what version of Firefox and what cipher suites is Firefox set up to accept? I cannot get the trunk working.
On 5/10/07, Niklas Therning <[EMAIL PROTECTED]> wrote:
What version of MINA are you using? I can connect with Firefox (both SSL/no SSL) without any problems when using the current trunk (latest version from the source code repository). /Niklas Andre de C. Rodrigues wrote: > I'm not sure if the problem is only my client... I've tried using the > HTTP Server mina example instead, that uses SSL too, and it didn't > work. I downloaded the example, compiled and runned the code just as > it is in the site (only fixing the outdated > "org.apache.mina.util.CharsetUtil" import) and it works with SSL > turned off, but if I set the USE_SSL = true; in the main.java file, it > stops working (https://localhost:8080/ doesn't load on firefox). > > I thought it might be because the SSLContextFactory class seems to > import a bogus.cert file that doesn't exist. I created it with keytool > using the > keytool -genkey -alias bogus -keysize 512 -validity 3650 -keyalg > RSA -dname "CN=bogus.com, OU=XXX CA, O=Bogus Inc, L=Stockholm, > S=Stockholm, C=SE" -keypass boguspw -storepass boguspw -keystore > bogus.cert > command, just like the comment on SSLContextFactory class says, and > copied the file keytool generated into my src folder. It still didn't > work. > > I'm somewhat new to this whole SSL thing, so I think I might be doing > something terribly wrong (I can't even make the MINA example work)... > does anybody have any insight on this? > > Thanks for the feedback, > Andre > > 2007/5/9, Gaston Dombiak <[EMAIL PROTECTED]>: >> The "no cipher suites in common" means that there is a problem with the >> certificates. For instance, your client is probably needing RSA certs >> and in your store you only have DSA certs. >> >> -- Gato >> >> >> -----Original Message----- >> From: Andre de C. Rodrigues [mailto:[EMAIL PROTECTED] >> Sent: Wednesday, May 09, 2007 2:27 PM >> To: [email protected] >> Subject: trouble working with SSL >> >> I'm having some trouble making the echo example with SSL enabled work. >> I'm getting an exception caused by "no cipher suites in common": >> >> >> >> javax.net.ssl.SSLHandshakeException: Initial SSL handshake failed. >> at >> org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:440) >> at >> org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageRece >> ived(AbstractIoFilterChain.java:362) >> at >> org.apache.mina.common.support.AbstractIoFilterChain.access$1100 (Abstrac >> tIoFilterChain.java:54) >> at >> org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.message >> Received(AbstractIoFilterChain.java:800) >> at >> org.apache.mina.filter.executor.ExecutorFilter.processEvent (ExecutorFilt >> er.java:247) >> at >> org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run >> (ExecutorFilter.java:307) >> at >> java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source) >> at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown >> Source) >> at java.lang.Thread.run(Unknown Source) >> Caused by: javax.net.ssl.SSLHandshakeException: no cipher suites in >> common >> at com.sun.net.ssl.internal.ssl.Handshaker.checkThrown(Unknown >> Source) >> at >> com.sun.net.ssl.internal.ssl.SSLEngineImpl.checkTaskThrown(Unknown >> Source) >> at >> com.sun.net.ssl.internal.ssl.SSLEngineImpl.writeAppRecord(Unknown >> Source) >> at com.sun.net.ssl.internal.ssl.SSLEngineImpl.wrap(Unknown >> Source) >> at javax.net.ssl.SSLEngine.wrap(Unknown Source) >> at >> org.apache.mina.filter.support.SSLHandler.handshake(SSLHandler.java :555) >> at >> org.apache.mina.filter.support.SSLHandler.messageReceived( SSLHandler.jav >> a:330) >> at >> org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:408) >> ... 8 more >> >> >> >> >> I've tried setting the enabled cipher suites: >> sslsocket.setEnabledCipherSuites(new String[] >> "SSL_RSA_EXPORT_WITH_RC4_40_MD5", "SSL_RSA_WITH_RC4_128_MD5"}); >> >> and >> >> sslFilter.setEnabledCipherSuites(new String[] { >> "SSL_RSA_WITH_RC4_128_MD5", "SSL_RSA_WITH_RC4_128_MD5"}, >> >> and then printing on System.out the >> sslFilter.getEnabledCipherSuites(); array, and both the client and >> server seem to support both ciphers. What am I doing wrong? >> >> Thanks in advance, >> Andre >> >> >> >> PS: Here's the code for my addSSLSupport() method in the server app >> and the client app: >> >> >> >> // CLIENT APLICATION >> import javax.net.ssl.SSLSocket; >> import javax.net.ssl.SSLSocketFactory; >> import java.io.*; >> >> public >> class EchoClient { >> public >> static >> void >> main(String[] arstring) { >> try { >> SSLSocketFactory sslsocketfactory = (SSLSocketFactory) >> SSLSocketFactory.getDefault(); >> SSLSocket sslsocket = (SSLSocket) >> sslsocketfactory.createSocket("localhost", 9999); >> sslsocket.setEnabledCipherSuites(new String[] >> {"SSL_RSA_EXPORT_WITH_RC4_40_MD5", "SSL_RSA_WITH_RC4_128_MD5"}); >> String[] suported = >> sslsocket.getSupportedCipherSuites(); >> >> System.out.println("\n\n\n\n\n\n"); >> >> for(int i=0; i<suported.length; i++) >> System.out.println("Supported >> Cipher Suites: " + suported[i]); >> >> InputStream inputstream = System.in; >> InputStreamReader inputstreamreader = new >> InputStreamReader(inputstream); >> BufferedReader bufferedreader = new >> BufferedReader(inputstreamreader); >> >> OutputStream outputstream = sslsocket.getOutputStream(); >> OutputStreamWriter outputstreamwriter = new >> OutputStreamWriter(outputstream); >> BufferedWriter bufferedwriter = new >> BufferedWriter(outputstreamwriter); >> >> String string = null; >> while ((string = bufferedreader.readLine()) != null) { >> bufferedwriter.write(string + '\n'); >> bufferedwriter.flush(); >> } >> } catch (Exception exception) { >> exception.printStackTrace(); >> } >> } >> } >> >> >> >> >> >> //SERVER APLICATION >> private static void addSSLSupport( DefaultIoFilterChainBuilder chain >> ) >> throws Exception >> { >> SSLFilter sslFilter = >> new SSLFilter( BogusSSLContextFactory.getInstance( true ) ); >> sslFilter.setEnabledCipherSuites(new String[] { >> "SSL_RSA_EXPORT_WITH_RC4_40_MD5", >> "SSL_RSA_WITH_RC4_128_MD5" >> }); >> >> String[] suported = sslFilter.getEnabledCipherSuites(); >> System.out.println("\n\n\n\n\n\n"); >> for(int i=0; i<suported.length; i++) >> System.out.println("Supported >> Cipher Suites: " + suported[i]); >> System.out.println("\n\n\n\n\n\n"); >> >> >> chain.addLast( "sslFilter", sslFilter ); >> >> System.out.println( "SSL ON" ); >> } >> > -- Niklas Therning www.spamdrain.net
-- ..Cheers Mark
