Re: [Simpleweb-Support] Getting started with SSL
Brought to you by:
niallg
Menu
▾
▴
Re: [Simpleweb-Support] Getting started with SSL
|
From: Brad M. <br...@br...> - 2010-08-02 11:32:36
|
Got it. Added some logging and found this exception which was being
caught but not logged in Task.run()
Now to figure out why there's no cipher suites...
javax.net.ssl.SSLHandshakeException: no cipher suites in common
at
com.sun.net.ssl.internal.ssl.Handshaker.checkThrown(Handshaker.java:938)
at
com.sun.net.ssl.internal.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:465)
at
com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:701)
at
com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:669)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:607)
at org.simpleframework.transport.Handshake.read(Handshake.java:272)
at org.simpleframework.transport.Handshake.read(Handshake.java:256)
at
org.simpleframework.transport.Handshake.exchange(Handshake.java:240)
at
org.simpleframework.transport.Handshake.process(Handshake.java:203)
at
org.simpleframework.transport.Handshake.resume(Handshake.java:182)
at org.simpleframework.transport.Task.execute(Task.java:130)
at org.simpleframework.transport.Task.run(Task.java:90)
at
org.simpleframework.transport.Handshake.resume(Handshake.java:186)
at
org.simpleframework.transport.Handshake.begin(Handshake.java:166)
at org.simpleframework.transport.Handshake.run(Handshake.java:137)
at
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:885)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:907)
at java.lang.Thread.run(Thread.java:619)
Caused by: javax.net.ssl.SSLHandshakeException: no cipher suites in common
at
com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at
com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1366)
at
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:189)
at
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:177)
at
com.sun.net.ssl.internal.ssl.ServerHandshaker.chooseCipherSuite(ServerHandshaker.java:638)
at
com.sun.net.ssl.internal.ssl.ServerHandshaker.clientHello(ServerHandshaker.java:425)
at
com.sun.net.ssl.internal.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:139)
at
com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
at
com.sun.net.ssl.internal.ssl.Handshaker$1.run(Handshaker.java:458)
at java.security.AccessController.doPrivileged(Native Method)
at
com.sun.net.ssl.internal.ssl.Handshaker$DelegatedTask.run(Handshaker.java:875)
at
org.simpleframework.transport.Handshake.execute(Handshake.java:346)
at org.simpleframework.transport.Handshake.read(Handshake.java:284)
... 12 more
Brad McEvoy wrote:
> I've checked and have the same issue with .21
>
> I've done the same check with xlightweb and it also works on my
> windows box and fails silently on the linux server, so it is
> definitely something I'm doing wrong.
>
> Just a couple of specific things:
> - should the ssl protocol be SSL or TLS?
> - if i've built the certificate incorrectly, should I expect to see a
> program error on startup (or at any time)?
> - should the keystore type be JKS?
> - should the keystore algorithm be SunX509?
> - do any of these vary between windows and linux?
> - should I expect the same certificate file to work on windows and linux?
>
> Thanks in advance.
>
> Brad
>
> Niall Gallagher wrote:
>> Hi,
>>
>> Are you using 4.1.21 to test HTTPS? There have been a number of bugs
>> fixed recently for HTTPS/SSL. I would advise you use 4.1.21.
>>
>> Niall
>>
>> --- On *Sun, 8/1/10, Brad McEvoy /<br...@br...>/* wrote:
>>
>>
>> From: Brad McEvoy <br...@br...>
>> Subject: [Simpleweb-Support] Getting started with SSL
>> To: "Simple support and user issues"
>> <sim...@li...>
>> Date: Sunday, August 1, 2010, 7:26 PM
>>
>> Hi All,
>>
>> I'm having a problem with using SSL in SimpleHTTP. I'm sure i'm
>> doing something dumb but am at a loss as to where to start.
>>
>> All works fine on my Windows development machine, but when I
>> deploy to an Ubuntu server (Sun VM 1.6) I get a "Connection
>> interrupted" error in firefox. I've confirmed connectivity on
>> port 443 to the server.
>>
>> When using the SimpleSSLHelloWorld (adapted for my own
>> certificate and password) there is no output from logging and the
>> handle method doesnt get called.
>>
>> When i modify the code to directly setup the ContainerServer in
>> my code I can see that the process method does indeed get called
>> on the ContainerServer for a https request, which then calls
>> process on the wrapped processor, but then there is no more
>> console output, there are no exceptions thrown, nothing is
>> returned to the browser and the handle method doesnt get called.
>>
>> I'm a bit unsure about the ssl config. If there was a
>> configuration error, should I expect to see an error on startup?
>> Is there some particular class in simple web that I can add
>> logging to to see whats going wrong?
>>
>> I've attached my slightly modified form of the
>> SimpleSSLHelloWorld and also my own implementation
>> SslSimpletonServer, both of which show the same results.
>>
>> Any help would be greatly appreciated. I'm happy to the digging
>> myself but need to know where to stick my shovel!
>>
>> Cheers,
>> Brad
>>
>> BTW: this is all part of a project to integrate simpleweb with
>> milton (see http://milton.ettrema.com) for a very light weight
>> webdav server
>>
>>
>> Andrew Barlow wrote:
>>> Thanks Niall - works like a charm on Safari 5 now...
>>>
>>> AndyB
>>> On 26 Jul 2010, at 20:48, Niall Gallagher wrote:
>>>
>>>> Hi,
>>>>
>>>> I have released 4.1.21 which fixes this issue by not requesting
>>>> client authentication. If client authentication is needed it
>>>> can be done just before the handshake begins by setting it on
>>>> the SSLEngine associated with the
>>>> org.simpleframework.transport.Socket.
>>>>
>>>> Regards,
>>>> Niall
>>>>
>>>> --- On *Thu, 7/8/10, Andrew Barlow
>>>> /<and...@sd...
>>>> </mc/compose?to=...@sd...>>/* wrote:
>>>>
>>>>
>>>> From: Andrew Barlow <and...@sd...
>>>> </mc/compose?to=...@sd...>>
>>>> Subject: [Simpleweb-Support] SSL client certificate
>>>> request: Safari 5 problem?
>>>> To: sim...@li...
>>>> </mc/compose?to=...@li...>
>>>> Date: Thursday, July 8, 2010, 1:14 AM
>>>>
>>>> Niall and Fabio kindly sent me links to example code for
>>>> delivering web content over SSL, see
>>>> http://sourceforge.net/mailarchive/forum.php?thread_name=AANLkTilp2LqrCGMJ5Io6hxFOJMLZqIYGNutDmYslm-gP%40mail.gmail.com&forum_name=simpleweb-support
>>>> <http://sourceforge.net/mailarchive/forum.php?thread_name=AANLkTilp2LqrCGMJ5Io6hxFOJMLZqIYGNutDmYslm-gP%40mail.gmail.com&forum_name=simpleweb-support>.
>>>>
>>>>
>>>> As I need to use an existing signed certificate inside a
>>>> Java keystore I've adopted/adapted Fabio's example which
>>>> reads from the keystore file.
>>>>
>>>> I have set the SSLContext to "TLS".
>>>>
>>>> I've tested against a keystore containing a bona-fide
>>>> signed certificate issued by Thawte and all is well across
>>>> a range of browsers: Internet Explorer on Windows and
>>>> Firefox, Opera, Chrome on Windows and Mac.
>>>>
>>>> However on Safari 5 (but NOT 4) on the Mac I encounter a
>>>> message asking for a client certificate, see screenshot:
>>>> <clientcertificate.png>
>>>>
>>>>
>>>> Upon selecting a certificate (doesn't matter which), Safari
>>>> then gives a message:
>>>>
>>>> "Safari can’t open the page “xxxx” because Safari can’t
>>>> establish a secure connection to the server “xxxx”.
>>>>
>>>> On Windows behaviour is slightly different, Safari 5 simply
>>>> displays the message without prompting for client certificate.
>>>>
>>>> As this works fine with other browsers, including earlier
>>>> version of Safari could this be an Safari 5 issue that
>>>> needs to be addressed by Apple?
>>>>
>>>> Andy Barlow - Chief Technology Officer - MBCS CENG EURING CITP
>>>>
>>>> e: and...@sd...
>>>> t: +44 (0)7830 302 268
>>>>
>>>> /The information in this email or facsimile is confidential
>>>> and is intended solely for the addressee(s) and access to
>>>> this email or facsimile by anyone else is unauthorised. If
>>>> you are not the intended recipient then any disclosure,
>>>> copying, distribution or any action taken or omitted to be
>>>> taken in reliance on it, is prohibited and may be unlawful.
>>>> Information expressed in this email or facsimile is not
>>>> given or endorsed by my firm or employer unless otherwise
>>>> indicated by an authorised representative independent of
>>>> this message./
>>>>
>>>>
>>>> -----Inline Attachment Follows-----
>>>>
>>>> ------------------------------------------------------------------------------
>>>> This SF.net <http://SF.net> email is sponsored by Sprint
>>>> What will you do first with EVO, the first 4G phone?
>>>> Visit sprint.com/first <http://sprint.com/first> --
>>>> http://p.sf.net/sfu/sprint-com-first
>>>>
>>>> -----Inline Attachment Follows-----
>>>>
>>>> _______________________________________________
>>>> Simpleweb-Support mailing list
>>>> Sim...@li...
>>>> https://lists.sourceforge.net/lists/listinfo/simpleweb-support
>>>>
>>>>
>>>> ------------------------------------------------------------------------------
>>>> The Palm PDK Hot Apps Program offers developers who use the
>>>> Plug-In Development Kit to bring their C/C++ apps to Palm for a
>>>> share
>>>> of $1 Million in cash or HP Products. Visit us here for more
>>>> details:
>>>> http://ad.doubleclick.net/clk;226879339;13503038;l?
>>>> http://clk.atdmt.com/CRS/go/247765532/direct/01/_______________________________________________
>>>> Simpleweb-Support mailing list
>>>> Sim...@li...
>>>> </mc/compose?to=...@li...>
>>>> https://lists.sourceforge.net/lists/listinfo/simpleweb-support
>>>
>>> Andy Barlow - Chief Technology Officer - MBCS CENG EURING CITP
>>>
>>> e: and...@sd...
>>> </mc/compose?to=...@sd...>
>>> t: +44 (0)7830 302 268
>>>
>>> /The information in this email or facsimile is confidential and
>>> is intended solely for the addressee(s) and access to this email
>>> or facsimile by anyone else is unauthorised. If you are not the
>>> intended recipient then any disclosure, copying, distribution or
>>> any action taken or omitted to be taken in reliance on it, is
>>> prohibited and may be unlawful. Information expressed in this
>>> email or facsimile is not given or endorsed by my firm or
>>> employer unless otherwise indicated by an
>>> authorised representative independent of this message./
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> The Palm PDK Hot Apps Program offers developers who use the
>>> Plug-In Development Kit to bring their C/C++ apps to Palm for a share
>>> of $1 Million in cash or HP Products. Visit us here for more details:
>>> http://ad.doubleclick.net/clk;226879339;13503038;l?
>>> http://clk.atdmt.com/CRS/go/247765532/direct/01/
>>>
>>>
>>> _______________________________________________
>>> Simpleweb-Support mailing list
>>> Sim...@li... </mc/compose?to=...@li...>
>>> https://lists.sourceforge.net/lists/listinfo/simpleweb-support
>>>
>>
>>
>> -----Inline Attachment Follows-----
>>
>> ------------------------------------------------------------------------------
>> The Palm PDK Hot Apps Program offers developers who use the
>> Plug-In Development Kit to bring their C/C++ apps to Palm for a share
>> of $1 Million in cash or HP Products. Visit us here for more details:
>> http://p.sf.net/sfu/dev2dev-palm
>>
>> -----Inline Attachment Follows-----
>>
>> _______________________________________________
>> Simpleweb-Support mailing list
>> Sim...@li...
>> </mc/compose?to=...@li...>
>> https://lists.sourceforge.net/lists/listinfo/simpleweb-support
>>
>>
>>
>> ------------------------------------------------------------------------------
>> The Palm PDK Hot Apps Program offers developers who use the
>> Plug-In Development Kit to bring their C/C++ apps to Palm for a share
>> of $1 Million in cash or HP Products. Visit us here for more details:
>> http://p.sf.net/sfu/dev2dev-palm
>>
>>
>> _______________________________________________
>> Simpleweb-Support mailing list
>> Sim...@li...
>> https://lists.sourceforge.net/lists/listinfo/simpleweb-support
>>
>
>
> ------------------------------------------------------------------------------
> The Palm PDK Hot Apps Program offers developers who use the
> Plug-In Development Kit to bring their C/C++ apps to Palm for a share
> of $1 Million in cash or HP Products. Visit us here for more details:
> http://p.sf.net/sfu/dev2dev-palm
>
>
> _______________________________________________
> Simpleweb-Support mailing list
> Sim...@li...
> https://lists.sourceforge.net/lists/listinfo/simpleweb-support
>
|
