Ok that works fine for me if I change the 3 instance of "443" to "4443". It also works with a clean JDK 1.7.04 install with no unlimited security policies installed. What version of eclipse are you using? I'm using 3.7.2.
Colm. On Tue, May 22, 2012 at 12:29 PM, Thomas Pischulski <[email protected]> wrote: > Heyho, > > ok I put the current version I have out there: > http://www1.inf.tu-dresden.de/~s9494545/ssl_minimal_example.zip > >> What 1.7 revision are you using? Have you checked to see that the same >> JDK instance is being used by eclipse? > > Not sure, where can I see my current revision? > In Eclipse the JRE 1.7 (C:\Program Files\Java\jre7) was running, that > came by installing the JDK 1.7 (C:\Program Files\Java\jdk1.7.0) > I configured both in Eclipse and ran the project within both > environments, both failed. > >> >> Colm. >> >> On Tue, May 22, 2012 at 11:54 AM, Thomas Pischulski >> <[email protected]> wrote: >>> I didn't change much, I just added this filter that you've posted and >>> I'm pretty sure it will still run properly on your workstation. I think >>> my java environment is wrongly configured. >>> >>> I just cleaned up all JREs/JDKs and reinstalled JDK 1.7 with JRE 1.7 >>> >>> I copied >>> >>> local_policy.jar and >>> US_export_policy.jar >>> >>> from the UnlimitedJCEPolicyJDK7 >>> >>> to >>> C:\Program Files\Java\jdk1.7.0\jre\lib\security and >>> C:\Program Files\Java\jre7\lib\security >>> >>> then restarted Eclipse and ran my bundles again to get the same >>> SSLException and all those 'Ignoring unsupported cipher suite' messages. >>> >>> Cheers, >>> >>> Thomas >>> >>> On 5/22/2012 12:40 PM, Colm O hEigeartaigh wrote: >>>> What JDK are you using? As a sanity check, could you create a new zip >>>> that includes the AES cipher filter and changes the port from 443 -> >>>> 4443 (I'm using linux)? I'll try again to see if it works without any >>>> changes. >>>> >>>> Colm. >>>> >>>> On Tue, May 22, 2012 at 11:33 AM, Thomas Pischulski >>>> <[email protected]> wrote: >>>>> Heyho, >>>>> >>>>> >>>>>>> by copying all jar's into <jdk-home>/lib/security >>>>>> You need to copy them into <jdk.home>/jre/lib/security >>>>> >>>>> Hm ok I did that too, still the same error :( >>>>> I also tried including both jar-files from JCE into my build path, same >>>>> results. >>>>> >>>>>> >>>>>>> Did you mean that? Does my example work on your workstation? >>>>>> >>>>>> Yes (with the cipher-suite changes). >>>>>> >>>>>> Colm. >>>>>> >>>>>> On Tue, May 22, 2012 at 11:19 AM, Thomas Pischulski >>>>>> <[email protected]> wrote: >>>>>>> I installed that: >>>>>>> http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html >>>>>>> >>>>>>> by copying all jar's into <jdk-home>/lib/security >>>>>>> >>>>>>> Did you mean that? Does my example work on your workstation? >>>>>>> >>>>>>> On 5/22/2012 12:11 PM, Colm O hEigeartaigh wrote: >>>>>>>> Have you installed the unrestricted security policies in your JDK? >>>>>>>> >>>>>>>> Colm. >>>>>>>> >>>>>>>> On Tue, May 22, 2012 at 11:02 AM, Thomas Pischulski >>>>>>>> <[email protected]> wrote: >>>>>>>>> Hey Colm, >>>>>>>>> >>>>>>>>> thanks for your efforts. That's indeed simple but I still get the same >>>>>>>>> SSLException. Does that require some third-party jar files in my >>>>>>>>> java-environment? I also get a bunch of "ignoring unsupported cipher >>>>>>>>> suite" messages like: >>>>>>>>> >>>>>>>>> Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 >>>>>>>>> Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 >>>>>>>>> Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 >>>>>>>>> Ignoring unsupported cipher suite: >>>>>>>>> TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 >>>>>>>>> Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 >>>>>>>>> Ignoring unsupported cipher suite: >>>>>>>>> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 >>>>>>>>> Ignoring unsupported cipher suite: TLS_RSA_WITH_NULL_SHA256 >>>>>>>>> Ignoring unsupported cipher suite: >>>>>>>>> TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 >>>>>>>>> Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 >>>>>>>>> Ignoring unsupported cipher suite: >>>>>>>>> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 >>>>>>>>> Ignoring unsupported cipher suite: >>>>>>>>> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 >>>>>>>>> Ignoring unsupported cipher suite: >>>>>>>>> TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 >>>>>>>>> Ignoring unsupported cipher suite: >>>>>>>>> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 >>>>>>>>> Ignoring unsupported cipher suite: >>>>>>>>> TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 >>>>>>>>> Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 >>>>>>>>> >>>>>>>>> that all include "AES". Seems like I'm still missing something? >>>>>>>>> >>>>>>>>> >>>>>>>>> Cheers, >>>>>>>>> >>>>>>>>> Thomas >>>>>>>>> >>>>>>>>> On 5/22/2012 11:54 AM, Colm O hEigeartaigh wrote: >>>>>>>>>> Hi Thomas, >>>>>>>>>> >>>>>>>>>> Great, I was able to reproduce the problem. The fix is quite simple, >>>>>>>>>> you need to add the following ciphersuite filter to both the >>>>>>>>>> webservice and webservice-consumer: >>>>>>>>>> >>>>>>>>>> filter.getInclude().add(".*_WITH_AES_.*"); >>>>>>>>>> >>>>>>>>>> JDK 1.7 does not include DES cipher suites and so you need to add >>>>>>>>>> AES. >>>>>>>>>> >>>>>>>>>> Colm. >>>>>>>>>> >>>>>>>>>> On Tue, May 22, 2012 at 9:55 AM, Thomas Pischulski >>>>>>>>>> <[email protected]> wrote: >>>>>>>>>>> Hey Colm, >>>>>>>>>>> >>>>>>>>>>> I'll try, it's quite a lot to set up. (This is made with eclipse >>>>>>>>>>> btw) >>>>>>>>>>> >>>>>>>>>>> 1) Download >>>>>>>>>>> http://search.maven.org/remotecontent?filepath=org/apache/cxf/dosgi/cxf-dosgi-ri-singlebundle-distribution/1.3/cxf-dosgi-ri-singlebundle-distribution-1.3.jar >>>>>>>>>>> >>>>>>>>>>> 2) Right-click package explorer -> Import -> Plug-ins and Fragments >>>>>>>>>>> -> >>>>>>>>>>> Import From Directory where the jar is located -> Next -> Select >>>>>>>>>>> single-bundle-distribution -> Add -> Finish >>>>>>>>>>> >>>>>>>>>>> 3) Download & unzip >>>>>>>>>>> http://www1.inf.tu-dresden.de/~s9494545/ssl_minimal_example.zip >>>>>>>>>>> >>>>>>>>>>> 4) Right-click package explorer -> Import -> Plug-ins and Fragments >>>>>>>>>>> -> >>>>>>>>>>> Import From Directory where the extracted directory is located -> >>>>>>>>>>> Next >>>>>>>>>>> -> Select "webservice" & "webservice-consumer" -> Add -> Finish >>>>>>>>>>> >>>>>>>>>>> 5) Right-click on webservice bundle -> Run As -> Run Configurations >>>>>>>>>>> >>>>>>>>>>> 6) Select OSGi-Framework and click "New Launch Configuration" on the >>>>>>>>>>> upper left >>>>>>>>>>> >>>>>>>>>>> 7) In the bundles-tab click "Deselect All", select all three bundles >>>>>>>>>>> "cxf-dosgi-*", "webservice" and "webservice-consumer" and make sure >>>>>>>>>>> that >>>>>>>>>>> Auto-start is set to "true" in all three. >>>>>>>>>>> >>>>>>>>>>> 6) Click "Add required bundles" >>>>>>>>>>> >>>>>>>>>>> 7) Go to "Arguments"-tab and add "-Djavax.net.debug=all" to VM >>>>>>>>>>> arguments >>>>>>>>>>> (this will give you a more detailled output about the SSL stuff >>>>>>>>>>> happening) >>>>>>>>>>> >>>>>>>>>>> 8) Click apply and run >>>>>>>>>>> >>>>>>>>>>> It now takes some time to start everything, also some small GUI >>>>>>>>>>> should >>>>>>>>>>> popup sooner or later for invoking the webservice. >>>>>>>>>>> >>>>>>>>>>> You should also get some debug-output like >>>>>>>>>>> '[SSLWebService] Service published at https://localhost:443/hello' >>>>>>>>>>> If I try to access this site I get an 'SSL connection error' >>>>>>>>>>> >>>>>>>>>>> If I try to invoke the webservice with the popped up GUI and I get >>>>>>>>>>> the >>>>>>>>>>> 'Unrecognized SSL message, plaintext connection?'-SSLException. >>>>>>>>>>> >>>>>>>>>>> Your OSGi-Run Configuration is now still available if you click this >>>>>>>>>>> green "play" button in eclipse. >>>>>>>>>>> >>>>>>>>>>> Hope that helps >>>>>>>>>>> >>>>>>>>>>> Cheers, >>>>>>>>>>> >>>>>>>>>>> Thomas >>>>>>>>>>> >>>>>>>>>>> On 5/22/2012 10:34 AM, Colm O hEigeartaigh wrote: >>>>>>>>>>>> Hi Thomas, >>>>>>>>>>>> >>>>>>>>>>>> Can you give me more detailed instructions about how to reproduce >>>>>>>>>>>> the >>>>>>>>>>>> error given the sample? I know little about dosgi. >>>>>>>>>>>> >>>>>>>>>>>> Colm. >>>>>>>>>>>> >>>>>>>>>>>> On Tue, May 22, 2012 at 7:36 AM, Thomas Pischulski >>>>>>>>>>>> <[email protected]> wrote: >>>>>>>>>>>>> Bump. >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>> >>>>>> >>>>>> >>>> >>>> >>>> >> >> >> -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
