Re: Re : MINA-2.0.0-M1 -- SslFilter handshake failed?

Mark Renouf Fri, 07 Mar 2008 08:03:40 -0800

Hmm. I really hoped this was it. I just tried this (downloaded
jce_policy-1_5_0.zip from sun and installed jars into my
jre/lib/security folder). No change... :-(


If it helps, I added a little more code to display the ciphersuites,
protocols and the details of the keys and certificates in use:
(They are exactly the same for client and server, except for the
actualy key and cert, so I'm only listing the client side)

SSLParameters clientSSLParams = clientSSLContext.getDefaultSSLParameters();
        LOGGER.info("Client Protocols:     " +
Arrays.asList(clientSSLParams.getProtocols()));
        LOGGER.info("Client Cipher Suites: " +
Arrays.asList(clientSSLParams.getCipherSuites()));

2008-03-07 11:01:10,206 INFO  main     SSLTest - Client Protocols:
[SSLv2Hello, SSLv3, TLSv1]
2008-03-07 11:01:10,206 INFO  main     SSLTest - Client Cipher Suites:
[SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA,
SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA,
SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA,
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]

2008-03-07 10:55:14,558 INFO  main     SSLTest - Client Certificate: [
[
  Version: V1
  Subject: CN=XXXXX
  Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4

  Key:  Sun RSA public key, 512 bits
  modulus: XXXXX
  public exponent: 65537
  Validity: [From: Thu Jul 27 18:11:39 EDT 2006,
               To: Tue Jul 26 18:11:39 EDT 2016]
  Issuer: CN=XXXXXX
  SerialNumber: [    XXXXXXXX ]
]

2008-03-07 10:55:14,567 INFO  main     SSLTest - Client Key:
Sun RSA private CRT key, 512 bits
    (actual key material follows)


On Fri, Mar 7, 2008 at 10:19 AM, Edouard De Oliveira
<[EMAIL PROTECTED]> wrote:
> Did you modify your JCE permissions ?
>  Due to crypto restrictions your Keystores may be in good shape but unusable.
>  Download the unrestricted JCE policy files from java web site and try again.
>
>  My 0.02 $
>
>  Cordialement, Regards,
>  -Edouard De Oliveira-
>  http://tedorg.free.fr/en/main.php

Re: Re : MINA-2.0.0-M1 -- SslFilter handshake failed?

Reply via email to