[jira] [Resolved] (DIRMINA-1132) TLSv1.3 - MINA randomly fails in reading the message sent by client
[ https://issues.apache.org/jira/browse/DIRMINA-1132?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jonathan Valliere resolved DIRMINA-1132. Resolution: Fixed This was fixed as part of the SSL rewrite for 2.2 > TLSv1.3 - MINA randomly fails in reading the message sent by client > --- > > Key: DIRMINA-1132 > URL: https://issues.apache.org/jira/browse/DIRMINA-1132 > Project: MINA > Issue Type: Bug > Components: Core, SSL >Affects Versions: 2.0.21 > Environment: Operating System: Windows 10 1903 > Java Version: jdk-11.0.7, jdk-12.0.2 >Reporter: Venkata Kishore Tavva >Assignee: Jonathan Valliere >Priority: Critical > Fix For: 2.2.2 > > Attachments: console.log, example-project.zip, keyStore.pfx, > trustStore.pfx > > > While trying to Implement TLSv1.3 in our systems, we found an issue with Mina > Core dependency. For TLSv1.2 we never had the issue. But with TLSv1.3, > randomly the message sent by the client is discarded. In such scenarios, the > server waits for session to pass idle timeout and closes the session. Please > find the sample code below: > {code:java} > import org.apache.mina.core.service.IoHandlerAdapter; > import org.apache.mina.core.session.IdleStatus; > import org.apache.mina.core.session.IoSession; > import org.apache.mina.filter.ssl.SslFilter; > import org.apache.mina.transport.socket.SocketAcceptor; > import org.apache.mina.transport.socket.nio.NioSocketAcceptor; > import javax.net.ssl.*; > import java.io.*; > import java.net.InetSocketAddress; > import java.security.KeyStore; > public class Main { >public static void main(String[] args) throws Exception { > System.setProperty("javax.net.debug","all"); > KeyManagerFactory keyManagerFactory; > try(FileInputStream fis = new FileInputStream("keyStore.pfx")) { > keyManagerFactory = > KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); > KeyStore keyStore = KeyStore.getInstance("PKCS12"); > keyStore.load(fis, "passphrase".toCharArray()); > keyManagerFactory.init(keyStore, "passphrase".toCharArray()); > } > TrustManagerFactory trustManagerFactory; > try(FileInputStream fis = new FileInputStream("trustStore.pfx")){ > trustManagerFactory = TrustManagerFactory.getInstance("SunX509"); > KeyStore trustStore = KeyStore.getInstance("PKCS12"); > trustStore.load(fis, "passphrase".toCharArray()); > trustManagerFactory.init(trustStore); > } > SSLContext context = SSLContext.getInstance("TLSv1.3"); > context.init(keyManagerFactory.getKeyManagers(), > trustManagerFactory.getTrustManagers(), null); > SslFilter filter = new SslFilter(context); > filter.setEnabledProtocols(new String[]{"TLSv1.3"}); > filter.setEnabledCipherSuites(new String[]{"TLS_AES_128_GCM_SHA256", > "TLS_AES_256_GCM_SHA384"}); > SocketAcceptor acceptor = new NioSocketAcceptor(); > acceptor.setReuseAddress(true); > acceptor.getFilterChain().addLast("sslFilter", filter); > acceptor.setHandler( new ServerHandler()); > acceptor.bind(new InetSocketAddress(53001)); > System.out.println("Server started on Port : 53001"); > System.out.println("Start sending data using cUrl below:"); > System.out.println("-> curl --location --insecure --tlsv1.3 --ipv4 > 'https://localhost:53001' --data-raw 'Sample Text'"); >} > } > class ServerHandler extends IoHandlerAdapter { >@Override >public void sessionCreated(IoSession session) { > System.out.println( "\nSession created : " + session); >} >@Override >public void sessionOpened(IoSession session) { > System.out.println( "Session opened : " + session); > session.getConfig().setIdleTime(IdleStatus.BOTH_IDLE, 60); >} >@Override >public void sessionClosed(IoSession session) { > System.out.println( "Session closed : " + session); > session.closeNow(); >} >@Override >public void sessionIdle(IoSession session, IdleStatus status) { > System.out.println( "==" ); > System.out.println( "Session is idle for 60 secs hence closing session: > " + session.getRemoteAddress()); > System.out.println( "==" ); > session.closeNow(); >} >@Override >public void exceptionCaught(IoSession session, Throwable cause) { > System.out.println("Exception :\n"); > cause.printStackTrace(); > session.closeNow(); >} >@Override >public void messageReceived(IoSession session, Object message) { > System.out.println("Message Received!!!"); > //do further processing on @param{message} >
[jira] [Resolved] (DIRMINA-1132) TLSv1.3 - MINA randomly fails in reading the message sent by client
[ https://issues.apache.org/jira/browse/DIRMINA-1132?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jonathan Valliere resolved DIRMINA-1132. Resolution: Invalid > TLSv1.3 - MINA randomly fails in reading the message sent by client > --- > > Key: DIRMINA-1132 > URL: https://issues.apache.org/jira/browse/DIRMINA-1132 > Project: MINA > Issue Type: Bug > Components: Core, SSL >Affects Versions: 2.0.21 > Environment: Operating System: Windows 10 1903 > Java Version: jdk-11.0.7, jdk-12.0.2 >Reporter: Venkata Kishore Tavva >Assignee: Jonathan Valliere >Priority: Critical > Attachments: console-log.zip, console.log, jon-logs.zip, > keyStore.pfx, trustStore.pfx > > > While trying to Implement TLSv1.3 in our systems, we found an issue with Mina > Core dependency. For TLSv1.2 we never had the issue. But with TLSv1.3, > randomly the message sent by the client is discarded. In such scenarios, the > server waits for session to pass idle timeout and closes the session. Please > find the sample code below: > {code:java} > import org.apache.mina.core.service.IoHandlerAdapter; > import org.apache.mina.core.session.IdleStatus; > import org.apache.mina.core.session.IoSession; > import org.apache.mina.filter.ssl.SslFilter; > import org.apache.mina.transport.socket.SocketAcceptor; > import org.apache.mina.transport.socket.nio.NioSocketAcceptor; > import javax.net.ssl.*; > import java.io.*; > import java.net.InetSocketAddress; > import java.security.KeyStore; > public class Main { >public static void main(String[] args) throws Exception { > System.setProperty("javax.net.debug","all"); > KeyManagerFactory keyManagerFactory; > try(FileInputStream fis = new FileInputStream("keyStore.pfx")) { > keyManagerFactory = > KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); > KeyStore keyStore = KeyStore.getInstance("PKCS12"); > keyStore.load(fis, "passphrase".toCharArray()); > keyManagerFactory.init(keyStore, "passphrase".toCharArray()); > } > TrustManagerFactory trustManagerFactory; > try(FileInputStream fis = new FileInputStream("trustStore.pfx")){ > trustManagerFactory = TrustManagerFactory.getInstance("SunX509"); > KeyStore trustStore = KeyStore.getInstance("PKCS12"); > trustStore.load(fis, "passphrase".toCharArray()); > trustManagerFactory.init(trustStore); > } > SSLContext context = SSLContext.getInstance("TLSv1.3"); > context.init(keyManagerFactory.getKeyManagers(), > trustManagerFactory.getTrustManagers(), null); > SslFilter filter = new SslFilter(context); > filter.setEnabledProtocols(new String[]{"TLSv1.3"}); > filter.setEnabledCipherSuites(new String[]{"TLS_AES_128_GCM_SHA256", > "TLS_AES_256_GCM_SHA384"}); > SocketAcceptor acceptor = new NioSocketAcceptor(); > acceptor.setReuseAddress(true); > acceptor.getFilterChain().addLast("sslFilter", filter); > acceptor.setHandler( new ServerHandler()); > acceptor.bind(new InetSocketAddress(53001)); > System.out.println("Server started on Port : 53001"); > System.out.println("Start sending data using cUrl below:"); > System.out.println("-> curl --location --insecure --tlsv1.3 --ipv4 > 'https://localhost:53001' --data-raw 'Sample Text'"); >} > } > class ServerHandler extends IoHandlerAdapter { >@Override >public void sessionCreated(IoSession session) { > System.out.println( "\nSession created : " + session); >} >@Override >public void sessionOpened(IoSession session) { > System.out.println( "Session opened : " + session); > session.getConfig().setIdleTime(IdleStatus.BOTH_IDLE, 60); >} >@Override >public void sessionClosed(IoSession session) { > System.out.println( "Session closed : " + session); > session.closeNow(); >} >@Override >public void sessionIdle(IoSession session, IdleStatus status) { > System.out.println( "==" ); > System.out.println( "Session is idle for 60 secs hence closing session: > " + session.getRemoteAddress()); > System.out.println( "==" ); > session.closeNow(); >} >@Override >public void exceptionCaught(IoSession session, Throwable cause) { > System.out.println("Exception :\n"); > cause.printStackTrace(); > session.closeNow(); >} >@Override >public void messageReceived(IoSession session, Object message) { > System.out.println("Message Received!!!"); > //do further processing on @param{message} > session.closeOnFlush(); >} > } > {code} > Note: Try sending the request multiple times