Menu
▾
▴
Re: [Quickfixj-users] Problem with SSL and JdK 11
|
From: Colin D. <co...@ma...> - 2021-01-21 16:36:07
|
I haven't seen this specific problem, but I have seen differences between, say Oracle's version of JDK and OpenJdk's with SSL, even for the same version. The cipher suites supported don't always seem to be identical. You could try different versions of the JDK and different distributions. On 1/21/21 7:46 AM, Philip Whitehouse wrote: > QuickFIX/J Documentation: http://www.quickfixj.org/documentation/ > QuickFIX/J Support: http://www.quickfixj.org/support/ > > > > Seems the same as https://bugs.mysql.com/bug.php?id=93590 > > Best, > > Philip Whitehouse > >> On 21 Jan 2021, at 15:34, seb...@or... wrote: >> >> QuickFIX/J Documentation: http://www.quickfixj.org/documentation/ >> QuickFIX/J Support: http://www.quickfixj.org/support/ >> >> >> Hello everyone, >> >> I meet some SSL problem with my Java application using QuickFixJ and >> SSL activate. >> >> Months ago, the application was on openJdk8, and used QuickfixJ >> 2.1.0. Here was the configuration : >> >> /SocketUseSSL : "Y"/ >> >> /CipherSuites : "TLS_RSA_WITH_AES_128_CBC_SHA"/ >> >> /EnabledProtocols : "TLSv1.2"/ >> >> /SocketKeyStore : path to keystore/ >> >> /SocketKeyStorePassword : *****/ >> >> /SocketTrustStore : path to truststore/ >> >> /SocketTrustStorePassword : *****/ >> >> /NeedClientAuth : "Y"/ >> >> Then we work on migration of the code, from java 8 to java 11. We >> keep the same SSL configuration of Quickfix J, we keep the same >> version (2.1.0). >> >> Now we have error with the SSL part : >> >> /javax.net.ssl.SSLException: Improper close state: Status = OK >> HandshakeStatus = NEED_WRAP/ >> >> /bytesConsumed = 0 bytesProduced = 7 sequenceNumber = 0/ >> >> /at >> org.apache.mina.filter.ssl.SslHandler.closeOutbound(SslHandler.java:502) >> ~[mina-core-2.0.17.jar!/:na]/ >> >> /at >> org.apache.mina.filter.ssl.SslFilter.initiateClosure(SslFilter.java:768) >> ~[mina-core-2.0.17.jar!/:na]/ >> >> /……/ >> >> /javax.net.ssl|ALL|36|NioProcessor-2|2021-01-17 20:53:25.961 >> UTC|SSLEngineImpl.java:724|Closing inbound of SSLEngine/ >> >> /javax.net.ssl|ERROR|36|NioProcessor-2|2021-01-17 20:53:25.962 >> UTC|TransportContext.java:342|Fatal (INTERNAL_ERROR): closing inbound >> before receiving peer's close_notify (/ >> >> /"throwable" : {/ >> >> /javax.net.ssl.SSLException: closing inbound before receiving peer's >> close_notify/ >> >> / at >> java.base/sun.security.ssl.Alert.createSSLException(Alert.java:133)/ >> >> / at >> java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)/ >> >> / at >> java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:337)/ >> >> With java.net.SSL in debug, I don’t have more information about the >> problem. >> >> The truststore and the keystore are the same, and they are find by >> Quickfick J (If I configure a bad path for the keystore, I get an >> error message in the log about it) >> >> I try some configurations in order to slove the problem, as adding >> this parameter to the JVM : >> >> -Djdk.tls.client.protocols="TLSv1.2" >> -Djdk.tls.server.protocols="TLSv1.2" >> -Djdk.tls.acknowledgeCloseNotify=true >> >> But I get the same error. >> >> I tried with the last version of QuickFixJ, but I still have the problem. >> >> Do someone already have this issue or have an idea to slove it ? >> >> Best regards, >> >> Sebastien. >> >> <http://www.orange-business.com/fr> >> >> <image001.png> <http://www.orange-business.com/fr> >> >> *Sebastien Medard * >> ORANGE/OBS/SCE/DD SUBS/NEWOAB/DPS/PS/ATSI >> >> seb...@or... <mailto:seb...@or...> >> >> Tel Mobile : 06 07 02 09 71 >> >> _________________________________________________________________________________________________________________________ >> >> Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc >> pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler >> a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, >> Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. >> >> This message and its attachments may contain confidential or privileged information that may be protected by law; >> they should not be distributed, used or copied without authorisation. >> If you have received this email in error, please notify the sender and delete this message and its attachments. >> As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. >> Thank you. >> _______________________________________________ >> Quickfixj-users mailing list >> Qui...@li... >> https://lists.sourceforge.net/lists/listinfo/quickfixj-users > > > _______________________________________________ > Quickfixj-users mailing list > Qui...@li... > https://lists.sourceforge.net/lists/listinfo/quickfixj-users -- Colin DuPlantis Chief Architect, Marketcetera Download, Run, Trade 888.868.4884 https://www.marketcetera.com |
