Re: Enable only selected cipher suites
Enoch,
What operating system, version of Java are you using, and what version
of Jetty and Restlet are you using?
What you're doing should work. My server application does something
very similar. One thing to be aware of is the names of the ciphers.
OpenSSL uses different names than Java uses.
This is my list of weak ciphers:
private static String _weakCiphers =
"EXP-EDH-RSA-DES-CBC-SHA EXP-DES-CBC-SHA EXP-RC4-MD5 " +
"EDH-RSA-DES-CBC-SHA EXP-DES-CBC-SHA EXP-RC4-MD5 ";
This is my list of acceptable ciphers:
private static String _mediumStrongCiphers =
"SSL_RSA_WITH_RC4_128_MD5 " +
"SSL_RSA_WITH_RC4_128_SHA " +
"TLS_RSA_WITH_AES_128_CBC_SHA " +
"TLS_RSA_WITH_AES_256_CBC_SHA " +
"TLS_DHE_RSA_WITH_AES_128_CBC_SHA " +
"TLS_DHE_RSA_WITH_AES_256_CBC_SHA " +
"TLS_DHE_DSS_WITH_AES_128_CBC_SHA " +
"TLS_DHE_DSS_WITH_AES_256_CBC_SHA " +
"SSL_RSA_WITH_3DES_EDE_CBC_SHA " +
"SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA " +
"SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA " +
"SSL_DHE_DSS_WITH_DES_CBC_SHA";
Some of the HTTP connector packages understand disabling ciphers, some
understand enabling listed ciphers.
My server application runs on Ubuntu 10.04 LTS using openJDK 6, and I'm
still using Restlet 1.1.7. Yes, I know I should upgrade... Sometime in
March 2012 there was a OpenJDK6 update that effected my ability disable
weak ciphers using Jetty. I ended up switching my HTTP connector to
Grizzly and that made things work again.
--
Timothy Aanerud
On 6/20/2012 8:56 PM, Enoch wrote:
> Im using Restlet with embedded Jetty. I have a requirement of being able to
> enable only selected cipher suites.
>
> I primarily use embedded Jetty anyway I have also tried Simple HTTP Server
> but both does not appear to work. I am unable to find any examples in this
> regard.
> Even Restlet In Action book did not have any info in this regard. Any help
> will be greatly Any help will be greatly appreciated..
>
> Server Code for embedded Simple HTTP Server(Similar code for JETTY was tried)
>
>
> org.restlet.Server serverObj = new
> org.restlet.Server(Protocol.HTTPS);
>
> HttpServerHelper serverHelper = new HttpServerHelper(
> serverObj);
> Engine.getInstance().getRegisteredServers().add(0,
> serverHelper);
>
> org.restlet.Component component = new Component();
> org.restlet.Server server =
> component.getServers().add(Protocol.HTTPS,8080);
> component.getDefaultHost().attach(vtnURLResource, new
> VTNApplication());
>
> org.restlet.ext.simple.HttpsServerHelper httpsServerHelper =
> new HttpsServerHelper(server);
> Context workingCtx = serverHelper.getContext();
>
> workingCtx.getParameters().add("disabledCipherSuites",
>
> "SSL_RSA_WITH_RC4_128_MD5 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
> TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA ..");
> workingCtx.getParameters().add("enabledCipherSuites",
> "SSL_RSA_WITH_RC4_128_SHA");
> workingCtx.getParameters().add("sslContextFactory",
>
> "org.restlet.engine.security.DefaultSslContextFactory");
>
> workingCtx.getParameters().add("keystorePath",
>
> "C:\\openadrkeystore\\bouncykeys\\VTN_QLI.bks");
> workingCtx.getParameters().add("keystorePassword", "password");
> workingCtx.getParameters().add("keystoreType", "BKS");
> workingCtx.getParameters().add("keyPassword", "password");
>
> workingCtx.getParameters().add("truststorePath",
> "C:\\Program
> Files\\Java\\jre6\\lib\\security\\cacerts");
> workingCtx.getParameters().add("truststorePassword",
> "changeit");
>
> workingCtx.getParameters().add("needClientAuthentication",
> "true");
>
> component.start();
>
>
>
> Client Code
> ---
> Client client = new Client(ctx,Protocol.HTTPS);
> client.setConnectTimeout(5);
>
> Context workingCtx = client.getContext();
>
> System.setProperty("javax.net.ssl.trustStore","C:\\Program
> Files\\Java\\jre6\\lib\\security\\cacerts");
> System.setProperty("javax.net.ssl.trustStorePassword",
> "changeit");
> workingCtx.getParameters().add("keystorePath",
Enable only selected cipher suites
Im using Restlet with embedded Jetty. I have a requirement of being able to
enable only selected cipher suites.
I primarily use embedded Jetty anyway I have also tried Simple HTTP Server but
both does not appear to work. I am unable to find any examples in this regard.
Even Restlet In Action book did not have any info in this regard. Any help will
be greatly Any help will be greatly appreciated..
Server Code for embedded Simple HTTP Server(Similar code for JETTY was tried)
org.restlet.Server serverObj = new
org.restlet.Server(Protocol.HTTPS);
HttpServerHelper serverHelper = new HttpServerHelper(
serverObj);
Engine.getInstance().getRegisteredServers().add(0,
serverHelper);
org.restlet.Component component = new Component();
org.restlet.Server server =
component.getServers().add(Protocol.HTTPS,8080);
component.getDefaultHost().attach(vtnURLResource, new
VTNApplication());
org.restlet.ext.simple.HttpsServerHelper httpsServerHelper =
new HttpsServerHelper(server);
Context workingCtx = serverHelper.getContext();
workingCtx.getParameters().add("disabledCipherSuites",
"SSL_RSA_WITH_RC4_128_MD5 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA ..");
workingCtx.getParameters().add("enabledCipherSuites",
"SSL_RSA_WITH_RC4_128_SHA");
workingCtx.getParameters().add("sslContextFactory",
"org.restlet.engine.security.DefaultSslContextFactory");
workingCtx.getParameters().add("keystorePath",
"C:\\openadrkeystore\\bouncykeys\\VTN_QLI.bks");
workingCtx.getParameters().add("keystorePassword", "password");
workingCtx.getParameters().add("keystoreType", "BKS");
workingCtx.getParameters().add("keyPassword", "password");
workingCtx.getParameters().add("truststorePath",
"C:\\Program
Files\\Java\\jre6\\lib\\security\\cacerts");
workingCtx.getParameters().add("truststorePassword",
"changeit");
workingCtx.getParameters().add("needClientAuthentication",
"true");
component.start();
Client Code
---
Client client = new Client(ctx,Protocol.HTTPS);
client.setConnectTimeout(5);
Context workingCtx = client.getContext();
System.setProperty("javax.net.ssl.trustStore","C:\\Program
Files\\Java\\jre6\\lib\\security\\cacerts");
System.setProperty("javax.net.ssl.trustStorePassword",
"changeit");
workingCtx.getParameters().add("keystorePath",
"C:\\openadrkeystore\\bouncykeys\\VEN_QLI.bks");
workingCtx.getParameters().add("keystorePassword",
"password");
workingCtx.getParameters().add("keystoreType", "BKS");
workingCtx.getParameters().add("keyPassword",
"password");
workingCtx.getParameters().add("disabledCipherSuites",
"SSL_RSA_WITH_RC4_128_MD5
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_128_CBC_SHA .");
workingCtx.getParameters().add("enabledCipherSuites",
"SSL_RSA_WITH_RC4_128_SHA");
workingCtx.getParameters().add("needClientAuthentication", "true");
ClientResource resource = new
ClientResource(propFilePreader.get("serverURL"));
resource.setNext(client);
..
..
resource.post(data);
--
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2972321
RE: Idling app has ~2MB of garbage collected every 30 seconds
Any objections if the following is added as a new issue in the issue tracker?
I am thinking that the selectKeys(sleepTime) call below really should be able
to return immediately (thread interrupted, for example) if there has been a
connection state change that needs attention. The sleepTime will then have
little effect on how soon or how often controlConnections() is run.
Thanks,
Yan Zhou
> Hi,
>
> We are noticing that an idling Restlet server has about 2MB of garbage
> collected in 30 seconds.
>
> I think I tracked it down to the loop in ConnectionController that invokes
> the method below:
>
>
> @Override
> protected void doRun(long sleepTime) throws IOException {
> super.doRun(sleepTime);
> registerKeys();
> updateKeys();
> selectKeys(sleepTime);
> controlConnections();
> }
>
> The sleepTime comes from the controllerSleepTimeMs parameter, which is 1 by
> default.
>
> So if the loop generates 60 bytes of garbage (2 iterator objects), it'd lead
> to: 60 x 1000 x 30 = 1,800,000 bytes or 1.8MB every 30 seconds.
>
> Can I ask if this is a known issue? And if there are workarounds?
>
> I have already tried tweaking the controllerSleepTimeMs and changing it to
> something like 3 (30 seconds). Every connection then takes up to 30
> seconds to close - probably not acceptable as a solution.
>
> Additional info: Restlet 2.1 rc4 Android edition.
>
> Thanks,
> Yan Zhou
--
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2972283
Re: Re: Date error
great! you're welcome. Best regards, Thierry Boileau I solved it !!! > Our server was changing it to GMT time. > > Thank you. > > -- > > http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2972217 > -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2972252
RE: Re: Date error
I solved it !!! Our server was changing it to GMT time. Thank you. -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2972217
Re: Re: ServerResource getRequest() returns null
Hello Carl, Richard,
from what I understand, the main aim of the JaxRs extension is to be able
to host a JaxRs based application inside a Restlet based application.
Which, quickly said, allows you to serve your classic JaxRs annotated
resources using the available server connectors such as the internal one,
the one based on Jetty or Simple library, or a servlet container, etc.
In this use case, the "classic JaxRs annotated resources" are considered to
be plain old Java objects, it does not address the special case of Restlet
ServerResource. That's my current understanding.
You can still get the current request as follow :
org.restlet.Request restletReq = org.restlet.Request.getCurrent();
Having said that I have one general recommandation. When using Restlet
ServerResource, it's fine to get the current Request because this is
completely part of the Restlet API. But accessing the HttpServletRequest
ties your application with the special case of an application hosted by a
servlet container and will prevent you to host your application using the
Simple extension, for example.
I guess that we can enhance the current behaviour and take into account the
case of JaxRs annotated instances of ServerResource. I've entered an issue :
https://github.com/restlet/restlet-framework-java/issues/610
Best regards,
Thierry Boileau
On my resource:
> public class UserActsServerResource extends ServerResource implements
> UserActsResource {...
>
> I am able to use:
> public final Representation represent() {
> ...
> User user = UserHelpers.getCurrentUser(this.getRequest(),
> this.getResponse());
>
> and this.getRequest() returns a useful value. But I have no idea why this
> is not working for you. I am using the GAE Edition. Perhaps the problem
> is in some other location of your code/configuration??
>
> RB
>
> --
>
> http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2972100
>
--
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2972185
Re: Date error
Hello Giuseppe, could you give a little bit more details? I guess you are setting a date on client side and sent the serialized entity to the server, but are you working with GWT, android or inside a classic JVM? If you are working with GWT, I just can say that the Date fields are serialized using the milliseconds time value. By default, this time value is set accordingly to the client time zone. Then, this time value is sent to the server. The milliseconds time value is totally unchanged but interpretated accordingly to the server time zone which could lead to *display* distinct hours and date since when its midnight in Paris its 6pm in New York, but it's the same time. In that case, you can override the default behaviour by implementing your own custom serializers e.g. DateCustomSerializer (see https://developers.google.com/web-toolkit/doc/latest/DevGuideServerCommunication#DevGuideCustomSerialization ). Best regards, Thierry Boileau I am updating my entity using: > > u.setLastAccessDate(new Date()); > > the datetime set to the entity is: Mon Jun 18 11:39:39 CEST 2012 but the > sent to the server when I call service.updateEntity(u); is two hours more. > > How to fix it? > > Thank you. > > -- > > http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2971796 > -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2972161
