What JDK are you using? As a sanity check, could you create a new zip that includes the AES cipher filter and changes the port from 443 -> 4443 (I'm using linux)? I'll try again to see if it works without any changes.
Colm. On Tue, May 22, 2012 at 11:33 AM, Thomas Pischulski <[email protected]> wrote: > Heyho, > > >>> by copying all jar's into <jdk-home>/lib/security >> You need to copy them into <jdk.home>/jre/lib/security > > Hm ok I did that too, still the same error :( > I also tried including both jar-files from JCE into my build path, same > results. > >> >>> Did you mean that? Does my example work on your workstation? >> >> Yes (with the cipher-suite changes). >> >> Colm. >> >> On Tue, May 22, 2012 at 11:19 AM, Thomas Pischulski >> <[email protected]> wrote: >>> I installed that: >>> http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html >>> >>> by copying all jar's into <jdk-home>/lib/security >>> >>> Did you mean that? Does my example work on your workstation? >>> >>> On 5/22/2012 12:11 PM, Colm O hEigeartaigh wrote: >>>> Have you installed the unrestricted security policies in your JDK? >>>> >>>> Colm. >>>> >>>> On Tue, May 22, 2012 at 11:02 AM, Thomas Pischulski >>>> <[email protected]> wrote: >>>>> Hey Colm, >>>>> >>>>> thanks for your efforts. That's indeed simple but I still get the same >>>>> SSLException. Does that require some third-party jar files in my >>>>> java-environment? I also get a bunch of "ignoring unsupported cipher >>>>> suite" messages like: >>>>> >>>>> Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 >>>>> Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 >>>>> Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 >>>>> Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 >>>>> Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 >>>>> Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 >>>>> Ignoring unsupported cipher suite: TLS_RSA_WITH_NULL_SHA256 >>>>> Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 >>>>> Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 >>>>> Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 >>>>> Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 >>>>> Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 >>>>> Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 >>>>> Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 >>>>> Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 >>>>> >>>>> that all include "AES". Seems like I'm still missing something? >>>>> >>>>> >>>>> Cheers, >>>>> >>>>> Thomas >>>>> >>>>> On 5/22/2012 11:54 AM, Colm O hEigeartaigh wrote: >>>>>> Hi Thomas, >>>>>> >>>>>> Great, I was able to reproduce the problem. The fix is quite simple, >>>>>> you need to add the following ciphersuite filter to both the >>>>>> webservice and webservice-consumer: >>>>>> >>>>>> filter.getInclude().add(".*_WITH_AES_.*"); >>>>>> >>>>>> JDK 1.7 does not include DES cipher suites and so you need to add AES. >>>>>> >>>>>> Colm. >>>>>> >>>>>> On Tue, May 22, 2012 at 9:55 AM, Thomas Pischulski >>>>>> <[email protected]> wrote: >>>>>>> Hey Colm, >>>>>>> >>>>>>> I'll try, it's quite a lot to set up. (This is made with eclipse btw) >>>>>>> >>>>>>> 1) Download >>>>>>> http://search.maven.org/remotecontent?filepath=org/apache/cxf/dosgi/cxf-dosgi-ri-singlebundle-distribution/1.3/cxf-dosgi-ri-singlebundle-distribution-1.3.jar >>>>>>> >>>>>>> 2) Right-click package explorer -> Import -> Plug-ins and Fragments -> >>>>>>> Import From Directory where the jar is located -> Next -> Select >>>>>>> single-bundle-distribution -> Add -> Finish >>>>>>> >>>>>>> 3) Download & unzip >>>>>>> http://www1.inf.tu-dresden.de/~s9494545/ssl_minimal_example.zip >>>>>>> >>>>>>> 4) Right-click package explorer -> Import -> Plug-ins and Fragments -> >>>>>>> Import From Directory where the extracted directory is located -> Next >>>>>>> -> Select "webservice" & "webservice-consumer" -> Add -> Finish >>>>>>> >>>>>>> 5) Right-click on webservice bundle -> Run As -> Run Configurations >>>>>>> >>>>>>> 6) Select OSGi-Framework and click "New Launch Configuration" on the >>>>>>> upper left >>>>>>> >>>>>>> 7) In the bundles-tab click "Deselect All", select all three bundles >>>>>>> "cxf-dosgi-*", "webservice" and "webservice-consumer" and make sure that >>>>>>> Auto-start is set to "true" in all three. >>>>>>> >>>>>>> 6) Click "Add required bundles" >>>>>>> >>>>>>> 7) Go to "Arguments"-tab and add "-Djavax.net.debug=all" to VM arguments >>>>>>> (this will give you a more detailled output about the SSL stuff >>>>>>> happening) >>>>>>> >>>>>>> 8) Click apply and run >>>>>>> >>>>>>> It now takes some time to start everything, also some small GUI should >>>>>>> popup sooner or later for invoking the webservice. >>>>>>> >>>>>>> You should also get some debug-output like >>>>>>> '[SSLWebService] Service published at https://localhost:443/hello' >>>>>>> If I try to access this site I get an 'SSL connection error' >>>>>>> >>>>>>> If I try to invoke the webservice with the popped up GUI and I get the >>>>>>> 'Unrecognized SSL message, plaintext connection?'-SSLException. >>>>>>> >>>>>>> Your OSGi-Run Configuration is now still available if you click this >>>>>>> green "play" button in eclipse. >>>>>>> >>>>>>> Hope that helps >>>>>>> >>>>>>> Cheers, >>>>>>> >>>>>>> Thomas >>>>>>> >>>>>>> On 5/22/2012 10:34 AM, Colm O hEigeartaigh wrote: >>>>>>>> Hi Thomas, >>>>>>>> >>>>>>>> Can you give me more detailed instructions about how to reproduce the >>>>>>>> error given the sample? I know little about dosgi. >>>>>>>> >>>>>>>> Colm. >>>>>>>> >>>>>>>> On Tue, May 22, 2012 at 7:36 AM, Thomas Pischulski >>>>>>>> <[email protected]> wrote: >>>>>>>>> Bump. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>> >>>>>> >>>>>> >>>> >>>> >>>> >> >> >> -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
