> by copying all jar's into <jdk-home>/lib/security You need to copy them into <jdk.home>/jre/lib/security
> Did you mean that? Does my example work on your workstation? Yes (with the cipher-suite changes). Colm. On Tue, May 22, 2012 at 11:19 AM, Thomas Pischulski <[email protected]> wrote: > I installed that: > http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html > > by copying all jar's into <jdk-home>/lib/security > > Did you mean that? Does my example work on your workstation? > > On 5/22/2012 12:11 PM, Colm O hEigeartaigh wrote: >> Have you installed the unrestricted security policies in your JDK? >> >> Colm. >> >> On Tue, May 22, 2012 at 11:02 AM, Thomas Pischulski >> <[email protected]> wrote: >>> Hey Colm, >>> >>> thanks for your efforts. That's indeed simple but I still get the same >>> SSLException. Does that require some third-party jar files in my >>> java-environment? I also get a bunch of "ignoring unsupported cipher >>> suite" messages like: >>> >>> Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 >>> Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 >>> Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 >>> Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 >>> Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 >>> Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 >>> Ignoring unsupported cipher suite: TLS_RSA_WITH_NULL_SHA256 >>> Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 >>> Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 >>> Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 >>> Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 >>> Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 >>> Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 >>> Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 >>> Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 >>> >>> that all include "AES". Seems like I'm still missing something? >>> >>> >>> Cheers, >>> >>> Thomas >>> >>> On 5/22/2012 11:54 AM, Colm O hEigeartaigh wrote: >>>> Hi Thomas, >>>> >>>> Great, I was able to reproduce the problem. The fix is quite simple, >>>> you need to add the following ciphersuite filter to both the >>>> webservice and webservice-consumer: >>>> >>>> filter.getInclude().add(".*_WITH_AES_.*"); >>>> >>>> JDK 1.7 does not include DES cipher suites and so you need to add AES. >>>> >>>> Colm. >>>> >>>> On Tue, May 22, 2012 at 9:55 AM, Thomas Pischulski >>>> <[email protected]> wrote: >>>>> Hey Colm, >>>>> >>>>> I'll try, it's quite a lot to set up. (This is made with eclipse btw) >>>>> >>>>> 1) Download >>>>> http://search.maven.org/remotecontent?filepath=org/apache/cxf/dosgi/cxf-dosgi-ri-singlebundle-distribution/1.3/cxf-dosgi-ri-singlebundle-distribution-1.3.jar >>>>> >>>>> 2) Right-click package explorer -> Import -> Plug-ins and Fragments -> >>>>> Import From Directory where the jar is located -> Next -> Select >>>>> single-bundle-distribution -> Add -> Finish >>>>> >>>>> 3) Download & unzip >>>>> http://www1.inf.tu-dresden.de/~s9494545/ssl_minimal_example.zip >>>>> >>>>> 4) Right-click package explorer -> Import -> Plug-ins and Fragments -> >>>>> Import From Directory where the extracted directory is located -> Next >>>>> -> Select "webservice" & "webservice-consumer" -> Add -> Finish >>>>> >>>>> 5) Right-click on webservice bundle -> Run As -> Run Configurations >>>>> >>>>> 6) Select OSGi-Framework and click "New Launch Configuration" on the >>>>> upper left >>>>> >>>>> 7) In the bundles-tab click "Deselect All", select all three bundles >>>>> "cxf-dosgi-*", "webservice" and "webservice-consumer" and make sure that >>>>> Auto-start is set to "true" in all three. >>>>> >>>>> 6) Click "Add required bundles" >>>>> >>>>> 7) Go to "Arguments"-tab and add "-Djavax.net.debug=all" to VM arguments >>>>> (this will give you a more detailled output about the SSL stuff happening) >>>>> >>>>> 8) Click apply and run >>>>> >>>>> It now takes some time to start everything, also some small GUI should >>>>> popup sooner or later for invoking the webservice. >>>>> >>>>> You should also get some debug-output like >>>>> '[SSLWebService] Service published at https://localhost:443/hello' >>>>> If I try to access this site I get an 'SSL connection error' >>>>> >>>>> If I try to invoke the webservice with the popped up GUI and I get the >>>>> 'Unrecognized SSL message, plaintext connection?'-SSLException. >>>>> >>>>> Your OSGi-Run Configuration is now still available if you click this >>>>> green "play" button in eclipse. >>>>> >>>>> Hope that helps >>>>> >>>>> Cheers, >>>>> >>>>> Thomas >>>>> >>>>> On 5/22/2012 10:34 AM, Colm O hEigeartaigh wrote: >>>>>> Hi Thomas, >>>>>> >>>>>> Can you give me more detailed instructions about how to reproduce the >>>>>> error given the sample? I know little about dosgi. >>>>>> >>>>>> Colm. >>>>>> >>>>>> On Tue, May 22, 2012 at 7:36 AM, Thomas Pischulski >>>>>> <[email protected]> wrote: >>>>>>> Bump. >>>>>> >>>>>> >>>>>> >>>> >>>> >>>> >> >> >> -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
