Menu
▾
▴
Re: [Quickfixj-users] Problem with SSL and JdK 11
|
From: <seb...@or...> - 2021-01-26 16:16:02
|
Hi,
I have ugraded camel-spring-boot-dependencies to 3.0.0-RC3, it come with quickfixJ-2.2.0 and mina-core-2.0.21.
In fact, quickfixJ-2.2.0 include the mina-core-2.1.4, so I re-import directly the mina-core-2.1.4 in my pom.xml, and then this version is used.
But I still have my errors
INFO 10 --- [ NioProcessor-2] q.mina.acceptor.AcceptorIoHandler : MINA session created: local=/172.18.14.166:1085, class org.apache.mina.transport.socket.nio.NioSocketSession, remote=/172.18.0.152:33533
javax.net.ssl|ALL|3C|NioProcessor-2|2021-01-26 16:07:43.420 GMT|SSLEngineImpl.java:752|Closing outbound of SSLEngine
javax.net.ssl|WARNING|3C|NioProcessor-2|2021-01-26 16:07:43.421 GMT|SSLEngineOutputRecord.java:168|outbound has closed, ignore outbound application data
ERROR 10 --- [ NioProcessor-2] q.mina.acceptor.AcceptorIoHandler : Socket (/172.18.0.152:33533): javax.net.ssl.SSLException: Improper close state: Status = OK HandshakeStatus = NEED_WRAP
bytesConsumed = 0 bytesProduced = 7 sequenceNumber = 0
javax.net.ssl.SSLException: Improper close state: Status = OK HandshakeStatus = NEED_WRAP
bytesConsumed = 0 bytesProduced = 7 sequenceNumber = 0
at org.apache.mina.filter.ssl.SslHandler.closeOutbound(SslHandler.java:498) ~[mina-core-2.1.4.jar!/:na]
at org.apache.mina.filter.ssl.SslFilter.initiateClosure(SslFilter.java:762) ~[mina-core-2.1.4.jar!/:na]
at org.apache.mina.filter.ssl.SslFilter.filterClose(SslFilter.java:693) ~[mina-core-2.1.4.jar!/:na]
javax.net.ssl|ALL|3C|NioProcessor-2|2021-01-26 16:07:43.440 GMT|SSLEngineImpl.java:724|Closing inbound of SSLEngine
javax.net.ssl|ERROR|3C|NioProcessor-2|2021-01-26 16:07:43.441 GMT|TransportContext.java:341|Fatal (INTERNAL_ERROR): closing inbound before receiving peer's close_notify (
"throwable" : {
javax.net.ssl.SSLException: closing inbound before receiving peer's close_notify
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:133)
DEBUG 10 --- [ NioProcessor-2] org.apache.mina.filter.ssl.SslHandler : Unexpected exception from SSLEngine.closeInbound().
javax.net.ssl.SSLException: closing inbound before receiving peer's close_notify
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:133) ~[na:na]
javax.net.ssl|WARNING|3C|NioProcessor-2|2021-01-26 16:07:43.442 GMT|SSLEngineOutputRecord.java:168|outbound has closed, ignore outbound application data
Does anyone run application with quickfixJ with SSL activated on a jdk 11 ?
Cheers,
Sebastien.
De : MEDARD Sebastien OBS/DD
Envoyé : mardi 26 janvier 2021 14:16
À : qui...@li...
Objet : RE: [Quickfixj-users] Problem with SSL and JdK 11
Hi,
Thank for your answer.
I use the dependency camel-spring-boot-dependencies:2.24.3 : https://mvnrepository.com/artifact/org.apache.camel/camel-spring-boot-dependencies/2.24.3
It comes with camel-quickfix-2.24.3. QuickfixJ version in this dependency is 2.1.0.
But you are right, this dependency come with mina.core-2.0.17 too.
It seem to take place of the mina-core-2.0.19 dependency included to quickfixJ-2.1.0.
I tried last week to update to the last stable version of camel-spring-boot-dependencies : 2.25.3, but it comes again with mina-core-2.0.17.
I will try to update to a more recent version of camel-spring-boot-dependencies, even if it is RC.
Cheers,
Sebastien.
De : Christoph John <chr...@ma...<mailto:chr...@ma...>>
Envoyé : mardi 26 janvier 2021 13:19
À : qui...@li...<mailto:qui...@li...>; MEDARD Sebastien OBS/DD <seb...@or...<mailto:seb...@or...>>
Objet : Re: [Quickfixj-users] Problem with SSL and JdK 11
Hi,
did you try a newer QFJ version? QFJ 2.2.0 contains MINA 2.1.3.
Apart from that, you mentioned that you are using QFJ 2.1.0 but the log output shows mina-core-2.0.17. QFJ 2.1.0 contains MINA 2.0.19 which also contained some SSL-related fixes.
Cheers,
Chris.
On 26.01.21 12:42, seb...@or...<mailto:seb...@or...> wrote:
QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
QuickFIX/J Support: http://www.quickfixj.org/support/
Hi,
I come back with the problem of SSL error with QuickfixJ and Jdk11.
I put apache.mina in debug too, I try to change the cipher suites with a stronger one which is present in jdk11, I try to use another Jdk11 docker image, I try to use a jdk14 docker image.
But I'm still have the error :
DEBUG 10 --- [ NioProcessor-2] org.apache.mina.filter.ssl.SslFilter : Adding the SSL Filter SslFilter to the chain
DEBUG 10 --- [ NioProcessor-2] org.apache.mina.filter.ssl.SslHandler : Session Server[1](no sslEngine) Initializing the SSL Handler
DEBUG 10 --- [ NioProcessor-2] org.apache.mina.filter.ssl.SslHandler : Session Server[1](no sslEngine) SSL Handler Initialization done
DEBUG 10 --- [ NioProcessor-2] org.apache.mina.filter.ssl.SslFilter : Session Server[1](ssl...) : Starting the first handshake
2021-01-26 09:16:02.152 DEBUG 10 --- [ NioProcessor-2] org.apache.mina.filter.ssl.SslHandler : Session Server[1](ssl...) processing the NEED_UNWRAP state
INFO 10 --- [ NioProcessor-2] q.mina.acceptor.AcceptorIoHandler : MINA session created: local=/172.18.8.62:1085, class org.apache.mina.transport.socket.nio.NioSocketSession, remote=/172.18.0.152:35990
javax.net.ssl|ALL|3C|NioProcessor-2|2021-01-26 09:16:02.154 GMT|SSLEngineImpl.java:752|Closing outbound of SSLEngine
javax.net.ssl|WARNING|3C|NioProcessor-2|2021-01-26 09:16:02.156 GMT|SSLEngineOutputRecord.java:168|outbound has closed, ignore outbound application data
ERROR 10 --- [ NioProcessor-2] q.mina.acceptor.AcceptorIoHandler : Socket (/172.18.0.152:35990): javax.net.ssl.SSLException: Improper close state: Status = OK HandshakeStatus = NEED_WRAP
bytesConsumed = 0 bytesProduced = 7 sequenceNumber = 0
javax.net.ssl.SSLException: Improper close state: Status = OK HandshakeStatus = NEED_WRAP
bytesConsumed = 0 bytesProduced = 7 sequenceNumber = 0
at org.apache.mina.filter.ssl.SslHandler.closeOutbound(SslHandler.java:502) ~[mina-core-2.0.17.jar!/:na]
at org.apache.mina.filter.ssl.SslFilter.initiateClosure(SslFilter.java:768) ~[mina-core-2.0.17.jar!/:na]
at org.apache.mina.filter.ssl.SslFilter.filterClose(SslFilter.java:702) ~[mina-core-2.0.17.jar!/:na]
...
javax.net.ssl|ALL|3C|NioProcessor-2|2021-01-26 09:16:02.162 GMT|SSLEngineImpl.java:724|Closing inbound of SSLEngine
javax.net.ssl|ERROR|3C|NioProcessor-2|2021-01-26 09:16:02.163 GMT|TransportContext.java:341|Fatal (INTERNAL_ERROR): closing inbound before receiving peer's close_notify (
"throwable" : {
javax.net.ssl.SSLException: closing inbound before receiving peer's close_notify
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:133)
DEBUG 10 --- [ NioProcessor-2] org.apache.mina.filter.ssl.SslHandler : Unexpected exception from SSLEngine.closeInbound().
javax.net.ssl.SSLException: closing inbound before receiving peer's close_notify
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:133) ~[na:na]
javax.net.ssl|WARNING|3C|NioProcessor-2|2021-01-26 09:16:02.164 GMT|SSLEngineOutputRecord.java:168|outbound has closed, ignore outbound application data
I get this error even if no client try to connect on my module.
If someone have suggestions or ideas on this problem, I'm interested.
Best regards,
Sebastien.
_________________________________________________________________________________________________________________________
Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.
_______________________________________________
_________________________________________________________________________________________________________________________
Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.
|
