Menu
▾
▴
Re: [Quickfixj-users] Problem with SSL and JdK 11
|
From: Philip W. <ph...@wh...> - 2021-01-21 16:02:55
|
Seems the same as https://bugs.mysql.com/bug.php?id=93590 Best, Philip Whitehouse > On 21 Jan 2021, at 15:34, seb...@or... wrote: > > QuickFIX/J Documentation: http://www.quickfixj.org/documentation/ > QuickFIX/J Support: http://www.quickfixj.org/support/ > > > Hello everyone, > > I meet some SSL problem with my Java application using QuickFixJ and SSL activate. > > Months ago, the application was on openJdk8, and used QuickfixJ 2.1.0. Here was the configuration : > > SocketUseSSL : "Y" > CipherSuites : "TLS_RSA_WITH_AES_128_CBC_SHA" > EnabledProtocols : "TLSv1.2" > SocketKeyStore : path to keystore > SocketKeyStorePassword : ***** > SocketTrustStore : path to truststore > SocketTrustStorePassword : ***** > NeedClientAuth : "Y" > > > Then we work on migration of the code, from java 8 to java 11. We keep the same SSL configuration of Quickfix J, we keep the same version (2.1.0). > Now we have error with the SSL part : > > javax.net.ssl.SSLException: Improper close state: Status = OK HandshakeStatus = NEED_WRAP > bytesConsumed = 0 bytesProduced = 7 sequenceNumber = 0 > at org.apache.mina.filter.ssl.SslHandler.closeOutbound(SslHandler.java:502) ~[mina-core-2.0.17.jar!/:na] > at org.apache.mina.filter.ssl.SslFilter.initiateClosure(SslFilter.java:768) ~[mina-core-2.0.17.jar!/:na] > …… > javax.net.ssl|ALL|36|NioProcessor-2|2021-01-17 20:53:25.961 UTC|SSLEngineImpl.java:724|Closing inbound of SSLEngine > javax.net.ssl|ERROR|36|NioProcessor-2|2021-01-17 20:53:25.962 UTC|TransportContext.java:342|Fatal (INTERNAL_ERROR): closing inbound before receiving peer's close_notify ( > "throwable" : { > javax.net.ssl.SSLException: closing inbound before receiving peer's close_notify > at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:133) > at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117) > at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:337) > > With java.net.SSL in debug, I don’t have more information about the problem. > > The truststore and the keystore are the same, and they are find by Quickfick J (If I configure a bad path for the keystore, I get an error message in the log about it) > > I try some configurations in order to slove the problem, as adding this parameter to the JVM : > -Djdk.tls.client.protocols="TLSv1.2" -Djdk.tls.server.protocols="TLSv1.2" -Djdk.tls.acknowledgeCloseNotify=true > > But I get the same error. > I tried with the last version of QuickFixJ, but I still have the problem. > > Do someone already have this issue or have an idea to slove it ? > > Best regards, > Sebastien. > > > <image001.png> > > Sebastien Medard > ORANGE/OBS/SCE/DD SUBS/NEWOAB/DPS/PS/ATSI > > seb...@or... > > Tel Mobile : 06 07 02 09 71 > > _________________________________________________________________________________________________________________________ > > Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc > pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler > a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, > Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. > > This message and its attachments may contain confidential or privileged information that may be protected by law; > they should not be distributed, used or copied without authorisation. > If you have received this email in error, please notify the sender and delete this message and its attachments. > As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. > Thank you. > _______________________________________________ > Quickfixj-users mailing list > Qui...@li... > https://lists.sourceforge.net/lists/listinfo/quickfixj-users |
