The problem is not related with MINA, but the usage of SSL "NioProcessor-1, fatal: engine already closed. Rethrowing javax.net.ssl.SSLHandshakeException: no cipher suites in common"
This thread might help http://stackoverflow.com/questions/9548807/sslhandshakeexception-no-cipher-suites-in-common On Mon, Jun 11, 2012 at 6:30 PM, madhurima v <[email protected]> wrote: > Yes As per your reply i have added debug arguments in MINA SSL. > > Can you Please suggest me, what is the reason for failing the handshake. > > > > <b>Output:</b> > > > > trigger seeding of SecureRandom > > done seeding SecureRandom > > SSL ON > > Listening on port 9123 > > Using SSLEngineImpl. > > [18:01:35] NioProcessor-1 INFO [] [] > [org.apache.mina.example.echoserver.EchoProtocolHandler] - OPENED > > [Raw read]: length = 5 > > 0000: 16 03 00 00 41 ....A > > [Raw read]: length = 65 > > 0000: 01 00 00 3D 03 00 4F D5 E5 2A 48 6A ED C3 D7 88 ...=..O..*Hj.... > > 0010: 7F 5A 83 9F E3 5B 3B C4 59 C2 40 9C D4 AB 70 7C .Z...[;[email protected]. > > 0020: 39 67 B2 58 74 48 00 00 16 00 39 00 38 00 35 00 9g.XtH....9.8.5. > > 0030: 16 00 13 00 0A 00 33 00 32 00 2F 00 07 00 05 01 ......3.2./..... > > 0040: 00 . > > NioProcessor-1, READ: SSLv3 Handshake, length = 65 > > *** ClientHello, SSLv3 > > RandomCookie: GMT: 1322575146 bytes = { 72, 106, 237, 195, 215, 136, 127, > 90, 131, 159, 227, 91, 59, 196, 89, 194, 64, 156, 212, 171, 112, 124, 57, > 103, 178, 88, 116, 72 } > > Session ID: {} > > Cipher Suites: [TLS_DHE_RSA_WITH_AES_256_CBC_SHA, > TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, > SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, > SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, > TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, > SSL_RSA_WITH_IDEA_CBC_SHA, SSL_RSA_WITH_RC4_128_SHA] > > Compression Methods: { 0 } > > *** > > [read] MD5 and SHA1 hashes: len = 65 > > 0000: 01 00 00 3D 03 00 4F D5 E5 2A 48 6A ED C3 D7 88 ...=..O..*Hj.... > > 0010: 7F 5A 83 9F E3 5B 3B C4 59 C2 40 9C D4 AB 70 7C .Z...[;[email protected]. > > 0020: 39 67 B2 58 74 48 00 00 16 00 39 00 38 00 35 00 9g.XtH....9.8.5. > > 0030: 16 00 13 00 0A 00 33 00 32 00 2F 00 07 00 05 01 ......3.2./..... > > 0040: 00 . > > NioProcessor-1, fatal error: 40: no cipher suites in common > > javax.net.ssl.SSLHandshakeException: no cipher suites in common > > NioProcessor-1, SEND SSLv3 ALERT: fatal, description = handshake_failure > > NioProcessor-1, WRITE: SSLv3 Alert, length = 2 > > NioProcessor-1, fatal: engine already closed. Rethrowing > javax.net.ssl.SSLHandshakeException: no cipher suites in common > > NioProcessor-1, called closeOutbound() > > NioProcessor-1, closeOutboundInternal() > > [Raw write]: length = 7 > > 0000: 15 03 00 00 02 02 28 ......( > > NioProcessor-1, called closeInbound() > > NioProcessor-1, fatal: engine already closed. Rethrowing > javax.net.ssl.SSLException: Inbound closed before receiving peer's > close_notify: possible truncation attack? > > NioProcessor-1, called closeOutbound() > > NioProcessor-1, closeOutboundInternal() > > [18:01:38] NioProcessor-1 INFO [] [] > [org.apache.mina.example.echoserver.EchoProtocolHandler] - Received : > SESSION_UNSECURED > > [18:01:38] NioProcessor-1 INFO [] [] > [org.apache.mina.example.echoserver.EchoProtocolHandler] - CLOSED > > > > Thanks & Regards, > > Madhurima vadlamudi > > > > From: madhurima v [mailto:[email protected]] > Sent: Monday, June 11, 2012 2:06 PM > To: '[email protected]' > Subject: Connect from C++ SSL Client to Mina SSL server > > > > Thanks for your quick response. > We are using Mina 2.0-M1 from last 4 years,due to the same reason i was > tried SSL connection also with same version. > as per your suggestion we updated the version to Mina-2.0.0-M5 and tried the > SSL connection > http://grepcode.com/file/repo1.maven.org/maven2/org.apache.mina/mina-example > /2.0.0-M5/org/apache/mina/example/echoserver/ssl/BogusSslContextFactory.java > ?av=f. > > Following is my issue. > 1. generated bogus certificate using keystore commands available in > BogusSslContextFactory.java class. > // NOTE: The keystore was generated using keytool: > // keytool -genkey -alias bogus -keysize 512 -validity 3650 > // -keyalg RSA -dname "CN=bogus.com, OU=XXX CA, > // O=Bogus Inc, L=Stockholm, S=Stockholm, C=SE" > // -keypass boguspw -storepass boguspw -keystore bogus.cert > and we used same certificate in both sides and both ssl client and > server connected successfully. > 2. After getting the connection we need to get the message in handler > -messageReceive() method. > here i am unable to get the original message. and automatically closing > the connection. > > Mina server log : > SSL ON > Listening on port 9123 > [12:19:24] NioProcessor-1 INFO [] [] > [org.apache.mina.example.echoserver.EchoProtocolHandler] - OPENED > [12:19:26] NioProcessor-1 INFO [] [] > [org.apache.mina.example.echoserver.EchoProtocolHandler] - Received : > SESSION_UNSECURED > [12:19:26] NioProcessor-1 INFO [] [] > [org.apache.mina.example.echoserver.EchoProtocolHandler] - CLOSED . > > > Please help me if we need to do any changes on code to receive original > message. > > Thanks & Regards, > Madhurima vadlamudi > > > > > > > > Hi, >> >> should you identify any critical issues, I'd be more than happy to buy >> you a beer. > > Actually, this is the best answer, *ever* :) > > People want support, and are ready to pay for it, but OpenSources are > wanting to *fix* bugs and to offer a beer to those who have exposed the > bug ! I like this spirit ! > > Guys, I have a few advices for you, no pun intended : > - read the answers. We have told you to switch to the later version > (2.0.5), you are still telling us you are using an outdated version > - no need to ask your all team to send mails, just one person is enough > - when you decide to use a project, just be sure you understand how it > works. If you have no clue about what is a keystore in Java, the best is > probably to start there. > - You also have to understand that communication between two systems is > not depending on the langage in use. The fact that your client is > written in C++ is totally orthogonal with the problem you have. We > already have stated that once, or more, but if you don't understand, > there is little we can do to help you. > > > -- > Regards, > Cordialement, > Emmanuel Lécharny > www.iktek.com > -- thanks ashish Blog: http://www.ashishpaliwal.com/blog My Photo Galleries: http://www.pbase.com/ashishpaliwal
