On 10/19/07, Raman Gupta <[EMAIL PROTECTED]> wrote: > I am using MINA with the SSLHandler in client mode (among other > things) on the Sun JVM 1.5.0_12. MINA version is 1.1.0, except the > mina-filter-ssl module is compiled from > https://svn.apache.org/repos/asf/mina/branches/[EMAIL PROTECTED] which > includes a couple of ordering/handshake fixes for SSLFilter that are > not included in 1.1.0. > > I have encountered a situation a few times now in production where the > handshake does not complete. An alert message is sent by the server > during the handshaking process, but this does not raise any errors or > exceptions from MINA. All subsequent outgoing traffic is simply > buffered by MINA due to what MINA thinks is an incomplete handshake. > > Unfortunately, I don't have debug logs of this event, however I do > have a summarized TCP/IP trace (summary at [1], details at [2]). xxx > in the trace is my MINA app (the client) and yyy is the server. > > [1] > http://ca.geocities.com/[EMAIL PROTECTED]/ssl/ssl-failure-trace-summary.txt > [2] > http://ca.geocities.com/[EMAIL PROTECTED]/ssl/ssl-failure-trace-details.txt > > > Note that the server sends an alert at frame 487380. I don't know what > this alert was (since it was encrypted) but I do know that no > SSLException was thrown by MINA (or perhaps the JVM) as I would have > expected. In addition, the subsequent connection close by the server > is ignored by MINA as well -- no sessionClosed event was generated on > my IoHandler. As far as my app was concerned the connection was still > open but the handshake was incomplete. > > I am currently trying to capture debug logs for this event, but I need > to wait until this problem occurs again (it happens only rarely). In > the meantime, are there any SSL gurus out there that have any ideas?
What version of mina-filter-ssl.jar are you using? Please try to upgrade to mina-filter-ssl-1.1.2 or 1.1.3.jar. HTH, Trustin -- what we call human nature is actually human habit -- http://gleamynode.net/ -- PGP Key ID: 0x0255ECA6
