Re: Problems in using TLS

Daniel Kulp Thu, 27 Mar 2008 11:38:32 -0700

I don't suppose there would be any chance of you trying the 2.0.5 stuff 
we're voting on?
http://people.apache.org/~dkulp/stage_cxf/2.0.5-incubator/


I made some changes to the TLS stuff in 2.0.5 to make it work better and 
with less configuration.

Dan



On Thursday 27 March 2008, brmaguir wrote:
> Hey,
>
> I'm trying to communicate with a web service using Apache CXF using
> TLS. When I specify TLS in the cxf.xml file using:
>
>                 <http-conf:tlsClientParameters
> secureSocketProtocol="TLS"> <sec:trustManagers>
>                               <sec:keyStore password="password"
> url="file:\C:/path/to/keystore"/> </sec:trustManagers>
>                       <sec:cipherSuitesFilter>
>                               <sec:include>.*.*.</sec:include>
>                       </sec:cipherSuitesFilter>
>               </http-conf:tlsClientParameters>
>
> it is failing with the following error:
>
> 27-Mar-2008 11:06:03 org.apache.cxf.phase.PhaseInterceptorChain
> doIntercept INFO: Interceptor has thrown exception, unwinding now
> org.apache.cxf.interceptor.Fault: Connection reset
>       at
> org.apache.cxf.interceptor.AbstractOutDatabindingInterceptor.writePart
>s(AbstractOutDat abindingInterceptor.java:75)
>       at
> org.apache.cxf.interceptor.BareOutInterceptor.handleMessage(BareOutInt
>erceptor.java:68 )
>       at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseIntercepto
>rChain.java:207) at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:254) at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:205) at
> org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73) at
> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:135
>) at $Proxy35.login(Unknown Source)
>       at thirdPartyAPI.test.Test.loginAppuser(Test.java:135)
>       at thirdPartyAPI.test.Test.main(Test.java:61)
> Caused by: com.ctc.wstx.exc.WstxIOException: Connection reset
>       at com.ctc.wstx.sw.BaseStreamWriter.flush(BaseStreamWriter.java:313)
>       at
> org.apache.cxf.interceptor.AbstractOutDatabindingInterceptor.writePart
>s(AbstractOutDat abindingInterceptor.java:73)
>       ... 9 more
> Caused by: java.net.SocketException: Connection reset
>       at java.net.SocketInputStream.read(Unknown Source)
>       at com.sun.net.ssl.internal.ssl.InputRecord.readFully(Unknown Source)
>       at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown Source)
>       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown
> Source) at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unk
>nown Source)
>       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
> Source)
>       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
> Source)
>       at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown
> Source) at
> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(
>Unknown Source)
>       at
> sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown
> Source)
>       at
> sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unkn
>own Source)
>       at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHe
>adersTrustCachin g(HTTPConduit.java:1766)
>       at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstW
>rite(HTTPConduit .java:1734)
>       at
> org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOut
>putStream.java:4 2)
>       at com.ctc.wstx.io.UTF8Writer.flush(UTF8Writer.java:96)
>       at
> com.ctc.wstx.sw.BufferingXmlWriter.flush(BufferingXmlWriter.java:214)
> at com.ctc.wstx.sw.BaseStreamWriter.flush(BaseStreamWriter.java:311)
> ... 10 more
> Exception in thread "main" javax.xml.ws.soap.SOAPFaultException:
> Connection reset
>       at
> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:175
>) at $Proxy35.login(Unknown Source)
>       at thirdPartyAPI.test.Test.loginAppuser(Test.java:135)
>       at thirdPartyAPI.test.Test.main(Test.java:61)
> Caused by: org.apache.cxf.interceptor.Fault: Connection reset
>       at
> org.apache.cxf.interceptor.AbstractOutDatabindingInterceptor.writePart
>s(AbstractOutDat abindingInterceptor.java:75)
>       at
> org.apache.cxf.interceptor.BareOutInterceptor.handleMessage(BareOutInt
>erceptor.java:68 )
>       at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseIntercepto
>rChain.java:207) at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:254) at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:205) at
> org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73) at
> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:135
>) ... 3 more
> Caused by: com.ctc.wstx.exc.WstxIOException: Connection reset
>       at com.ctc.wstx.sw.BaseStreamWriter.flush(BaseStreamWriter.java:313)
>       at
> org.apache.cxf.interceptor.AbstractOutDatabindingInterceptor.writePart
>s(AbstractOutDat abindingInterceptor.java:73)
>       ... 9 more
> Caused by: java.net.SocketException: Connection reset
>       at java.net.SocketInputStream.read(Unknown Source)
>       at com.sun.net.ssl.internal.ssl.InputRecord.readFully(Unknown Source)
>       at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown Source)
>       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown
> Source) at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unk
>nown Source)
>       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
> Source)
>       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
> Source)
>       at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown
> Source) at
> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(
>Unknown Source)
>       at
> sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown
> Source)
>       at
> sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unkn
>own Source)
>       at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHe
>adersTrustCachin g(HTTPConduit.java:1766)
>       at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstW
>rite(HTTPConduit .java:1734)
>       at
> org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOut
>putStream.java:4 2)
>       at com.ctc.wstx.io.UTF8Writer.flush(UTF8Writer.java:96)
>       at
> com.ctc.wstx.sw.BufferingXmlWriter.flush(BufferingXmlWriter.java:214)
> at com.ctc.wstx.sw.BaseStreamWriter.flush(BaseStreamWriter.java:311)
> ... 10 more
>
>
> When I look at the trace in wireshark it shows the outgoing message
> from the CXF client as been SSLv2. The server then sends back a TCP
> RST. I've also tried using "TLSv1" and "SSLv3" as the protocol but the
> client uses SSLv2 regardless.
>
> I've also tried specifying the protocol via the code using:
>
>                 Client c = ClientProxy.getClient(port);
>               HTTPConduit conduit = (HTTPConduit) c.getConduit();
>               TLSClientParameters params = conduit.getTlsClientParameters();
>               params.setSecureSocketProtocol("TLS");
>               conduit.setTlsClientParameters(params);
>
> This still makes no difference.
>
> Any ideas on what's going wrong / how to fix it? Any help would be
> greatly appreciated.
>
> Regards,
> Brendan



-- 
J. Daniel Kulp
Principal Engineer, IONA
[EMAIL PROTECTED]
http://www.dankulp.com/blog

Re: Problems in using TLS

Reply via email to