Re: setting up c++ client app using CMS using SSL client certificate auth

Mon, 09 Sep 2013 08:24:03 -0700 

On 09/09/2013 11:03 AM, yuanbatou wrote:

Yes, I made that mistake before. I received a message like:
    "Server Certificate Name doesn't match the URI Host Name value."
But I corrected this, and still get the error mentioned in the previous
post:

    client side:

Error: Error occurred while accessing an OpenSSL library method:
error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal
error

    and, server side (with "-Djava.net.debug=ssl"):

Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
ActiveMQ BrokerService[localhost] Task-1, setSoTimeout(0) called
ActiveMQ Transport: ssl:///192.168.209.1:8111, READ: TLSv1 Handshake, length
= 313
*** ClientHello, Unknown-3.3
RandomCookie:  GMT: 1378660337 bytes = { 163, 110, 155, 37, 22, 114, 230,
253, 182, 199, 3, 53, 54, 148, 241, 94, 233, 246, 128, 212, 169, 90, 240,
106, 115, 37, 246, 86 }
Session ID:  {}
Cipher Suites: [Unknown 0xc0:0x30, Unknown 0xc0:0x2c, Unknown 0xc0:0x28,
Unknown 0xc0:0x24, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, Unknown 0xc0:0x22, Unknown 0xc0:0x21,
Unknown 0x0:0xa3, Unknown 0x0:0x9f, Unknown 0x0:0x6b, Unknown 0x0:0x6a,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, Unknown
0x0:0x88, Unknown 0x0:0x87, TLS_ECDH_anon_WITH_AES_256_CBC_SHA, Unknown
0xc0:0x20, Unknown 0xc0:0x32, Unknown 0xc0:0x2e, Unknown 0xc0:0x2a, Unknown
0xc0:0x26, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, Unknown 0x0:0x9d, Unknown 0x0:0x3d,
TLS_RSA_WITH_AES_256_CBC_SHA, Unknown 0x0:0x84,
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
Unknown 0xc0:0x1c, Unknown 0xc0:0x1b, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA,
Unknown 0xc0:0x1a, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, Unknown
0xc0:0x2f, Unknown 0xc0:0x2b, Unknown 0xc0:0x27, Unknown 0xc0:0x23,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
Unknown 0xc0:0x1f, Unknown 0xc0:0x1e, Unknown 0x0:0xa2, Unknown 0x0:0x9e,
Unknown 0x0:0x67, Unknown 0x0:0x40, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA, Unknown 0x0:0x9a, Unknown 0x0:0x99,
Unknown 0x0:0x45, Unknown 0x0:0x44, TLS_ECDH_anon_WITH_AES_128_CBC_SHA,
Unknown 0xc0:0x1d, Unknown 0xc0:0x31, Unknown 0xc0:0x2d, Unknown 0xc0:0x29,
Unknown 0xc0:0x25, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, Unknown 0x0:0x9c, Unknown 0x0:0x3c,
TLS_RSA_WITH_AES_128_CBC_SHA, Unknown 0x0:0x96, Unknown 0x0:0x41,
SSL_RSA_WITH_IDEA_CBC_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA,
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_anon_WITH_RC4_128_SHA,
TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
SSL_RSA_WITH_RC4_128_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods:  { 1, 0 }
Extension ec_point_formats, formats: [uncompressed,
ansiX962_compressed_prime, ansiX962_compressed_char2]
Extension elliptic_curves, curve names: {sect571r1, sect571k1, secp521r1,
sect409k1, sect409r1, secp384r1, sect283k1, sect283r1, secp256k1, secp256r1,
sect239k1, sect233k1, sect233r1, secp224k1, secp224r1, sect193r1, sect193r2,
secp192k1, secp192r1, sect163k1, sect163r1, sect163r2, secp160k1, secp160r1,
secp160r2}
Unsupported extension type_35, data:
Unsupported extension signature_algorithms, data:
00:20:06:01:06:02:06:03:05:01:05:02:05:03:04:01:04:02:04:03:03:01:03:02:03:03:02:01:02:02:02:03:01:01
Unsupported extension type_15, data: 01
***
ActiveMQ Transport: ssl:///192.168.209.1:8111, handling exception:
java.security.ProviderException:
sun.security.pkcs11.wrapper.PKCS11Exception: CKR_DOMAIN_PARAMS_INVALID
ActiveMQ Transport: ssl:///192.168.209.1:8111, SEND TLSv1 ALERT:  fatal,
description = internal_error
ActiveMQ Transport: ssl:///192.168.209.1:8111, WRITE: TLSv1 Alert, length =
2
ActiveMQ Transport: ssl:///192.168.209.1:8111, called closeSocket()
  WARN | Transport Connection to: tcp://192.168.209.1:8111 failed:
javax.net.ssl.SSLException: java.security.ProviderException:
sun.security.pkcs11.wrapper.PKCS11Exception: CKR_DOMAIN_PARAMS_INVALID
ActiveMQ Task-1, called close()
ActiveMQ Task-1, called closeInternal(true)
ERROR | Could not accept connection from tcp://192.168.209.1:8111:
javax.net.ssl.SSLException: Connection has been shutdown:
javax.net.ssl.SSLException: java.security.ProviderException:
sun.security.pkcs11.wrapper.PKCS11Exception: CKR_DOMAIN_PARAMS_INVALID

Is it because of that ssl protoype or implementation in activeMQ are
different for Windows and Ubuntu? As can be seen from the error log, it
seems that server cannot recognise the hand shake message send from client.





--
View this message in context: 
http://activemq.2283324.n4.nabble.com/setting-up-c-client-app-using-CMS-using-SSL-client-certificate-auth-tp4664686p4671303.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.
Probably need to ensure that the cipher suites enabled on the VM match those on your Ubuntu machine, could be one is using a different JVM. There are some changes in 1.7 that cause some troubles. 

--
Tim Bish
Sr Software Engineer | RedHat Inc.
tim.b...@redhat.com | www.fusesource.com | www.redhat.com
skype: tabish121 | twitter: @tabish121
blog: http://timbish.blogspot.com/

Reply via email to