[ https://issues.apache.org/jira/browse/DIRMINA-1132?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17394881#comment-17394881 ]
Jonathan Valliere edited comment on DIRMINA-1132 at 8/6/21, 4:35 PM: --------------------------------------------------------------------- [~seelmann] I have no problem adding that back. However, all you would need to do to expose that without changing the mainline is create your own {{AttributeKey}} extend {{SSL2Filter#createEngine()}} and set the attribute key to the {{IoSession}}. That way you can retrieve the {{SSLSession}} anywhere using the {{AttributeKey}}. I want to come up with solutions which benefit ApacheDirectory while ensuring that ApacheDirectory is implementing the features in a safe and secure way. was (Author: johnnyv): [~seelmann] I have no problem adding that back. However, all you would need to do to expose that without changing the mainline is create your own {{AttributeKey}} extend {{SSL2Filter#createEngine()}} and set the attribute key to the {{IoSession}}. That way you can retrieve the {{SSLSession}} anywhere using the {{AttributeKey}}. > TLSv1.3 - MINA randomly fails in reading the message sent by client > ------------------------------------------------------------------- > > Key: DIRMINA-1132 > URL: https://issues.apache.org/jira/browse/DIRMINA-1132 > Project: MINA > Issue Type: Bug > Components: Core, SSL > Affects Versions: 2.0.21 > Environment: Operating System: Windows 10 1903 > Java Version: jdk-11.0.7, jdk-12.0.2 > Reporter: Venkata Kishore Tavva > Assignee: Jonathan Valliere > Priority: Critical > Fix For: 2.2.0 > > Attachments: console.log, example-project.zip, keyStore.pfx, > trustStore.pfx > > > While trying to Implement TLSv1.3 in our systems, we found an issue with Mina > Core dependency. For TLSv1.2 we never had the issue. But with TLSv1.3, > randomly the message sent by the client is discarded. In such scenarios, the > server waits for session to pass idle timeout and closes the session. Please > find the sample code below: > {code:java} > import org.apache.mina.core.service.IoHandlerAdapter; > import org.apache.mina.core.session.IdleStatus; > import org.apache.mina.core.session.IoSession; > import org.apache.mina.filter.ssl.SslFilter; > import org.apache.mina.transport.socket.SocketAcceptor; > import org.apache.mina.transport.socket.nio.NioSocketAcceptor; > import javax.net.ssl.*; > import java.io.*; > import java.net.InetSocketAddress; > import java.security.KeyStore; > public class Main { > public static void main(String[] args) throws Exception { > System.setProperty("javax.net.debug","all"); > KeyManagerFactory keyManagerFactory; > try(FileInputStream fis = new FileInputStream("keyStore.pfx")) { > keyManagerFactory = > KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); > KeyStore keyStore = KeyStore.getInstance("PKCS12"); > keyStore.load(fis, "passphrase".toCharArray()); > keyManagerFactory.init(keyStore, "passphrase".toCharArray()); > } > TrustManagerFactory trustManagerFactory; > try(FileInputStream fis = new FileInputStream("trustStore.pfx")){ > trustManagerFactory = TrustManagerFactory.getInstance("SunX509"); > KeyStore trustStore = KeyStore.getInstance("PKCS12"); > trustStore.load(fis, "passphrase".toCharArray()); > trustManagerFactory.init(trustStore); > } > SSLContext context = SSLContext.getInstance("TLSv1.3"); > context.init(keyManagerFactory.getKeyManagers(), > trustManagerFactory.getTrustManagers(), null); > SslFilter filter = new SslFilter(context); > filter.setEnabledProtocols(new String[]{"TLSv1.3"}); > filter.setEnabledCipherSuites(new String[]{"TLS_AES_128_GCM_SHA256", > "TLS_AES_256_GCM_SHA384"}); > SocketAcceptor acceptor = new NioSocketAcceptor(); > acceptor.setReuseAddress(true); > acceptor.getFilterChain().addLast("sslFilter", filter); > acceptor.setHandler( new ServerHandler()); > acceptor.bind(new InetSocketAddress(53001)); > System.out.println("Server started on Port : 53001"); > System.out.println("Start sending data using cUrl below:"); > System.out.println("-> curl --location --insecure --tlsv1.3 --ipv4 > 'https://localhost:53001' --data-raw 'Sample Text'"); > } > } > class ServerHandler extends IoHandlerAdapter { > @Override > public void sessionCreated(IoSession session) { > System.out.println( "\nSession created : " + session); > } > @Override > public void sessionOpened(IoSession session) { > System.out.println( "Session opened : " + session); > session.getConfig().setIdleTime(IdleStatus.BOTH_IDLE, 60); > } > @Override > public void sessionClosed(IoSession session) { > System.out.println( "Session closed : " + session); > session.closeNow(); > } > @Override > public void sessionIdle(IoSession session, IdleStatus status) { > System.out.println( "==========================" ); > System.out.println( "Session is idle for 60 secs hence closing session: > " + session.getRemoteAddress()); > System.out.println( "==========================" ); > session.closeNow(); > } > @Override > public void exceptionCaught(IoSession session, Throwable cause) { > System.out.println("Exception :\n"); > cause.printStackTrace(); > session.closeNow(); > } > @Override > public void messageReceived(IoSession session, Object message) { > System.out.println("Message Received!!!"); > //do further processing on @param{message} > session.closeOnFlush(); > } > } > {code} > Note: Try sending the request multiple times and randomly the sent message is > some have not properly read. Observe that the session id *0x00000003* fails > with the error. > {code:java} > Console Output: > > java.exe -cp * Main > Server started on Port : 53001 > Start sending data using cUrl below: > -> curl --location --insecure --tlsv1.3 --ipv4 'https://localhost:53001' > --data-raw 'Sample Text' > Session created : (0x00000001: nio socket, server, /127.0.0.1:56639 => > /127.0.0.1:53001) > Session opened : (0x00000001: nio socket, server, /127.0.0.1:56639 => > /127.0.0.1:53001) > Message Received!!! > Session closed : (0x00000001: nio socket, server, null => > 0.0.0.0/0.0.0.0:53001)Session created : (0x00000002: nio socket, server, > /127.0.0.1:56651 => /127.0.0.1:53001) > Session opened : (0x00000002: nio socket, server, /127.0.0.1:56651 => > /127.0.0.1:53001) > Message Received!!! > Session closed : (0x00000002: nio socket, server, null => > 0.0.0.0/0.0.0.0:53001)Session created : (0x00000003: nio socket, server, > /127.0.0.1:56656 => /127.0.0.1:53001) > Session opened : (0x00000003: nio socket, server, /127.0.0.1:56656 => > /127.0.0.1:53001) > ========================== > Session is idle for 60 secs hence closing session: /127.0.0.1:56656 > ========================== > Session closed : (0x00000003: nio socket, server, null => > 0.0.0.0/0.0.0.0:53001)Session created : (0x00000004: nio socket, server, > /127.0.0.1:56849 => /127.0.0.1:53001) > Session opened : (0x00000004: nio socket, server, /127.0.0.1:56849 => > /127.0.0.1:53001) > Message Received!!! > Session closed : (0x00000004: nio socket, server, null => > 0.0.0.0/0.0.0.0:53001)Session created : (0x00000005: nio socket, server, > /127.0.0.1:56860 => /127.0.0.1:53001) > Session opened : (0x00000005: nio socket, server, /127.0.0.1:56860 => > /127.0.0.1:53001) > Message Received!!! > Session closed : (0x00000005: nio socket, server, null => > 0.0.0.0/0.0.0.0:53001) > {code} -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org