> I didn't change much, I just added this filter that you've posted and > I'm pretty sure it will still run properly on your workstation. I think > my java environment is wrongly configured.
Probably, but it would be helpful to confirm that we're running the exact same code. What 1.7 revision are you using? Have you checked to see that the same JDK instance is being used by eclipse? Colm. On Tue, May 22, 2012 at 11:54 AM, Thomas Pischulski <[email protected]> wrote: > I didn't change much, I just added this filter that you've posted and > I'm pretty sure it will still run properly on your workstation. I think > my java environment is wrongly configured. > > I just cleaned up all JREs/JDKs and reinstalled JDK 1.7 with JRE 1.7 > > I copied > > local_policy.jar and > US_export_policy.jar > > from the UnlimitedJCEPolicyJDK7 > > to > C:\Program Files\Java\jdk1.7.0\jre\lib\security and > C:\Program Files\Java\jre7\lib\security > > then restarted Eclipse and ran my bundles again to get the same > SSLException and all those 'Ignoring unsupported cipher suite' messages. > > Cheers, > > Thomas > > On 5/22/2012 12:40 PM, Colm O hEigeartaigh wrote: >> What JDK are you using? As a sanity check, could you create a new zip >> that includes the AES cipher filter and changes the port from 443 -> >> 4443 (I'm using linux)? I'll try again to see if it works without any >> changes. >> >> Colm. >> >> On Tue, May 22, 2012 at 11:33 AM, Thomas Pischulski >> <[email protected]> wrote: >>> Heyho, >>> >>> >>>>> by copying all jar's into <jdk-home>/lib/security >>>> You need to copy them into <jdk.home>/jre/lib/security >>> >>> Hm ok I did that too, still the same error :( >>> I also tried including both jar-files from JCE into my build path, same >>> results. >>> >>>> >>>>> Did you mean that? Does my example work on your workstation? >>>> >>>> Yes (with the cipher-suite changes). >>>> >>>> Colm. >>>> >>>> On Tue, May 22, 2012 at 11:19 AM, Thomas Pischulski >>>> <[email protected]> wrote: >>>>> I installed that: >>>>> http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html >>>>> >>>>> by copying all jar's into <jdk-home>/lib/security >>>>> >>>>> Did you mean that? Does my example work on your workstation? >>>>> >>>>> On 5/22/2012 12:11 PM, Colm O hEigeartaigh wrote: >>>>>> Have you installed the unrestricted security policies in your JDK? >>>>>> >>>>>> Colm. >>>>>> >>>>>> On Tue, May 22, 2012 at 11:02 AM, Thomas Pischulski >>>>>> <[email protected]> wrote: >>>>>>> Hey Colm, >>>>>>> >>>>>>> thanks for your efforts. That's indeed simple but I still get the same >>>>>>> SSLException. Does that require some third-party jar files in my >>>>>>> java-environment? I also get a bunch of "ignoring unsupported cipher >>>>>>> suite" messages like: >>>>>>> >>>>>>> Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 >>>>>>> Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 >>>>>>> Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 >>>>>>> Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 >>>>>>> Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 >>>>>>> Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 >>>>>>> Ignoring unsupported cipher suite: TLS_RSA_WITH_NULL_SHA256 >>>>>>> Ignoring unsupported cipher suite: >>>>>>> TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 >>>>>>> Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 >>>>>>> Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 >>>>>>> Ignoring unsupported cipher suite: >>>>>>> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 >>>>>>> Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 >>>>>>> Ignoring unsupported cipher suite: >>>>>>> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 >>>>>>> Ignoring unsupported cipher suite: >>>>>>> TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 >>>>>>> Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 >>>>>>> >>>>>>> that all include "AES". Seems like I'm still missing something? >>>>>>> >>>>>>> >>>>>>> Cheers, >>>>>>> >>>>>>> Thomas >>>>>>> >>>>>>> On 5/22/2012 11:54 AM, Colm O hEigeartaigh wrote: >>>>>>>> Hi Thomas, >>>>>>>> >>>>>>>> Great, I was able to reproduce the problem. The fix is quite simple, >>>>>>>> you need to add the following ciphersuite filter to both the >>>>>>>> webservice and webservice-consumer: >>>>>>>> >>>>>>>> filter.getInclude().add(".*_WITH_AES_.*"); >>>>>>>> >>>>>>>> JDK 1.7 does not include DES cipher suites and so you need to add AES. >>>>>>>> >>>>>>>> Colm. >>>>>>>> >>>>>>>> On Tue, May 22, 2012 at 9:55 AM, Thomas Pischulski >>>>>>>> <[email protected]> wrote: >>>>>>>>> Hey Colm, >>>>>>>>> >>>>>>>>> I'll try, it's quite a lot to set up. (This is made with eclipse btw) >>>>>>>>> >>>>>>>>> 1) Download >>>>>>>>> http://search.maven.org/remotecontent?filepath=org/apache/cxf/dosgi/cxf-dosgi-ri-singlebundle-distribution/1.3/cxf-dosgi-ri-singlebundle-distribution-1.3.jar >>>>>>>>> >>>>>>>>> 2) Right-click package explorer -> Import -> Plug-ins and Fragments -> >>>>>>>>> Import From Directory where the jar is located -> Next -> Select >>>>>>>>> single-bundle-distribution -> Add -> Finish >>>>>>>>> >>>>>>>>> 3) Download & unzip >>>>>>>>> http://www1.inf.tu-dresden.de/~s9494545/ssl_minimal_example.zip >>>>>>>>> >>>>>>>>> 4) Right-click package explorer -> Import -> Plug-ins and Fragments -> >>>>>>>>> Import From Directory where the extracted directory is located -> Next >>>>>>>>> -> Select "webservice" & "webservice-consumer" -> Add -> Finish >>>>>>>>> >>>>>>>>> 5) Right-click on webservice bundle -> Run As -> Run Configurations >>>>>>>>> >>>>>>>>> 6) Select OSGi-Framework and click "New Launch Configuration" on the >>>>>>>>> upper left >>>>>>>>> >>>>>>>>> 7) In the bundles-tab click "Deselect All", select all three bundles >>>>>>>>> "cxf-dosgi-*", "webservice" and "webservice-consumer" and make sure >>>>>>>>> that >>>>>>>>> Auto-start is set to "true" in all three. >>>>>>>>> >>>>>>>>> 6) Click "Add required bundles" >>>>>>>>> >>>>>>>>> 7) Go to "Arguments"-tab and add "-Djavax.net.debug=all" to VM >>>>>>>>> arguments >>>>>>>>> (this will give you a more detailled output about the SSL stuff >>>>>>>>> happening) >>>>>>>>> >>>>>>>>> 8) Click apply and run >>>>>>>>> >>>>>>>>> It now takes some time to start everything, also some small GUI should >>>>>>>>> popup sooner or later for invoking the webservice. >>>>>>>>> >>>>>>>>> You should also get some debug-output like >>>>>>>>> '[SSLWebService] Service published at https://localhost:443/hello' >>>>>>>>> If I try to access this site I get an 'SSL connection error' >>>>>>>>> >>>>>>>>> If I try to invoke the webservice with the popped up GUI and I get the >>>>>>>>> 'Unrecognized SSL message, plaintext connection?'-SSLException. >>>>>>>>> >>>>>>>>> Your OSGi-Run Configuration is now still available if you click this >>>>>>>>> green "play" button in eclipse. >>>>>>>>> >>>>>>>>> Hope that helps >>>>>>>>> >>>>>>>>> Cheers, >>>>>>>>> >>>>>>>>> Thomas >>>>>>>>> >>>>>>>>> On 5/22/2012 10:34 AM, Colm O hEigeartaigh wrote: >>>>>>>>>> Hi Thomas, >>>>>>>>>> >>>>>>>>>> Can you give me more detailed instructions about how to reproduce the >>>>>>>>>> error given the sample? I know little about dosgi. >>>>>>>>>> >>>>>>>>>> Colm. >>>>>>>>>> >>>>>>>>>> On Tue, May 22, 2012 at 7:36 AM, Thomas Pischulski >>>>>>>>>> <[email protected]> wrote: >>>>>>>>>>> Bump. >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>> >>>>>> >>>>>> >>>> >>>> >>>> >> >> >> -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
