[jira] [Resolved] (DIRMINA-1132) TLSv1.3 - MINA randomly fails in reading the message sent by client
[
https://issues.apache.org/jira/browse/DIRMINA-1132?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jonathan Valliere resolved DIRMINA-1132.
Resolution: Fixed
This was fixed as part of the SSL rewrite for 2.2
> TLSv1.3 - MINA randomly fails in reading the message sent by client
> ---
>
> Key: DIRMINA-1132
> URL: https://issues.apache.org/jira/browse/DIRMINA-1132
> Project: MINA
> Issue Type: Bug
> Components: Core, SSL
>Affects Versions: 2.0.21
> Environment: Operating System: Windows 10 1903
> Java Version: jdk-11.0.7, jdk-12.0.2
>Reporter: Venkata Kishore Tavva
>Assignee: Jonathan Valliere
>Priority: Critical
> Fix For: 2.2.2
>
> Attachments: console.log, example-project.zip, keyStore.pfx,
> trustStore.pfx
>
>
> While trying to Implement TLSv1.3 in our systems, we found an issue with Mina
> Core dependency. For TLSv1.2 we never had the issue. But with TLSv1.3,
> randomly the message sent by the client is discarded. In such scenarios, the
> server waits for session to pass idle timeout and closes the session. Please
> find the sample code below:
> {code:java}
> import org.apache.mina.core.service.IoHandlerAdapter;
> import org.apache.mina.core.session.IdleStatus;
> import org.apache.mina.core.session.IoSession;
> import org.apache.mina.filter.ssl.SslFilter;
> import org.apache.mina.transport.socket.SocketAcceptor;
> import org.apache.mina.transport.socket.nio.NioSocketAcceptor;
> import javax.net.ssl.*;
> import java.io.*;
> import java.net.InetSocketAddress;
> import java.security.KeyStore;
> public class Main {
>public static void main(String[] args) throws Exception {
> System.setProperty("javax.net.debug","all");
> KeyManagerFactory keyManagerFactory;
> try(FileInputStream fis = new FileInputStream("keyStore.pfx")) {
> keyManagerFactory =
> KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
> KeyStore keyStore = KeyStore.getInstance("PKCS12");
> keyStore.load(fis, "passphrase".toCharArray());
> keyManagerFactory.init(keyStore, "passphrase".toCharArray());
> }
> TrustManagerFactory trustManagerFactory;
> try(FileInputStream fis = new FileInputStream("trustStore.pfx")){
> trustManagerFactory = TrustManagerFactory.getInstance("SunX509");
> KeyStore trustStore = KeyStore.getInstance("PKCS12");
> trustStore.load(fis, "passphrase".toCharArray());
> trustManagerFactory.init(trustStore);
> }
> SSLContext context = SSLContext.getInstance("TLSv1.3");
> context.init(keyManagerFactory.getKeyManagers(),
> trustManagerFactory.getTrustManagers(), null);
> SslFilter filter = new SslFilter(context);
> filter.setEnabledProtocols(new String[]{"TLSv1.3"});
> filter.setEnabledCipherSuites(new String[]{"TLS_AES_128_GCM_SHA256",
> "TLS_AES_256_GCM_SHA384"});
> SocketAcceptor acceptor = new NioSocketAcceptor();
> acceptor.setReuseAddress(true);
> acceptor.getFilterChain().addLast("sslFilter", filter);
> acceptor.setHandler( new ServerHandler());
> acceptor.bind(new InetSocketAddress(53001));
> System.out.println("Server started on Port : 53001");
> System.out.println("Start sending data using cUrl below:");
> System.out.println("-> curl --location --insecure --tlsv1.3 --ipv4
> 'https://localhost:53001' --data-raw 'Sample Text'");
>}
> }
> class ServerHandler extends IoHandlerAdapter {
>@Override
>public void sessionCreated(IoSession session) {
> System.out.println( "\nSession created : " + session);
>}
>@Override
>public void sessionOpened(IoSession session) {
> System.out.println( "Session opened : " + session);
> session.getConfig().setIdleTime(IdleStatus.BOTH_IDLE, 60);
>}
>@Override
>public void sessionClosed(IoSession session) {
> System.out.println( "Session closed : " + session);
> session.closeNow();
>}
>@Override
>public void sessionIdle(IoSession session, IdleStatus status) {
> System.out.println( "==" );
> System.out.println( "Session is idle for 60 secs hence closing session:
> " + session.getRemoteAddress());
> System.out.println( "==" );
> session.closeNow();
>}
>@Override
>public void exceptionCaught(IoSession session, Throwable cause) {
> System.out.println("Exception :\n");
> cause.printStackTrace();
> session.closeNow();
>}
>@Override
>public void messageReceived(IoSession session, Object message) {
> System.out.println("Message Received!!!");
> //do further processing on @param{message}
>
[jira] [Resolved] (DIRMINA-1132) TLSv1.3 - MINA randomly fails in reading the message sent by client
[
https://issues.apache.org/jira/browse/DIRMINA-1132?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jonathan Valliere resolved DIRMINA-1132.
Resolution: Invalid
> TLSv1.3 - MINA randomly fails in reading the message sent by client
> ---
>
> Key: DIRMINA-1132
> URL: https://issues.apache.org/jira/browse/DIRMINA-1132
> Project: MINA
> Issue Type: Bug
> Components: Core, SSL
>Affects Versions: 2.0.21
> Environment: Operating System: Windows 10 1903
> Java Version: jdk-11.0.7, jdk-12.0.2
>Reporter: Venkata Kishore Tavva
>Assignee: Jonathan Valliere
>Priority: Critical
> Attachments: console-log.zip, console.log, jon-logs.zip,
> keyStore.pfx, trustStore.pfx
>
>
> While trying to Implement TLSv1.3 in our systems, we found an issue with Mina
> Core dependency. For TLSv1.2 we never had the issue. But with TLSv1.3,
> randomly the message sent by the client is discarded. In such scenarios, the
> server waits for session to pass idle timeout and closes the session. Please
> find the sample code below:
> {code:java}
> import org.apache.mina.core.service.IoHandlerAdapter;
> import org.apache.mina.core.session.IdleStatus;
> import org.apache.mina.core.session.IoSession;
> import org.apache.mina.filter.ssl.SslFilter;
> import org.apache.mina.transport.socket.SocketAcceptor;
> import org.apache.mina.transport.socket.nio.NioSocketAcceptor;
> import javax.net.ssl.*;
> import java.io.*;
> import java.net.InetSocketAddress;
> import java.security.KeyStore;
> public class Main {
>public static void main(String[] args) throws Exception {
> System.setProperty("javax.net.debug","all");
> KeyManagerFactory keyManagerFactory;
> try(FileInputStream fis = new FileInputStream("keyStore.pfx")) {
> keyManagerFactory =
> KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
> KeyStore keyStore = KeyStore.getInstance("PKCS12");
> keyStore.load(fis, "passphrase".toCharArray());
> keyManagerFactory.init(keyStore, "passphrase".toCharArray());
> }
> TrustManagerFactory trustManagerFactory;
> try(FileInputStream fis = new FileInputStream("trustStore.pfx")){
> trustManagerFactory = TrustManagerFactory.getInstance("SunX509");
> KeyStore trustStore = KeyStore.getInstance("PKCS12");
> trustStore.load(fis, "passphrase".toCharArray());
> trustManagerFactory.init(trustStore);
> }
> SSLContext context = SSLContext.getInstance("TLSv1.3");
> context.init(keyManagerFactory.getKeyManagers(),
> trustManagerFactory.getTrustManagers(), null);
> SslFilter filter = new SslFilter(context);
> filter.setEnabledProtocols(new String[]{"TLSv1.3"});
> filter.setEnabledCipherSuites(new String[]{"TLS_AES_128_GCM_SHA256",
> "TLS_AES_256_GCM_SHA384"});
> SocketAcceptor acceptor = new NioSocketAcceptor();
> acceptor.setReuseAddress(true);
> acceptor.getFilterChain().addLast("sslFilter", filter);
> acceptor.setHandler( new ServerHandler());
> acceptor.bind(new InetSocketAddress(53001));
> System.out.println("Server started on Port : 53001");
> System.out.println("Start sending data using cUrl below:");
> System.out.println("-> curl --location --insecure --tlsv1.3 --ipv4
> 'https://localhost:53001' --data-raw 'Sample Text'");
>}
> }
> class ServerHandler extends IoHandlerAdapter {
>@Override
>public void sessionCreated(IoSession session) {
> System.out.println( "\nSession created : " + session);
>}
>@Override
>public void sessionOpened(IoSession session) {
> System.out.println( "Session opened : " + session);
> session.getConfig().setIdleTime(IdleStatus.BOTH_IDLE, 60);
>}
>@Override
>public void sessionClosed(IoSession session) {
> System.out.println( "Session closed : " + session);
> session.closeNow();
>}
>@Override
>public void sessionIdle(IoSession session, IdleStatus status) {
> System.out.println( "==" );
> System.out.println( "Session is idle for 60 secs hence closing session:
> " + session.getRemoteAddress());
> System.out.println( "==" );
> session.closeNow();
>}
>@Override
>public void exceptionCaught(IoSession session, Throwable cause) {
> System.out.println("Exception :\n");
> cause.printStackTrace();
> session.closeNow();
>}
>@Override
>public void messageReceived(IoSession session, Object message) {
> System.out.println("Message Received!!!");
> //do further processing on @param{message}
> session.closeOnFlush();
>}
> }
> {code}
> Note: Try sending the request multiple times
