Heyho, ok I put the current version I have out there: http://www1.inf.tu-dresden.de/~s9494545/ssl_minimal_example.zip
> What 1.7 revision are you using? Have you checked to see that the same > JDK instance is being used by eclipse? Not sure, where can I see my current revision? In Eclipse the JRE 1.7 (C:\Program Files\Java\jre7) was running, that came by installing the JDK 1.7 (C:\Program Files\Java\jdk1.7.0) I configured both in Eclipse and ran the project within both environments, both failed. > > Colm. > > On Tue, May 22, 2012 at 11:54 AM, Thomas Pischulski > <[email protected]> wrote: >> I didn't change much, I just added this filter that you've posted and >> I'm pretty sure it will still run properly on your workstation. I think >> my java environment is wrongly configured. >> >> I just cleaned up all JREs/JDKs and reinstalled JDK 1.7 with JRE 1.7 >> >> I copied >> >> local_policy.jar and >> US_export_policy.jar >> >> from the UnlimitedJCEPolicyJDK7 >> >> to >> C:\Program Files\Java\jdk1.7.0\jre\lib\security and >> C:\Program Files\Java\jre7\lib\security >> >> then restarted Eclipse and ran my bundles again to get the same >> SSLException and all those 'Ignoring unsupported cipher suite' messages. >> >> Cheers, >> >> Thomas >> >> On 5/22/2012 12:40 PM, Colm O hEigeartaigh wrote: >>> What JDK are you using? As a sanity check, could you create a new zip >>> that includes the AES cipher filter and changes the port from 443 -> >>> 4443 (I'm using linux)? I'll try again to see if it works without any >>> changes. >>> >>> Colm. >>> >>> On Tue, May 22, 2012 at 11:33 AM, Thomas Pischulski >>> <[email protected]> wrote: >>>> Heyho, >>>> >>>> >>>>>> by copying all jar's into <jdk-home>/lib/security >>>>> You need to copy them into <jdk.home>/jre/lib/security >>>> >>>> Hm ok I did that too, still the same error :( >>>> I also tried including both jar-files from JCE into my build path, same >>>> results. >>>> >>>>> >>>>>> Did you mean that? Does my example work on your workstation? >>>>> >>>>> Yes (with the cipher-suite changes). >>>>> >>>>> Colm. >>>>> >>>>> On Tue, May 22, 2012 at 11:19 AM, Thomas Pischulski >>>>> <[email protected]> wrote: >>>>>> I installed that: >>>>>> http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html >>>>>> >>>>>> by copying all jar's into <jdk-home>/lib/security >>>>>> >>>>>> Did you mean that? Does my example work on your workstation? >>>>>> >>>>>> On 5/22/2012 12:11 PM, Colm O hEigeartaigh wrote: >>>>>>> Have you installed the unrestricted security policies in your JDK? >>>>>>> >>>>>>> Colm. >>>>>>> >>>>>>> On Tue, May 22, 2012 at 11:02 AM, Thomas Pischulski >>>>>>> <[email protected]> wrote: >>>>>>>> Hey Colm, >>>>>>>> >>>>>>>> thanks for your efforts. That's indeed simple but I still get the same >>>>>>>> SSLException. Does that require some third-party jar files in my >>>>>>>> java-environment? I also get a bunch of "ignoring unsupported cipher >>>>>>>> suite" messages like: >>>>>>>> >>>>>>>> Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 >>>>>>>> Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 >>>>>>>> Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 >>>>>>>> Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 >>>>>>>> Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 >>>>>>>> Ignoring unsupported cipher suite: >>>>>>>> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 >>>>>>>> Ignoring unsupported cipher suite: TLS_RSA_WITH_NULL_SHA256 >>>>>>>> Ignoring unsupported cipher suite: >>>>>>>> TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 >>>>>>>> Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 >>>>>>>> Ignoring unsupported cipher suite: >>>>>>>> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 >>>>>>>> Ignoring unsupported cipher suite: >>>>>>>> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 >>>>>>>> Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 >>>>>>>> Ignoring unsupported cipher suite: >>>>>>>> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 >>>>>>>> Ignoring unsupported cipher suite: >>>>>>>> TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 >>>>>>>> Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 >>>>>>>> >>>>>>>> that all include "AES". Seems like I'm still missing something? >>>>>>>> >>>>>>>> >>>>>>>> Cheers, >>>>>>>> >>>>>>>> Thomas >>>>>>>> >>>>>>>> On 5/22/2012 11:54 AM, Colm O hEigeartaigh wrote: >>>>>>>>> Hi Thomas, >>>>>>>>> >>>>>>>>> Great, I was able to reproduce the problem. The fix is quite simple, >>>>>>>>> you need to add the following ciphersuite filter to both the >>>>>>>>> webservice and webservice-consumer: >>>>>>>>> >>>>>>>>> filter.getInclude().add(".*_WITH_AES_.*"); >>>>>>>>> >>>>>>>>> JDK 1.7 does not include DES cipher suites and so you need to add AES. >>>>>>>>> >>>>>>>>> Colm. >>>>>>>>> >>>>>>>>> On Tue, May 22, 2012 at 9:55 AM, Thomas Pischulski >>>>>>>>> <[email protected]> wrote: >>>>>>>>>> Hey Colm, >>>>>>>>>> >>>>>>>>>> I'll try, it's quite a lot to set up. (This is made with eclipse btw) >>>>>>>>>> >>>>>>>>>> 1) Download >>>>>>>>>> http://search.maven.org/remotecontent?filepath=org/apache/cxf/dosgi/cxf-dosgi-ri-singlebundle-distribution/1.3/cxf-dosgi-ri-singlebundle-distribution-1.3.jar >>>>>>>>>> >>>>>>>>>> 2) Right-click package explorer -> Import -> Plug-ins and Fragments >>>>>>>>>> -> >>>>>>>>>> Import From Directory where the jar is located -> Next -> Select >>>>>>>>>> single-bundle-distribution -> Add -> Finish >>>>>>>>>> >>>>>>>>>> 3) Download & unzip >>>>>>>>>> http://www1.inf.tu-dresden.de/~s9494545/ssl_minimal_example.zip >>>>>>>>>> >>>>>>>>>> 4) Right-click package explorer -> Import -> Plug-ins and Fragments >>>>>>>>>> -> >>>>>>>>>> Import From Directory where the extracted directory is located -> >>>>>>>>>> Next >>>>>>>>>> -> Select "webservice" & "webservice-consumer" -> Add -> Finish >>>>>>>>>> >>>>>>>>>> 5) Right-click on webservice bundle -> Run As -> Run Configurations >>>>>>>>>> >>>>>>>>>> 6) Select OSGi-Framework and click "New Launch Configuration" on the >>>>>>>>>> upper left >>>>>>>>>> >>>>>>>>>> 7) In the bundles-tab click "Deselect All", select all three bundles >>>>>>>>>> "cxf-dosgi-*", "webservice" and "webservice-consumer" and make sure >>>>>>>>>> that >>>>>>>>>> Auto-start is set to "true" in all three. >>>>>>>>>> >>>>>>>>>> 6) Click "Add required bundles" >>>>>>>>>> >>>>>>>>>> 7) Go to "Arguments"-tab and add "-Djavax.net.debug=all" to VM >>>>>>>>>> arguments >>>>>>>>>> (this will give you a more detailled output about the SSL stuff >>>>>>>>>> happening) >>>>>>>>>> >>>>>>>>>> 8) Click apply and run >>>>>>>>>> >>>>>>>>>> It now takes some time to start everything, also some small GUI >>>>>>>>>> should >>>>>>>>>> popup sooner or later for invoking the webservice. >>>>>>>>>> >>>>>>>>>> You should also get some debug-output like >>>>>>>>>> '[SSLWebService] Service published at https://localhost:443/hello' >>>>>>>>>> If I try to access this site I get an 'SSL connection error' >>>>>>>>>> >>>>>>>>>> If I try to invoke the webservice with the popped up GUI and I get >>>>>>>>>> the >>>>>>>>>> 'Unrecognized SSL message, plaintext connection?'-SSLException. >>>>>>>>>> >>>>>>>>>> Your OSGi-Run Configuration is now still available if you click this >>>>>>>>>> green "play" button in eclipse. >>>>>>>>>> >>>>>>>>>> Hope that helps >>>>>>>>>> >>>>>>>>>> Cheers, >>>>>>>>>> >>>>>>>>>> Thomas >>>>>>>>>> >>>>>>>>>> On 5/22/2012 10:34 AM, Colm O hEigeartaigh wrote: >>>>>>>>>>> Hi Thomas, >>>>>>>>>>> >>>>>>>>>>> Can you give me more detailed instructions about how to reproduce >>>>>>>>>>> the >>>>>>>>>>> error given the sample? I know little about dosgi. >>>>>>>>>>> >>>>>>>>>>> Colm. >>>>>>>>>>> >>>>>>>>>>> On Tue, May 22, 2012 at 7:36 AM, Thomas Pischulski >>>>>>>>>>> <[email protected]> wrote: >>>>>>>>>>>> Bump. >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>> >>>>> >>>>> >>> >>> >>> > > >
