All I did was to run the org.apache.mina.example.httpserver.stream.Main example (after setting USE_SSL=true) from within Eclipse. I'm using Firefox 2.0 in Ubuntu Feisty. It's using the bogus certificate. I've tried both with Sun's Java 1.5 and Java 1.6:
java version "1.5.0_11" Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_11-b03) Java HotSpot(TM) Client VM (build 1.5.0_11-b03, mixed mode, sharing) java version "1.6.0" Java(TM) SE Runtime Environment (build 1.6.0-b105) Java HotSpot(TM) Client VM (build 1.6.0-b105, mixed mode, sharing) You could also try to connect using openssl and see what it says: openssl s_client -connect localhost:8081 Enter GET / followed by enter twice /Niklas Mark wrote: > Seems like no matter what I try or do, the cipher from the SSLSession > object > in SSLHandler.handshake always says that the cipher is > SSL_NULL_WITH_NULL_NULL. I have tried using the > BogusSSLContextFactory and > SSLContext.getDefault() in the SSLFilter with no luck. When I try to set > SSL_NULL_WITH_NULL_NULL as a supported cipher in the SSLFilter, I get an > exception stating "Unsupported ciphersuite SSL_NULL_WITH_NULL_NULL". > > I have tried Firefox on Linux and Windows, Internet Explorer on > Windows and > SeaMonkey on Linux. > > > On 5/10/07, Mark <[EMAIL PROTECTED]> wrote: >> >> what version of Firefox and what cipher suites is Firefox set up to >> accept? I cannot get the trunk working. >> >> On 5/10/07, Niklas Therning < [EMAIL PROTECTED]> wrote: >> > >> > What version of MINA are you using? I can connect with Firefox (both >> > SSL/no SSL) without any problems when using the current trunk (latest >> > version from the source code repository). >> > >> > /Niklas >> > >> > Andre de C. Rodrigues wrote: >> > > I'm not sure if the problem is only my client... I've tried using >> the >> > > HTTP Server mina example instead, that uses SSL too, and it didn't >> > > work. I downloaded the example, compiled and runned the code just as >> > > it is in the site (only fixing the outdated >> > > " org.apache.mina.util.CharsetUtil" import) and it works with SSL >> > > turned off, but if I set the USE_SSL = true; in the main.java >> file, it >> > > stops working (https://localhost:8080/ doesn't load on firefox). >> > > >> > > I thought it might be because the SSLContextFactory class seems to >> > > import a bogus.cert file that doesn't exist. I created it with >> keytool >> > > using the >> > > keytool -genkey -alias bogus -keysize 512 -validity 3650 -keyalg >> > > RSA -dname "CN=bogus.com, OU=XXX CA, O=Bogus Inc, L=Stockholm, >> > > S=Stockholm, C=SE" -keypass boguspw -storepass boguspw -keystore >> > > bogus.cert >> > > command, just like the comment on SSLContextFactory class says, and >> > > copied the file keytool generated into my src folder. It still >> didn't >> > > work. >> > > >> > > I'm somewhat new to this whole SSL thing, so I think I might be >> doing >> > > something terribly wrong (I can't even make the MINA example >> work)... >> > > does anybody have any insight on this? >> > > >> > > Thanks for the feedback, >> > > Andre >> > > >> > > 2007/5/9, Gaston Dombiak < [EMAIL PROTECTED]>: >> > >> The "no cipher suites in common" means that there is a problem with >> > the >> > >> certificates. For instance, your client is probably needing RSA >> certs >> > >> > >> and in your store you only have DSA certs. >> > >> >> > >> -- Gato >> > >> >> > >> >> > >> -----Original Message----- >> > >> From: Andre de C. Rodrigues [mailto: [EMAIL PROTECTED] >> > >> Sent: Wednesday, May 09, 2007 2:27 PM >> > >> To: [email protected] >> > >> Subject: trouble working with SSL >> > >> >> > >> I'm having some trouble making the echo example with SSL enabled >> > work. >> > >> I'm getting an exception caused by "no cipher suites in common": >> > >> >> > >> >> > >> >> > >> javax.net.ssl.SSLHandshakeException: Initial SSL handshake failed. >> > >> at >> > >> >> org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:440) >> > >> at >> > >> >> > >> org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageRece >> > >> ived(AbstractIoFilterChain.java:362) >> > >> at >> > >> org.apache.mina.common.support.AbstractIoFilterChain.access$1100 >> > (Abstrac >> > >> tIoFilterChain.java:54) >> > >> at >> > >> >> > >> org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.message >> > >> Received(AbstractIoFilterChain.java:800) >> > >> at >> > >> >> org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilt >> > >> > >> er.java:247) >> > >> at >> > >> >> > >> org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run >> > >> (ExecutorFilter.java:307) >> > >> at >> > >> java.util.concurrent.ThreadPoolExecutor$Worker.runTask (Unknown >> > Source) >> > >> at >> java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown >> > >> Source) >> > >> at java.lang.Thread.run(Unknown Source) >> > >> Caused by: javax.net.ssl.SSLHandshakeException : no cipher >> suites in >> > >> common >> > >> at com.sun.net.ssl.internal.ssl.Handshaker.checkThrown >> > (Unknown >> > >> Source) >> > >> at >> > >> com.sun.net.ssl.internal.ssl.SSLEngineImpl.checkTaskThrown (Unknown >> > >> Source) >> > >> at >> > >> com.sun.net.ssl.internal.ssl.SSLEngineImpl.writeAppRecord(Unknown >> > >> Source) >> > >> at com.sun.net.ssl.internal.ssl.SSLEngineImpl.wrap(Unknown >> > >> Source) >> > >> at javax.net.ssl.SSLEngine.wrap(Unknown Source) >> > >> at >> > >> org.apache.mina.filter.support.SSLHandler.handshake(SSLHandler.java >> > :555) >> > >> at >> > >> org.apache.mina.filter.support.SSLHandler.messageReceived( >> > SSLHandler.jav >> > >> a:330) >> > >> at >> > >> >> org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:408) >> > >> ... 8 more >> > >> >> > >> >> > >> >> > >> >> > >> I've tried setting the enabled cipher suites: >> > >> sslsocket.setEnabledCipherSuites(new String[] >> > >> "SSL_RSA_EXPORT_WITH_RC4_40_MD5", "SSL_RSA_WITH_RC4_128_MD5"}); >> > >> >> > >> and >> > >> >> > >> sslFilter.setEnabledCipherSuites(new String[] { >> > >> "SSL_RSA_WITH_RC4_128_MD5", "SSL_RSA_WITH_RC4_128_MD5"}, >> > >> >> > >> and then printing on System.out the >> > >> sslFilter.getEnabledCipherSuites(); array, and both the client and >> > >> server seem to support both ciphers. What am I doing wrong? >> > >> >> > >> Thanks in advance, >> > >> Andre >> > >> >> > >> >> > >> >> > >> PS: Here's the code for my addSSLSupport() method in the server app >> > >> and the client app: >> > >> >> > >> >> > >> >> > >> // CLIENT APLICATION >> > >> import javax.net.ssl.SSLSocket; >> > >> import javax.net.ssl.SSLSocketFactory; >> > >> import java.io.*; >> > >> >> > >> public >> > >> class EchoClient { >> > >> public >> > >> static >> > >> void >> > >> main(String[] arstring) { >> > >> try { >> > >> SSLSocketFactory sslsocketfactory = (SSLSocketFactory) >> > >> SSLSocketFactory.getDefault(); >> > >> SSLSocket sslsocket = (SSLSocket) >> > >> sslsocketfactory.createSocket("localhost", 9999); >> > >> sslsocket.setEnabledCipherSuites(new String[] >> > >> {"SSL_RSA_EXPORT_WITH_RC4_40_MD5", "SSL_RSA_WITH_RC4_128_MD5"}); >> > >> String[] suported = >> > >> sslsocket.getSupportedCipherSuites(); >> > >> >> > >> System.out.println("\n\n\n\n\n\n"); >> > >> >> > >> for(int i=0; i< suported.length; i++) >> > >> System.out.println("Supported >> > >> Cipher Suites: " + suported[i]); >> > >> >> > >> InputStream inputstream = System.in ; >> > >> InputStreamReader inputstreamreader = new >> > >> InputStreamReader(inputstream); >> > >> BufferedReader bufferedreader = new >> > >> BufferedReader(inputstreamreader); >> > >> >> > >> OutputStream outputstream = >> sslsocket.getOutputStream(); >> > >> OutputStreamWriter outputstreamwriter = new >> > >> OutputStreamWriter(outputstream); >> > >> BufferedWriter bufferedwriter = new >> > >> BufferedWriter(outputstreamwriter); >> > >> >> > >> String string = null; >> > >> while ((string = bufferedreader.readLine()) != null) { >> > >> bufferedwriter.write (string + '\n'); >> > >> bufferedwriter.flush(); >> > >> } >> > >> } catch (Exception exception) { >> > >> exception.printStackTrace(); >> > >> } >> > >> } >> > >> } >> > >> >> > >> >> > >> >> > >> >> > >> >> > >> //SERVER APLICATION >> > >> private static void addSSLSupport( DefaultIoFilterChainBuilder >> > chain >> > >> ) >> > >> throws Exception >> > >> { >> > >> SSLFilter sslFilter = >> > >> new SSLFilter( BogusSSLContextFactory.getInstance( >> true ) >> > ); >> > >> sslFilter.setEnabledCipherSuites (new String[] { >> > >> "SSL_RSA_EXPORT_WITH_RC4_40_MD5", >> > >> "SSL_RSA_WITH_RC4_128_MD5" >> > >> }); >> > >> >> > >> String[] suported = sslFilter.getEnabledCipherSuites(); >> > >> System.out.println("\n\n\n\n\n\n"); >> > >> for(int i=0; i<suported.length; i++) >> > >> System.out.println("Supported >> > >> Cipher Suites: " + suported[i]); >> > >> System.out.println("\n\n\n\n\n\n"); >> > >> >> > >> >> > >> chain.addLast( "sslFilter", sslFilter ); >> > >> >> > >> System.out.println( "SSL ON" ); >> > >> } >> > >> >> > > >> > >> > >> > -- >> > Niklas Therning >> > www.spamdrain.net >> > >> > >> >> >> -- >> ..Cheers >> Mark > > > > -- Niklas Therning www.spamdrain.net
