[
https://issues.apache.org/jira/browse/DIRMINA-1132?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17196299#comment-17196299
]
Vinh Bach commented on DIRMINA-1132:
------------------------------------
I hit a similar issue at work recently, but with the FTPServer.
After upgrading to Java 11, our FTPS connections started failing randomly. In
all of those cases, the connections were hung right after AUTH TLS command
finished, and the next command started, until the server went idle or the
client timed out.
{code:java}
220 Service ready for new user.
AUTH TLS
[pool-3-thread-1] INFO org.apache.ftpserver.listener.nio.FtpLoggingFilter -
RECEIVED: AUTH TLS
234 Command AUTH okay; starting TLS connection.
USER *******Read timed out
java.net.SocketTimeoutException: Read timed out
at java.base/java.net.SocketInputStream.socketRead0(Native Method)
at
java.base/java.net.SocketInputStream.socketRead(SocketInputStream.java:115)
at java.base/java.net.SocketInputStream.read(SocketInputStream.java:168)
at java.base/java.net.SocketInputStream.read(SocketInputStream.java:140)
{code}
Forcing connections to use TLSv1.2 solved the issue.
I've tested and verified that the issue still occurred with the latest release
of AdoptOpenJDK 11
([https://github.com/AdoptOpenJDK/openjdk11-binaries/releases/tag/jdk-11.0.8+10_openj9-0.21.0]).
> TLSv1.3 - MINA randomly fails in reading the message sent by client
> -------------------------------------------------------------------
>
> Key: DIRMINA-1132
> URL: https://issues.apache.org/jira/browse/DIRMINA-1132
> Project: MINA
> Issue Type: Bug
> Components: Core, SSL
> Affects Versions: 2.0.21
> Environment: Operating System: Windows 10 1903
> Java Version: jdk-11.0.7, jdk-12.0.2
> Reporter: Venkata Kishore Tavva
> Assignee: Jonathan Valliere
> Priority: Critical
> Attachments: console.log, example-project.zip, keyStore.pfx,
> trustStore.pfx
>
>
> While trying to Implement TLSv1.3 in our systems, we found an issue with Mina
> Core dependency. For TLSv1.2 we never had the issue. But with TLSv1.3,
> randomly the message sent by the client is discarded. In such scenarios, the
> server waits for session to pass idle timeout and closes the session. Please
> find the sample code below:
> {code:java}
> import org.apache.mina.core.service.IoHandlerAdapter;
> import org.apache.mina.core.session.IdleStatus;
> import org.apache.mina.core.session.IoSession;
> import org.apache.mina.filter.ssl.SslFilter;
> import org.apache.mina.transport.socket.SocketAcceptor;
> import org.apache.mina.transport.socket.nio.NioSocketAcceptor;
> import javax.net.ssl.*;
> import java.io.*;
> import java.net.InetSocketAddress;
> import java.security.KeyStore;
> public class Main {
> public static void main(String[] args) throws Exception {
> System.setProperty("javax.net.debug","all");
> KeyManagerFactory keyManagerFactory;
> try(FileInputStream fis = new FileInputStream("keyStore.pfx")) {
> keyManagerFactory =
> KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
> KeyStore keyStore = KeyStore.getInstance("PKCS12");
> keyStore.load(fis, "passphrase".toCharArray());
> keyManagerFactory.init(keyStore, "passphrase".toCharArray());
> }
> TrustManagerFactory trustManagerFactory;
> try(FileInputStream fis = new FileInputStream("trustStore.pfx")){
> trustManagerFactory = TrustManagerFactory.getInstance("SunX509");
> KeyStore trustStore = KeyStore.getInstance("PKCS12");
> trustStore.load(fis, "passphrase".toCharArray());
> trustManagerFactory.init(trustStore);
> }
> SSLContext context = SSLContext.getInstance("TLSv1.3");
> context.init(keyManagerFactory.getKeyManagers(),
> trustManagerFactory.getTrustManagers(), null);
> SslFilter filter = new SslFilter(context);
> filter.setEnabledProtocols(new String[]{"TLSv1.3"});
> filter.setEnabledCipherSuites(new String[]{"TLS_AES_128_GCM_SHA256",
> "TLS_AES_256_GCM_SHA384"});
> SocketAcceptor acceptor = new NioSocketAcceptor();
> acceptor.setReuseAddress(true);
> acceptor.getFilterChain().addLast("sslFilter", filter);
> acceptor.setHandler( new ServerHandler());
> acceptor.bind(new InetSocketAddress(53001));
> System.out.println("Server started on Port : 53001");
> System.out.println("Start sending data using cUrl below:");
> System.out.println("-> curl --location --insecure --tlsv1.3 --ipv4
> 'https://localhost:53001' --data-raw 'Sample Text'");
> }
> }
> class ServerHandler extends IoHandlerAdapter {
> @Override
> public void sessionCreated(IoSession session) {
> System.out.println( "\nSession created : " + session);
> }
> @Override
> public void sessionOpened(IoSession session) {
> System.out.println( "Session opened : " + session);
> session.getConfig().setIdleTime(IdleStatus.BOTH_IDLE, 60);
> }
> @Override
> public void sessionClosed(IoSession session) {
> System.out.println( "Session closed : " + session);
> session.closeNow();
> }
> @Override
> public void sessionIdle(IoSession session, IdleStatus status) {
> System.out.println( "==========================" );
> System.out.println( "Session is idle for 60 secs hence closing session:
> " + session.getRemoteAddress());
> System.out.println( "==========================" );
> session.closeNow();
> }
> @Override
> public void exceptionCaught(IoSession session, Throwable cause) {
> System.out.println("Exception :\n");
> cause.printStackTrace();
> session.closeNow();
> }
> @Override
> public void messageReceived(IoSession session, Object message) {
> System.out.println("Message Received!!!");
> //do further processing on @param{message}
> session.closeOnFlush();
> }
> }
> {code}
> Note: Try sending the request multiple times and randomly the sent message is
> some have not properly read. Observe that the session id *0x00000003* fails
> with the error.
> {code:java}
> Console Output:
> > java.exe -cp * Main
> Server started on Port : 53001
> Start sending data using cUrl below:
> -> curl --location --insecure --tlsv1.3 --ipv4 'https://localhost:53001'
> --data-raw 'Sample Text'
> Session created : (0x00000001: nio socket, server, /127.0.0.1:56639 =>
> /127.0.0.1:53001)
> Session opened : (0x00000001: nio socket, server, /127.0.0.1:56639 =>
> /127.0.0.1:53001)
> Message Received!!!
> Session closed : (0x00000001: nio socket, server, null =>
> 0.0.0.0/0.0.0.0:53001)Session created : (0x00000002: nio socket, server,
> /127.0.0.1:56651 => /127.0.0.1:53001)
> Session opened : (0x00000002: nio socket, server, /127.0.0.1:56651 =>
> /127.0.0.1:53001)
> Message Received!!!
> Session closed : (0x00000002: nio socket, server, null =>
> 0.0.0.0/0.0.0.0:53001)Session created : (0x00000003: nio socket, server,
> /127.0.0.1:56656 => /127.0.0.1:53001)
> Session opened : (0x00000003: nio socket, server, /127.0.0.1:56656 =>
> /127.0.0.1:53001)
> ==========================
> Session is idle for 60 secs hence closing session: /127.0.0.1:56656
> ==========================
> Session closed : (0x00000003: nio socket, server, null =>
> 0.0.0.0/0.0.0.0:53001)Session created : (0x00000004: nio socket, server,
> /127.0.0.1:56849 => /127.0.0.1:53001)
> Session opened : (0x00000004: nio socket, server, /127.0.0.1:56849 =>
> /127.0.0.1:53001)
> Message Received!!!
> Session closed : (0x00000004: nio socket, server, null =>
> 0.0.0.0/0.0.0.0:53001)Session created : (0x00000005: nio socket, server,
> /127.0.0.1:56860 => /127.0.0.1:53001)
> Session opened : (0x00000005: nio socket, server, /127.0.0.1:56860 =>
> /127.0.0.1:53001)
> Message Received!!!
> Session closed : (0x00000005: nio socket, server, null =>
> 0.0.0.0/0.0.0.0:53001)
> {code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
