Re: Does Messenger API supports SSL?
Excellent news - good to hear, thanks! - Original Message - > From: "atarutin" > To: proton@qpid.apache.org > Sent: Wednesday, June 12, 2013 6:29:15 AM > Subject: Re: Does Messenger API supports SSL? > > Ken, thank you for help. Your answers made me think about problems with > properly ssl configuration on server side. I cheched it out and my > assumption has confirmed, there were no certificates. I've configured ssl > and now all the communication between server and client works well over ssl. > Thank you again! > > > > -- > View this message in context: > http://qpid.2158936.n2.nabble.com/Does-Messenger-API-supports-SSL-tp7593987p7594046.html > Sent from the Apache Qpid Proton mailing list archive at Nabble.com. > -- -K
Re: Does Messenger API supports SSL?
Ken, thank you for help. Your answers made me think about problems with properly ssl configuration on server side. I cheched it out and my assumption has confirmed, there were no certificates. I've configured ssl and now all the communication between server and client works well over ssl. Thank you again! -- View this message in context: http://qpid.2158936.n2.nabble.com/Does-Messenger-API-supports-SSL-tp7593987p7594046.html Sent from the Apache Qpid Proton mailing list archive at Nabble.com.
Re: Does Messenger API supports SSL?
The server isn't following through with the rest of the handshake, but I can't tell why from the dump, sorry. When you do this (run openssl s_client), does the broker log anything? BTW, what version OpenSSL are you running on the client side? "openssl version" will give you that. thanks, -K - Original Message - > From: "atarutin" > To: proton@qpid.apache.org > Sent: Tuesday, June 11, 2013 10:44:42 AM > Subject: Re: Does Messenger API supports SSL? > > Here it is: > > CONNECTED(04E4) > write to 0x1ec28a0 [0x1ef26a0] (321 bytes => 321 (0x141)) > - 16 03 01 01 3c 01 00 01-38 03 03 51 b7 37 bc 04 <...8..Q.7.. > 0010 - 28 3c bd 2c 32 55 20 98-ad ef d8 de a2 33 57 30 (<.,2U ..3W0 > 0020 - 81 b0 91 d2 91 a4 ba 10-b7 97 34 00 00 a0 c0 30 ..40 > 0030 - c0 2c c0 28 c0 24 c0 14-c0 0a c0 22 c0 21 00 a3 .,.(.$.".!.. > 0040 - 00 9f 00 6b 00 6a 00 39-00 38 00 88 00 87 c0 32 ...k.j.9.8.2 > 0050 - c0 2e c0 2a c0 26 c0 0f-c0 05 00 9d 00 3d 00 35 ...*.&...=.5 > 0060 - 00 84 c0 12 c0 08 c0 1c-c0 1b 00 16 00 13 c0 0d > 0070 - c0 03 00 0a c0 2f c0 2b-c0 27 c0 23 c0 13 c0 09 ./.+.'.# > 0080 - c0 1f c0 1e 00 a2 00 9e-00 67 00 40 00 33 00 32 .g.@.3.2 > 0090 - 00 9a 00 99 00 45 00 44-c0 31 c0 2d c0 29 c0 25 .E.D.1.-.).% > 00a0 - c0 0e c0 04 00 9c 00 3c-00 2f 00 96 00 41 00 07 ...<./...A.. > 00b0 - c0 11 c0 07 c0 0c c0 02-00 05 00 04 00 15 00 12 > 00c0 - 00 09 00 14 00 11 00 08-00 06 00 03 00 ff 01 00 > 00d0 - 00 6f 00 0b 00 04 03 00-01 02 00 0a 00 34 00 32 .o...4.2 > 00e0 - 00 0e 00 0d 00 19 00 0b-00 0c 00 18 00 09 00 0a > 00f0 - 00 16 00 17 00 08 00 06-00 07 00 14 00 15 00 04 > 0100 - 00 05 00 12 00 13 00 01-00 02 00 03 00 0f 00 10 > 0110 - 00 11 00 23 00 00 00 0d-00 22 00 20 06 01 06 02 ...#.". > 0120 - 06 03 05 01 05 02 05 03-04 01 04 02 04 03 03 01 > 0130 - 03 02 03 03 02 01 02 02-02 03 01 01 00 0f 00 01 > 0140 - 01. > read from 0x1ec28a0 [0x1ef7c00] (7 bytes => 7 (0x7)) > - 15 03 03 00 02 02 28 ..( > --- > no peer certificate available > --- > No client certificate CA names sent > --- > SSL handshake has read 7 bytes and written 321 bytes > --- > New, (NONE), Cipher is (NONE) > Secure Renegotiation IS NOT supported > Compression: NONE > Expansion: NONE > --- > > > Thanks for help. > > > > -- > View this message in context: > http://qpid.2158936.n2.nabble.com/Does-Messenger-API-supports-SSL-tp7593987p7594015.html > Sent from the Apache Qpid Proton mailing list archive at Nabble.com. > -- -K
Re: Does Messenger API supports SSL?
Here it is: CONNECTED(04E4) write to 0x1ec28a0 [0x1ef26a0] (321 bytes => 321 (0x141)) - 16 03 01 01 3c 01 00 01-38 03 03 51 b7 37 bc 04 <...8..Q.7.. 0010 - 28 3c bd 2c 32 55 20 98-ad ef d8 de a2 33 57 30 (<.,2U ..3W0 0020 - 81 b0 91 d2 91 a4 ba 10-b7 97 34 00 00 a0 c0 30 ..40 0030 - c0 2c c0 28 c0 24 c0 14-c0 0a c0 22 c0 21 00 a3 .,.(.$.".!.. 0040 - 00 9f 00 6b 00 6a 00 39-00 38 00 88 00 87 c0 32 ...k.j.9.8.2 0050 - c0 2e c0 2a c0 26 c0 0f-c0 05 00 9d 00 3d 00 35 ...*.&...=.5 0060 - 00 84 c0 12 c0 08 c0 1c-c0 1b 00 16 00 13 c0 0d 0070 - c0 03 00 0a c0 2f c0 2b-c0 27 c0 23 c0 13 c0 09 ./.+.'.# 0080 - c0 1f c0 1e 00 a2 00 9e-00 67 00 40 00 33 00 32 .g.@.3.2 0090 - 00 9a 00 99 00 45 00 44-c0 31 c0 2d c0 29 c0 25 .E.D.1.-.).% 00a0 - c0 0e c0 04 00 9c 00 3c-00 2f 00 96 00 41 00 07 ...<./...A.. 00b0 - c0 11 c0 07 c0 0c c0 02-00 05 00 04 00 15 00 12 00c0 - 00 09 00 14 00 11 00 08-00 06 00 03 00 ff 01 00 00d0 - 00 6f 00 0b 00 04 03 00-01 02 00 0a 00 34 00 32 .o...4.2 00e0 - 00 0e 00 0d 00 19 00 0b-00 0c 00 18 00 09 00 0a 00f0 - 00 16 00 17 00 08 00 06-00 07 00 14 00 15 00 04 0100 - 00 05 00 12 00 13 00 01-00 02 00 03 00 0f 00 10 0110 - 00 11 00 23 00 00 00 0d-00 22 00 20 06 01 06 02 ...#.". 0120 - 06 03 05 01 05 02 05 03-04 01 04 02 04 03 03 01 0130 - 03 02 03 03 02 01 02 02-02 03 01 01 00 0f 00 01 0140 - 01. read from 0x1ec28a0 [0x1ef7c00] (7 bytes => 7 (0x7)) - 15 03 03 00 02 02 28 ..( --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 7 bytes and written 321 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE --- Thanks for help. -- View this message in context: http://qpid.2158936.n2.nabble.com/Does-Messenger-API-supports-SSL-tp7593987p7594015.html Sent from the Apache Qpid Proton mailing list archive at Nabble.com.
Re: Does Messenger API supports SSL?
It doesn't appear that an SSL handshake is being done. Can you add a '-debug' to get a raw trace of the protocol? Is the server responding at all? For example, when I run openssl s_client against my server, I see the certificate exchange. I would expect the same for your server - you should see something like this: $ openssl s_client -connect 127.0.0.1:5671 CONNECTED(0003) depth=0 CN = A1.Good.Server.domain.com, O = Server verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 CN = A1.Good.Server.domain.com, O = Server verify error:num=27:certificate not trusted verify return:1 depth=0 CN = A1.Good.Server.domain.com, O = Server verify error:num=21:unable to verify the first certificate verify return:1 --- Certificate chain 0 s:/CN=A1.Good.Server.domain.com/O=Server i:/CN=Trusted.CA.com/O=Trust Me Inc. --- Server certificate -BEGIN CERTIFICATE- MIIC5TCCAqOgAwIBAgIEGK67vDALBgcqhkjOOAQDBQAwMTEXMBUGA1UEAxMOVHJ1 c3RlZC5DQS5jb20xFjAUBgNVBAoTDVRydXN0IE1lIEluYy4wIBcNMTMwMzIwMTU0 NzAzWhgPMjI4NzAxMDIxNTQ3MDNaMDUxIjAgBgNVBAMTGUExLkdvb2QuU2VydmVy LmRvbWFpbi5jb20xDzANBgNVBAoTBlNlcnZlcjCCAbcwggEsBgcqhkjOOAQBMIIB HwKBgQD9f1OBHXUSKVLfSpwu7OTn9hG3UjzvRADDHj+AtlEmaUVdQCJR+1k9jVj6 v8X1ujD2y5tVbNeBO4AdNG/yZmC3a5lQpaSfn+gEexAiwk+7qdf+t8Yb+DtX58ao phUPBPuD9tPFHsMCNVQTWhaRMvZ1864rYdcq7/IiAxmd0UgBxwIVAJdgUI8VIwvM spK5gqLrhAvwWBz1AoGBAPfhoIXWmz3ey7yrXDa4V7l5lK+7+jrqgvlXTAs9B4Jn UVlXjrrUWU/mcQcQgYC0SRZxI+hMKBYTt88JMozIpuE8FnqLVHyNKOCjrh4rs6Z1 kW6jfwv6ITVi8ftiegEkO8yk8b6oUZCJqIPf4VrlnwaSi2ZegHtVJWQBTDv+z0kq A4GEAAKBgGd51fWwKIVM6wIsVk0vo86Hq3q2gxlP0STl/EzEBew9buSMXPCqQvQI hw/Ud6/f/Q0KxctPn8MqO++jCCSYMYH5d1ME85X9QM2mh4/xejYWQdUlqJKkHPo6 MbLgEfQY7UxXxMq9Ekij/T6MyS1Rd9xwCCf2wJhjV6Jq35KplnWMo0IwQDAdBgNV HQ4EFgQUlZgov7xbp4kcuwMI7d7AAz4DH8YwHwYDVR0jBBgwFoAUqxC+jvigfpiR 6M3fb6XppgGxFJYwCwYHKoZIzjgEAwUAAy8AMCwCFBTG8MXcRKCTW6gBKIjp23BG WJfIAhRLFMZ4oYLsdCImFOl7/Hi3NdK9cw== -END CERTIFICATE- subject=/CN=A1.Good.Server.domain.com/O=Server issuer=/CN=Trusted.CA.com/O=Trust Me Inc. --- No client certificate CA names sent --- SSL handshake has read 1637 bytes and written 438 bytes --- New, TLSv1/SSLv3, Cipher is DHE-DSS-AES256-SHA Server public key is 1024 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher: DHE-DSS-AES256-SHA Session-ID: 9C60527D31390057F3EA7C275BBEAA379D2AAAB6EED495E2540F245DC6AF7618 Session-ID-ctx: Master-Key: 32FD8391E0F19C12CF34A258442BD6BFFC7DF3A78DE8DACE6F64910D6651B2FAB98ADB6ED4AA99F15BFC3F6D511DF24B Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None TLS session ticket: - f7 ce 3f 50 5e a1 4d 63-ab e7 b7 67 ac d4 ca 26 ..?P^.Mc...g...& 0010 - f1 f4 28 4c 1f 07 fb 8c-df 69 43 51 db 7b 48 3a ..(L.iCQ.{H: 0020 - 6f fd 21 71 f1 fd 89 4a-a2 8f 68 a4 80 af 94 90 o.!q...J..h. 0030 - 77 c7 85 a4 0d f7 f6 1a-42 9f cc 90 21 82 55 03 w...B...!.U. 0040 - d7 e0 47 48 bf 8e d5 03-fc 45 ce 0c c7 3d ce 92 ..GH.E...=.. 0050 - bf 3d 5f 2c 0a e0 78 78-17 38 8b 03 05 a0 d1 d0 .=_,..xx.8.. 0060 - fc b8 e9 4d 16 c5 1f b1-d8 7f 37 dd 48 47 40 14 ...M..7.HG@. 0070 - 9c 8d 55 0f d3 34 eb cb-b7 b0 02 67 1e bb 41 1d ..U..4.g..A. 0080 - fc 97 1c cb df 11 7e 24-3c 6d de 07 cc cc a8 df ..~$ From: "atarutin" > To: proton@qpid.apache.org > Sent: Tuesday, June 11, 2013 10:23:29 AM > Subject: Re: Does Messenger API supports SSL? > > That is dump: > > CONNECTED(04E4) > --- > no peer certificate available > --- > No client certificate CA names sent > --- > SSL handshake has read 7 bytes and written 321 bytes > --- > New, (NONE), Cipher is (NONE) > Secure Renegotiation IS NOT supported > Compression: NONE > Expansion: NONE > --- > > > Could you please help me to understand this information? > > > > -- > View this message in context: > http://qpid.2158936.n2.nabble.com/Does-Messenger-API-supports-SSL-tp7593987p7594013.html > Sent from the Apache Qpid Proton mailing list archive at Nabble.com. > -- -K
Re: Does Messenger API supports SSL?
That is dump: CONNECTED(04E4) --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 7 bytes and written 321 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE --- Could you please help me to understand this information? -- View this message in context: http://qpid.2158936.n2.nabble.com/Does-Messenger-API-supports-SSL-tp7593987p7594013.html Sent from the Apache Qpid Proton mailing list archive at Nabble.com.
Re: Does Messenger API supports SSL?
Hi, Although I've never seen this error before, I suspect that the server requires some stronger level of encryption than the client is providing. This may depend on several factors, including what ciphers your server and your OpenSSL library support (client). You may want to try the openssl test client and see if you can connect to your server using that: openssl s_client -connect that should dump some info regarding what the server is requesting. - Original Message - > From: "atarutin" > To: proton@qpid.apache.org > Sent: Tuesday, June 11, 2013 9:24:02 AM > Subject: Re: Does Messenger API supports SSL? > > I've just found the problem. Earlier, I compiled proton without SSL support. > It was my fail, sorry. > > But now, I've recompiled proton dll and I've got another error: > > <http://qpid.2158936.n2.nabble.com/file/n7594003/ssl_error.png> > > As for server, I use activemq. While trying to connect to it I see the > warning in the server log: > WARN | Transport Connection to: tcp://127.0.0.1:1632 failed: > javax.net.ssl.SSLHandshakeException: no cipher suites in common. > > Any ideas? > > > > -- > View this message in context: > http://qpid.2158936.n2.nabble.com/Does-Messenger-API-supports-SSL-tp7593987p7594003.html > Sent from the Apache Qpid Proton mailing list archive at Nabble.com. > -- -K
Re: Does Messenger API supports SSL?
I've just found the problem. Earlier, I compiled proton without SSL support. It was my fail, sorry. But now, I've recompiled proton dll and I've got another error: <http://qpid.2158936.n2.nabble.com/file/n7594003/ssl_error.png> As for server, I use activemq. While trying to connect to it I see the warning in the server log: WARN | Transport Connection to: tcp://127.0.0.1:1632 failed: javax.net.ssl.SSLHandshakeException: no cipher suites in common. Any ideas? -- View this message in context: http://qpid.2158936.n2.nabble.com/Does-Messenger-API-supports-SSL-tp7593987p7594003.html Sent from the Apache Qpid Proton mailing list archive at Nabble.com.
Re: Does Messenger API supports SSL?
On Tue, Jun 11, 2013 at 01:16:17AM -0700, atarutin wrote: > No. I've got an error "SASL header mismatch ...". Maybe I have to configure > messenger fo ssl? Are both ends Proton, and are both ends using SSL? -- Darryl L. Pierce, Sr. Software Engineer @ Red Hat, Inc. Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/ pgpmrG8sm9k6j.pgp Description: PGP signature
Re: Does Messenger API supports SSL?
No. I've got an error "SASL header mismatch ...". Maybe I have to configure messenger fo ssl? -- View this message in context: http://qpid.2158936.n2.nabble.com/Does-Messenger-API-supports-SSL-tp7593987p7593989.html Sent from the Apache Qpid Proton mailing list archive at Nabble.com.
Re: Does Messenger API supports SSL?
amqps:// does not work? On Tue, Jun 11, 2013 at 9:54 AM, atarutin wrote: > Hello. Does anybody can explain how should I work with an AMQP server over > SSL connection? Does PROTON already supports AMQP over SSL? I've not found > any examples. > > Thanks in advance. > > > > -- > View this message in context: > http://qpid.2158936.n2.nabble.com/Does-Messenger-API-supports-SSL-tp7593987.html > Sent from the Apache Qpid Proton mailing list archive at Nabble.com. > -- Pablo Rodríguez Rey (http://mr.xkr.es) Area de Tecnologías de la Información y las Comunicaciones Aplicadas Edificio ATICA ~ Sección de Redes ~ Despacho B1.2.004 ~ Tel. 868 88 8209 Universidad de Murcia, 30100 Campus de Espinardo (Murcia - Spain) "i've mapped my mind on my dick"
Does Messenger API supports SSL?
Hello. Does anybody can explain how should I work with an AMQP server over SSL connection? Does PROTON already supports AMQP over SSL? I've not found any examples. Thanks in advance. -- View this message in context: http://qpid.2158936.n2.nabble.com/Does-Messenger-API-supports-SSL-tp7593987.html Sent from the Apache Qpid Proton mailing list archive at Nabble.com.