Hi,
Some time ago, a colleague of mine solved the problem, so I would like
to share it with others.
His solution is based upon EasySSLProtocolSocketFactory class. We've
taken the source code of the class and adopt it to use only SSLv3
protocol. To turn on this factory, you have to register it by:
ProtocolSocketFactory ssl3ProtocolSocketFactory = new
SSL3ProtocolSocketFactory();
Protocol protocol = new Protocol("https", ssl3ProtocolSocketFactory, 9443);
Protocol.registerProtocol("https", protocol);
The source code of SSL3ProtocolSocketFactory is attached to the mail.
We don't know how exactly our class works, but it does :) - so I hope
that mail will help others with this problem.
Best regards
Emil Hornung
W dniu 2011-08-05 16:16, Emil Hornung pisze:
Hi,
I have a problem using Axis2 and SSLv3. We've created a standalone web
service client (J2SE) which communicates with our web service via
https. Everything was fine until (for security reasons) security
department introduced SSL in version 3 instead of version 2.
Now when I try to connect with the web service, I'm getting an error:
org.apache.axis2.AxisFault: Remote host closed connection during
handshake
at org.apache.axis2.AxisFault.makeFault(AxisFault.java:430)
at
org.apache.axis2.transport.http.AxisRequestEntity.writeRequest(AxisRequestEntity.java:98)
at
org.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequestBody(EntityEnclosingMethod.java:499)
at
org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2114)
at
org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)
at
org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
at
org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
at
org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
at
org.apache.axis2.transport.http.AbstractHTTPSender.executeMethod(AbstractHTTPSender.java:621)
at
org.apache.axis2.transport.http.HTTPSender.sendViaPost(HTTPSender.java:193)
at
org.apache.axis2.transport.http.HTTPSender.send(HTTPSender.java:75)
at
org.apache.axis2.transport.http.CommonsHTTPTransportSender.writeMessageWithCommons(CommonsHTTPTransportSender.java:404)
at
org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke(CommonsHTTPTransportSender.java:231)
at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:443)
at
org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:406)
at
org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)
at
org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
at
org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:555)
at
org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:531)
at
gov.epuap.eil.saml.auth.SAMLProxy.sendSOAPMessage(SAMLProxy.java:367)
at gov.epuap.eil.saml.auth.SAMLProxy.authorize(SAMLProxy.java:409)
at gov.epuap.eil.Start.main(Start.java:49)
Caused by: javax.net.ssl.SSLHandshakeException: Remote host closed
connection during handshake
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown
Source)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown
Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(Unknown
Source)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(Unknown Source)
at java.io.BufferedOutputStream.write(Unknown Source)
at java.io.FilterOutputStream.write(Unknown Source)
at
org.apache.axis2.transport.http.AxisRequestEntity.writeRequest(AxisRequestEntity.java:89)
... 20 more
Caused by: java.io.EOFException: SSL peer shut down incorrectly
at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown Source)
... 28 more
As far as I know from debug info, it looks like the client is trying
to connect to the web service using TLSv1 and also using SSLv2
(without trying using SSLv3).
I've tried forcing Axis2 to use SSLv3 by setting environment variable
at the very beginning of the client program:
System.setProperty("https.protocols", "SSLv3"). Unfortunately, it
doesn't work. It looks like Axis2 doesn't use this variable.
Does anyone know how to force Axis2 to use SSLv3?
Thanks in advance.
Best regards
Emil Hornung
--
Emil Hornung
Programista
tel. +48 22 564-24-64
package gov.epuap.eil.common;
import java.io.IOException;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.net.SocketAddress;
import java.net.UnknownHostException;
import javax.net.SocketFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import org.apache.commons.httpclient.ConnectTimeoutException;
import org.apache.commons.httpclient.params.HttpConnectionParams;
import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
public class SSL3ProtocolSocketFactory implements SecureProtocolSocketFactory {
private SSLContext sslcontext = null;
public SSL3ProtocolSocketFactory() {
super();
}
private static SSLContext createContext() {
try {
SSLContext context = SSLContext.getInstance("SSLv3");
context.init(null, null, null);
return context;
} catch (Exception e) {
e.printStackTrace();
return null;
}
}
private SSLContext getSSLContext() {
if (this.sslcontext == null) {
this.sslcontext = createContext();
return this.sslcontext;
} else
return this.sslcontext;
}
@Override
public Socket createSocket(String host, int port) throws IOException,
UnknownHostException {
SSLSocket socket = (SSLSocket)
getSSLContext().getSocketFactory()
.createSocket(host, port);
socket.setEnabledProtocols(new String[] { "SSLv3", "TLSv1" });
return socket;
}
@Override
public Socket createSocket(String host, int port, InetAddress
clientHost,
int clientPort) throws IOException,
UnknownHostException {
SSLSocket socket = (SSLSocket)
getSSLContext().getSocketFactory()
.createSocket(host, port, clientHost,
clientPort);
socket.setEnabledProtocols(new String[] { "SSLv3", "TLSv1" });
return socket;
}
@Override
public Socket createSocket(Socket s, String host, int port,
boolean autoClose) throws IOException,
UnknownHostException {
SSLSocket socket = (SSLSocket)
getSSLContext().getSocketFactory()
.createSocket(s, host, port, autoClose);
socket.setEnabledProtocols(new String[] { "SSLv3", "TLSv1" });
return socket;
}
@Override
public Socket createSocket(String host, int port, InetAddress
localAddress,
int localPort, HttpConnectionParams params) throws
IOException,
UnknownHostException, ConnectTimeoutException {
if (params == null) {
throw new IllegalArgumentException("Parameters may not
be null");
}
int timeout = params.getConnectionTimeout();
SocketFactory socketfactory =
getSSLContext().getSocketFactory();
if (timeout == 0) {
return socketfactory.createSocket(host, port,
localAddress,
localPort);
} else {
SSLSocket socket = (SSLSocket)
getSSLContext().getSocketFactory()
.createSocket(host, port, localAddress,
localPort);
SocketAddress localaddr = new
InetSocketAddress(localAddress,
localPort);
SocketAddress remoteaddr = new InetSocketAddress(host,
port);
//uncommetnig those lines below makes the application
throwing exceptions
//surprisingly, without invoking bind and connect
everything seems to work just fine
//socket.bind(localaddr);
//socket.connect(remoteaddr, timeout);
socket.setEnabledProtocols(new String[] { "SSLv3",
"TLSv1" });
return socket;
}
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: java-user-unsubscr...@axis.apache.org
For additional commands, e-mail: java-user-h...@axis.apache.org
