Yes As per your reply i have added debug arguments in MINA SSL. Can you Please suggest me, what is the reason for failing the handshake.
<b>Output:</b> trigger seeding of SecureRandom done seeding SecureRandom SSL ON Listening on port 9123 Using SSLEngineImpl. [18:01:35] NioProcessor-1 INFO [] [] [org.apache.mina.example.echoserver.EchoProtocolHandler] - OPENED [Raw read]: length = 5 0000: 16 03 00 00 41 ....A [Raw read]: length = 65 0000: 01 00 00 3D 03 00 4F D5 E5 2A 48 6A ED C3 D7 88 ...=..O..*Hj.... 0010: 7F 5A 83 9F E3 5B 3B C4 59 C2 40 9C D4 AB 70 7C .Z...[;[email protected]. 0020: 39 67 B2 58 74 48 00 00 16 00 39 00 38 00 35 00 9g.XtH....9.8.5. 0030: 16 00 13 00 0A 00 33 00 32 00 2F 00 07 00 05 01 ......3.2./..... 0040: 00 . NioProcessor-1, READ: SSLv3 Handshake, length = 65 *** ClientHello, SSLv3 RandomCookie: GMT: 1322575146 bytes = { 72, 106, 237, 195, 215, 136, 127, 90, 131, 159, 227, 91, 59, 196, 89, 194, 64, 156, 212, 171, 112, 124, 57, 103, 178, 88, 116, 72 } Session ID: {} Cipher Suites: [TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_IDEA_CBC_SHA, SSL_RSA_WITH_RC4_128_SHA] Compression Methods: { 0 } *** [read] MD5 and SHA1 hashes: len = 65 0000: 01 00 00 3D 03 00 4F D5 E5 2A 48 6A ED C3 D7 88 ...=..O..*Hj.... 0010: 7F 5A 83 9F E3 5B 3B C4 59 C2 40 9C D4 AB 70 7C .Z...[;[email protected]. 0020: 39 67 B2 58 74 48 00 00 16 00 39 00 38 00 35 00 9g.XtH....9.8.5. 0030: 16 00 13 00 0A 00 33 00 32 00 2F 00 07 00 05 01 ......3.2./..... 0040: 00 . NioProcessor-1, fatal error: 40: no cipher suites in common javax.net.ssl.SSLHandshakeException: no cipher suites in common NioProcessor-1, SEND SSLv3 ALERT: fatal, description = handshake_failure NioProcessor-1, WRITE: SSLv3 Alert, length = 2 NioProcessor-1, fatal: engine already closed. Rethrowing javax.net.ssl.SSLHandshakeException: no cipher suites in common NioProcessor-1, called closeOutbound() NioProcessor-1, closeOutboundInternal() [Raw write]: length = 7 0000: 15 03 00 00 02 02 28 ......( NioProcessor-1, called closeInbound() NioProcessor-1, fatal: engine already closed. Rethrowing javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack? NioProcessor-1, called closeOutbound() NioProcessor-1, closeOutboundInternal() [18:01:38] NioProcessor-1 INFO [] [] [org.apache.mina.example.echoserver.EchoProtocolHandler] - Received : SESSION_UNSECURED [18:01:38] NioProcessor-1 INFO [] [] [org.apache.mina.example.echoserver.EchoProtocolHandler] - CLOSED Thanks & Regards, Madhurima vadlamudi From: madhurima v [mailto:[email protected]] Sent: Monday, June 11, 2012 2:06 PM To: '[email protected]' Subject: Connect from C++ SSL Client to Mina SSL server Thanks for your quick response. We are using Mina 2.0-M1 from last 4 years,due to the same reason i was tried SSL connection also with same version. as per your suggestion we updated the version to Mina-2.0.0-M5 and tried the SSL connection http://grepcode.com/file/repo1.maven.org/maven2/org.apache.mina/mina-example /2.0.0-M5/org/apache/mina/example/echoserver/ssl/BogusSslContextFactory.java ?av=f. Following is my issue. 1. generated bogus certificate using keystore commands available in BogusSslContextFactory.java class. // NOTE: The keystore was generated using keytool: // keytool -genkey -alias bogus -keysize 512 -validity 3650 // -keyalg RSA -dname "CN=bogus.com, OU=XXX CA, // O=Bogus Inc, L=Stockholm, S=Stockholm, C=SE" // -keypass boguspw -storepass boguspw -keystore bogus.cert and we used same certificate in both sides and both ssl client and server connected successfully. 2. After getting the connection we need to get the message in handler -messageReceive() method. here i am unable to get the original message. and automatically closing the connection. Mina server log : SSL ON Listening on port 9123 [12:19:24] NioProcessor-1 INFO [] [] [org.apache.mina.example.echoserver.EchoProtocolHandler] - OPENED [12:19:26] NioProcessor-1 INFO [] [] [org.apache.mina.example.echoserver.EchoProtocolHandler] - Received : SESSION_UNSECURED [12:19:26] NioProcessor-1 INFO [] [] [org.apache.mina.example.echoserver.EchoProtocolHandler] - CLOSED . Please help me if we need to do any changes on code to receive original message. Thanks & Regards, Madhurima vadlamudi Hi, > > should you identify any critical issues, I'd be more than happy to buy > you a beer. Actually, this is the best answer, *ever* :) People want support, and are ready to pay for it, but OpenSources are wanting to *fix* bugs and to offer a beer to those who have exposed the bug ! I like this spirit ! Guys, I have a few advices for you, no pun intended : - read the answers. We have told you to switch to the later version (2.0.5), you are still telling us you are using an outdated version - no need to ask your all team to send mails, just one person is enough - when you decide to use a project, just be sure you understand how it works. If you have no clue about what is a keystore in Java, the best is probably to start there. - You also have to understand that communication between two systems is not depending on the langage in use. The fact that your client is written in C++ is totally orthogonal with the problem you have. We already have stated that once, or more, but if you don't understand, there is little we can do to help you. -- Regards, Cordialement, Emmanuel Lécharny www.iktek.com
