Heyho,
>> by copying all jar's into <jdk-home>/lib/security > You need to copy them into <jdk.home>/jre/lib/security Hm ok I did that too, still the same error :( I also tried including both jar-files from JCE into my build path, same results. > >> Did you mean that? Does my example work on your workstation? > > Yes (with the cipher-suite changes). > > Colm. > > On Tue, May 22, 2012 at 11:19 AM, Thomas Pischulski > <[email protected]> wrote: >> I installed that: >> http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html >> >> by copying all jar's into <jdk-home>/lib/security >> >> Did you mean that? Does my example work on your workstation? >> >> On 5/22/2012 12:11 PM, Colm O hEigeartaigh wrote: >>> Have you installed the unrestricted security policies in your JDK? >>> >>> Colm. >>> >>> On Tue, May 22, 2012 at 11:02 AM, Thomas Pischulski >>> <[email protected]> wrote: >>>> Hey Colm, >>>> >>>> thanks for your efforts. That's indeed simple but I still get the same >>>> SSLException. Does that require some third-party jar files in my >>>> java-environment? I also get a bunch of "ignoring unsupported cipher >>>> suite" messages like: >>>> >>>> Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 >>>> Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 >>>> Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 >>>> Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 >>>> Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 >>>> Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 >>>> Ignoring unsupported cipher suite: TLS_RSA_WITH_NULL_SHA256 >>>> Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 >>>> Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 >>>> Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 >>>> Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 >>>> Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 >>>> Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 >>>> Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 >>>> Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 >>>> >>>> that all include "AES". Seems like I'm still missing something? >>>> >>>> >>>> Cheers, >>>> >>>> Thomas >>>> >>>> On 5/22/2012 11:54 AM, Colm O hEigeartaigh wrote: >>>>> Hi Thomas, >>>>> >>>>> Great, I was able to reproduce the problem. The fix is quite simple, >>>>> you need to add the following ciphersuite filter to both the >>>>> webservice and webservice-consumer: >>>>> >>>>> filter.getInclude().add(".*_WITH_AES_.*"); >>>>> >>>>> JDK 1.7 does not include DES cipher suites and so you need to add AES. >>>>> >>>>> Colm. >>>>> >>>>> On Tue, May 22, 2012 at 9:55 AM, Thomas Pischulski >>>>> <[email protected]> wrote: >>>>>> Hey Colm, >>>>>> >>>>>> I'll try, it's quite a lot to set up. (This is made with eclipse btw) >>>>>> >>>>>> 1) Download >>>>>> http://search.maven.org/remotecontent?filepath=org/apache/cxf/dosgi/cxf-dosgi-ri-singlebundle-distribution/1.3/cxf-dosgi-ri-singlebundle-distribution-1.3.jar >>>>>> >>>>>> 2) Right-click package explorer -> Import -> Plug-ins and Fragments -> >>>>>> Import From Directory where the jar is located -> Next -> Select >>>>>> single-bundle-distribution -> Add -> Finish >>>>>> >>>>>> 3) Download & unzip >>>>>> http://www1.inf.tu-dresden.de/~s9494545/ssl_minimal_example.zip >>>>>> >>>>>> 4) Right-click package explorer -> Import -> Plug-ins and Fragments -> >>>>>> Import From Directory where the extracted directory is located -> Next >>>>>> -> Select "webservice" & "webservice-consumer" -> Add -> Finish >>>>>> >>>>>> 5) Right-click on webservice bundle -> Run As -> Run Configurations >>>>>> >>>>>> 6) Select OSGi-Framework and click "New Launch Configuration" on the >>>>>> upper left >>>>>> >>>>>> 7) In the bundles-tab click "Deselect All", select all three bundles >>>>>> "cxf-dosgi-*", "webservice" and "webservice-consumer" and make sure that >>>>>> Auto-start is set to "true" in all three. >>>>>> >>>>>> 6) Click "Add required bundles" >>>>>> >>>>>> 7) Go to "Arguments"-tab and add "-Djavax.net.debug=all" to VM arguments >>>>>> (this will give you a more detailled output about the SSL stuff >>>>>> happening) >>>>>> >>>>>> 8) Click apply and run >>>>>> >>>>>> It now takes some time to start everything, also some small GUI should >>>>>> popup sooner or later for invoking the webservice. >>>>>> >>>>>> You should also get some debug-output like >>>>>> '[SSLWebService] Service published at https://localhost:443/hello' >>>>>> If I try to access this site I get an 'SSL connection error' >>>>>> >>>>>> If I try to invoke the webservice with the popped up GUI and I get the >>>>>> 'Unrecognized SSL message, plaintext connection?'-SSLException. >>>>>> >>>>>> Your OSGi-Run Configuration is now still available if you click this >>>>>> green "play" button in eclipse. >>>>>> >>>>>> Hope that helps >>>>>> >>>>>> Cheers, >>>>>> >>>>>> Thomas >>>>>> >>>>>> On 5/22/2012 10:34 AM, Colm O hEigeartaigh wrote: >>>>>>> Hi Thomas, >>>>>>> >>>>>>> Can you give me more detailed instructions about how to reproduce the >>>>>>> error given the sample? I know little about dosgi. >>>>>>> >>>>>>> Colm. >>>>>>> >>>>>>> On Tue, May 22, 2012 at 7:36 AM, Thomas Pischulski >>>>>>> <[email protected]> wrote: >>>>>>>> Bump. >>>>>>> >>>>>>> >>>>>>> >>>>> >>>>> >>>>> >>> >>> >>> > > >
