Re: [Quickfixj-users] Problem with SSL and JdK 11

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi Christoph,

Thank for your answer, I follow your suggestion, you’re right, I made the change.

I try to add my certificate in the jdk cacerts, and use it as truststore for QuickfixJ, but it don’t slove my problem.
I try another idea, get back on openjdk8, with ssl and handshake in debug mode. I got this :

2021-01-28 08:45:50.184 INFO 10 --- [ NioProcessor-1] q.mina.acceptor.AcceptorIoHandler : MINA session created: local=/172.18.12.72:1085, class org.apache.mina.transport.socket.nio.NioSocketSession, remote=/172.18.0.91:23463
NioProcessor-1, called closeOutbound()
NioProcessor-1, closeOutboundInternal()
NioProcessor-1, called closeInbound()
NioProcessor-1, fatal error: 80: Inbound closed before receiving peer's close_notify: possible truncation attack?
javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?
NioProcessor-1, SEND TLSv1.2 ALERT: fatal, description = internal_error
NioProcessor-1, Exception sending alert: java.io.IOException: writer side was already closed.
NioProcessor-1, called closeOutbound()
NioProcessor-1, closeOutboundInternal()
NioProcessor-2, called closeInbound()
NioProcessor-2, fatal error: 80: Inbound closed before receiving peer's close_notify: possible truncation attack?
javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?
NioProcessor-2, SEND TLSv1.2 ALERT: fatal, description = internal_error
NioProcessor-2, Exception sending alert: java.io.IOException: writer side was already closed.
NioProcessor-2, called closeOutbound()
NioProcessor-2, closeOutboundInternal()
Using SSLEngineImpl.
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false

In fact it seems the errors was already present with openjdk8, but doesn’t block, because we were able to establish securised connection with QuickFixJ.
I will try to investigate on this logs.

Cheers,
Sebastien.

_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.