Did you modify your JCE permissions ? Due to crypto restrictions your Keystores may be in good shape but unusable. Download the unrestricted JCE policy files from java web site and try again.
My 0.02 $ Cordialement, Regards, -Edouard De Oliveira- http://tedorg.free.fr/en/main.php ----- Message d'origine ---- De : Mark Renouf <[EMAIL PROTECTED]> À : dev@mina.apache.org Envoyé le : Vendredi, 7 Mars 2008, 15h44mn 09s Objet : MINA-2.0.0-M1 -- SslFilter handshake failed? I've been struggling with an SSL issue. I had it all working but I've lost track of some changes and basically I'm stuck again. I've dissolved it down to a unit test where I have a pair of VmPipe (acceptor/connector) talking, each with an SslFilter. Each have a seperate keystore, and a common truststore. Each's certificates are signed by a CA cert in the trust store. These are known-good as they were take from a production server. The server has a simple handler set which waits for "PING" and sends back "PONG". The test passes without the SSL Filter in place. In the tests I also placed a logging filter last on the filter chain of the connector so I can see the raw data after processing. When I enable SSL on both ends, I get a failed handshake. I'm using SSLContextFactory and KeyStoreFactory to load keystores. I've independently verified the keystores are valid and being loaded correctly (right passwords etc). The com.XXXXX.XXXXX lines below are just package names from an unreleased product of my employer which I've anonymized for now :-) The handlers look like this: IoHandler clientHandler = new IoHandlerAdapter() { @Override public void exceptionCaught(IoSession session, Throwable cause) throws Exception { LOGGER.fatal("CLIENT IoHandler: exceptionCaught", cause); } }; IoHandler serverHandler = new IoHandlerAdapter() { @Override public void exceptionCaught(IoSession session, Throwable cause) throws Exception { LOGGER.fatal("SERVER IoHandler: exceptionCaught", cause); session.close(true); } @Override public void messageReceived(IoSession session, Object message) throws Exception { if (message instanceof IoBuffer) { String msg = ((IoBuffer)message).getString(CHARSET.newDecoder()); if (msg.equals("PING")) { IoBuffer buffer = IoBuffer.allocate(4); buffer.putString("PONG", CHARSET.newEncoder()); buffer.flip(); session.write(buffer); } } } }; There's also a LoggingFilter attached with the messageSent and messageReceived levels visible (attached to the client's filter chain) Here is the relevant test code: Set up SSLContext ctx1 using SSLContextFactory.... 171 IoAcceptor acceptor = new VmPipeAcceptor(); 172 acceptor.setHandler(serverHandler); 173 SslFilter serverFilter = new SslFilter(ctx1); 174 serverFilter.setNeedClientAuth(true); 175 acceptor.getFilterChain().addLast("SSL", serverFilter); 176 acceptor.bind(new VmPipeAddress(1)); Set up SSLContext ctx2 using SSLContextFactory.... 189 IoConnector connector = new VmPipeConnector(); 190 connector.setHandler(clientHandler); 191 SslFilter clientFilter = new SslFilter(ctx2); 192 clientFilter.setUseClientMode(true); (Set up LoggingFilter) 203 connector.getFilterChain().addLast("LOG", loggingFilter); 204 connector.getFilterChain().addLast("SSL", clientFilter); Then: 206 ConnectFuture cf = connector.connect(new VmPipeAddress(1)); 207 cf.await(); 208 assertTrue(cf.isConnected()); 209 IoSession session = cf.getSession(); 210 session.getConfig().setUseReadOperation(true); 211 IoBuffer buffer = IoBuffer.allocate(4); 212 buffer.putString("PING", CHARSET.newEncoder()); 213 buffer.flip(); 214 WriteFuture wf = session.write(buffer); 215 wf.await(); 216 assertTrue(wf.isWritten()); 217 218 219 ReadFuture rf = session.read(); 220 rf.await(); 221 assertTrue(rf.isRead()); 222 assertTrue(rf.getMessage() instanceof IoBuffer); 223 IoBuffer buffer2 = (IoBuffer) rf.getMessage(); 224 assertEquals("PONG", buffer2.getString(CHARSET.newDecoder())); 225 } Here is the log output from the failing test case: 2008-03-07 09:21:47,597 INFO main SSLTestClient - SENT: HeapBuffer[pos=0 lim=100 cap=130: 80 62 01 03 01 00 39 00 00 00 20 00 00 04 01 00...] 2008-03-07 09:21:47,602 FATAL main SSLTest - SERVER IoHandler: exceptionCaught javax.net.ssl.SSLHandshakeException: SSL handshake failed. at org.apache.mina.filter.ssl.SslFilter.messageReceived(SslFilter.java:426) at org.apache.mina.common.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:405) at org.apache.mina.common.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:40) at org.apache.mina.common.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:823) at org.apache.mina.common.DefaultIoFilterChain$HeadFilter.messageReceived(DefaultIoFilterChain.java:607) at org.apache.mina.common.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:405) at org.apache.mina.common.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:399) at org.apache.mina.transport.vmpipe.VmPipeFilterChain.fireEvent(VmPipeFilterChain.java:91) at org.apache.mina.transport.vmpipe.VmPipeFilterChain.flushEvents(VmPipeFilterChain.java:75) at org.apache.mina.transport.vmpipe.VmPipeFilterChain.pushEvent(VmPipeFilterChain.java:68) at org.apache.mina.transport.vmpipe.VmPipeFilterChain.fireMessageReceived(VmPipeFilterChain.java:166) at org.apache.mina.transport.vmpipe.VmPipeFilterChain$VmPipeIoProcessor.updateTrafficMask(VmPipeFilterChain.java:239) at org.apache.mina.transport.vmpipe.VmPipeFilterChain$VmPipeIoProcessor.updateTrafficMask(VmPipeFilterChain.java:169) at org.apache.mina.transport.vmpipe.VmPipeFilterChain.flushPendingDataQueues(VmPipeFilterChain.java:120) at org.apache.mina.transport.vmpipe.VmPipeFilterChain.start(VmPipeFilterChain.java:62) at org.apache.mina.transport.vmpipe.VmPipeConnector.connect0(VmPipeConnector.java:124) at org.apache.mina.common.AbstractIoConnector.connect(AbstractIoConnector.java:167) at org.apache.mina.common.AbstractIoConnector.connect(AbstractIoConnector.java:93) at com.XXXXX.XXXXX.net.ssl.SSLTest.testSSLHandshake(SSLTest.java:206) (junit code) Caused by: javax.net.ssl.SSLHandshakeException: no cipher suites in common at com.sun.net.ssl.internal.ssl.Handshaker.checkThrown(Handshaker.java:997) at com.sun.net.ssl.internal.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:459) at com.sun.net.ssl.internal.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1058) at com.sun.net.ssl.internal.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1030) at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:411) at org.apache.mina.filter.ssl.SslHandler.handshake(SslHandler.java:477) at org.apache.mina.filter.ssl.SslHandler.messageReceived(SslHandler.java:286) at org.apache.mina.filter.ssl.SslFilter.messageReceived(SslFilter.java:407) ... 40 more Caused by: javax.net.ssl.SSLHandshakeException: no cipher suites in common at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150) at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1356) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:176) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:164) at com.sun.net.ssl.internal.ssl.ServerHandshaker.chooseCipherSuite(ServerHandshaker.java:639) at com.sun.net.ssl.internal.ssl.ServerHandshaker.clientHello(ServerHandshaker.java:450) at com.sun.net.ssl.internal.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:178) at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495) at com.sun.net.ssl.internal.ssl.Handshaker$1.run(Handshaker.java:437) at java.security.AccessController.doPrivileged(Native Method) at com.sun.net.ssl.internal.ssl.Handshaker$DelegatedTask.run(Handshaker.java:935) at org.apache.mina.filter.ssl.SslHandler.doTasks(SslHandler.java:667) at org.apache.mina.filter.ssl.SslHandler.handshake(SslHandler.java:458) ... 42 more 2008-03-07 09:21:47,607 INFO main SSLTestClient - RECEIVED: HeapBuffer[pos=0 lim=7 cap=7: 15 03 01 00 02 02 28] 2008-03-07 09:21:47,607 FATAL main SSLTest - CLIENT IoHandler: exceptionCaught javax.net.ssl.SSLHandshakeException: SSL handshake failed. at org.apache.mina.filter.ssl.SslFilter.messageReceived(SslFilter.java:426) at org.apache.mina.common.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:405) at org.apache.mina.common.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:40) at org.apache.mina.common.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:823) at org.apache.mina.filter.logging.LoggingFilter.messageReceived(LoggingFilter.java:95) at org.apache.mina.common.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:405) at org.apache.mina.common.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:40) at org.apache.mina.common.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:823) at org.apache.mina.common.DefaultIoFilterChain$HeadFilter.messageReceived(DefaultIoFilterChain.java:607) at org.apache.mina.common.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:405) at org.apache.mina.common.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:399) at org.apache.mina.transport.vmpipe.VmPipeFilterChain.fireEvent(VmPipeFilterChain.java:91) at org.apache.mina.transport.vmpipe.VmPipeFilterChain.flushEvents(VmPipeFilterChain.java:75) at org.apache.mina.transport.vmpipe.VmPipeFilterChain.pushEvent(VmPipeFilterChain.java:68) at org.apache.mina.transport.vmpipe.VmPipeFilterChain.fireMessageReceived(VmPipeFilterChain.java:166) at org.apache.mina.transport.vmpipe.VmPipeFilterChain$VmPipeIoProcessor.flush(VmPipeFilterChain.java:192) at org.apache.mina.transport.vmpipe.VmPipeFilterChain$VmPipeIoProcessor.flush(VmPipeFilterChain.java:169) at org.apache.mina.common.DefaultIoFilterChain$HeadFilter.filterWrite(DefaultIoFilterChain.java:644) at org.apache.mina.common.DefaultIoFilterChain.callPreviousFilterWrite(DefaultIoFilterChain.java:467) at org.apache.mina.common.DefaultIoFilterChain.access$1400(DefaultIoFilterChain.java:40) at org.apache.mina.common.DefaultIoFilterChain$EntryImpl$1.filterWrite(DefaultIoFilterChain.java:835) at org.apache.mina.filter.ssl.SslHandler.flushScheduledEvents(SslHandler.java:260) at org.apache.mina.filter.ssl.SslFilter.filterClose(SslFilter.java:581) at org.apache.mina.common.DefaultIoFilterChain.callPreviousFilterClose(DefaultIoFilterChain.java:482) at org.apache.mina.common.DefaultIoFilterChain.access$1500(DefaultIoFilterChain.java:40) at org.apache.mina.common.DefaultIoFilterChain$EntryImpl$1.filterClose(DefaultIoFilterChain.java:840) at org.apache.mina.common.DefaultIoFilterChain$TailFilter.filterClose(DefaultIoFilterChain.java:767) at org.apache.mina.common.DefaultIoFilterChain.callPreviousFilterClose(DefaultIoFilterChain.java:482) at org.apache.mina.common.DefaultIoFilterChain.fireFilterClose(DefaultIoFilterChain.java:477) at org.apache.mina.transport.vmpipe.VmPipeFilterChain.fireEvent(VmPipeFilterChain.java:115) at org.apache.mina.transport.vmpipe.VmPipeFilterChain.flushEvents(VmPipeFilterChain.java:75) at org.apache.mina.transport.vmpipe.VmPipeFilterChain.pushEvent(VmPipeFilterChain.java:68) at org.apache.mina.transport.vmpipe.VmPipeFilterChain.fireFilterClose(VmPipeFilterChain.java:126) at org.apache.mina.common.AbstractIoSession.close(AbstractIoSession.java:173) at org.apache.mina.common.AbstractIoSession.close(AbstractIoSession.java:158) at com.XXXXX.XXXXX.net.ssl.SSLTest$2.exceptionCaught(SSLTest.java:95) (stacktrace continues back into client here) Caused by: javax.net.ssl.SSLException: Received fatal alert: handshake_failure at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:166) at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1356) at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1324) at com.sun.net.ssl.internal.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1486) at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:961) at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:787) at com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:663) at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:566) at org.apache.mina.filter.ssl.SslHandler.unwrap0(SslHandler.java:644) at org.apache.mina.filter.ssl.SslHandler.unwrapHandshake(SslHandler.java:591) at org.apache.mina.filter.ssl.SslHandler.handshake(SslHandler.java:461) at org.apache.mina.filter.ssl.SslHandler.messageReceived(SslHandler.java:286) at org.apache.mina.filter.ssl.SslFilter.messageReceived(SslFilter.java:407) ... 90 more _____________________________________________________________________________ Envoyez avec Yahoo! Mail. Une boite mail plus intelligente http://mail.yahoo.fr
