Menu
▾
▴
[Quickfixj-users] QuickFix/J with http proxy and SSL enabled
|
From: Ramya G. <ram...@gm...> - 2017-01-29 01:36:18
|
Hi Quickfixj Team,
I'm new to quickfix/j and i'm working on setting up FIX Initiator for my
project.
Sources:
Quickfix/j 1.6.3 with fixes on PR92
mina core 2.0.16
I'm trying to reach the destination through proxy and the proxy type is
HTTP and version 1.1.
And also in my case SSL is enabled and it is just Initiator.
SocketUseSSL=Y
ProxyType=http
ProxyVersion=1.1
ProxyHost=proxy.host.name
ProxyPort=1080
Note:I'm able to create a FIX session to my destination and download the
FIX messages using SOCKS proxy type with SSL.
I'm getting the below exception when i use HTTP proxy type.The connection
is getting established but SSL handshake is not happening.
Please let me know if you have any input.
Exceptions below.
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
%% No cached client session
*** ClientHello, TLSv1.2
RandomCookie: GMT: 1468874490 bytes = { 121, 21, 18, 137, 39, 239, 210, 1,
91, 146, 111, 177, 251, 218, 4, 205, 185, 99, 79, 137, 152, 231, 184, 76,
166, 22, 210, 139 }
Session ID: {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA,
SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2,
secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1,
secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1,
secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1,
sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA512withECDSA,
SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA,
SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA,
SHA1withDSA, MD5withRSA
***
[write] MD5 and SHA1 hashes: len = 179
0000: 01 00 00 AF 03 03 58 8D 3F FA 79 15 12 89 27 EF ......X.?.y...'.
0010: D2 01 5B 92 6F B1 FB DA 04 CD B9 63 4F 89 98 E7 ..[.o......cO...
0020: B8 4C A6 16 D2 8B 00 00 2A C0 09 C0 13 00 2F C0 .L......*...../.
0030: 04 C0 0E 00 33 00 32 C0 07 C0 11 00 05 C0 02 C0 ....3.2.........
0040: 0C C0 08 C0 12 00 0A C0 03 C0 0D 00 16 00 13 00 ................
0050: 04 00 FF 01 00 00 5C 00 0A 00 34 00 32 00 17 00 ......\...4.2...
0060: 01 00 03 00 13 00 15 00 06 00 07 00 09 00 0A 00 ................
0070: 18 00 0B 00 0C 00 19 00 0D 00 0E 00 0F 00 10 00 ................
0080: 11 00 02 00 12 00 04 00 05 00 14 00 08 00 16 00 ................
0090: 0B 00 02 01 00 00 0D 00 1A 00 18 06 03 06 01 05 ................
00A0: 03 05 01 04 03 04 01 03 03 03 01 02 03 02 01 02 ................
00B0: 02 01 01 ...
NioProcessor-2, WRITE: TLSv1.2 Handshake, length = 179
[write] MD5 and SHA1 hashes: len = 122
0000: 01 03 03 00 51 00 00 00 20 00 C0 09 06 00 40 00 ....Q... .....@.
0010: C0 13 00 00 2F 00 C0 04 01 00 80 00 C0 0E 00 00 ..../...........
0020: 33 00 00 32 00 C0 07 05 00 80 00 C0 11 00 00 05 3..2............
0030: 00 C0 02 00 C0 0C 00 C0 08 00 C0 12 00 00 0A 07 ................
0040: 00 C0 00 C0 03 02 00 80 00 C0 0D 00 00 16 00 00 ................
0050: 13 00 00 04 01 00 80 00 00 FF 58 8D 3F FA 79 15 ..........X.?.y.
0060: 12 89 27 EF D2 01 5B 92 6F B1 FB DA 04 CD B9 63 ..'...[.o......c
0070: 4F 89 98 E7 B8 4C A6 16 D2 8B O....L....
NioProcessor-2, WRITE: SSLv2 client hello message, length = 122
NioProcessor-2, called closeOutbound()
NioProcessor-2, closeOutboundInternal()
NioProcessor-2, SEND TLSv1 ALERT: warning, description = close_notify
NioProcessor-2, WRITE: TLSv1 Alert, length = 2
[Raw write]: length = 124
0000: 80 7A 01 03 03 00 51 00 00 00 20 00 C0 09 06 00 .z....Q... .....
0010: 40 00 C0 13 00 00 2F 00 C0 04 01 00 80 00 C0 0E @...../.........
0020: 00 00 33 00 00 32 00 C0 07 05 00 80 00 C0 11 00 ..3..2..........
0030: 00 05 00 C0 02 00 C0 0C 00 C0 08 00 C0 12 00 00 ................
0040: 0A 07 00 C0 00 C0 03 02 00 80 00 C0 0D 00 00 16 ................
0050: 00 00 13 00 00 04 01 00 80 00 00 FF 58 8D 3F FA ............X.?.
0060: 79 15 12 89 27 EF D2 01 5B 92 6F B1 FB DA 04 CD y...'...[.o.....
0070: B9 63 4F 89 98 E7 B8 4C A6 16 D2 8B .cO....L....
{01/28/2017 20:06:03 EST ERROR [NioProcessor-2] (AbstractIoHandler.java:86)
- Socket (<proxyhost/proxyi/p:proxyport>): javax.net.ssl.SSLException:
Improper close state: Status = OK HandshakeStatus = NEED_WRAP
bytesConsumed = 0 bytesProduced = 124
javax.net.ssl.SSLException: Improper close state: Status = OK
HandshakeStatus = NEED_WRAP
bytesConsumed = 0 bytesProduced = 124
at org.apache.mina.filter.ssl.SslHandler.closeOutbound(SslHandler.java:499)
at org.apache.mina.filter.ssl.SslFilter.initiateClosure(SslFilter.java:740)
at org.apache.mina.filter.ssl.SslFilter.filterClose(SslFilter.java:675)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callPreviousFilterClose(DefaultIoFilterChain.java:644)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1600(DefaultIoFilterChain.java:48)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.filterClose(DefaultIoFilterChain.java:958)
at
org.apache.mina.core.filterchain.IoFilterAdapter.filterClose(IoFilterAdapter.java:130)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callPreviousFilterClose(DefaultIoFilterChain.java:644)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1600(DefaultIoFilterChain.java:48)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.filterClose(DefaultIoFilterChain.java:958)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.filterClose(DefaultIoFilterChain.java:882)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callPreviousFilterClose(DefaultIoFilterChain.java:644)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.fireFilterClose(DefaultIoFilterChain.java:637)
at
org.apache.mina.core.session.AbstractIoSession.closeNow(AbstractIoSession.java:348)
at
org.apache.mina.core.session.AbstractIoSession.close(AbstractIoSession.java:306)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextExceptionCaught(DefaultIoFilterChain.java:597)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.fireExceptionCaught(DefaultIoFilterChain.java:580)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:544)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1300(DefaultIoFilterChain.java:48)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:943)
at
org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:109)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:542)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:535)
at
org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPollingIoProcessor.java:697)
at
org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:651)
at
org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:640)
at
org.apache.mina.core.polling.AbstractPollingIoProcessor.access$600(AbstractPollingIoProcessor.java:68)
at
org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:1097)
at
org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:744)
NioProcessor-2, called closeInbound()
NioProcessor-2, fatal error: 80: Inbound closed before receiving peer's
close_notify: possible truncation attack?
javax.net.ssl.SSLException: Inbound closed before receiving peer's
close_notify: possible truncation attack?
NioProcessor-2, SEND TLSv1 ALERT: fatal, description = internal_error
NioProcessor-2, Exception sending alert: java.io.IOException: writer side
was already closed.
[Raw write]: length = 7
0000: 15 03 01 00 02 01 00 .......
NioProcessor-2, called closeOutbound()
NioProcessor-2, closeOutboundInternal()
Thanks in advance!
Regards,
Ramya G
|
