Have you installed the unrestricted security policies in your JDK? Colm.
On Tue, May 22, 2012 at 11:02 AM, Thomas Pischulski <[email protected]> wrote: > Hey Colm, > > thanks for your efforts. That's indeed simple but I still get the same > SSLException. Does that require some third-party jar files in my > java-environment? I also get a bunch of "ignoring unsupported cipher > suite" messages like: > > Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 > Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 > Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 > Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 > Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 > Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 > Ignoring unsupported cipher suite: TLS_RSA_WITH_NULL_SHA256 > Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 > Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 > Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 > Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 > Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 > Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 > Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 > Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 > > that all include "AES". Seems like I'm still missing something? > > > Cheers, > > Thomas > > On 5/22/2012 11:54 AM, Colm O hEigeartaigh wrote: >> Hi Thomas, >> >> Great, I was able to reproduce the problem. The fix is quite simple, >> you need to add the following ciphersuite filter to both the >> webservice and webservice-consumer: >> >> filter.getInclude().add(".*_WITH_AES_.*"); >> >> JDK 1.7 does not include DES cipher suites and so you need to add AES. >> >> Colm. >> >> On Tue, May 22, 2012 at 9:55 AM, Thomas Pischulski >> <[email protected]> wrote: >>> Hey Colm, >>> >>> I'll try, it's quite a lot to set up. (This is made with eclipse btw) >>> >>> 1) Download >>> http://search.maven.org/remotecontent?filepath=org/apache/cxf/dosgi/cxf-dosgi-ri-singlebundle-distribution/1.3/cxf-dosgi-ri-singlebundle-distribution-1.3.jar >>> >>> 2) Right-click package explorer -> Import -> Plug-ins and Fragments -> >>> Import From Directory where the jar is located -> Next -> Select >>> single-bundle-distribution -> Add -> Finish >>> >>> 3) Download & unzip >>> http://www1.inf.tu-dresden.de/~s9494545/ssl_minimal_example.zip >>> >>> 4) Right-click package explorer -> Import -> Plug-ins and Fragments -> >>> Import From Directory where the extracted directory is located -> Next >>> -> Select "webservice" & "webservice-consumer" -> Add -> Finish >>> >>> 5) Right-click on webservice bundle -> Run As -> Run Configurations >>> >>> 6) Select OSGi-Framework and click "New Launch Configuration" on the >>> upper left >>> >>> 7) In the bundles-tab click "Deselect All", select all three bundles >>> "cxf-dosgi-*", "webservice" and "webservice-consumer" and make sure that >>> Auto-start is set to "true" in all three. >>> >>> 6) Click "Add required bundles" >>> >>> 7) Go to "Arguments"-tab and add "-Djavax.net.debug=all" to VM arguments >>> (this will give you a more detailled output about the SSL stuff happening) >>> >>> 8) Click apply and run >>> >>> It now takes some time to start everything, also some small GUI should >>> popup sooner or later for invoking the webservice. >>> >>> You should also get some debug-output like >>> '[SSLWebService] Service published at https://localhost:443/hello' >>> If I try to access this site I get an 'SSL connection error' >>> >>> If I try to invoke the webservice with the popped up GUI and I get the >>> 'Unrecognized SSL message, plaintext connection?'-SSLException. >>> >>> Your OSGi-Run Configuration is now still available if you click this >>> green "play" button in eclipse. >>> >>> Hope that helps >>> >>> Cheers, >>> >>> Thomas >>> >>> On 5/22/2012 10:34 AM, Colm O hEigeartaigh wrote: >>>> Hi Thomas, >>>> >>>> Can you give me more detailed instructions about how to reproduce the >>>> error given the sample? I know little about dosgi. >>>> >>>> Colm. >>>> >>>> On Tue, May 22, 2012 at 7:36 AM, Thomas Pischulski >>>> <[email protected]> wrote: >>>>> Bump. >>>> >>>> >>>> >> >> >> -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
