[jira] [Commented] (DIRMINA-1132) TLSv1.3 - MINA randomly fails in reading the message sent by client

[Nagarjun Reddy Reddymalli (Jira)]

    [ 
https://issues.apache.org/jira/browse/DIRMINA-1132?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17866741#comment-17866741
 ] 

Nagarjun Reddy Reddymalli commented on DIRMINA-1132:
----------------------------------------------------

Hi [~johnnyv]  
is this fix backported to 2.0.x and 2.1.x branches?
For example in 2.0.25 

Could you please share the information ?
thank you

> TLSv1.3 - MINA randomly fails in reading the message sent by client
> -------------------------------------------------------------------
>
>                 Key: DIRMINA-1132
>                 URL: https://issues.apache.org/jira/browse/DIRMINA-1132
>             Project: MINA
>          Issue Type: Bug
>          Components: Core, SSL
>    Affects Versions: 2.0.21
>         Environment: Operating System: Windows 10 1903
> Java Version: jdk-11.0.7, jdk-12.0.2
>            Reporter: Venkata Kishore Tavva
>            Assignee: Jonathan Valliere
>            Priority: Critical
>             Fix For: 2.2.2
>
>         Attachments: console.log, example-project.zip, keyStore.pfx, 
> trustStore.pfx
>
>
> While trying to Implement TLSv1.3 in our systems, we found an issue with Mina 
> Core dependency. For TLSv1.2 we never had the issue. But with TLSv1.3, 
> randomly the message sent by the client is discarded. In such scenarios, the 
> server waits for session to pass idle timeout and closes the session. Please 
> find the sample code below:
> {code:java}
> import org.apache.mina.core.service.IoHandlerAdapter;
> import org.apache.mina.core.session.IdleStatus;
> import org.apache.mina.core.session.IoSession;
> import org.apache.mina.filter.ssl.SslFilter;
> import org.apache.mina.transport.socket.SocketAcceptor;
> import org.apache.mina.transport.socket.nio.NioSocketAcceptor;
> import javax.net.ssl.*;
> import java.io.*;
> import java.net.InetSocketAddress;
> import java.security.KeyStore;
> public class Main {
>    public static void main(String[] args) throws Exception {
>       System.setProperty("javax.net.debug","all");
>       KeyManagerFactory keyManagerFactory;
>       try(FileInputStream fis = new FileInputStream("keyStore.pfx")) {
>          keyManagerFactory = 
> KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
>          KeyStore keyStore = KeyStore.getInstance("PKCS12");
>          keyStore.load(fis, "passphrase".toCharArray());
>          keyManagerFactory.init(keyStore, "passphrase".toCharArray());
>       }
>       TrustManagerFactory trustManagerFactory;
>       try(FileInputStream fis = new FileInputStream("trustStore.pfx")){
>          trustManagerFactory = TrustManagerFactory.getInstance("SunX509");
>          KeyStore trustStore = KeyStore.getInstance("PKCS12");
>          trustStore.load(fis, "passphrase".toCharArray());
>          trustManagerFactory.init(trustStore);
>       }
>       SSLContext context = SSLContext.getInstance("TLSv1.3");
>       context.init(keyManagerFactory.getKeyManagers(), 
> trustManagerFactory.getTrustManagers(), null);
>       SslFilter filter = new SslFilter(context);
>       filter.setEnabledProtocols(new String[]{"TLSv1.3"});
>       filter.setEnabledCipherSuites(new String[]{"TLS_AES_128_GCM_SHA256", 
> "TLS_AES_256_GCM_SHA384"});
>       SocketAcceptor acceptor = new NioSocketAcceptor();
>       acceptor.setReuseAddress(true);
>       acceptor.getFilterChain().addLast("sslFilter", filter);
>       acceptor.setHandler( new ServerHandler());
>       acceptor.bind(new InetSocketAddress(53001));
>       System.out.println("Server started on Port : 53001");
>       System.out.println("Start sending data using cUrl below:");
>       System.out.println("-> curl --location --insecure --tlsv1.3 --ipv4 
> 'https://localhost:53001' --data-raw 'Sample Text'");
>    }
> }
> class ServerHandler extends IoHandlerAdapter {
>    @Override
>    public void sessionCreated(IoSession session) {
>       System.out.println( "\nSession created : " + session);
>    }
>    @Override
>    public void sessionOpened(IoSession session) {
>       System.out.println( "Session opened : " + session);
>       session.getConfig().setIdleTime(IdleStatus.BOTH_IDLE,  60);
>    }
>    @Override
>    public void sessionClosed(IoSession session) {
>       System.out.println( "Session closed : " + session);
>       session.closeNow();
>    }
>    @Override
>    public void sessionIdle(IoSession session, IdleStatus status) {
>       System.out.println( "==========================" );
>       System.out.println( "Session is idle for 60 secs hence closing session: 
> " + session.getRemoteAddress());
>       System.out.println( "==========================" );
>       session.closeNow();
>    }
>    @Override
>    public void exceptionCaught(IoSession session, Throwable cause) {
>       System.out.println("Exception :\n");
>       cause.printStackTrace();
>       session.closeNow();
>    }
>    @Override
>    public void messageReceived(IoSession session, Object message) {
>       System.out.println("Message Received!!!");
>       //do further processing on @param{message}
>       session.closeOnFlush();
>    }
> }
> {code}
> Note: Try sending the request multiple times and randomly the sent message is 
> some have not properly read. Observe that the session id *0x00000003* fails 
> with the error.
> {code:java}
> Console Output:
> > java.exe -cp * Main
> Server started on Port : 53001
> Start sending data using cUrl below:
> -> curl --location --insecure --tlsv1.3 --ipv4 'https://localhost:53001' 
> --data-raw 'Sample Text'
> Session created : (0x00000001: nio socket, server, /127.0.0.1:56639 => 
> /127.0.0.1:53001)
> Session opened : (0x00000001: nio socket, server, /127.0.0.1:56639 => 
> /127.0.0.1:53001)
> Message Received!!!
> Session closed : (0x00000001: nio socket, server, null => 
> 0.0.0.0/0.0.0.0:53001)Session created : (0x00000002: nio socket, server, 
> /127.0.0.1:56651 => /127.0.0.1:53001)
> Session opened : (0x00000002: nio socket, server, /127.0.0.1:56651 => 
> /127.0.0.1:53001)
> Message Received!!!
> Session closed : (0x00000002: nio socket, server, null => 
> 0.0.0.0/0.0.0.0:53001)Session created : (0x00000003: nio socket, server, 
> /127.0.0.1:56656 => /127.0.0.1:53001)
> Session opened : (0x00000003: nio socket, server, /127.0.0.1:56656 => 
> /127.0.0.1:53001)
> ==========================
> Session is idle for 60 secs hence closing session: /127.0.0.1:56656
> ==========================
> Session closed : (0x00000003: nio socket, server, null => 
> 0.0.0.0/0.0.0.0:53001)Session created : (0x00000004: nio socket, server, 
> /127.0.0.1:56849 => /127.0.0.1:53001)
> Session opened : (0x00000004: nio socket, server, /127.0.0.1:56849 => 
> /127.0.0.1:53001)
> Message Received!!!
> Session closed : (0x00000004: nio socket, server, null => 
> 0.0.0.0/0.0.0.0:53001)Session created : (0x00000005: nio socket, server, 
> /127.0.0.1:56860 => /127.0.0.1:53001)
> Session opened : (0x00000005: nio socket, server, /127.0.0.1:56860 => 
> /127.0.0.1:53001)
> Message Received!!!
> Session closed : (0x00000005: nio socket, server, null => 
> 0.0.0.0/0.0.0.0:53001)
> {code}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org