Menu
▾
▴
Re: [Quickfixj-users] Problem with SSL and JdK 11
|
From: Ajay P. <ap...@en...> - 2021-01-21 17:54:17
|
We have had this problem before when the certificates used by sessions are owned by the counterparties(and not us) and JDK/JRE upgrade on our side deprecates the cipher used. We have gotten around it by supplying a modified java security policy file more in line with the older jdk for that session until we can move the counterparty to a newer certificate. It depends on what JDK you are using but this link has an example. https://dzone.com/articles/how-override-java-security Cheers Ajay On Thu, Jan 21, 2021 at 10:36 AM Colin DuPlantis <co...@ma...> wrote: > QuickFIX/J Documentation: http://www.quickfixj.org/documentation/ > QuickFIX/J <http://www.quickfixj.org/documentation/QuickFIX/J> Support: > http://www.quickfixj.org/support/ > > > I haven't seen this specific problem, but I have seen differences between, > say Oracle's version of JDK and OpenJdk's with SSL, even for the same > version. The cipher suites supported don't always seem to be identical. > > You could try different versions of the JDK and different distributions. > On 1/21/21 7:46 AM, Philip Whitehouse wrote: > > QuickFIX/J Documentation: http://www.quickfixj.org/documentation/ > QuickFIX/J Support: http://www.quickfixj.org/support/ > > > Seems the same as https://bugs.mysql.com/bug.php?id=93590 > > Best, > > Philip Whitehouse > > On 21 Jan 2021, at 15:34, seb...@or... wrote: > > QuickFIX/J Documentation: http://www.quickfixj.org/documentation/ > QuickFIX/J Support: http://www.quickfixj.org/support/ > > > Hello everyone, > > > > I meet some SSL problem with my Java application using QuickFixJ and SSL > activate. > > > > Months ago, the application was on openJdk8, and used QuickfixJ 2.1.0. > Here was the configuration : > > > > *SocketUseSSL : "Y"* > > *CipherSuites : "TLS_RSA_WITH_AES_128_CBC_SHA"* > > *EnabledProtocols : "TLSv1.2"* > > *SocketKeyStore : path to keystore* > > *SocketKeyStorePassword : ****** > > *SocketTrustStore : path to truststore* > > *SocketTrustStorePassword : ****** > > *NeedClientAuth : "Y"* > > > > > > Then we work on migration of the code, from java 8 to java 11. We keep the > same SSL configuration of Quickfix J, we keep the same version (2.1.0). > > Now we have error with the SSL part : > > > > *javax.net.ssl.SSLException: Improper close state: Status = OK > HandshakeStatus = NEED_WRAP* > > *bytesConsumed = 0 bytesProduced = 7 sequenceNumber = 0* > > * at > org.apache.mina.filter.ssl.SslHandler.closeOutbound(SslHandler.java:502) > ~[mina-core-2.0.17.jar!/:na]* > > * at > org.apache.mina.filter.ssl.SslFilter.initiateClosure(SslFilter.java:768) > ~[mina-core-2.0.17.jar!/:na]* > > *……* > > *javax.net.ssl|ALL|36|NioProcessor-2|2021-01-17 20:53:25.961 > UTC|SSLEngineImpl.java:724|Closing inbound of SSLEngine* > > *javax.net.ssl|ERROR|36|NioProcessor-2|2021-01-17 20:53:25.962 > UTC|TransportContext.java:342|Fatal (INTERNAL_ERROR): closing inbound > before receiving peer's close_notify (* > > *"throwable" : {* > > * javax.net.ssl.SSLException: closing inbound before receiving peer's > close_notify* > > * at > java.base/sun.security.ssl.Alert.createSSLException(Alert.java:133)* > > * at > java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)* > > * at > java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:337)* > > > > With java.net.SSL in debug, I don’t have more information about the > problem. > > > > The truststore and the keystore are the same, and they are find by > Quickfick J (If I configure a bad path for the keystore, I get an error > message in the log about it) > > > > I try some configurations in order to slove the problem, as adding this > parameter to the JVM : > > -Djdk.tls.client.protocols="TLSv1.2" -Djdk.tls.server.protocols="TLSv1.2" > -Djdk.tls.acknowledgeCloseNotify=true > > > > But I get the same error. > > I tried with the last version of QuickFixJ, but I still have the problem. > > > > Do someone already have this issue or have an idea to slove it ? > > > > Best regards, > > Sebastien. > > > > > > <http://www.orange-business.com/fr> > <image001.png> <http://www.orange-business.com/fr> > > > > *Sebastien Medard * > ORANGE/OBS/SCE/DD SUBS/NEWOAB/DPS/PS/ATSI > > > > seb...@or... > > > > Tel Mobile : 06 07 02 09 71 > > > > _________________________________________________________________________________________________________________________ > > Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc > pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler > a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, > Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. > > This message and its attachments may contain confidential or privileged information that may be protected by law; > they should not be distributed, used or copied without authorisation. > If you have received this email in error, please notify the sender and delete this message and its attachments. > As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. > Thank you. > > _______________________________________________ > Quickfixj-users mailing list > Qui...@li... > https://lists.sourceforge.net/lists/listinfo/quickfixj-users > > > > _______________________________________________ > Quickfixj-users mailing lis...@li...://lists.sourceforge.net/lists/listinfo/quickfixj-users > > -- > Colin DuPlantis > Chief Architect, Marketcetera > Download, Run, Trade > 888.868.4884https://www.marketcetera.com > > _______________________________________________ > Quickfixj-users mailing list > Qui...@li... > https://lists.sourceforge.net/lists/listinfo/quickfixj-users > -- <https://www.linkedin.com/uas/login?session_redirect=https%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fenfusion-systems-llc%2Fmycompany> <https://twitter.com/enfusion> Follow us for more unique Enfusion insights like this: _Adapting to an accelerated pace of change in 2021_ <https://www.linkedin.com/feed/update/urn:li:activity:6746820573227167744> |
