You're using the VmPipeConnector and Acceptor ?
Am not sure it makes sense to use an SSLFilter for the VmPipe transport ?
SSL is meant to be used on sockets.
Maarten
On Fri, Mar 7, 2008 at 4:22 PM, Mark Renouf <[EMAIL PROTECTED]> wrote:
> Hmm. I saw this from some googling I did on that particular message.
> We generally control both ends of the communication within our product
> so I had assumed the handshake would negotiate this automatically.
> From a wireshark trace of the same test over the wire, I saw a huge
> list of cipher-suites proposed to the other end (in fact, if you
> decode those 100 bytes, I beleive that's what you see in the
> messageSent log from my test).
>
>
> /**
> * Sets the list of cipher suites to be enabled when [EMAIL PROTECTED]
> SSLEngine}
> * is initialized.
> *
> * @param cipherSuites <tt>null</tt> means 'use [EMAIL PROTECTED]
> SSLEngine}'s default.'
> */
> public void setEnabledCipherSuites(String[] cipherSuites) {
> this.enabledCipherSuites = cipherSuites;
> }
>
> Just for kicks, I tried "setEnabledCipherSuites(null);" but with no
> change in behavior....
>
>
> On Fri, Mar 7, 2008 at 10:12 AM, Niklas Therning <[EMAIL PROTECTED]>
> wrote:
> > I think it is the "no cipher suites in common" error which causes the
> > handshake problem. You can use SslFilter.setEnabledCipherSuites() to
> > specify which suites should be enabled.
> >
> > HTH
> >
> > /Niklas
> >
> > Mark Renouf skrev:
> >
> >
> > > I've been struggling with an SSL issue. I had it all working but I've
> > > lost track of some changes and basically I'm stuck again. I've
> > > dissolved it down to a unit test where I have a pair of VmPipe
> > > (acceptor/connector) talking, each with an SslFilter. Each have a
> > > seperate keystore, and a common truststore. Each's certificates are
> > > signed by a CA cert in the trust store. These are known-good as they
> > > were take from a production server.
> > >
> > > The server has a simple handler set which waits for "PING" and sends
> > > back "PONG". The test passes without the SSL Filter in place. In the
> > > tests I also placed a logging filter last on the filter chain of the
> > > connector so I can see the raw data after processing.
> > >
> > > When I enable SSL on both ends, I get a failed handshake. I'm using
> > > SSLContextFactory and KeyStoreFactory to load keystores. I've
> > > independently verified the keystores are valid and being loaded
> > > correctly (right passwords etc).
> > >
> > > The com.XXXXX.XXXXX lines below are just package names from an
> > > unreleased product of my employer which I've anonymized for now :-)
> > >
> > > The handlers look like this:
> > > IoHandler clientHandler = new IoHandlerAdapter() {
> > > @Override
> > > public void exceptionCaught(IoSession session, Throwable
> > > cause) throws Exception {
> > > LOGGER.fatal("CLIENT IoHandler: exceptionCaught",
> cause);
> > > }
> > > };
> > >
> > > IoHandler serverHandler = new IoHandlerAdapter() {
> > > @Override
> > > public void exceptionCaught(IoSession session, Throwable
> > > cause) throws Exception {
> > > LOGGER.fatal("SERVER IoHandler: exceptionCaught",
> cause);
> > > session.close(true);
> > > }
> > >
> > > @Override
> > > public void messageReceived(IoSession session, Object
> > > message) throws Exception {
> > > if (message instanceof IoBuffer) {
> > > String msg =
> > > ((IoBuffer)message).getString(CHARSET.newDecoder());
> > > if (msg.equals("PING")) {
> > > IoBuffer buffer = IoBuffer.allocate(4);
> > > buffer.putString("PONG", CHARSET.newEncoder
> ());
> > > buffer.flip();
> > > session.write(buffer);
> > > }
> > > }
> > > }
> > > };
> > >
> > > There's also a LoggingFilter attached with the messageSent and
> > > messageReceived levels visible (attached to the client's filter
> chain)
> > >
> > > Here is the relevant test code:
> > >
> > > Set up SSLContext ctx1 using SSLContextFactory....
> > >
> > > 171 IoAcceptor acceptor = new VmPipeAcceptor();
> > > 172 acceptor.setHandler(serverHandler);
> > > 173 SslFilter serverFilter = new SslFilter(ctx1);
> > > 174 serverFilter.setNeedClientAuth(true);
> > > 175 acceptor.getFilterChain().addLast("SSL",
> serverFilter);
> > > 176 acceptor.bind(new VmPipeAddress(1));
> > >
> > > Set up SSLContext ctx2 using SSLContextFactory....
> > >
> > > 189 IoConnector connector = new VmPipeConnector();
> > > 190 connector.setHandler(clientHandler);
> > > 191 SslFilter clientFilter = new SslFilter(ctx2);
> > > 192 clientFilter.setUseClientMode(true);
> > > (Set up LoggingFilter)
> > > 203 connector.getFilterChain().addLast("LOG",
> loggingFilter);
> > > 204 connector.getFilterChain().addLast("SSL",
> clientFilter);
> > >
> > > Then:
> > >
> > > 206 ConnectFuture cf = connector.connect(new
> VmPipeAddress(1));
> > > 207 cf.await();
> > > 208 assertTrue(cf.isConnected());
> > > 209 IoSession session = cf.getSession();
> > > 210 session.getConfig().setUseReadOperation(true);
> > > 211 IoBuffer buffer = IoBuffer.allocate(4);
> > > 212 buffer.putString("PING", CHARSET.newEncoder());
> > > 213 buffer.flip();
> > > 214 WriteFuture wf = session.write(buffer);
> > > 215 wf.await();
> > > 216 assertTrue(wf.isWritten());
> > > 217
> > > 218
> > > 219 ReadFuture rf = session.read();
> > > 220 rf.await();
> > > 221 assertTrue(rf.isRead());
> > > 222 assertTrue(rf.getMessage() instanceof IoBuffer);
> > > 223 IoBuffer buffer2 = (IoBuffer) rf.getMessage();
> > > 224 assertEquals("PONG", buffer2.getString(
> CHARSET.newDecoder()));
> > > 225 }
> > >
> > >
> > > Here is the log output from the failing test case:
> > >
> > > 2008-03-07 09:21:47,597 INFO main SSLTestClient - SENT:
> > > HeapBuffer[pos=0 lim=100 cap=130: 80 62 01 03 01 00 39 00 00 00 20 00
> > > 00 04 01 00...]
> > > 2008-03-07 09:21:47,602 FATAL main SSLTest - SERVER IoHandler:
> > > exceptionCaught
> > > javax.net.ssl.SSLHandshakeException: SSL handshake failed.
> > > at org.apache.mina.filter.ssl.SslFilter.messageReceived(
> SslFilter.java:426)
> > > at
> org.apache.mina.common.DefaultIoFilterChain.callNextMessageReceived(
> DefaultIoFilterChain.java:405)
> > > at org.apache.mina.common.DefaultIoFilterChain.access$1200(
> DefaultIoFilterChain.java:40)
> > > at
> org.apache.mina.common.DefaultIoFilterChain$EntryImpl$1.messageReceived(
> DefaultIoFilterChain.java:823)
> > > at
> org.apache.mina.common.DefaultIoFilterChain$HeadFilter.messageReceived(
> DefaultIoFilterChain.java:607)
> > > at
> org.apache.mina.common.DefaultIoFilterChain.callNextMessageReceived(
> DefaultIoFilterChain.java:405)
> > > at
> org.apache.mina.common.DefaultIoFilterChain.fireMessageReceived(
> DefaultIoFilterChain.java:399)
> > > at org.apache.mina.transport.vmpipe.VmPipeFilterChain.fireEvent
> (VmPipeFilterChain.java:91)
> > > at
> org.apache.mina.transport.vmpipe.VmPipeFilterChain.flushEvents(
> VmPipeFilterChain.java:75)
> > > at org.apache.mina.transport.vmpipe.VmPipeFilterChain.pushEvent
> (VmPipeFilterChain.java:68)
> > > at
> org.apache.mina.transport.vmpipe.VmPipeFilterChain.fireMessageReceived(
> VmPipeFilterChain.java:166)
> > > at
> org.apache.mina.transport.vmpipe.VmPipeFilterChain$VmPipeIoProcessor.updateTrafficMask
> (VmPipeFilterChain.java:239)
> > > at
> org.apache.mina.transport.vmpipe.VmPipeFilterChain$VmPipeIoProcessor.updateTrafficMask
> (VmPipeFilterChain.java:169)
> > > at
> org.apache.mina.transport.vmpipe.VmPipeFilterChain.flushPendingDataQueues(
> VmPipeFilterChain.java:120)
> > > at org.apache.mina.transport.vmpipe.VmPipeFilterChain.start(
> VmPipeFilterChain.java:62)
> > > at org.apache.mina.transport.vmpipe.VmPipeConnector.connect0(
> VmPipeConnector.java:124)
> > > at org.apache.mina.common.AbstractIoConnector.connect(
> AbstractIoConnector.java:167)
> > > at org.apache.mina.common.AbstractIoConnector.connect(
> AbstractIoConnector.java:93)
> > > at com.XXXXX.XXXXX.net.ssl.SSLTest.testSSLHandshake(
> SSLTest.java:206)
> > > (junit code)
> > > Caused by: javax.net.ssl.SSLHandshakeException: no cipher suites in
> common
> > > at com.sun.net.ssl.internal.ssl.Handshaker.checkThrown(
> Handshaker.java:997)
> > > at com.sun.net.ssl.internal.ssl.SSLEngineImpl.checkTaskThrown(
> SSLEngineImpl.java:459)
> > > at com.sun.net.ssl.internal.ssl.SSLEngineImpl.writeAppRecord(
> SSLEngineImpl.java:1058)
> > > at com.sun.net.ssl.internal.ssl.SSLEngineImpl.wrap(
> SSLEngineImpl.java:1030)
> > > at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:411)
> > > at org.apache.mina.filter.ssl.SslHandler.handshake(
> SslHandler.java:477)
> > > at org.apache.mina.filter.ssl.SslHandler.messageReceived(
> SslHandler.java:286)
> > > at org.apache.mina.filter.ssl.SslFilter.messageReceived(
> SslFilter.java:407)
> > > ... 40 more
> > > Caused by: javax.net.ssl.SSLHandshakeException: no cipher suites in
> common
> > > at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(
> Alerts.java:150)
> > > at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(
> SSLEngineImpl.java:1356)
> > > at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(
> Handshaker.java:176)
> > > at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(
> Handshaker.java:164)
> > > at
> com.sun.net.ssl.internal.ssl.ServerHandshaker.chooseCipherSuite(
> ServerHandshaker.java:639)
> > > at com.sun.net.ssl.internal.ssl.ServerHandshaker.clientHello(
> ServerHandshaker.java:450)
> > > at com.sun.net.ssl.internal.ssl.ServerHandshaker.processMessage
> (ServerHandshaker.java:178)
> > > at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(
> Handshaker.java:495)
> > > at com.sun.net.ssl.internal.ssl.Handshaker$1.run(
> Handshaker.java:437)
> > > at java.security.AccessController.doPrivileged(Native Method)
> > > at com.sun.net.ssl.internal.ssl.Handshaker$DelegatedTask.run(
> Handshaker.java:935)
> > > at org.apache.mina.filter.ssl.SslHandler.doTasks(
> SslHandler.java:667)
> > > at org.apache.mina.filter.ssl.SslHandler.handshake(
> SslHandler.java:458)
> > > ... 42 more
> > > 2008-03-07 09:21:47,607 INFO main SSLTestClient - RECEIVED:
> > > HeapBuffer[pos=0 lim=7 cap=7: 15 03 01 00 02 02 28]
> > > 2008-03-07 09:21:47,607 FATAL main SSLTest - CLIENT IoHandler:
> > > exceptionCaught
> > > javax.net.ssl.SSLHandshakeException: SSL handshake failed.
> > > at org.apache.mina.filter.ssl.SslFilter.messageReceived(
> SslFilter.java:426)
> > > at
> org.apache.mina.common.DefaultIoFilterChain.callNextMessageReceived(
> DefaultIoFilterChain.java:405)
> > > at org.apache.mina.common.DefaultIoFilterChain.access$1200(
> DefaultIoFilterChain.java:40)
> > > at
> org.apache.mina.common.DefaultIoFilterChain$EntryImpl$1.messageReceived(
> DefaultIoFilterChain.java:823)
> > > at org.apache.mina.filter.logging.LoggingFilter.messageReceived
> (LoggingFilter.java:95)
> > > at
> org.apache.mina.common.DefaultIoFilterChain.callNextMessageReceived(
> DefaultIoFilterChain.java:405)
> > > at org.apache.mina.common.DefaultIoFilterChain.access$1200(
> DefaultIoFilterChain.java:40)
> > > at
> org.apache.mina.common.DefaultIoFilterChain$EntryImpl$1.messageReceived(
> DefaultIoFilterChain.java:823)
> > > at
> org.apache.mina.common.DefaultIoFilterChain$HeadFilter.messageReceived(
> DefaultIoFilterChain.java:607)
> > > at
> org.apache.mina.common.DefaultIoFilterChain.callNextMessageReceived(
> DefaultIoFilterChain.java:405)
> > > at
> org.apache.mina.common.DefaultIoFilterChain.fireMessageReceived(
> DefaultIoFilterChain.java:399)
> > > at org.apache.mina.transport.vmpipe.VmPipeFilterChain.fireEvent
> (VmPipeFilterChain.java:91)
> > > at
> org.apache.mina.transport.vmpipe.VmPipeFilterChain.flushEvents(
> VmPipeFilterChain.java:75)
> > > at org.apache.mina.transport.vmpipe.VmPipeFilterChain.pushEvent
> (VmPipeFilterChain.java:68)
> > > at
> org.apache.mina.transport.vmpipe.VmPipeFilterChain.fireMessageReceived(
> VmPipeFilterChain.java:166)
> > > at
> org.apache.mina.transport.vmpipe.VmPipeFilterChain$VmPipeIoProcessor.flush
> (VmPipeFilterChain.java:192)
> > > at
> org.apache.mina.transport.vmpipe.VmPipeFilterChain$VmPipeIoProcessor.flush
> (VmPipeFilterChain.java:169)
> > > at
> org.apache.mina.common.DefaultIoFilterChain$HeadFilter.filterWrite(
> DefaultIoFilterChain.java:644)
> > > at
> org.apache.mina.common.DefaultIoFilterChain.callPreviousFilterWrite(
> DefaultIoFilterChain.java:467)
> > > at org.apache.mina.common.DefaultIoFilterChain.access$1400(
> DefaultIoFilterChain.java:40)
> > > at
> org.apache.mina.common.DefaultIoFilterChain$EntryImpl$1.filterWrite(
> DefaultIoFilterChain.java:835)
> > > at org.apache.mina.filter.ssl.SslHandler.flushScheduledEvents(
> SslHandler.java:260)
> > > at org.apache.mina.filter.ssl.SslFilter.filterClose(
> SslFilter.java:581)
> > > at
> org.apache.mina.common.DefaultIoFilterChain.callPreviousFilterClose(
> DefaultIoFilterChain.java:482)
> > > at org.apache.mina.common.DefaultIoFilterChain.access$1500(
> DefaultIoFilterChain.java:40)
> > > at
> org.apache.mina.common.DefaultIoFilterChain$EntryImpl$1.filterClose(
> DefaultIoFilterChain.java:840)
> > > at
> org.apache.mina.common.DefaultIoFilterChain$TailFilter.filterClose(
> DefaultIoFilterChain.java:767)
> > > at
> org.apache.mina.common.DefaultIoFilterChain.callPreviousFilterClose(
> DefaultIoFilterChain.java:482)
> > > at org.apache.mina.common.DefaultIoFilterChain.fireFilterClose(
> DefaultIoFilterChain.java:477)
> > > at org.apache.mina.transport.vmpipe.VmPipeFilterChain.fireEvent
> (VmPipeFilterChain.java:115)
> > > at
> org.apache.mina.transport.vmpipe.VmPipeFilterChain.flushEvents(
> VmPipeFilterChain.java:75)
> > > at org.apache.mina.transport.vmpipe.VmPipeFilterChain.pushEvent
> (VmPipeFilterChain.java:68)
> > > at
> org.apache.mina.transport.vmpipe.VmPipeFilterChain.fireFilterClose(
> VmPipeFilterChain.java:126)
> > > at org.apache.mina.common.AbstractIoSession.close(
> AbstractIoSession.java:173)
> > > at org.apache.mina.common.AbstractIoSession.close(
> AbstractIoSession.java:158)
> > > at com.XXXXX.XXXXX.net.ssl.SSLTest$2.exceptionCaught(
> SSLTest.java:95)
> > > (stacktrace continues back into client here)
> > >
> > > Caused by: javax.net.ssl.SSLException: Received fatal alert:
> handshake_failure
> > > at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(
> Alerts.java:166)
> > > at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(
> SSLEngineImpl.java:1356)
> > > at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(
> SSLEngineImpl.java:1324)
> > > at com.sun.net.ssl.internal.ssl.SSLEngineImpl.recvAlert(
> SSLEngineImpl.java:1486)
> > > at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readRecord(
> SSLEngineImpl.java:961)
> > > at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(
> SSLEngineImpl.java:787)
> > > at com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(
> SSLEngineImpl.java:663)
> > > at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:566)
> > > at org.apache.mina.filter.ssl.SslHandler.unwrap0(
> SslHandler.java:644)
> > > at org.apache.mina.filter.ssl.SslHandler.unwrapHandshake(
> SslHandler.java:591)
> > > at org.apache.mina.filter.ssl.SslHandler.handshake(
> SslHandler.java:461)
> > > at org.apache.mina.filter.ssl.SslHandler.messageReceived(
> SslHandler.java:286)
> > > at org.apache.mina.filter.ssl.SslFilter.messageReceived(
> SslFilter.java:407)
> > > ... 90 more
> > >
> >
> >
>
