[
https://issues.apache.org/jira/browse/DIRMINA-937?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13612134#comment-13612134
]
Jeff MAURY commented on DIRMINA-937:
------------------------------------
I was able to reproduce the problem with a non MINA sample program.
Works well if using an SSLSocket and SSLServerSocketFactory
The problem us related to SLLEngine.
As there is some unknown extension in the Hello Client message,
the SLLEngine works the following way:
message arrives --> engine.unwrap --> handshake status switch to NEED-TASK -->
task run --> handshake status switch to NEED-UNWRAP
In the non MINA sample, I call again engine.unwrap with the same input
(remainging = 0 because it has already been consumed) and an alert is generated
back to the client.
In MINA, as the buffer has been consumed by the first unwrap call, MINA is
waiting for data from the client and this is why it is hanging.
So I changed my opinion and I think this is a MINA bug.
> sslfilter hangs with openjdk works with oracle?
> -----------------------------------------------
>
> Key: DIRMINA-937
> URL: https://issues.apache.org/jira/browse/DIRMINA-937
> Project: MINA
> Issue Type: Bug
> Components: Filter
> Affects Versions: 2.0.7
> Environment: OpenJDK Runtime Environment (IcedTea6 1.12.1)
> (6b27-1.12.1-2ubuntu0.12.04.2)
> OpenJDK 64-Bit Server VM (build 20.0-b12, mixed mode)
> Reporter: Andrew C
>
> Still gathering information, however ...
> I've a server that's using SslFilter. When I test a connection using curl
> (two different versions; curl -k --trace - https://localhost:4321) it hangs:
> - curl sends the client hello
> - never gets any response
> looking at an extract of the logs I see:
> [read] MD5 and SHA1 hashes: len = 235
> 0000: 01 00 00 E7 03 02 51 35 14 CC 56 9F 1B 4E B0 80 ......Q5..V..N..
> ...
> 00E0: 00 0F 00 10 00 11 00 0F 00 01 01 ...........
> matching alias: mykey
> [2013-03-04=16:40:28.836] [NioProcessor-1] DEBUG
> org.apache.mina.filter.ssl.SslHandler - Session Server[2](ssl...) processing
> the NEED_UNWRAP state
> [2013-03-04=16:40:28.836] [NioProcessor-1] DEBUG
> org.apache.mina.filter.ssl.SslFilter - Session Server[2](ssl...): Processing
> the SSL Data
> i.e., SSLEngine's indicated that it is expecting more data from curl.
> If I switch to oracle's jvm, things work - that is the NEED_UNWRAP doesn't
> appear and SSLEngine starts sending data back to the curl client:
> ...
> 00E0: 00 0F 00 10 00 11 00 0F 00 01 01 ...........
> matching alias: mykey
> %% Created: [Session-1, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA]
> *** ServerHello, TLSv1
> ...
> any one else seen this?
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
