RE: Java SSL Support (didn't have a subject, so I am giving it one.)
On Monday, April 29, 2002 09:15, arjan pot [mailto:[EMAIL PROTECTED]] wrote: In other words; is it possible to connect with a Java - client through OpenSSL to a server, written in C? The part about this that sounds hard is the connect through OpenSSL part. My recommendation would be to use the javax.net.ssl.SSLSocket extensions and use the built-in SSL support in the java API. Check out the following: http://java.sun.com/j2se/1.4/docs/api/javax/net/ssl/SSLSocket.html There are numerousimplementations (e.g. JCSI for example, is free for research and educational purposes: http://www.wedgetail.com/jcsi/index.html). So, for example, you might do something like: SSLSocketFactory factory = new SSLSocketFactory(); Socket myClientSocket = createSocket(new String(127.0.0.1), 443); //myClient should be an SSLSocket. Use like you would any other. -E __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: Java SSL Support (didn't have a subject, so I am giving it one.)
On Tue, 30 Apr 2002, Ed Moyle wrote: On Monday, April 29, 2002 09:15, arjan pot [mailto:[EMAIL PROTECTED]] wrote: In other words; is it possible to connect with a Java - client through OpenSSL to a server, written in C? The part about this that sounds hard is the connect through OpenSSL part. My recommendation would be to use the javax.net.ssl.SSLSocket extensions and use the built-in SSL support in the java API. Check out the following: http://java.sun.com/j2se/1.4/docs/api/javax/net/ssl/SSLSocket.html There are numerousimplementations (e.g. JCSI for example, is free for research and educational purposes: http://www.wedgetail.com/jcsi/index.html). So, for example, you might do something like: SSLSocketFactory factory = new SSLSocketFactory(); Socket myClientSocket = createSocket(new String(127.0.0.1), 443); //myClient should be an SSLSocket. Use like you would any other. Does anybody know if the wrong signature length problems in JSSE have been fixed? Otherwise, I don't think this'll work, even if you code it properly... Check out the following link: http://groups.google.com/groups?hl=enframe=rightth=364ff2e1a2f20db0seekm=40373dc3.0108131639.3b69c55d%40posting.google.com#link3 -cj -- Chris Cleeland, cleeland_c @ ociweb.com, http://www.milodesigns.com/~chris Principal Software Engineer, Object Computing, Inc., +1 314 579 0066 Support Me Supporting Cancer Survivors in Ride for the Roses 2002 Donate at http://www.milodesigns.com/donate __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Java SSL Support (didn't have a subject, so I am giving it one.)
Chris Cleeland [EMAIL PROTECTED] writes: On Tue, 30 Apr 2002, Ed Moyle wrote: Does anybody know if the wrong signature length problems in JSSE have been fixed? Otherwise, I don't think this'll work, even if you code it properly... Check out the following link: http://groups.google.com/groups?hl=enframe=rightth=364ff2e1a2f20db0seekm=40373dc3.0108131639.3b69c55d%40posting.google.com#link3 I dunno if this has been fixed or not (though it only applies to DSA). PureTLS (http://www.rtfm.com/puretls) is a free Java SSL/TLS implementation that interoperates fine with OpenSSL. -Ekr -- [Eric Rescorla [EMAIL PROTECTED]] http://www.rtfm.com/ __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Java SSL Support (didn't have a subject, so I am giving it one.)
On 30 Apr 2002, Eric Rescorla wrote: Chris Cleeland [EMAIL PROTECTED] writes: On Tue, 30 Apr 2002, Ed Moyle wrote: Does anybody know if the wrong signature length problems in JSSE have been fixed? Otherwise, I don't think this'll work, even if you code it properly... Check out the following link: http://groups.google.com/groups?hl=enframe=rightth=364ff2e1a2f20db0seekm=40373dc3.0108131639.3b69c55d%40posting.google.com#link3 I dunno if this has been fixed or not (though it only applies to DSA). Right. Good point. However, for some reason I remember that we had problems with JSSE doing RSA properly, too. But memory is fuzzy anymore. PureTLS (http://www.rtfm.com/puretls) is a free Java SSL/TLS implementation that interoperates fine with OpenSSL. Thanks for the link! I checked it out. Do you have any idea what the performance is like compared to JSSE? (I notice that you suggest using GoNative accelerated implementations of crypto stuff, so comparisons should specify whether PureTLS uses GoNative or not.) Thanks! -cj -- Chris Cleeland, cleeland_c @ ociweb.com, http://www.milodesigns.com/~chris Principal Software Engineer, Object Computing, Inc., +1 314 579 0066 Support Me Supporting Cancer Survivors in Ride for the Roses 2002 Donate at http://www.milodesigns.com/donate __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Java SSL Support (didn't have a subject, so I am giving it one.)
Chris Cleeland [EMAIL PROTECTED] writes: On 30 Apr 2002, Eric Rescorla wrote: Right. Good point. However, for some reason I remember that we had problems with JSSE doing RSA properly, too. But memory is fuzzy anymore. That could be. I've heard such reports but never really verified them. PureTLS (http://www.rtfm.com/puretls) is a free Java SSL/TLS implementation that interoperates fine with OpenSSL. Thanks for the link! I checked it out. Do you have any idea what the performance is like compared to JSSE? (I notice that you suggest using GoNative accelerated implementations of crypto stuff, so comparisons should specify whether PureTLS uses GoNative or not.) I haven't benchmarked JSSE. I imagine the performance of JSSE and PureTLS are pretty similar, since the DSA and RSA impls. use the same bignum operations and there's only so much you can do to optimize DES or SHA-1 in Java. The purpose of GoNative is to improve performance over what you can get in Java. -Ekr -- [Eric Rescorla [EMAIL PROTECTED]] http://www.rtfm.com/ __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Java + SSL
Hi All, have anybody experiences with the following Error, which occurs when I want to use the example from the JNDI == LDAP == Security to connect to an LDAP Server over SSL: cutscence // Set up the environment for creating the initial context Hashtable env = new Hashtable(); env.put(Context.INITIAL_CONTEXT_FACTORY, com.sun.jndi.ldap.LdapCtxFactory); env.put(Context.PROVIDER_URL, ldap://localhost:636/o=JNDITutorial;); // Specify SSL env.put(Context.SECURITY_PROTOCOL, ssl); // Authenticate as S. User and password mysecret env.put(Context.SECURITY_AUTHENTICATION, simple); env.put(Context.SECURITY_PRINCIPAL, cn=S. User, ou=NewHires, o=JNDITutorial); env.put(Context.SECURITY_CREDENTIALS, mysecret); // Create the initial context DirContext ctx = new InitialDirContext(env); // ... do something useful with ctx /cutscence I become the following Error Root exception is java.net.SocketException: SSL implementation not available. I use also jsse.jar which is needed to run SSL. Can anybody help me :) Thanks in advance regards Ferruh __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Java + SSL
Zamangoer, Ferruh wrote: Hi All, have anybody experiences with the following Error, which occurs when I want to use the example from the JNDI == LDAP == Security to connect to an LDAP Server over SSL: cutscence // Set up the environment for creating the initial context Hashtable env = new Hashtable(); env.put(Context.INITIAL_CONTEXT_FACTORY, com.sun.jndi.ldap.LdapCtxFactory); env.put(Context.PROVIDER_URL, ldap://localhost:636/o=JNDITutorial;); // Specify SSL env.put(Context.SECURITY_PROTOCOL, ssl); // Authenticate as S. User and password mysecret env.put(Context.SECURITY_AUTHENTICATION, simple); env.put(Context.SECURITY_PRINCIPAL, cn=S. User, ou=NewHires, o=JNDITutorial); env.put(Context.SECURITY_CREDENTIALS, mysecret); // Create the initial context DirContext ctx = new InitialDirContext(env); // ... do something useful with ctx /cutscence I become the following Error Root exception is java.net.SocketException: SSL implementation not available. I use also jsse.jar which is needed to run SSL. Can anybody help me :) Thanks in advance regards Ferruh It seems that jsse is not correctly installed in you VM. Follow the instruction embedded with the jsse for the correct definition of the security provider in the JRE_HOME/lib/security/java.security config file. -- Dott. Sergio Rabellino Technical Staff Department of Computer Science University of Torino (Italy) Member of the Internet Society http://www.di.unito.it/~rabser Tel. +39-0116706701 Fax. +39-011751603 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
AW: Java + SSL
Thanks I think that's right way. I have become communication with the server. Following Error occurs on slapd: daemon_init: 2 listeners opened slapd init: initiated server. slap_sasl_init: initialized! slapd startup: initiated. slapd starting ldap_pvt_gethostbyname_a: host=solo, r=0 connection_get(10): got connid=0 connection_read(10): checking for input on id=0 TLS trace: SSL_accept:before/accept initialization TLS trace: SSL_accept:SSLv3 read client hello A TLS trace: SSL_accept:SSLv3 write server hello A TLS trace: SSL_accept:SSLv3 write certificate A TLS trace: SSL_accept:SSLv3 write server done A TLS trace: SSL_accept:SSLv3 flush data TLS trace: SSL_accept:error in SSLv3 read client certificate A TLS trace: SSL_accept:error in SSLv3 read client certificate A connection_get(10): got connid=0 connection_read(10): checking for input on id=0 TLS trace: SSL_accept:error in SSLv3 read client certificate A TLS: can't accept. connection_read(10): TLS accept error error=-1 id=0, closing connection_closing: readying conn=0 sd=10 for close connection_close: conn=0 sd=10 The java throws following Exception : javax.naming.CommunicationException: xxx.xxx.xxx.xxx:636. Root exception is javax.net.ssl.SSLException: untrusted server cert chain at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a([DashoPro-V1.2-120198])at com.sun.net.ssl.internal.ssl.ClientHandshaker.a([DashoPro-V1.2-120198]) at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage([DashoPro-V1.2- 120198])at com.sun.net.ssl.internal.ssl.Handshaker.process_record([DashoPro-V1.2-120198 ]) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a([DashoPro-V1.2-120198]) (Thanks)² regards Ferruh -Ursprüngliche Nachricht- Von: Rabellino Sergio [mailto:[EMAIL PROTECTED]] Gesendet: Mittwoch, 3. April 2002 14:42 An: [EMAIL PROTECTED] Betreff: Re: Java + SSL Zamangoer, Ferruh wrote: Hi All, have anybody experiences with the following Error, which occurs when I want to use the example from the JNDI == LDAP == Security to connect to an LDAP Server over SSL: cutscence // Set up the environment for creating the initial context Hashtable env = new Hashtable(); env.put(Context.INITIAL_CONTEXT_FACTORY, com.sun.jndi.ldap.LdapCtxFactory); env.put(Context.PROVIDER_URL, ldap://localhost:636/o=JNDITutorial;); // Specify SSL env.put(Context.SECURITY_PROTOCOL, ssl); // Authenticate as S. User and password mysecret env.put(Context.SECURITY_AUTHENTICATION, simple); env.put(Context.SECURITY_PRINCIPAL, cn=S. User, ou=NewHires, o=JNDITutorial); env.put(Context.SECURITY_CREDENTIALS, mysecret); // Create the initial context DirContext ctx = new InitialDirContext(env); // ... do something useful with ctx /cutscence I become the following Error Root exception is java.net.SocketException: SSL implementation not available. I use also jsse.jar which is needed to run SSL. Can anybody help me :) Thanks in advance regards Ferruh It seems that jsse is not correctly installed in you VM. Follow the instruction embedded with the jsse for the correct definition of the security provider in the JRE_HOME/lib/security/java.security config file. -- Dott. Sergio Rabellino Technical Staff Department of Computer Science University of Torino (Italy) Member of the Internet Society http://www.di.unito.it/~rabser Tel. +39-0116706701 Fax. +39-011751603 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Problems with Java SSL API
Your verisign root CA has expired: this is the last one in the chain. You should replace it with a newer version, you can get this from several places including certs/vsign3.pem in later versions of OpenSSL or if you have MSIE you can export it using the base64 encoded option. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Celo Communications: http://www.celocom.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
OT: Java SSL implementation (was RE: www.openssl.org)
Entrust's Java Toolkit includes an SSL implementation. It's available free (with registration) from http://developer.entrust.com, and I think also available internationally (and free as well) from http://developer.entrust.ch. --- David Friedman [EMAIL PROTECTED] wrote: Does anyone know of any SSL Java implementations that are available outside the US for commercial use? Hope this helps, === Wham! [EMAIL PROTECTED] _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Fresh meat -- Java SSL using OpenSSL (SSLeay)
Sorry if I'm not actually answering your problem but I think OpenSSL should maybe start to think about having some Java Interface/integration within the OpenSSL project. Java popularity is growing more than what non-Java developpers tend to think (i.e. Servlet technology is great) ... JNI is not really portable but Java is for sure. Doesn't that sound like a reasonable/plausible suggestion ? Cheerios, --francois -Original Message- From: Buchs Christian [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] Date: Thursday, March 11, 1999 6:11 AM Subject: RE: Fresh meat -- Java SSL using OpenSSL (SSLeay) Do you support (or plan to support) also SSLeay-0.9.0b or OpenSSL ? It builds and works fine with SSLeay-0.9.0b and openssl-0.9.1c without changes. (just tested) Not under NT unfortunately... In itissl.h, you include ssl_locl.h which doesn't come out in the inc32 directory when you build openssl for NT. Does anybody has a hint how I could change things to make the whole thing work? (not inlcuding ssl_locl.h doesn't help...) Ch. Buchs __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: Fresh meat -- Java SSL using OpenSSL (SSLeay)
Since JAVA SSL use OpenSSL/SSLeay DLL, how can we made it work under a standard browser ? Allways no 100% pure Java SSL implementation but there is a premice (http://security.dstc.edu.au/projects/java/jcsi.html) See you __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]