I'm not sure if the problem is only my client... I've tried using the HTTP Server mina example instead, that uses SSL too, and it didn't work. I downloaded the example, compiled and runned the code just as it is in the site (only fixing the outdated "org.apache.mina.util.CharsetUtil" import) and it works with SSL turned off, but if I set the USE_SSL = true; in the main.java file, it stops working (https://localhost:8080/ doesn't load on firefox).
I thought it might be because the SSLContextFactory class seems to import a bogus.cert file that doesn't exist. I created it with keytool using the keytool -genkey -alias bogus -keysize 512 -validity 3650 -keyalg RSA -dname "CN=bogus.com, OU=XXX CA, O=Bogus Inc, L=Stockholm, S=Stockholm, C=SE" -keypass boguspw -storepass boguspw -keystore bogus.cert command, just like the comment on SSLContextFactory class says, and copied the file keytool generated into my src folder. It still didn't work. I'm somewhat new to this whole SSL thing, so I think I might be doing something terribly wrong (I can't even make the MINA example work)... does anybody have any insight on this? Thanks for the feedback, Andre 2007/5/9, Gaston Dombiak <[EMAIL PROTECTED]>:
The "no cipher suites in common" means that there is a problem with the certificates. For instance, your client is probably needing RSA certs and in your store you only have DSA certs. -- Gato -----Original Message----- From: Andre de C. Rodrigues [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 09, 2007 2:27 PM To: [email protected] Subject: trouble working with SSL I'm having some trouble making the echo example with SSL enabled work. I'm getting an exception caused by "no cipher suites in common": javax.net.ssl.SSLHandshakeException: Initial SSL handshake failed. at org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:440) at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageRece ived(AbstractIoFilterChain.java:362) at org.apache.mina.common.support.AbstractIoFilterChain.access$1100(Abstrac tIoFilterChain.java:54) at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.message Received(AbstractIoFilterChain.java:800) at org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilt er.java:247) at org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run (ExecutorFilter.java:307) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source) at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at java.lang.Thread.run(Unknown Source) Caused by: javax.net.ssl.SSLHandshakeException: no cipher suites in common at com.sun.net.ssl.internal.ssl.Handshaker.checkThrown(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLEngineImpl.checkTaskThrown(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLEngineImpl.writeAppRecord(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLEngineImpl.wrap(Unknown Source) at javax.net.ssl.SSLEngine.wrap(Unknown Source) at org.apache.mina.filter.support.SSLHandler.handshake(SSLHandler.java:555) at org.apache.mina.filter.support.SSLHandler.messageReceived(SSLHandler.jav a:330) at org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:408) ... 8 more I've tried setting the enabled cipher suites: sslsocket.setEnabledCipherSuites(new String[] "SSL_RSA_EXPORT_WITH_RC4_40_MD5", "SSL_RSA_WITH_RC4_128_MD5"}); and sslFilter.setEnabledCipherSuites(new String[] { "SSL_RSA_WITH_RC4_128_MD5", "SSL_RSA_WITH_RC4_128_MD5"}, and then printing on System.out the sslFilter.getEnabledCipherSuites(); array, and both the client and server seem to support both ciphers. What am I doing wrong? Thanks in advance, Andre PS: Here's the code for my addSSLSupport() method in the server app and the client app: // CLIENT APLICATION import javax.net.ssl.SSLSocket; import javax.net.ssl.SSLSocketFactory; import java.io.*; public class EchoClient { public static void main(String[] arstring) { try { SSLSocketFactory sslsocketfactory = (SSLSocketFactory) SSLSocketFactory.getDefault(); SSLSocket sslsocket = (SSLSocket) sslsocketfactory.createSocket("localhost", 9999); sslsocket.setEnabledCipherSuites(new String[] {"SSL_RSA_EXPORT_WITH_RC4_40_MD5", "SSL_RSA_WITH_RC4_128_MD5"}); String[] suported = sslsocket.getSupportedCipherSuites(); System.out.println("\n\n\n\n\n\n"); for(int i=0; i<suported.length; i++) System.out.println("Supported Cipher Suites: " + suported[i]); InputStream inputstream = System.in; InputStreamReader inputstreamreader = new InputStreamReader(inputstream); BufferedReader bufferedreader = new BufferedReader(inputstreamreader); OutputStream outputstream = sslsocket.getOutputStream(); OutputStreamWriter outputstreamwriter = new OutputStreamWriter(outputstream); BufferedWriter bufferedwriter = new BufferedWriter(outputstreamwriter); String string = null; while ((string = bufferedreader.readLine()) != null) { bufferedwriter.write(string + '\n'); bufferedwriter.flush(); } } catch (Exception exception) { exception.printStackTrace(); } } } //SERVER APLICATION private static void addSSLSupport( DefaultIoFilterChainBuilder chain ) throws Exception { SSLFilter sslFilter = new SSLFilter( BogusSSLContextFactory.getInstance( true ) ); sslFilter.setEnabledCipherSuites(new String[] { "SSL_RSA_EXPORT_WITH_RC4_40_MD5", "SSL_RSA_WITH_RC4_128_MD5" }); String[] suported = sslFilter.getEnabledCipherSuites(); System.out.println("\n\n\n\n\n\n"); for(int i=0; i<suported.length; i++) System.out.println("Supported Cipher Suites: " + suported[i]); System.out.println("\n\n\n\n\n\n"); chain.addLast( "sslFilter", sslFilter ); System.out.println( "SSL ON" ); }
