I am using MINA with the SSLHandler in client mode (among other
things) on the Sun JVM 1.5.0_12. MINA version is 1.1.0, except the
mina-filter-ssl module is compiled from
https://svn.apache.org/repos/asf/mina/branches/[EMAIL PROTECTED] which
includes a couple of ordering/handshake fixes for SSLFilter that are
not included in 1.1.0.
I have encountered a situation a few times now in production where the
handshake does not complete. An alert message is sent by the server
during the handshaking process, but this does not raise any errors or
exceptions from MINA. All subsequent outgoing traffic is simply
buffered by MINA due to what MINA thinks is an incomplete handshake.
Unfortunately, I don't have debug logs of this event, however I do
have a summarized TCP/IP trace (summary at [1], details at [2]). xxx
in the trace is my MINA app (the client) and yyy is the server.
[1]
http://ca.geocities.com/[EMAIL PROTECTED]/ssl/ssl-failure-trace-summary.txt
[2]
http://ca.geocities.com/[EMAIL PROTECTED]/ssl/ssl-failure-trace-details.txt
Note that the server sends an alert at frame 487380. I don't know what
this alert was (since it was encrypted) but I do know that no
SSLException was thrown by MINA (or perhaps the JVM) as I would have
expected. In addition, the subsequent connection close by the server
is ignored by MINA as well -- no sessionClosed event was generated on
my IoHandler. As far as my app was concerned the connection was still
open but the handshake was incomplete.
I am currently trying to capture debug logs for this event, but I need
to wait until this problem occurs again (it happens only rarely). In
the meantime, are there any SSL gurus out there that have any ideas?
Cheers,
Raman Gupta
- SSLHandler and handshake alerts swallowed? Raman Gupta
-
