[
https://issues.apache.org/jira/browse/DIRMINA-1132?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17194164#comment-17194164
]
Jonathan Valliere commented on DIRMINA-1132:
--------------------------------------------
I've been trying to reproduce it again and am now unable to make it work. The
handshake completes but does not pass the decoded object I have a hex printer
filter before SSL and can verify that everything in Wireshark is being fed into
the SslFilter and that everything that came out of it was written to the
socket. I'll have to look at this more tomorrow. My feeling is something is
wrong with the TLS libraries in Curl or in Java... or both. Everything
produced by Java SSL is being sent to the wire.
{code:java}
javax.net.ssl|ALL|0F|NioProcessor-2|2020-09-11 02:47:20.285
PDT|SSLSessionImpl.java:203|Session initialized:
Session(1599817639889|TLS_AES_256_GCM_SHA384)
javax.net.ssl|DEBUG|0F|NioProcessor-2|2020-09-11 02:47:20.286
PDT|SSLEngineOutputRecord.java:507|WRITE: TLS13 handshake, length = 50
javax.net.ssl|DEBUG|0F|NioProcessor-2|2020-09-11 02:47:20.287
PDT|SSLCipher.java:2020|Plaintext before ENCRYPTION (
0000: 04 00 00 2E 00 01 51 80 74 5E 91 E0 01 01 00 20 ......Q.t^.....
0010: DD 22 37 A0 AB 47 12 70 F9 96 B0 B1 FE 9C 56 DB ."7..G.p......V.
0020: 79 FD 6B F4 89 00 D7 62 AE DA 92 57 50 86 4D 67 y.k....b...WP.Mg
0030: 00 00 16 ...
)
javax.net.ssl|DEBUG|0F|NioProcessor-2|2020-09-11 02:47:20.289
PDT|SSLEngineOutputRecord.java:525|Raw write (
0000: 17 03 03 00 43 25 B7 80 84 96 4A D1 7E 9A 81 C4 ....C%....J.....
0010: 9A BE 85 8D 0D 2E 78 36 8B 07 77 12 2C BE 04 4B ......x6..w.,..K
0020: 1D 22 97 54 B3 9F D2 FB 93 2A 0E 57 69 FC 3A 84 .".T.....*.Wi.:.
0030: 68 83 C6 B4 95 D8 BB 07 B3 E5 4C 24 BF 37 BA C9 h.........L$.7..
0040: 20 5C C7 23 2D EF 19 43 \.#-..C
)
sent: Source HeapBuffer[pos=0 lim=72 cap=130: 17 03 03 00 43 25 B7 80 84 96 4A
D1 7E 9A 81 C4...] showing index 0 through 72
000000 17 03 03 00 43 25 b7 80 84 96 4a d1 7e 9a 81 c4 ....C%·€„–JÑ~š?Ä
000016 9a be 85 8d 0d 2e 78 36 8b 07 77 12 2c be 04 4b š¾…?..x6‹.w.,¾.K
000032 1d 22 97 54 b3 9f d2 fb 93 2a 0e 57 69 fc 3a 84 ."—T³ŸÒû“*.Wiü:„
000048 68 83 c6 b4 95 d8 bb 07 b3 e5 4c 24 bf 37 ba c9 hƒÆ´•Ø».³åL$¿7ºÉ
000064 20 5c c7 23 2d ef 19 43 .Ç#-ï.C
{code}
> TLSv1.3 - MINA randomly fails in reading the message sent by client
> -------------------------------------------------------------------
>
> Key: DIRMINA-1132
> URL: https://issues.apache.org/jira/browse/DIRMINA-1132
> Project: MINA
> Issue Type: Bug
> Components: Core, SSL
> Affects Versions: 2.0.21
> Environment: Operating System: Windows 10 1903
> Java Version: jdk-11.0.7, jdk-12.0.2
> Reporter: Venkata Kishore Tavva
> Assignee: Jonathan Valliere
> Priority: Critical
> Attachments: console.log, jon-logs.zip, keyStore.pfx, trustStore.pfx
>
>
> While trying to Implement TLSv1.3 in our systems, we found an issue with Mina
> Core dependency. For TLSv1.2 we never had the issue. But with TLSv1.3,
> randomly the message sent by the client is discarded. In such scenarios, the
> server waits for session to pass idle timeout and closes the session. Please
> find the sample code below:
> {code:java}
> import org.apache.mina.core.service.IoHandlerAdapter;
> import org.apache.mina.core.session.IdleStatus;
> import org.apache.mina.core.session.IoSession;
> import org.apache.mina.filter.ssl.SslFilter;
> import org.apache.mina.transport.socket.SocketAcceptor;
> import org.apache.mina.transport.socket.nio.NioSocketAcceptor;
> import javax.net.ssl.*;
> import java.io.*;
> import java.net.InetSocketAddress;
> import java.security.KeyStore;
> public class Main {
> public static void main(String[] args) throws Exception {
> System.setProperty("javax.net.debug","all");
> KeyManagerFactory keyManagerFactory;
> try(FileInputStream fis = new FileInputStream("keyStore.pfx")) {
> keyManagerFactory =
> KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
> KeyStore keyStore = KeyStore.getInstance("PKCS12");
> keyStore.load(fis, "passphrase".toCharArray());
> keyManagerFactory.init(keyStore, "passphrase".toCharArray());
> }
> TrustManagerFactory trustManagerFactory;
> try(FileInputStream fis = new FileInputStream("trustStore.pfx")){
> trustManagerFactory = TrustManagerFactory.getInstance("SunX509");
> KeyStore trustStore = KeyStore.getInstance("PKCS12");
> trustStore.load(fis, "passphrase".toCharArray());
> trustManagerFactory.init(trustStore);
> }
> SSLContext context = SSLContext.getInstance("TLSv1.3");
> context.init(keyManagerFactory.getKeyManagers(),
> trustManagerFactory.getTrustManagers(), null);
> SslFilter filter = new SslFilter(context);
> filter.setEnabledProtocols(new String[]{"TLSv1.3"});
> filter.setEnabledCipherSuites(new String[]{"TLS_AES_128_GCM_SHA256",
> "TLS_AES_256_GCM_SHA384"});
> SocketAcceptor acceptor = new NioSocketAcceptor();
> acceptor.setReuseAddress(true);
> acceptor.getFilterChain().addLast("sslFilter", filter);
> acceptor.setHandler( new ServerHandler());
> acceptor.bind(new InetSocketAddress(53001));
> System.out.println("Server started on Port : 53001");
> System.out.println("Start sending data using cUrl below:");
> System.out.println("-> curl --location --insecure --tlsv1.3 --ipv4
> 'https://localhost:53001' --data-raw 'Sample Text'");
> }
> }
> class ServerHandler extends IoHandlerAdapter {
> @Override
> public void sessionCreated(IoSession session) {
> System.out.println( "\nSession created : " + session);
> }
> @Override
> public void sessionOpened(IoSession session) {
> System.out.println( "Session opened : " + session);
> session.getConfig().setIdleTime(IdleStatus.BOTH_IDLE, 60);
> }
> @Override
> public void sessionClosed(IoSession session) {
> System.out.println( "Session closed : " + session);
> session.closeNow();
> }
> @Override
> public void sessionIdle(IoSession session, IdleStatus status) {
> System.out.println( "==========================" );
> System.out.println( "Session is idle for 60 secs hence closing session:
> " + session.getRemoteAddress());
> System.out.println( "==========================" );
> session.closeNow();
> }
> @Override
> public void exceptionCaught(IoSession session, Throwable cause) {
> System.out.println("Exception :\n");
> cause.printStackTrace();
> session.closeNow();
> }
> @Override
> public void messageReceived(IoSession session, Object message) {
> System.out.println("Message Received!!!");
> //do further processing on @param{message}
> session.closeOnFlush();
> }
> }
> {code}
> Note: Try sending the request multiple times and randomly the sent message is
> some have not properly read. Observe that the session id *0x00000003* fails
> with the error.
> {code:java}
> Console Output:
> > java.exe -cp * Main
> Server started on Port : 53001
> Start sending data using cUrl below:
> -> curl --location --insecure --tlsv1.3 --ipv4 'https://localhost:53001'
> --data-raw 'Sample Text'
> Session created : (0x00000001: nio socket, server, /127.0.0.1:56639 =>
> /127.0.0.1:53001)
> Session opened : (0x00000001: nio socket, server, /127.0.0.1:56639 =>
> /127.0.0.1:53001)
> Message Received!!!
> Session closed : (0x00000001: nio socket, server, null =>
> 0.0.0.0/0.0.0.0:53001)Session created : (0x00000002: nio socket, server,
> /127.0.0.1:56651 => /127.0.0.1:53001)
> Session opened : (0x00000002: nio socket, server, /127.0.0.1:56651 =>
> /127.0.0.1:53001)
> Message Received!!!
> Session closed : (0x00000002: nio socket, server, null =>
> 0.0.0.0/0.0.0.0:53001)Session created : (0x00000003: nio socket, server,
> /127.0.0.1:56656 => /127.0.0.1:53001)
> Session opened : (0x00000003: nio socket, server, /127.0.0.1:56656 =>
> /127.0.0.1:53001)
> ==========================
> Session is idle for 60 secs hence closing session: /127.0.0.1:56656
> ==========================
> Session closed : (0x00000003: nio socket, server, null =>
> 0.0.0.0/0.0.0.0:53001)Session created : (0x00000004: nio socket, server,
> /127.0.0.1:56849 => /127.0.0.1:53001)
> Session opened : (0x00000004: nio socket, server, /127.0.0.1:56849 =>
> /127.0.0.1:53001)
> Message Received!!!
> Session closed : (0x00000004: nio socket, server, null =>
> 0.0.0.0/0.0.0.0:53001)Session created : (0x00000005: nio socket, server,
> /127.0.0.1:56860 => /127.0.0.1:53001)
> Session opened : (0x00000005: nio socket, server, /127.0.0.1:56860 =>
> /127.0.0.1:53001)
> Message Received!!!
> Session closed : (0x00000005: nio socket, server, null =>
> 0.0.0.0/0.0.0.0:53001)
> {code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
