
> >>
> >>
> >> PS: Here's the code for my addSSLSupport() method in the server app
> >> and the client app:
> >>
> >>
> >>
> >> // CLIENT APLICATION
> >> import javax.net.ssl.SSLSocket;
> >> import javax.net.ssl.SSLSocketFactory;
> >> import java.io.*;
> >>
> >> public
> >> class EchoClient {
> >> public
> >> static
> >> void
> >> main(String[] arstring) {
> >> try {
> >> SSLSocketFactory sslsocketfactory = (SSLSocketFactory)
> >> SSLSocketFactory.getDefault();
> >> SSLSocket sslsocket = (SSLSocket)
> >> sslsocketfactory.createSocket("localhost", 9999);
> >> sslsocket.setEnabledCipherSuites(new String[]
> >> {"SSL_RSA_EXPORT_WITH_RC4_40_MD5", "SSL_RSA_WITH_RC4_128_MD5"});
> >> String[] suported =
> >> sslsocket.getSupportedCipherSuites();
> >>
> >> System.out.println("\n\n\n\n\n\n");
> >>
> >> for(int i=0; i<suported.length; i++)
> >> System.out.println("Supported
> >> Cipher Suites: " + suported[i]);
> >>
> >> InputStream inputstream = System.in;
> >> InputStreamReader inputstreamreader = new
> >> InputStreamReader(inputstream);
> >> BufferedReader bufferedreader = new
> >> BufferedReader(inputstreamreader);
> >>
> >> OutputStream outputstream = sslsocket.getOutputStream();
> >> OutputStreamWriter outputstreamwriter = new
> >> OutputStreamWriter(outputstream);
> >> BufferedWriter bufferedwriter = new
> >> BufferedWriter(outputstreamwriter);
> >>
> >> String string = null;
> >> while ((string = bufferedreader.readLine()) != null) {
> >> bufferedwriter.write(string + '\n');
> >> bufferedwriter.flush();
> >> }
> >> } catch (Exception exception) {
> >> exception.printStackTrace();
> >> }
> >> }
> >> }
> >>
> >>
> >>
> >>
> >>
> >> //SERVER APLICATION
> >> private static void addSSLSupport( DefaultIoFilterChainBuilder
> chain
> >> )
> >> throws Exception
> >> {
> >> SSLFilter sslFilter =
> >> new SSLFilter( BogusSSLContextFactory.getInstance( true )
> );
> >> sslFilter.setEnabledCipherSuites(new String[] {
> >> "SSL_RSA_EXPORT_WITH_RC4_40_MD5",
> >> "SSL_RSA_WITH_RC4_128_MD5"
> >> });
> >>
> >> String[] suported = sslFilter.getEnabledCipherSuites();
> >> System.out.println("\n\n\n\n\n\n");
> >> for(int i=0; i<suported.length; i++)
> >> System.out.println("Supported
> >> Cipher Suites: " + suported[i]);
> >> System.out.println("\n\n\n\n\n\n");
> >>
> >>
> >> chain.addLast( "sslFilter", sslFilter );
> >>
> >> System.out.println( "SSL ON" );
> >> }
> >>
> >
>
>
> --
> Niklas Therning
> www.spamdrain.net
>
>
--
..Cheers
Mark
Re: Apache - Mina - Native Code
Posted by Trustin Lee <tr...@gmail.com>.
Hi T,
On 5/11/07, T.Knittel <T....@gmx.de> wrote:
> Hi People !
>
> I'm really hooked from all this Mina stuff ...it's great!
> As yet it seems that I get along with this very well.
Thank you, and please come back to us whenever you need somewhere to
improve in MINA!
> Actually I'm working on an application which is intended to be compiled
> to Windows- or Linux- Nativecode.
> I'd like to use Mina in this application, but it depends on the
> posibility to compile it to native-codes or not.
>
> Could someone give me some advices concerning nativecode-compilation of
> Mina-Application??
> Where are the problems?
> What should I pay attention for?
> Which compiler should I use?
> What about Excelsior-Jet?
We didn't try that as Peter told you, but using GCJ (GCC Java) will
make things to work unless there's something wrong with GCJ or GNU
Classpath.
HTH,
Trustin
--
what we call human nature is actually human habit
--
http://gleamynode.net/
--
PGP Key ID: 0x0255ECA6
Re: Apache - Mina - Native Code
Posted by peter royal <pr...@apache.org>.
On May 10, 2007, at 1:59 PM, T.Knittel wrote:
> Actually I'm working on an application which is intended to be
> compiled to Windows- or Linux- Nativecode.
> I'd like to use Mina in this application, but it depends on the
> posibility to compile it to native-codes or not.
>
> Could someone give me some advices concerning nativecode-
> compilation of Mina-Application??
> Where are the problems?
> What should I pay attention for?
> Which compiler should I use?
> What about Excelsior-Jet?
I've never tried, but I can't think of why it wouldn't work off the
top of my head. Do report back with your results!
-pete
--
proyal@apache.org - http://fotap.org/~osi
Apache - Mina - Native Code
Posted by "T.Knittel" <T....@gmx.de>.
Hi People !
I'm really hooked from all this Mina stuff ...it's great!
As yet it seems that I get along with this very well.
Actually I'm working on an application which is intended to be compiled
to Windows- or Linux- Nativecode.
I'd like to use Mina in this application, but it depends on the
posibility to compile it to native-codes or not.
Could someone give me some advices concerning nativecode-compilation of
Mina-Application??
Where are the problems?
What should I pay attention for?
Which compiler should I use?
What about Excelsior-Jet?
regards!
Thomas
Re: trouble working with SSL
Posted by "Andre de C. Rodrigues" <an...@gmail.com>.
Actually, I was using the latest stable release (1.1). I just tried
using the current trunk, though, and still no success.
I've also tried using another security certificate, the one generated by:
keytool -genkey -keystore mySrvKeystore -keyalg RSA
To do this, I changed the BOGUS_KEYSTORE variable in
BogusSSLContextFactory.java to mySrvKeystore, placed the
mySvrKeystore file in this project's src folder and changed the
BOGUS_PW array to mySrvKeystore's password.
I'm getting the same error as before: the server console throws an
exception caused by "no cipher suites in common" and firefox's error
message states that "Firefox can't connect securely to localhost
because the site uses a security protocol which isn't enabled".
Andre
2007/5/10, Mark <el...@gmail.com>:
> Have you tried the code from the trunk with actual certificates? I am
> having problems with a server cert I generated using OpenSSL.
>
> --
> ..Cheers
> Mark
>
> On 5/10/07, Niklas Therning <ni...@trillian.se> wrote:
> >
> > What version of MINA are you using? I can connect with Firefox (both
> > SSL/no SSL) without any problems when using the current trunk (latest
> > version from the source code repository).
> >
> > /Niklas
> >
> > Andre de C. Rodrigues wrote:
> > > I'm not sure if the problem is only my client... I've tried using the
> > > HTTP Server mina example instead, that uses SSL too, and it didn't
> > > work. I downloaded the example, compiled and runned the code just as
> > > it is in the site (only fixing the outdated
> > > "org.apache.mina.util.CharsetUtil" import) and it works with SSL
> > > turned off, but if I set the USE_SSL = true; in the main.java file, it
> > > stops working (https://localhost:8080/ doesn't load on firefox).
> > >
> > > I thought it might be because the SSLContextFactory class seems to
> > > import a bogus.cert file that doesn't exist. I created it with keytool
> > > using the
> > > keytool -genkey -alias bogus -keysize 512 -validity 3650 -keyalg
> > > RSA -dname "CN=bogus.com, OU=XXX CA, O=Bogus Inc, L=Stockholm,
> > > S=Stockholm, C=SE" -keypass boguspw -storepass boguspw -keystore
> > > bogus.cert
> > > command, just like the comment on SSLContextFactory class says, and
> > > copied the file keytool generated into my src folder. It still didn't
> > > work.
> > >
> > > I'm somewhat new to this whole SSL thing, so I think I might be doing
> > > something terribly wrong (I can't even make the MINA example work)...
> > > does anybody have any insight on this?
> > >
> > > Thanks for the feedback,
> > > Andre
> > >
> > > 2007/5/9, Gaston Dombiak <ga...@jivesoftware.com>:
> > >> The "no cipher suites in common" means that there is a problem with the
> > >> certificates. For instance, your client is probably needing RSA certs
> > >> and in your store you only have DSA certs.
> > >>
> > >> -- Gato
> > >>
> > >>
> > >> -----Original Message-----
> > >> From: Andre de C. Rodrigues [mailto:andre.rodriguesv2@gmail.com]
> > >> Sent: Wednesday, May 09, 2007 2:27 PM
> > >> To: dev@mina.apache.org
> > >> Subject: trouble working with SSL
> > >>
> > >> I'm having some trouble making the echo example with SSL enabled work.
> > >> I'm getting an exception caused by "no cipher suites in common":
> > >>
> > >>
> > >>
> > >> javax.net.ssl.SSLHandshakeException: Initial SSL handshake failed.
> > >> at
> > >> org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:440)
> > >> at
> > >>
> > org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageRece
> > >> ived(AbstractIoFilterChain.java:362)
> > >> at
> > >> org.apache.mina.common.support.AbstractIoFilterChain.access$1100
> > (Abstrac
> > >> tIoFilterChain.java:54)
> > >> at
> > >>
> > org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.message
> > >> Received(AbstractIoFilterChain.java:800)
> > >> at
> > >> org.apache.mina.filter.executor.ExecutorFilter.processEvent
> > (ExecutorFilt
> > >> er.java:247)
> > >> at
> > >>
> > org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run
> > >> (ExecutorFilter.java:307)
> > >> at
> > >> java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)
> > >> at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown
> > >> Source)
> > >> at java.lang.Thread.run(Unknown Source)
> > >> Caused by: javax.net.ssl.SSLHandshakeException: no cipher suites in
> > >> common
> > >> at com.sun.net.ssl.internal.ssl.Handshaker.checkThrown(Unknown
> > >> Source)
> > >> at
> > >> com.sun.net.ssl.internal.ssl.SSLEngineImpl.checkTaskThrown(Unknown
> > >> Source)
> > >> at
> > >> com.sun.net.ssl.internal.ssl.SSLEngineImpl.writeAppRecord(Unknown
> > >> Source)
> > >> at com.sun.net.ssl.internal.ssl.SSLEngineImpl.wrap(Unknown
> > >> Source)
> > >> at javax.net.ssl.SSLEngine.wrap(Unknown Source)
> > >> at
> > >> org.apache.mina.filter.support.SSLHandler.handshake(SSLHandler.java
> > :555)
> > >> at
> > >> org.apache.mina.filter.support.SSLHandler.messageReceived(
> > SSLHandler.jav
> > >> a:330)
> > >> at
> > >> org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:408)
> > >> ... 8 more
> > >>
> > >>
> > >>
> > >>
> > >> I've tried setting the enabled cipher suites:
> > >> sslsocket.setEnabledCipherSuites(new String[]
> > >> "SSL_RSA_EXPORT_WITH_RC4_40_MD5", "SSL_RSA_WITH_RC4_128_MD5"});
> > >>
> > >> and
> > >>
> > >> sslFilter.setEnabledCipherSuites(new String[] {
> > >> "SSL_RSA_WITH_RC4_128_MD5", "SSL_RSA_WITH_RC4_128_MD5"},
> > >>
> > >> and then printing on System.out the
> > >> sslFilter.getEnabledCipherSuites(); array, and both the client and
> > >> server seem to support both ciphers. What am I doing wrong?
> > >>
> > >> Thanks in advance,
> > >> Andre
> > >>
> > >>
> > >>
> > >> PS: Here's the code for my addSSLSupport() method in the server app
> > >> and the client app:
> > >>
> > >>
> > >>
> > >> // CLIENT APLICATION
> > >> import javax.net.ssl.SSLSocket;
> > >> import javax.net.ssl.SSLSocketFactory;
> > >> import java.io.*;
> > >>
> > >> public
> > >> class EchoClient {
> > >> public
> > >> static
> > >> void
> > >> main(String[] arstring) {
> > >> try {
> > >> SSLSocketFactory sslsocketfactory = (SSLSocketFactory)
> > >> SSLSocketFactory.getDefault();
> > >> SSLSocket sslsocket = (SSLSocket)
> > >> sslsocketfactory.createSocket("localhost", 9999);
> > >> sslsocket.setEnabledCipherSuites(new String[]
> > >> {"SSL_RSA_EXPORT_WITH_RC4_40_MD5", "SSL_RSA_WITH_RC4_128_MD5"});
> > >> String[] suported =
> > >> sslsocket.getSupportedCipherSuites();
> > >>
> > >> System.out.println("\n\n\n\n\n\n");
> > >>
> > >> for(int i=0; i<suported.length; i++)
> > >> System.out.println("Supported
> > >> Cipher Suites: " + suported[i]);
> > >>
> > >> InputStream inputstream = System.in;
> > >> InputStreamReader inputstreamreader = new
> > >> InputStreamReader(inputstream);
> > >> BufferedReader bufferedreader = new
> > >> BufferedReader(inputstreamreader);
> > >>
> > >> OutputStream outputstream = sslsocket.getOutputStream();
> > >> OutputStreamWriter outputstreamwriter = new
> > >> OutputStreamWriter(outputstream);
> > >> BufferedWriter bufferedwriter = new
> > >> BufferedWriter(outputstreamwriter);
> > >>
> > >> String string = null;
> > >> while ((string = bufferedreader.readLine()) != null) {
> > >> bufferedwriter.write(string + '\n');
> > >> bufferedwriter.flush();
> > >> }
> > >> } catch (Exception exception) {
> > >> exception.printStackTrace();
> > >> }
> > >> }
> > >> }
> > >>
> > >>
> > >>
> > >>
> > >>
> > >> //SERVER APLICATION
> > >> private static void addSSLSupport( DefaultIoFilterChainBuilder
> > chain
> > >> )
> > >> throws Exception
> > >> {
> > >> SSLFilter sslFilter =
> > >> new SSLFilter( BogusSSLContextFactory.getInstance( true )
> > );
> > >> sslFilter.setEnabledCipherSuites(new String[] {
> > >> "SSL_RSA_EXPORT_WITH_RC4_40_MD5",
> > >> "SSL_RSA_WITH_RC4_128_MD5"
> > >> });
> > >>
> > >> String[] suported = sslFilter.getEnabledCipherSuites();
> > >> System.out.println("\n\n\n\n\n\n");
> > >> for(int i=0; i<suported.length; i++)
> > >> System.out.println("Supported
> > >> Cipher Suites: " + suported[i]);
> > >> System.out.println("\n\n\n\n\n\n");
> > >>
> > >>
> > >> chain.addLast( "sslFilter", sslFilter );
> > >>
> > >> System.out.println( "SSL ON" );
> > >> }
> > >>
> > >
> >
> >
> > --
> > Niklas Therning
> > www.spamdrain.net
> >
> >
>
Re: trouble working with SSL
Posted by Mark <el...@gmail.com>.
Have you tried the code from the trunk with actual certificates? I am
having problems with a server cert I generated using OpenSSL.
--
..Cheers
Mark
On 5/10/07, Niklas Therning <ni...@trillian.se> wrote:
>
> What version of MINA are you using? I can connect with Firefox (both
> SSL/no SSL) without any problems when using the current trunk (latest
> version from the source code repository).
>
> /Niklas
>
> Andre de C. Rodrigues wrote:
> > I'm not sure if the problem is only my client... I've tried using the
> > HTTP Server mina example instead, that uses SSL too, and it didn't
> > work. I downloaded the example, compiled and runned the code just as
> > it is in the site (only fixing the outdated
> > "org.apache.mina.util.CharsetUtil" import) and it works with SSL
> > turned off, but if I set the USE_SSL = true; in the main.java file, it
> > stops working (https://localhost:8080/ doesn't load on firefox).
> >
> > I thought it might be because the SSLContextFactory class seems to
> > import a bogus.cert file that doesn't exist. I created it with keytool
> > using the
> > keytool -genkey -alias bogus -keysize 512 -validity 3650 -keyalg
> > RSA -dname "CN=bogus.com, OU=XXX CA, O=Bogus Inc, L=Stockholm,
> > S=Stockholm, C=SE" -keypass boguspw -storepass boguspw -keystore
> > bogus.cert
> > command, just like the comment on SSLContextFactory class says, and
> > copied the file keytool generated into my src folder. It still didn't
> > work.
> >
> > I'm somewhat new to this whole SSL thing, so I think I might be doing
> > something terribly wrong (I can't even make the MINA example work)...
> > does anybody have any insight on this?
> >
> > Thanks for the feedback,
> > Andre
> >
> > 2007/5/9, Gaston Dombiak <ga...@jivesoftware.com>:
> >> The "no cipher suites in common" means that there is a problem with the
> >> certificates. For instance, your client is probably needing RSA certs
> >> and in your store you only have DSA certs.
> >>
> >> -- Gato
> >>
> >>
> >> -----Original Message-----
> >> From: Andre de C. Rodrigues [mailto:andre.rodriguesv2@gmail.com]
> >> Sent: Wednesday, May 09, 2007 2:27 PM
> >> To: dev@mina.apache.org
> >> Subject: trouble working with SSL
> >>
> >> I'm having some trouble making the echo example with SSL enabled work.
> >> I'm getting an exception caused by "no cipher suites in common":
> >>
> >>
> >>
> >> javax.net.ssl.SSLHandshakeException: Initial SSL handshake failed.
> >> at
> >> org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:440)
> >> at
> >>
> org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageRece
> >> ived(AbstractIoFilterChain.java:362)
> >> at
> >> org.apache.mina.common.support.AbstractIoFilterChain.access$1100
> (Abstrac
> >> tIoFilterChain.java:54)
> >> at
> >>
> org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.message
> >> Received(AbstractIoFilterChain.java:800)
> >> at
> >> org.apache.mina.filter.executor.ExecutorFilter.processEvent
> (ExecutorFilt
> >> er.java:247)
> >> at
> >>
> org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run
> >> (ExecutorFilter.java:307)
> >> at
> >> java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)
> >> at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown
> >> Source)
> >> at java.lang.Thread.run(Unknown Source)
> >> Caused by: javax.net.ssl.SSLHandshakeException: no cipher suites in
> >> common
> >> at com.sun.net.ssl.internal.ssl.Handshaker.checkThrown(Unknown
> >> Source)
> >> at
> >> com.sun.net.ssl.internal.ssl.SSLEngineImpl.checkTaskThrown(Unknown
> >> Source)
> >> at
> >> com.sun.net.ssl.internal.ssl.SSLEngineImpl.writeAppRecord(Unknown
> >> Source)
> >> at com.sun.net.ssl.internal.ssl.SSLEngineImpl.wrap(Unknown
> >> Source)
> >> at javax.net.ssl.SSLEngine.wrap(Unknown Source)
> >> at
> >> org.apache.mina.filter.support.SSLHandler.handshake(SSLHandler.java
> :555)
> >> at
> >> org.apache.mina.filter.support.SSLHandler.messageReceived(
> SSLHandler.jav
> >> a:330)
> >> at
> >> org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:408)
> >> ... 8 more
> >>
> >>
> >>
> >>
> >> I've tried setting the enabled cipher suites:
> >> sslsocket.setEnabledCipherSuites(new String[]
> >> "SSL_RSA_EXPORT_WITH_RC4_40_MD5", "SSL_RSA_WITH_RC4_128_MD5"});
> >>
> >> and
> >>
> >> sslFilter.setEnabledCipherSuites(new String[] {
> >> "SSL_RSA_WITH_RC4_128_MD5", "SSL_RSA_WITH_RC4_128_MD5"},
> >>
> >> and then printing on System.out the
> >> sslFilter.getEnabledCipherSuites(); array, and both the client and
> >> server seem to support both ciphers. What am I doing wrong?
> >>
> >> Thanks in advance,
> >> Andre
> >>
> >>
> >>
> >> PS: Here's the code for my addSSLSupport() method in the server app
> >> and the client app:
> >>
> >>
> >>
> >> // CLIENT APLICATION
> >> import javax.net.ssl.SSLSocket;
> >> import javax.net.ssl.SSLSocketFactory;
> >> import java.io.*;
> >>
> >> public
> >> class EchoClient {
> >> public
> >> static
> >> void
> >> main(String[] arstring) {
> >> try {
> >> SSLSocketFactory sslsocketfactory = (SSLSocketFactory)
> >> SSLSocketFactory.getDefault();
> >> SSLSocket sslsocket = (SSLSocket)
> >> sslsocketfactory.createSocket("localhost", 9999);
> >> sslsocket.setEnabledCipherSuites(new String[]
> >> {"SSL_RSA_EXPORT_WITH_RC4_40_MD5", "SSL_RSA_WITH_RC4_128_MD5"});
> >> String[] suported =
> >> sslsocket.getSupportedCipherSuites();
> >>
> >> System.out.println("\n\n\n\n\n\n");
> >>
> >> for(int i=0; i<suported.length; i++)
> >> System.out.println("Supported
> >> Cipher Suites: " + suported[i]);
> >>
> >> InputStream inputstream = System.in;
> >> InputStreamReader inputstreamreader = new
> >> InputStreamReader(inputstream);
> >> BufferedReader bufferedreader = new
> >> BufferedReader(inputstreamreader);
> >>
> >> OutputStream outputstream = sslsocket.getOutputStream();
> >> OutputStreamWriter outputstreamwriter = new
> >> OutputStreamWriter(outputstream);
> >> BufferedWriter bufferedwriter = new
> >> BufferedWriter(outputstreamwriter);
> >>
> >> String string = null;
> >> while ((string = bufferedreader.readLine()) != null) {
> >> bufferedwriter.write(string + '\n');
> >> bufferedwriter.flush();
> >> }
> >> } catch (Exception exception) {
> >> exception.printStackTrace();
> >> }
> >> }
> >> }
> >>
> >>
> >>
> >>
> >>
> >> //SERVER APLICATION
> >> private static void addSSLSupport( DefaultIoFilterChainBuilder
> chain
> >> )
> >> throws Exception
> >> {
> >> SSLFilter sslFilter =
> >> new SSLFilter( BogusSSLContextFactory.getInstance( true )
> );
> >> sslFilter.setEnabledCipherSuites(new String[] {
> >> "SSL_RSA_EXPORT_WITH_RC4_40_MD5",
> >> "SSL_RSA_WITH_RC4_128_MD5"
> >> });
> >>
> >> String[] suported = sslFilter.getEnabledCipherSuites();
> >> System.out.println("\n\n\n\n\n\n");
> >> for(int i=0; i<suported.length; i++)
> >> System.out.println("Supported
> >> Cipher Suites: " + suported[i]);
> >> System.out.println("\n\n\n\n\n\n");
> >>
> >>
> >> chain.addLast( "sslFilter", sslFilter );
> >>
> >> System.out.println( "SSL ON" );
> >> }
> >>
> >
>
>
> --
> Niklas Therning
> www.spamdrain.net
>
>
Re: trouble working with SSL
Posted by Niklas Therning <ni...@trillian.se>.
What version of MINA are you using? I can connect with Firefox (both
SSL/no SSL) without any problems when using the current trunk (latest
version from the source code repository).
/Niklas
Andre de C. Rodrigues wrote:
> I'm not sure if the problem is only my client... I've tried using the
> HTTP Server mina example instead, that uses SSL too, and it didn't
> work. I downloaded the example, compiled and runned the code just as
> it is in the site (only fixing the outdated
> "org.apache.mina.util.CharsetUtil" import) and it works with SSL
> turned off, but if I set the USE_SSL = true; in the main.java file, it
> stops working (https://localhost:8080/ doesn't load on firefox).
>
> I thought it might be because the SSLContextFactory class seems to
> import a bogus.cert file that doesn't exist. I created it with keytool
> using the
> keytool -genkey -alias bogus -keysize 512 -validity 3650 -keyalg
> RSA -dname "CN=bogus.com, OU=XXX CA, O=Bogus Inc, L=Stockholm,
> S=Stockholm, C=SE" -keypass boguspw -storepass boguspw -keystore
> bogus.cert
> command, just like the comment on SSLContextFactory class says, and
> copied the file keytool generated into my src folder. It still didn't
> work.
>
> I'm somewhat new to this whole SSL thing, so I think I might be doing
> something terribly wrong (I can't even make the MINA example work)...
> does anybody have any insight on this?
>
> Thanks for the feedback,
> Andre
>
> 2007/5/9, Gaston Dombiak <ga...@jivesoftware.com>:
>> The "no cipher suites in common" means that there is a problem with the
>> certificates. For instance, your client is probably needing RSA certs
>> and in your store you only have DSA certs.
>>
>> -- Gato
>>
>>
>> -----Original Message-----
>> From: Andre de C. Rodrigues [mailto:andre.rodriguesv2@gmail.com]
>> Sent: Wednesday, May 09, 2007 2:27 PM
>> To: dev@mina.apache.org
>> Subject: trouble working with SSL
>>
>> I'm having some trouble making the echo example with SSL enabled work.
>> I'm getting an exception caused by "no cipher suites in common":
>>
>>
>>
>> javax.net.ssl.SSLHandshakeException: Initial SSL handshake failed.
>> at
>> org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:440)
>> at
>> org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageRece
>> ived(AbstractIoFilterChain.java:362)
>> at
>> org.apache.mina.common.support.AbstractIoFilterChain.access$1100(Abstrac
>> tIoFilterChain.java:54)
>> at
>> org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.message
>> Received(AbstractIoFilterChain.java:800)
>> at
>> org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilt
>> er.java:247)
>> at
>> org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run
>> (ExecutorFilter.java:307)
>> at
>> java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)
>> at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown
>> Source)
>> at java.lang.Thread.run(Unknown Source)
>> Caused by: javax.net.ssl.SSLHandshakeException: no cipher suites in
>> common
>> at com.sun.net.ssl.internal.ssl.Handshaker.checkThrown(Unknown
>> Source)
>> at
>> com.sun.net.ssl.internal.ssl.SSLEngineImpl.checkTaskThrown(Unknown
>> Source)
>> at
>> com.sun.net.ssl.internal.ssl.SSLEngineImpl.writeAppRecord(Unknown
>> Source)
>> at com.sun.net.ssl.internal.ssl.SSLEngineImpl.wrap(Unknown
>> Source)
>> at javax.net.ssl.SSLEngine.wrap(Unknown Source)
>> at
>> org.apache.mina.filter.support.SSLHandler.handshake(SSLHandler.java:555)
>> at
>> org.apache.mina.filter.support.SSLHandler.messageReceived(SSLHandler.jav
>> a:330)
>> at
>> org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:408)
>> ... 8 more
>>
>>
>>
>>
>> I've tried setting the enabled cipher suites:
>> sslsocket.setEnabledCipherSuites(new String[]
>> "SSL_RSA_EXPORT_WITH_RC4_40_MD5", "SSL_RSA_WITH_RC4_128_MD5"});
>>
>> and
>>
>> sslFilter.setEnabledCipherSuites(new String[] {
>> "SSL_RSA_WITH_RC4_128_MD5", "SSL_RSA_WITH_RC4_128_MD5"},
>>
>> and then printing on System.out the
>> sslFilter.getEnabledCipherSuites(); array, and both the client and
>> server seem to support both ciphers. What am I doing wrong?
>>
>> Thanks in advance,
>> Andre
>>
>>
>>
>> PS: Here's the code for my addSSLSupport() method in the server app
>> and the client app:
>>
>>
>>
>> // CLIENT APLICATION
>> import javax.net.ssl.SSLSocket;
>> import javax.net.ssl.SSLSocketFactory;
>> import java.io.*;
>>
>> public
>> class EchoClient {
>> public
>> static
>> void
>> main(String[] arstring) {
>> try {
>> SSLSocketFactory sslsocketfactory = (SSLSocketFactory)
>> SSLSocketFactory.getDefault();
>> SSLSocket sslsocket = (SSLSocket)
>> sslsocketfactory.createSocket("localhost", 9999);
>> sslsocket.setEnabledCipherSuites(new String[]
>> {"SSL_RSA_EXPORT_WITH_RC4_40_MD5", "SSL_RSA_WITH_RC4_128_MD5"});
>> String[] suported =
>> sslsocket.getSupportedCipherSuites();
>>
>> System.out.println("\n\n\n\n\n\n");
>>
>> for(int i=0; i<suported.length; i++)
>> System.out.println("Supported
>> Cipher Suites: " + suported[i]);
>>
>> InputStream inputstream = System.in;
>> InputStreamReader inputstreamreader = new
>> InputStreamReader(inputstream);
>> BufferedReader bufferedreader = new
>> BufferedReader(inputstreamreader);
>>
>> OutputStream outputstream = sslsocket.getOutputStream();
>> OutputStreamWriter outputstreamwriter = new
>> OutputStreamWriter(outputstream);
>> BufferedWriter bufferedwriter = new
>> BufferedWriter(outputstreamwriter);
>>
>> String string = null;
>> while ((string = bufferedreader.readLine()) != null) {
>> bufferedwriter.write(string + '\n');
>> bufferedwriter.flush();
>> }
>> } catch (Exception exception) {
>> exception.printStackTrace();
>> }
>> }
>> }
>>
>>
>>
>>
>>
>> //SERVER APLICATION
>> private static void addSSLSupport( DefaultIoFilterChainBuilder chain
>> )
>> throws Exception
>> {
>> SSLFilter sslFilter =
>> new SSLFilter( BogusSSLContextFactory.getInstance( true ) );
>> sslFilter.setEnabledCipherSuites(new String[] {
>> "SSL_RSA_EXPORT_WITH_RC4_40_MD5",
>> "SSL_RSA_WITH_RC4_128_MD5"
>> });
>>
>> String[] suported = sslFilter.getEnabledCipherSuites();
>> System.out.println("\n\n\n\n\n\n");
>> for(int i=0; i<suported.length; i++)
>> System.out.println("Supported
>> Cipher Suites: " + suported[i]);
>> System.out.println("\n\n\n\n\n\n");
>>
>>
>> chain.addLast( "sslFilter", sslFilter );
>>
>> System.out.println( "SSL ON" );
>> }
>>
>
--
Niklas Therning
www.spamdrain.net
Re: trouble working with SSL
Posted by "Andre de C. Rodrigues" <an...@gmail.com>.
I'm not sure if the problem is only my client... I've tried using the
HTTP Server mina example instead, that uses SSL too, and it didn't
work. I downloaded the example, compiled and runned the code just as
it is in the site (only fixing the outdated
"org.apache.mina.util.CharsetUtil" import) and it works with SSL
turned off, but if I set the USE_SSL = true; in the main.java file, it
stops working (https://localhost:8080/ doesn't load on firefox).
I thought it might be because the SSLContextFactory class seems to
import a bogus.cert file that doesn't exist. I created it with keytool
using the
keytool -genkey -alias bogus -keysize 512 -validity 3650 -keyalg
RSA -dname "CN=bogus.com, OU=XXX CA, O=Bogus Inc, L=Stockholm,
S=Stockholm, C=SE" -keypass boguspw -storepass boguspw -keystore
bogus.cert
command, just like the comment on SSLContextFactory class says, and
copied the file keytool generated into my src folder. It still didn't
work.
I'm somewhat new to this whole SSL thing, so I think I might be doing
something terribly wrong (I can't even make the MINA example work)...
does anybody have any insight on this?
Thanks for the feedback,
Andre
2007/5/9, Gaston Dombiak <ga...@jivesoftware.com>:
> The "no cipher suites in common" means that there is a problem with the
> certificates. For instance, your client is probably needing RSA certs
> and in your store you only have DSA certs.
>
> -- Gato
>
>
> -----Original Message-----
> From: Andre de C. Rodrigues [mailto:andre.rodriguesv2@gmail.com]
> Sent: Wednesday, May 09, 2007 2:27 PM
> To: dev@mina.apache.org
> Subject: trouble working with SSL
>
> I'm having some trouble making the echo example with SSL enabled work.
> I'm getting an exception caused by "no cipher suites in common":
>
>
>
> javax.net.ssl.SSLHandshakeException: Initial SSL handshake failed.
> at
> org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:440)
> at
> org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageRece
> ived(AbstractIoFilterChain.java:362)
> at
> org.apache.mina.common.support.AbstractIoFilterChain.access$1100(Abstrac
> tIoFilterChain.java:54)
> at
> org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.message
> Received(AbstractIoFilterChain.java:800)
> at
> org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilt
> er.java:247)
> at
> org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run
> (ExecutorFilter.java:307)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown
> Source)
> at java.lang.Thread.run(Unknown Source)
> Caused by: javax.net.ssl.SSLHandshakeException: no cipher suites in
> common
> at com.sun.net.ssl.internal.ssl.Handshaker.checkThrown(Unknown
> Source)
> at
> com.sun.net.ssl.internal.ssl.SSLEngineImpl.checkTaskThrown(Unknown
> Source)
> at
> com.sun.net.ssl.internal.ssl.SSLEngineImpl.writeAppRecord(Unknown
> Source)
> at com.sun.net.ssl.internal.ssl.SSLEngineImpl.wrap(Unknown
> Source)
> at javax.net.ssl.SSLEngine.wrap(Unknown Source)
> at
> org.apache.mina.filter.support.SSLHandler.handshake(SSLHandler.java:555)
> at
> org.apache.mina.filter.support.SSLHandler.messageReceived(SSLHandler.jav
> a:330)
> at
> org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:408)
> ... 8 more
>
>
>
>
> I've tried setting the enabled cipher suites:
> sslsocket.setEnabledCipherSuites(new String[]
> "SSL_RSA_EXPORT_WITH_RC4_40_MD5", "SSL_RSA_WITH_RC4_128_MD5"});
>
> and
>
> sslFilter.setEnabledCipherSuites(new String[] {
> "SSL_RSA_WITH_RC4_128_MD5", "SSL_RSA_WITH_RC4_128_MD5"},
>
> and then printing on System.out the
> sslFilter.getEnabledCipherSuites(); array, and both the client and
> server seem to support both ciphers. What am I doing wrong?
>
> Thanks in advance,
> Andre
>
>
>
> PS: Here's the code for my addSSLSupport() method in the server app
> and the client app:
>
>
>
> // CLIENT APLICATION
> import javax.net.ssl.SSLSocket;
> import javax.net.ssl.SSLSocketFactory;
> import java.io.*;
>
> public
> class EchoClient {
> public
> static
> void
> main(String[] arstring) {
> try {
> SSLSocketFactory sslsocketfactory = (SSLSocketFactory)
> SSLSocketFactory.getDefault();
> SSLSocket sslsocket = (SSLSocket)
> sslsocketfactory.createSocket("localhost", 9999);
> sslsocket.setEnabledCipherSuites(new String[]
> {"SSL_RSA_EXPORT_WITH_RC4_40_MD5", "SSL_RSA_WITH_RC4_128_MD5"});
> String[] suported =
> sslsocket.getSupportedCipherSuites();
>
> System.out.println("\n\n\n\n\n\n");
>
> for(int i=0; i<suported.length; i++)
> System.out.println("Supported
> Cipher Suites: " + suported[i]);
>
> InputStream inputstream = System.in;
> InputStreamReader inputstreamreader = new
> InputStreamReader(inputstream);
> BufferedReader bufferedreader = new
> BufferedReader(inputstreamreader);
>
> OutputStream outputstream = sslsocket.getOutputStream();
> OutputStreamWriter outputstreamwriter = new
> OutputStreamWriter(outputstream);
> BufferedWriter bufferedwriter = new
> BufferedWriter(outputstreamwriter);
>
> String string = null;
> while ((string = bufferedreader.readLine()) != null) {
> bufferedwriter.write(string + '\n');
> bufferedwriter.flush();
> }
> } catch (Exception exception) {
> exception.printStackTrace();
> }
> }
> }
>
>
>
>
>
> //SERVER APLICATION
> private static void addSSLSupport( DefaultIoFilterChainBuilder chain
> )
> throws Exception
> {
> SSLFilter sslFilter =
> new SSLFilter( BogusSSLContextFactory.getInstance( true ) );
> sslFilter.setEnabledCipherSuites(new String[] {
> "SSL_RSA_EXPORT_WITH_RC4_40_MD5",
> "SSL_RSA_WITH_RC4_128_MD5"
> });
>
> String[] suported = sslFilter.getEnabledCipherSuites();
> System.out.println("\n\n\n\n\n\n");
> for(int i=0; i<suported.length; i++)
> System.out.println("Supported
> Cipher Suites: " + suported[i]);
> System.out.println("\n\n\n\n\n\n");
>
>
> chain.addLast( "sslFilter", sslFilter );
>
> System.out.println( "SSL ON" );
> }
>
RE: trouble working with SSL
Posted by Gaston Dombiak <ga...@jivesoftware.com>.
The "no cipher suites in common" means that there is a problem with the
certificates. For instance, your client is probably needing RSA certs
and in your store you only have DSA certs.
-- Gato
-----Original Message-----
From: Andre de C. Rodrigues [mailto:andre.rodriguesv2@gmail.com]
Sent: Wednesday, May 09, 2007 2:27 PM
To: dev@mina.apache.org
Subject: trouble working with SSL
I'm having some trouble making the echo example with SSL enabled work.
I'm getting an exception caused by "no cipher suites in common":
javax.net.ssl.SSLHandshakeException: Initial SSL handshake failed.
at
org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:440)
at
org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageRece
ived(AbstractIoFilterChain.java:362)
at
org.apache.mina.common.support.AbstractIoFilterChain.access$1100(Abstrac
tIoFilterChain.java:54)
at
org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.message
Received(AbstractIoFilterChain.java:800)
at
org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilt
er.java:247)
at
org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run
(ExecutorFilter.java:307)
at
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown
Source)
at java.lang.Thread.run(Unknown Source)
Caused by: javax.net.ssl.SSLHandshakeException: no cipher suites in
common
at com.sun.net.ssl.internal.ssl.Handshaker.checkThrown(Unknown
Source)
at
com.sun.net.ssl.internal.ssl.SSLEngineImpl.checkTaskThrown(Unknown
Source)
at
com.sun.net.ssl.internal.ssl.SSLEngineImpl.writeAppRecord(Unknown
Source)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.wrap(Unknown
Source)
at javax.net.ssl.SSLEngine.wrap(Unknown Source)
at
org.apache.mina.filter.support.SSLHandler.handshake(SSLHandler.java:555)
at
org.apache.mina.filter.support.SSLHandler.messageReceived(SSLHandler.jav
a:330)
at
org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:408)
... 8 more
I've tried setting the enabled cipher suites:
sslsocket.setEnabledCipherSuites(new String[]
"SSL_RSA_EXPORT_WITH_RC4_40_MD5", "SSL_RSA_WITH_RC4_128_MD5"});
and
sslFilter.setEnabledCipherSuites(new String[] {
"SSL_RSA_WITH_RC4_128_MD5", "SSL_RSA_WITH_RC4_128_MD5"},
and then printing on System.out the
sslFilter.getEnabledCipherSuites(); array, and both the client and
server seem to support both ciphers. What am I doing wrong?
Thanks in advance,
Andre
PS: Here's the code for my addSSLSupport() method in the server app
and the client app:
// CLIENT APLICATION
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import java.io.*;
public
class EchoClient {
public
static
void
main(String[] arstring) {
try {
SSLSocketFactory sslsocketfactory = (SSLSocketFactory)
SSLSocketFactory.getDefault();
SSLSocket sslsocket = (SSLSocket)
sslsocketfactory.createSocket("localhost", 9999);
sslsocket.setEnabledCipherSuites(new String[]
{"SSL_RSA_EXPORT_WITH_RC4_40_MD5", "SSL_RSA_WITH_RC4_128_MD5"});
String[] suported =
sslsocket.getSupportedCipherSuites();
System.out.println("\n\n\n\n\n\n");
for(int i=0; i<suported.length; i++)
System.out.println("Supported
Cipher Suites: " + suported[i]);
InputStream inputstream = System.in;
InputStreamReader inputstreamreader = new
InputStreamReader(inputstream);
BufferedReader bufferedreader = new
BufferedReader(inputstreamreader);
OutputStream outputstream = sslsocket.getOutputStream();
OutputStreamWriter outputstreamwriter = new
OutputStreamWriter(outputstream);
BufferedWriter bufferedwriter = new
BufferedWriter(outputstreamwriter);
String string = null;
while ((string = bufferedreader.readLine()) != null) {
bufferedwriter.write(string + '\n');
bufferedwriter.flush();
}
} catch (Exception exception) {
exception.printStackTrace();
}
}
}
//SERVER APLICATION
private static void addSSLSupport( DefaultIoFilterChainBuilder chain
)
throws Exception
{
SSLFilter sslFilter =
new SSLFilter( BogusSSLContextFactory.getInstance( true ) );
sslFilter.setEnabledCipherSuites(new String[] {
"SSL_RSA_EXPORT_WITH_RC4_40_MD5",
"SSL_RSA_WITH_RC4_128_MD5"
});
String[] suported = sslFilter.getEnabledCipherSuites();
System.out.println("\n\n\n\n\n\n");
for(int i=0; i<suported.length; i++)
System.out.println("Supported
Cipher Suites: " + suported[i]);
System.out.println("\n\n\n\n\n\n");
chain.addLast( "sslFilter", sslFilter );
System.out.println( "SSL ON" );
}