Actually, I was using the latest stable release (1.1). I just tried using the current trunk, though, and still no success.
I've also tried using another security certificate, the one generated by: keytool -genkey -keystore mySrvKeystore -keyalg RSA To do this, I changed the BOGUS_KEYSTORE variable in BogusSSLContextFactory.java to mySrvKeystore, placed the mySvrKeystore file in this project's src folder and changed the BOGUS_PW array to mySrvKeystore's password. I'm getting the same error as before: the server console throws an exception caused by "no cipher suites in common" and firefox's error message states that "Firefox can't connect securely to localhost because the site uses a security protocol which isn't enabled". Andre 2007/5/10, Mark <[EMAIL PROTECTED]>:
Have you tried the code from the trunk with actual certificates? I am having problems with a server cert I generated using OpenSSL. -- ..Cheers Mark On 5/10/07, Niklas Therning <[EMAIL PROTECTED]> wrote: > > What version of MINA are you using? I can connect with Firefox (both > SSL/no SSL) without any problems when using the current trunk (latest > version from the source code repository). > > /Niklas > > Andre de C. Rodrigues wrote: > > I'm not sure if the problem is only my client... I've tried using the > > HTTP Server mina example instead, that uses SSL too, and it didn't > > work. I downloaded the example, compiled and runned the code just as > > it is in the site (only fixing the outdated > > "org.apache.mina.util.CharsetUtil" import) and it works with SSL > > turned off, but if I set the USE_SSL = true; in the main.java file, it > > stops working (https://localhost:8080/ doesn't load on firefox). > > > > I thought it might be because the SSLContextFactory class seems to > > import a bogus.cert file that doesn't exist. I created it with keytool > > using the > > keytool -genkey -alias bogus -keysize 512 -validity 3650 -keyalg > > RSA -dname "CN=bogus.com, OU=XXX CA, O=Bogus Inc, L=Stockholm, > > S=Stockholm, C=SE" -keypass boguspw -storepass boguspw -keystore > > bogus.cert > > command, just like the comment on SSLContextFactory class says, and > > copied the file keytool generated into my src folder. It still didn't > > work. > > > > I'm somewhat new to this whole SSL thing, so I think I might be doing > > something terribly wrong (I can't even make the MINA example work)... > > does anybody have any insight on this? > > > > Thanks for the feedback, > > Andre > > > > 2007/5/9, Gaston Dombiak <[EMAIL PROTECTED]>: > >> The "no cipher suites in common" means that there is a problem with the > >> certificates. For instance, your client is probably needing RSA certs > >> and in your store you only have DSA certs. > >> > >> -- Gato > >> > >> > >> -----Original Message----- > >> From: Andre de C. Rodrigues [mailto:[EMAIL PROTECTED] > >> Sent: Wednesday, May 09, 2007 2:27 PM > >> To: [email protected] > >> Subject: trouble working with SSL > >> > >> I'm having some trouble making the echo example with SSL enabled work. > >> I'm getting an exception caused by "no cipher suites in common": > >> > >> > >> > >> javax.net.ssl.SSLHandshakeException: Initial SSL handshake failed. > >> at > >> org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:440) > >> at > >> > org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageRece > >> ived(AbstractIoFilterChain.java:362) > >> at > >> org.apache.mina.common.support.AbstractIoFilterChain.access$1100 > (Abstrac > >> tIoFilterChain.java:54) > >> at > >> > org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.message > >> Received(AbstractIoFilterChain.java:800) > >> at > >> org.apache.mina.filter.executor.ExecutorFilter.processEvent > (ExecutorFilt > >> er.java:247) > >> at > >> > org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run > >> (ExecutorFilter.java:307) > >> at > >> java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source) > >> at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown > >> Source) > >> at java.lang.Thread.run(Unknown Source) > >> Caused by: javax.net.ssl.SSLHandshakeException: no cipher suites in > >> common > >> at com.sun.net.ssl.internal.ssl.Handshaker.checkThrown(Unknown > >> Source) > >> at > >> com.sun.net.ssl.internal.ssl.SSLEngineImpl.checkTaskThrown(Unknown > >> Source) > >> at > >> com.sun.net.ssl.internal.ssl.SSLEngineImpl.writeAppRecord(Unknown > >> Source) > >> at com.sun.net.ssl.internal.ssl.SSLEngineImpl.wrap(Unknown > >> Source) > >> at javax.net.ssl.SSLEngine.wrap(Unknown Source) > >> at > >> org.apache.mina.filter.support.SSLHandler.handshake(SSLHandler.java > :555) > >> at > >> org.apache.mina.filter.support.SSLHandler.messageReceived( > SSLHandler.jav > >> a:330) > >> at > >> org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:408) > >> ... 8 more > >> > >> > >> > >> > >> I've tried setting the enabled cipher suites: > >> sslsocket.setEnabledCipherSuites(new String[] > >> "SSL_RSA_EXPORT_WITH_RC4_40_MD5", "SSL_RSA_WITH_RC4_128_MD5"}); > >> > >> and > >> > >> sslFilter.setEnabledCipherSuites(new String[] { > >> "SSL_RSA_WITH_RC4_128_MD5", "SSL_RSA_WITH_RC4_128_MD5"}, > >> > >> and then printing on System.out the > >> sslFilter.getEnabledCipherSuites(); array, and both the client and > >> server seem to support both ciphers. What am I doing wrong? > >> > >> Thanks in advance, > >> Andre > >> > >> > >> > >> PS: Here's the code for my addSSLSupport() method in the server app > >> and the client app: > >> > >> > >> > >> // CLIENT APLICATION > >> import javax.net.ssl.SSLSocket; > >> import javax.net.ssl.SSLSocketFactory; > >> import java.io.*; > >> > >> public > >> class EchoClient { > >> public > >> static > >> void > >> main(String[] arstring) { > >> try { > >> SSLSocketFactory sslsocketfactory = (SSLSocketFactory) > >> SSLSocketFactory.getDefault(); > >> SSLSocket sslsocket = (SSLSocket) > >> sslsocketfactory.createSocket("localhost", 9999); > >> sslsocket.setEnabledCipherSuites(new String[] > >> {"SSL_RSA_EXPORT_WITH_RC4_40_MD5", "SSL_RSA_WITH_RC4_128_MD5"}); > >> String[] suported = > >> sslsocket.getSupportedCipherSuites(); > >> > >> System.out.println("\n\n\n\n\n\n"); > >> > >> for(int i=0; i<suported.length; i++) > >> System.out.println("Supported > >> Cipher Suites: " + suported[i]); > >> > >> InputStream inputstream = System.in; > >> InputStreamReader inputstreamreader = new > >> InputStreamReader(inputstream); > >> BufferedReader bufferedreader = new > >> BufferedReader(inputstreamreader); > >> > >> OutputStream outputstream = sslsocket.getOutputStream(); > >> OutputStreamWriter outputstreamwriter = new > >> OutputStreamWriter(outputstream); > >> BufferedWriter bufferedwriter = new > >> BufferedWriter(outputstreamwriter); > >> > >> String string = null; > >> while ((string = bufferedreader.readLine()) != null) { > >> bufferedwriter.write(string + '\n'); > >> bufferedwriter.flush(); > >> } > >> } catch (Exception exception) { > >> exception.printStackTrace(); > >> } > >> } > >> } > >> > >> > >> > >> > >> > >> //SERVER APLICATION > >> private static void addSSLSupport( DefaultIoFilterChainBuilder > chain > >> ) > >> throws Exception > >> { > >> SSLFilter sslFilter = > >> new SSLFilter( BogusSSLContextFactory.getInstance( true ) > ); > >> sslFilter.setEnabledCipherSuites(new String[] { > >> "SSL_RSA_EXPORT_WITH_RC4_40_MD5", > >> "SSL_RSA_WITH_RC4_128_MD5" > >> }); > >> > >> String[] suported = sslFilter.getEnabledCipherSuites(); > >> System.out.println("\n\n\n\n\n\n"); > >> for(int i=0; i<suported.length; i++) > >> System.out.println("Supported > >> Cipher Suites: " + suported[i]); > >> System.out.println("\n\n\n\n\n\n"); > >> > >> > >> chain.addLast( "sslFilter", sslFilter ); > >> > >> System.out.println( "SSL ON" ); > >> } > >> > > > > > -- > Niklas Therning > www.spamdrain.net > >
