Menu
▾
▴
Re: [Quickfixj-users] Problem with SSL and JdK 11
|
From: <seb...@or...> - 2021-01-22 07:53:26
|
Hi, Thanks for your answers, I will check today the version of the jdk and the cipher suites used. If the problem stay, I will try to have more information about the error. Cheers, Sebastien. De : Christoph John <chr...@ma...> Envoyé : vendredi 22 janvier 2021 00:08 À : qui...@li...; MEDARD Sebastien OBS/DD <seb...@or...> Objet : Re: [Quickfixj-users] Problem with SSL and JdK 11 Hi, are you sure that enabled SSL debug logging does not provide more information? Usually it should at least log the supported and ignored ciphers on startup. Are you using the most recent OpenJDK11? What output does the following command print? Is your cipher included? $JAVA_HOME/bin/jrunscript -e "java.util.Arrays.asList(javax.net.ssl.SSLContext.getDefault().getSocketFactory().getSupportedCipherSuites()).forEach(println)" Cheers, Chris. On 21.01.21 16:15, seb...@or...<mailto:seb...@or...> wrote: QuickFIX/J Documentation: http://www.quickfixj.org/documentation/ QuickFIX/J Support: http://www.quickfixj.org/support/ Hello everyone, I meet some SSL problem with my Java application using QuickFixJ and SSL activate. Months ago, the application was on openJdk8, and used QuickfixJ 2.1.0. Here was the configuration : SocketUseSSL : "Y" CipherSuites : "TLS_RSA_WITH_AES_128_CBC_SHA" EnabledProtocols : "TLSv1.2" SocketKeyStore : path to keystore SocketKeyStorePassword : ***** SocketTrustStore : path to truststore SocketTrustStorePassword : ***** NeedClientAuth : "Y" Then we work on migration of the code, from java 8 to java 11. We keep the same SSL configuration of Quickfix J, we keep the same version (2.1.0). Now we have error with the SSL part : javax.net.ssl.SSLException: Improper close state: Status = OK HandshakeStatus = NEED_WRAP bytesConsumed = 0 bytesProduced = 7 sequenceNumber = 0 at org.apache.mina.filter.ssl.SslHandler.closeOutbound(SslHandler.java:502) ~[mina-core-2.0.17.jar!/:na] at org.apache.mina.filter.ssl.SslFilter.initiateClosure(SslFilter.java:768) ~[mina-core-2.0.17.jar!/:na] ...... javax.net.ssl|ALL|36|NioProcessor-2|2021-01-17 20:53:25.961 UTC|SSLEngineImpl.java:724|Closing inbound of SSLEngine javax.net.ssl|ERROR|36|NioProcessor-2|2021-01-17 20:53:25.962 UTC|TransportContext.java:342|Fatal (INTERNAL_ERROR): closing inbound before receiving peer's close_notify ( "throwable" : { javax.net.ssl.SSLException: closing inbound before receiving peer's close_notify at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:133) at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117) at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:337) With java.net.SSL in debug, I don't have more information about the problem. The truststore and the keystore are the same, and they are find by Quickfick J (If I configure a bad path for the keystore, I get an error message in the log about it) I try some configurations in order to slove the problem, as adding this parameter to the JVM : -Djdk.tls.client.protocols="TLSv1.2" -Djdk.tls.server.protocols="TLSv1.2" -Djdk.tls.acknowledgeCloseNotify=true But I get the same error. I tried with the last version of QuickFixJ, but I still have the problem. Do someone already have this issue or have an idea to slove it ? Best regards, Sebastien. [Logo Orange Business Services]<http://www.orange-business.com/fr> Sebastien Medard ORANGE/OBS/SCE/DD SUBS/NEWOAB/DPS/PS/ATSI seb...@or...<mailto:seb...@or...> Tel Mobile : 06 07 02 09 71 _________________________________________________________________________________________________________________________ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you. _______________________________________________ Quickfixj-users mailing list Qui...@li...<mailto:Qui...@li...> https://lists.sourceforge.net/lists/listinfo/quickfixj-users -- Christoph John Software Engineering T +49 241 557080-28 chr...@ma...<mailto:chr...@ma...> MACD GmbH Oppenhoffallee 103 52066 Aachen, Germany www.macd.com<http://www.macd.com> Amtsgericht Aachen: HRB 8151 Ust.-Id: DE 813021663 Geschäftsführer: George Macdonald _________________________________________________________________________________________________________________________ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you. |
