[
https://issues.apache.org/jira/browse/DIRMINA-1132?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jonathan Valliere resolved DIRMINA-1132.
----------------------------------------
Resolution: Fixed
This was fixed as part of the SSL rewrite for 2.2
> TLSv1.3 - MINA randomly fails in reading the message sent by client
> -------------------------------------------------------------------
>
> Key: DIRMINA-1132
> URL: https://issues.apache.org/jira/browse/DIRMINA-1132
> Project: MINA
> Issue Type: Bug
> Components: Core, SSL
> Affects Versions: 2.0.21
> Environment: Operating System: Windows 10 1903
> Java Version: jdk-11.0.7, jdk-12.0.2
> Reporter: Venkata Kishore Tavva
> Assignee: Jonathan Valliere
> Priority: Critical
> Fix For: 2.2.2
>
> Attachments: console.log, example-project.zip, keyStore.pfx,
> trustStore.pfx
>
>
> While trying to Implement TLSv1.3 in our systems, we found an issue with Mina
> Core dependency. For TLSv1.2 we never had the issue. But with TLSv1.3,
> randomly the message sent by the client is discarded. In such scenarios, the
> server waits for session to pass idle timeout and closes the session. Please
> find the sample code below:
> {code:java}
> import org.apache.mina.core.service.IoHandlerAdapter;
> import org.apache.mina.core.session.IdleStatus;
> import org.apache.mina.core.session.IoSession;
> import org.apache.mina.filter.ssl.SslFilter;
> import org.apache.mina.transport.socket.SocketAcceptor;
> import org.apache.mina.transport.socket.nio.NioSocketAcceptor;
> import javax.net.ssl.*;
> import java.io.*;
> import java.net.InetSocketAddress;
> import java.security.KeyStore;
> public class Main {
> public static void main(String[] args) throws Exception {
> System.setProperty("javax.net.debug","all");
> KeyManagerFactory keyManagerFactory;
> try(FileInputStream fis = new FileInputStream("keyStore.pfx")) {
> keyManagerFactory =
> KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
> KeyStore keyStore = KeyStore.getInstance("PKCS12");
> keyStore.load(fis, "passphrase".toCharArray());
> keyManagerFactory.init(keyStore, "passphrase".toCharArray());
> }
> TrustManagerFactory trustManagerFactory;
> try(FileInputStream fis = new FileInputStream("trustStore.pfx")){
> trustManagerFactory = TrustManagerFactory.getInstance("SunX509");
> KeyStore trustStore = KeyStore.getInstance("PKCS12");
> trustStore.load(fis, "passphrase".toCharArray());
> trustManagerFactory.init(trustStore);
> }
> SSLContext context = SSLContext.getInstance("TLSv1.3");
> context.init(keyManagerFactory.getKeyManagers(),
> trustManagerFactory.getTrustManagers(), null);
> SslFilter filter = new SslFilter(context);
> filter.setEnabledProtocols(new String[]{"TLSv1.3"});
> filter.setEnabledCipherSuites(new String[]{"TLS_AES_128_GCM_SHA256",
> "TLS_AES_256_GCM_SHA384"});
> SocketAcceptor acceptor = new NioSocketAcceptor();
> acceptor.setReuseAddress(true);
> acceptor.getFilterChain().addLast("sslFilter", filter);
> acceptor.setHandler( new ServerHandler());
> acceptor.bind(new InetSocketAddress(53001));
> System.out.println("Server started on Port : 53001");
> System.out.println("Start sending data using cUrl below:");
> System.out.println("-> curl --location --insecure --tlsv1.3 --ipv4
> 'https://localhost:53001' --data-raw 'Sample Text'");
> }
> }
> class ServerHandler extends IoHandlerAdapter {
> @Override
> public void sessionCreated(IoSession session) {
> System.out.println( "\nSession created : " + session);
> }
> @Override
> public void sessionOpened(IoSession session) {
> System.out.println( "Session opened : " + session);
> session.getConfig().setIdleTime(IdleStatus.BOTH_IDLE, 60);
> }
> @Override
> public void sessionClosed(IoSession session) {
> System.out.println( "Session closed : " + session);
> session.closeNow();
> }
> @Override
> public void sessionIdle(IoSession session, IdleStatus status) {
> System.out.println( "==========================" );
> System.out.println( "Session is idle for 60 secs hence closing session:
> " + session.getRemoteAddress());
> System.out.println( "==========================" );
> session.closeNow();
> }
> @Override
> public void exceptionCaught(IoSession session, Throwable cause) {
> System.out.println("Exception :\n");
> cause.printStackTrace();
> session.closeNow();
> }
> @Override
> public void messageReceived(IoSession session, Object message) {
> System.out.println("Message Received!!!");
> //do further processing on @param{message}
> session.closeOnFlush();
> }
> }
> {code}
> Note: Try sending the request multiple times and randomly the sent message is
> some have not properly read. Observe that the session id *0x00000003* fails
> with the error.
> {code:java}
> Console Output:
> > java.exe -cp * Main
> Server started on Port : 53001
> Start sending data using cUrl below:
> -> curl --location --insecure --tlsv1.3 --ipv4 'https://localhost:53001'
> --data-raw 'Sample Text'
> Session created : (0x00000001: nio socket, server, /127.0.0.1:56639 =>
> /127.0.0.1:53001)
> Session opened : (0x00000001: nio socket, server, /127.0.0.1:56639 =>
> /127.0.0.1:53001)
> Message Received!!!
> Session closed : (0x00000001: nio socket, server, null =>
> 0.0.0.0/0.0.0.0:53001)Session created : (0x00000002: nio socket, server,
> /127.0.0.1:56651 => /127.0.0.1:53001)
> Session opened : (0x00000002: nio socket, server, /127.0.0.1:56651 =>
> /127.0.0.1:53001)
> Message Received!!!
> Session closed : (0x00000002: nio socket, server, null =>
> 0.0.0.0/0.0.0.0:53001)Session created : (0x00000003: nio socket, server,
> /127.0.0.1:56656 => /127.0.0.1:53001)
> Session opened : (0x00000003: nio socket, server, /127.0.0.1:56656 =>
> /127.0.0.1:53001)
> ==========================
> Session is idle for 60 secs hence closing session: /127.0.0.1:56656
> ==========================
> Session closed : (0x00000003: nio socket, server, null =>
> 0.0.0.0/0.0.0.0:53001)Session created : (0x00000004: nio socket, server,
> /127.0.0.1:56849 => /127.0.0.1:53001)
> Session opened : (0x00000004: nio socket, server, /127.0.0.1:56849 =>
> /127.0.0.1:53001)
> Message Received!!!
> Session closed : (0x00000004: nio socket, server, null =>
> 0.0.0.0/0.0.0.0:53001)Session created : (0x00000005: nio socket, server,
> /127.0.0.1:56860 => /127.0.0.1:53001)
> Session opened : (0x00000005: nio socket, server, /127.0.0.1:56860 =>
> /127.0.0.1:53001)
> Message Received!!!
> Session closed : (0x00000005: nio socket, server, null =>
> 0.0.0.0/0.0.0.0:53001)
> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org
