Menu
▾
▴
Re: [Quickfixj-users] Problem with SSL and JdK 11
|
From: Colin D. <co...@ma...> - 2021-01-26 16:41:37
|
Can you verify from your SSL debug logs that you are, in fact, using TLS v1.2 and not v1.3? On 1/26/21 8:15 AM, seb...@or... wrote: > QuickFIX/J Documentation: http://www.quickfixj.org/documentation/ > QuickFIX/J Support: http://www.quickfixj.org/support/ > > > > Hi, > > I have ugraded camel-spring-boot-dependencies to 3.0.0-RC3, it come > with quickfixJ-2.2.0 and mina-core-2.0.21. > > In fact, quickfixJ-2.2.0 include the mina-core-2.1.4, so I re-import > directly the mina-core-2.1.4 in my pom.xml, and then this version is > used. > > But I still have my errors > > INFO 10 --- [ NioProcessor-2] q.mina.acceptor.AcceptorIoHandler : MINA > session created: local=/172.18.14.166:1085, class > org.apache.mina.transport.socket.nio.NioSocketSession, > remote=/172.18.0.152:33533 > javax.net.ssl|ALL|3C|NioProcessor-2|2021-01-26 16:07:43.420 > GMT|SSLEngineImpl.java:752|Closing outbound of SSLEngine > javax.net.ssl|WARNING|3C|NioProcessor-2|2021-01-26 16:07:43.421 > GMT|SSLEngineOutputRecord.java:168|outbound has closed, ignore > outbound application data > > ERROR 10 --- [ NioProcessor-2] q.mina.acceptor.AcceptorIoHandler : > Socket (/172.18.0.152:33533): javax.net.ssl.SSLException: Improper > close state: Status = OK HandshakeStatus = NEED_WRAP > bytesConsumed = 0 bytesProduced = 7 sequenceNumber = 0 > > javax.net.ssl.SSLException: Improper close state: Status = OK > HandshakeStatus = NEED_WRAP > bytesConsumed = 0 bytesProduced = 7 sequenceNumber = 0 > at > org.apache.mina.filter.ssl.SslHandler.closeOutbound(SslHandler.java:498) > ~[mina-core-2.1.4.jar!/:na] > at > org.apache.mina.filter.ssl.SslFilter.initiateClosure(SslFilter.java:762) > ~[mina-core-2.1.4.jar!/:na] > at > org.apache.mina.filter.ssl.SslFilter.filterClose(SslFilter.java:693) > ~[mina-core-2.1.4.jar!/:na] > > javax.net.ssl|ALL|3C|NioProcessor-2|2021-01-26 16:07:43.440 > GMT|SSLEngineImpl.java:724|Closing inbound of SSLEngine > javax.net.ssl|ERROR|3C|NioProcessor-2|2021-01-26 16:07:43.441 > GMT|TransportContext.java:341|Fatal (INTERNAL_ERROR): closing inbound > before receiving peer's close_notify ( > "throwable" : { > javax.net.ssl.SSLException: closing inbound before receiving peer's > close_notify > at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:133) > > DEBUG 10 --- [ NioProcessor-2] org.apache.mina.filter.ssl.SslHandler : > Unexpected exception from SSLEngine.closeInbound(). > > javax.net.ssl.SSLException: closing inbound before receiving peer's > close_notify > at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:133) > ~[na:na] > > javax.net.ssl|WARNING|3C|NioProcessor-2|2021-01-26 16:07:43.442 > GMT|SSLEngineOutputRecord.java:168|outbound has closed, ignore > outbound application data > > Does anyone run application with quickfixJ with SSL activated on a jdk > 11 ? > > Cheers, > > Sebastien. > > *De :*MEDARD Sebastien OBS/DD > *Envoyé :* mardi 26 janvier 2021 14:16 > *À :* qui...@li... > *Objet :* RE: [Quickfixj-users] Problem with SSL and JdK 11 > > Hi, > > Thank for your answer. > > I use the dependency camel-spring-boot-dependencies:2.24.3 : > https://mvnrepository.com/artifact/org.apache.camel/camel-spring-boot-dependencies/2.24.3 > > It comes with camel-quickfix-2.24.3. QuickfixJ version in this > dependency is 2.1.0. > > But you are right, this dependency come with mina.core-2.0.17 too. > > It seem to take place of the mina-core-2.0.19 dependency included to > quickfixJ-2.1.0. > > I tried last week to update to the last stable version of > camel-spring-boot-dependencies : 2.25.3, but it comes again with > mina-core-2.0.17. > > I will try to update to a more recent version of > camel-spring-boot-dependencies, even if it is RC. > > Cheers, > > Sebastien. > > *De :*Christoph John <chr...@ma... > <mailto:chr...@ma...>> > *Envoyé :* mardi 26 janvier 2021 13:19 > *À :* qui...@li... > <mailto:qui...@li...>; MEDARD Sebastien > OBS/DD <seb...@or... <mailto:seb...@or...>> > *Objet :* Re: [Quickfixj-users] Problem with SSL and JdK 11 > > Hi, > > did you try a newer QFJ version? QFJ 2.2.0 contains MINA 2.1.3. > Apart from that, you mentioned that you are using QFJ 2.1.0 but the > log output shows mina-core-2.0.17. QFJ 2.1.0 contains MINA 2.0.19 > which also contained some SSL-related fixes. > > Cheers, > Chris. > > On 26.01.21 12:42, seb...@or... > <mailto:seb...@or...>wrote: > > QuickFIX/J Documentation: http://www.quickfixj.org/documentation/ > > QuickFIX/J Support: http://www.quickfixj.org/support/ > > Hi, > > I come back with the problem of SSL error with QuickfixJ and Jdk11. > > I put apache.mina in debug too, I try to change the cipher suites > with a stronger one which is present in jdk11, I try to use > another Jdk11 docker image, I try to use a jdk14 docker image. > > But I’m still have the error : > > DEBUG 10 --- [ NioProcessor-2] > org.apache.mina.filter.ssl.SslFilter : Adding the SSL Filter > SslFilter to the chain > > DEBUG 10 --- [ NioProcessor-2] > org.apache.mina.filter.ssl.SslHandler : Session Server[1](no > sslEngine) Initializing the SSL Handler > > DEBUG 10 --- [ NioProcessor-2] > org.apache.mina.filter.ssl.SslHandler : Session Server[1](no > sslEngine) SSL Handler Initialization done > > DEBUG 10 --- [ NioProcessor-2] > org.apache.mina.filter.ssl.SslFilter : Session Server[1](ssl...) : > Starting the first handshake > > 2021-01-26 09:16:02.152 DEBUG 10 --- [ NioProcessor-2] > org.apache.mina.filter.ssl.SslHandler : Session Server[1](ssl...) > processing the NEED_UNWRAP state > > INFO 10 --- [ NioProcessor-2] q.mina.acceptor.AcceptorIoHandler : > MINA session created: local=/172.18.8.62:1085, class > org.apache.mina.transport.socket.nio.NioSocketSession, > remote=/172.18.0.152:35990 > javax.net.ssl|ALL|3C|NioProcessor-2|2021-01-26 09:16:02.154 > GMT|SSLEngineImpl.java:752|Closing outbound of SSLEngine > javax.net.ssl|WARNING|3C|NioProcessor-2|2021-01-26 09:16:02.156 > GMT|SSLEngineOutputRecord.java:168|outbound has closed, ignore > outbound application data > > ERROR 10 --- [ NioProcessor-2] q.mina.acceptor.AcceptorIoHandler : > Socket (/172.18.0.152:35990): javax.net.ssl.SSLException: Improper > close state: Status = OK HandshakeStatus = NEED_WRAP > bytesConsumed = 0 bytesProduced = 7 sequenceNumber = 0 > > javax.net.ssl.SSLException: Improper close state: Status = OK > HandshakeStatus = NEED_WRAP > bytesConsumed = 0 bytesProduced = 7 sequenceNumber = 0 > at > org.apache.mina.filter.ssl.SslHandler.closeOutbound(SslHandler.java:502) > ~[mina-core-2.0.17.jar!/:na] > at > org.apache.mina.filter.ssl.SslFilter.initiateClosure(SslFilter.java:768) > ~[mina-core-2.0.17.jar!/:na] > at > org.apache.mina.filter.ssl.SslFilter.filterClose(SslFilter.java:702) > ~[mina-core-2.0.17.jar!/:na] > > > … > javax.net.ssl|ALL|3C|NioProcessor-2|2021-01-26 09:16:02.162 > GMT|SSLEngineImpl.java:724|Closing inbound of SSLEngine > javax.net.ssl|ERROR|3C|NioProcessor-2|2021-01-26 09:16:02.163 > GMT|TransportContext.java:341|Fatal (INTERNAL_ERROR): closing > inbound before receiving peer's close_notify ( > "throwable" : { > javax.net.ssl.SSLException: closing inbound before receiving > peer's close_notify > at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:133) > > DEBUG 10 --- [ NioProcessor-2] > org.apache.mina.filter.ssl.SslHandler : Unexpected exception from > SSLEngine.closeInbound(). > javax.net.ssl.SSLException: closing inbound before receiving > peer's close_notify > at > java.base/sun.security.ssl.Alert.createSSLException(Alert.java:133) > ~[na:na] > > javax.net.ssl|WARNING|3C|NioProcessor-2|2021-01-26 09:16:02.164 > GMT|SSLEngineOutputRecord.java:168|outbound has closed, ignore > outbound application data > > I get this error even if no client try to connect on my module. > > If someone have suggestions or ideas on this problem, I’m interested. > > Best regards, > > Sebastien. > > _________________________________________________________________________________________________________________________ > > Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc > > pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler > > a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, > > Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie.Merci. > > This message and its attachments may contain confidential or > privileged information that may be protected by law; > > they should not be distributed, used or copied without authorisation. > > If you have received this email in error, please notify the sender > and delete this message and its attachments. > > As emails may be altered, Orange is not liable for messages that > have been modified, changed or falsified. > > Thank you. > > > > _______________________________________________ > > _________________________________________________________________________________________________________________________ > > Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc > pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler > a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, > Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. > > This message and its attachments may contain confidential or privileged information that may be protected by law; > they should not be distributed, used or copied without authorisation. > If you have received this email in error, please notify the sender and delete this message and its attachments. > As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. > Thank you. > > > _______________________________________________ > Quickfixj-users mailing list > Qui...@li... > https://lists.sourceforge.net/lists/listinfo/quickfixj-users -- Colin DuPlantis Chief Architect, Marketcetera Download, Run, Trade 888.868.4884 https://www.marketcetera.com |
