Venkata Kishore Tavva created DIRMINA-1132:
----------------------------------------------
Summary: TLSv1.3 - MINA randomly fails in reading the message sent
by client
Key: DIRMINA-1132
URL: https://issues.apache.org/jira/browse/DIRMINA-1132
Project: MINA
Issue Type: Bug
Components: Core
Affects Versions: 2.0.21
Environment: Operating System: Windows 10
Java Version: jdk-11.0.7
Reporter: Venkata Kishore Tavva
While trying to Implement TLSv1.3 in our systems, we found an issue with Mina
Core dependency. For TLSv1.2 we never had the issue. But with TLSv1.3, randomly
the message sent by the client is discarded. In such scenarios, the server
waits for session to pass idle timeout and closes the session. Please find the
sample code below:
{code:java}
import org.apache.mina.core.service.IoHandlerAdapter;
import org.apache.mina.core.session.IdleStatus;
import org.apache.mina.core.session.IoSession;
import org.apache.mina.filter.ssl.SslFilter;
import org.apache.mina.transport.socket.SocketAcceptor;
import org.apache.mina.transport.socket.nio.NioSocketAcceptor;
import javax.net.ssl.*;
import java.io.*;
import java.net.InetSocketAddress;
import java.security.KeyStore;
public class Main {
public static void main(String[] args) throws Exception {
KeyManagerFactory keyManagerFactory;
try(FileInputStream fis = new FileInputStream("keyStore.pfx")) {
keyManagerFactory =
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
KeyStore keyStore = KeyStore.getInstance("PKCS12");
keyStore.load(fis, "passphrase".toCharArray());
keyManagerFactory.init(keyStore, "passphrase".toCharArray());
}
TrustManagerFactory trustManagerFactory;
try(FileInputStream fis = new FileInputStream("trustStore.pfx")){
trustManagerFactory = TrustManagerFactory.getInstance("SunX509");
KeyStore trustStore = KeyStore.getInstance("PKCS12");
trustStore.load(fis, "passphrase".toCharArray());
trustManagerFactory.init(trustStore);
}
SSLContext context = SSLContext.getInstance("TLSv1.3");
context.init(keyManagerFactory.getKeyManagers(),
trustManagerFactory.getTrustManagers(), null);
SslFilter filter = new SslFilter(context);
filter.setEnabledProtocols(new String[]{"TLSv1.3"});
filter.setEnabledCipherSuites(new String[]{"TLS_AES_128_GCM_SHA256",
"TLS_AES_256_GCM_SHA384"});
SocketAcceptor acceptor = new NioSocketAcceptor();
acceptor.setReuseAddress(true);
acceptor.getFilterChain().addLast("sslFilter", filter);
acceptor.setHandler( new ServerHandler());
acceptor.bind(new InetSocketAddress(53001));
System.out.println("Server started on Port : 53001");
System.out.println("Start sending data using cUrl below:");
System.out.println("-> curl --location --insecure --tlsv1.3 --ipv4
'https://localhost:53001' --data-raw 'Sample Text'");
}
}
class ServerHandler extends IoHandlerAdapter {
@Override
public void sessionCreated(IoSession session) {
System.out.println( "\nSession created : " + session);
}
@Override
public void sessionOpened(IoSession session) {
System.out.println( "Session opened : " + session);
session.getConfig().setIdleTime(IdleStatus.BOTH_IDLE, 60);
}
@Override
public void sessionClosed(IoSession session) {
System.out.println( "Session closed : " + session);
session.closeNow();
}
@Override
public void sessionIdle(IoSession session, IdleStatus status) {
System.out.println( "==========================" );
System.out.println( "Session is idle for 60 secs hence closing session: "
+ session.getRemoteAddress());
System.out.println( "==========================" );
session.closeNow();
}
@Override
public void exceptionCaught(IoSession session, Throwable cause) {
System.out.println("Exception :\n");
cause.printStackTrace();
session.closeNow();
}
@Override
public void messageReceived(IoSession session, Object message) {
System.out.println("Message Received!!!");
//do further processing on @param{message}
session.closeOnFlush();
}
}
{code}
Note: Try sending the request multiple times and randomly the sent message is
some have not properly read. Observe that the session id *0x00000003* fails
with the error.
{code:java}
Console Output:
> java.exe -cp * Main
Server started on Port : 53001
Start sending data using cUrl below:
-> curl --location --insecure --tlsv1.3 --ipv4 'https://localhost:53001'
--data-raw 'Sample Text'
Session created : (0x00000001: nio socket, server, /127.0.0.1:56639 =>
/127.0.0.1:53001)
Session opened : (0x00000001: nio socket, server, /127.0.0.1:56639 =>
/127.0.0.1:53001)
Message Received!!!
Session closed : (0x00000001: nio socket, server, null =>
0.0.0.0/0.0.0.0:53001)Session created : (0x00000002: nio socket, server,
/127.0.0.1:56651 => /127.0.0.1:53001)
Session opened : (0x00000002: nio socket, server, /127.0.0.1:56651 =>
/127.0.0.1:53001)
Message Received!!!
Session closed : (0x00000002: nio socket, server, null =>
0.0.0.0/0.0.0.0:53001)Session created : (0x00000003: nio socket, server,
/127.0.0.1:56656 => /127.0.0.1:53001)
Session opened : (0x00000003: nio socket, server, /127.0.0.1:56656 =>
/127.0.0.1:53001)
==========================
Session is idle for 60 secs hence closing session: /127.0.0.1:56656
==========================
Session closed : (0x00000003: nio socket, server, null =>
0.0.0.0/0.0.0.0:53001)Session created : (0x00000004: nio socket, server,
/127.0.0.1:56849 => /127.0.0.1:53001)
Session opened : (0x00000004: nio socket, server, /127.0.0.1:56849 =>
/127.0.0.1:53001)
Message Received!!!
Session closed : (0x00000004: nio socket, server, null =>
0.0.0.0/0.0.0.0:53001)Session created : (0x00000005: nio socket, server,
/127.0.0.1:56860 => /127.0.0.1:53001)
Session opened : (0x00000005: nio socket, server, /127.0.0.1:56860 =>
/127.0.0.1:53001)
Message Received!!!
Session closed : (0x00000005: nio socket, server, null => 0.0.0.0/0.0.0.0:53001)
{code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
