[jira] [Created] (DIRMINA-1179) Behavior Change while upgrading mina-core to 2.2.x regarding X509TrustManager java class

Tue, 16 Jul 2024 08:29:04 -0700 

Nagarjun Reddy Reddymalli created DIRMINA-1179:
--------------------------------------------------

             Summary: Behavior Change while upgrading mina-core to 2.2.x 
regarding X509TrustManager java class 
                 Key: DIRMINA-1179
                 URL: https://issues.apache.org/jira/browse/DIRMINA-1179
             Project: MINA
          Issue Type: Bug
          Components: Core, SSL
    Affects Versions: 2.2.0
         Environment: Operating System: Windows 11
Jdk 8 : jdk-1.8u411
            Reporter: Nagarjun Reddy Reddymalli


Our project is currently utilizing mina-core 2.0.21.

We have a client which sends a request to our server as shown below



 
{code:java}
SSLContext sslContext = SSLContext.getInstance("TLSv1.2");

sslContext.init(our keyManager Object, our trustManager Object, null);  

//TrustHostnameVerifier implements HostnameVerifier ( interface from 
java.net.ssl)
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(
                    sslcontext,
                    new String[]{"TLSv1.2"},
                    null,
                    new TrustHostnameVerifier());

// We use HTTPClient 4.x to send request to our server where sslCotnext is used 
CloseableHttpClient httpclient=    
HttpClients.custom().disableAutomaticRetries().setSSLSocketFactory(
sslsf).build(); 


{code}

Our Server uses mina-core as server and accepts requests and sends a 
response....

Every time a response comes back, checkServerTrusted method implementation of  
x509TrustManager class gets called.
Method :
[https://docs.oracle.com/javase/8/docs/api/javax/net/ssl/X509TrustManager.html#checkServerTrusted-java.security.cert.X509Certificate:A-java.lang.String-]
 



After we upgraded mina-core to 2.2.x in our server,
we observed that the above method (checkServerTrusted) is being called only on 
the first Communication request.
It is not being called in the later requests until we rebuild the sslContext 
Object. ( or restart the client)



Observations:  Behavior changed from mina-core 2.2.0 where we see that whole 
TLS/SSL implementaion has been revamped


 Question: We see that TLS/SSL has been revamped to fix issues TLSv1.3 . Does 
that mean TLSv1.3 is not supported properly in earlier versions like 2.1.x and 
2.0.x ?


 

 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to