Hey, when I change the port from 443 to 4443 I get 'java.lang.RuntimeException: Protocol mismatch for port 4443: engine's protocol is http, the url protocol is https' running under windows.
I'm also using Eclipse 3.7.2. I just upgraded to JDK 1.7.04 and made sure 1.7.04 is used by both OSGi bundles in their build-path and in their MANIFEST.FM and I get the same exception I really don't know what to do right now. Here's the complete stacktrace after I invoked the webservice: http://nopaste.info/c0108621d5.html On 5/22/2012 3:40 PM, Colm O hEigeartaigh wrote: > Ok that works fine for me if I change the 3 instance of "443" to > "4443". It also works with a clean JDK 1.7.04 install with no > unlimited security policies installed. What version of eclipse are > you using? I'm using 3.7.2. > > Colm. > > On Tue, May 22, 2012 at 12:29 PM, Thomas Pischulski > <[email protected]> wrote: >> Heyho, >> >> ok I put the current version I have out there: >> http://www1.inf.tu-dresden.de/~s9494545/ssl_minimal_example.zip >> >>> What 1.7 revision are you using? Have you checked to see that >>> the same JDK instance is being used by eclipse? >> >> Not sure, where can I see my current revision? In Eclipse the JRE >> 1.7 (C:\Program Files\Java\jre7) was running, that came by >> installing the JDK 1.7 (C:\Program Files\Java\jdk1.7.0) I >> configured both in Eclipse and ran the project within both >> environments, both failed. >> >>> >>> Colm. >>> >>> On Tue, May 22, 2012 at 11:54 AM, Thomas Pischulski >>> <[email protected]> wrote: >>>> I didn't change much, I just added this filter that you've >>>> posted and I'm pretty sure it will still run properly on your >>>> workstation. I think my java environment is wrongly >>>> configured. >>>> >>>> I just cleaned up all JREs/JDKs and reinstalled JDK 1.7 with >>>> JRE 1.7 >>>> >>>> I copied >>>> >>>> local_policy.jar and US_export_policy.jar >>>> >>>> from the UnlimitedJCEPolicyJDK7 >>>> >>>> to C:\Program Files\Java\jdk1.7.0\jre\lib\security and >>>> C:\Program Files\Java\jre7\lib\security >>>> >>>> then restarted Eclipse and ran my bundles again to get the >>>> same SSLException and all those 'Ignoring unsupported cipher >>>> suite' messages. >>>> >>>> Cheers, >>>> >>>> Thomas >>>> >>>> On 5/22/2012 12:40 PM, Colm O hEigeartaigh wrote: >>>>> What JDK are you using? As a sanity check, could you create >>>>> a new zip that includes the AES cipher filter and changes >>>>> the port from 443 -> 4443 (I'm using linux)? I'll try again >>>>> to see if it works without any changes. >>>>> >>>>> Colm. >>>>> >>>>> On Tue, May 22, 2012 at 11:33 AM, Thomas Pischulski >>>>> <[email protected]> wrote: >>>>>> Heyho, >>>>>> >>>>>> >>>>>>>> by copying all jar's into <jdk-home>/lib/security >>>>>>> You need to copy them into <jdk.home>/jre/lib/security >>>>>> >>>>>> Hm ok I did that too, still the same error :( I also >>>>>> tried including both jar-files from JCE into my build >>>>>> path, same results. >>>>>> >>>>>>> >>>>>>>> Did you mean that? Does my example work on your >>>>>>>> workstation? >>>>>>> >>>>>>> Yes (with the cipher-suite changes). >>>>>>> >>>>>>> Colm. >>>>>>> >>>>>>> On Tue, May 22, 2012 at 11:19 AM, Thomas Pischulski >>>>>>> <[email protected]> wrote: >>>>>>>> I installed that: >>>>>>>> http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html >>>>>>>> >>>>>>>> >>>>>>>> by copying all jar's into <jdk-home>/lib/security >>>>>>>> >>>>>>>> Did you mean that? Does my example work on your >>>>>>>> workstation? >>>>>>>> >>>>>>>> On 5/22/2012 12:11 PM, Colm O hEigeartaigh wrote: >>>>>>>>> Have you installed the unrestricted security >>>>>>>>> policies in your JDK? >>>>>>>>> >>>>>>>>> Colm. >>>>>>>>> >>>>>>>>> On Tue, May 22, 2012 at 11:02 AM, Thomas >>>>>>>>> Pischulski <[email protected]> wrote: >>>>>>>>>> Hey Colm, >>>>>>>>>> >>>>>>>>>> thanks for your efforts. That's indeed simple but >>>>>>>>>> I still get the same SSLException. Does that >>>>>>>>>> require some third-party jar files in my >>>>>>>>>> java-environment? I also get a bunch of "ignoring >>>>>>>>>> unsupported cipher suite" messages like: >>>>>>>>>> >>>>>>>>>> Ignoring unsupported cipher suite: >>>>>>>>>> TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 Ignoring >>>>>>>>>> unsupported cipher suite: >>>>>>>>>> TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 Ignoring >>>>>>>>>> unsupported cipher suite: >>>>>>>>>> TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 Ignoring >>>>>>>>>> unsupported cipher suite: >>>>>>>>>> TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 Ignoring >>>>>>>>>> unsupported cipher suite: >>>>>>>>>> TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 Ignoring >>>>>>>>>> unsupported cipher suite: >>>>>>>>>> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 Ignoring >>>>>>>>>> unsupported cipher suite: >>>>>>>>>> TLS_RSA_WITH_NULL_SHA256 Ignoring unsupported >>>>>>>>>> cipher suite: >>>>>>>>>> TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 Ignoring >>>>>>>>>> unsupported cipher suite: >>>>>>>>>> TLS_RSA_WITH_AES_256_CBC_SHA256 Ignoring >>>>>>>>>> unsupported cipher suite: >>>>>>>>>> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 Ignoring >>>>>>>>>> unsupported cipher suite: >>>>>>>>>> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 Ignoring >>>>>>>>>> unsupported cipher suite: >>>>>>>>>> TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 Ignoring >>>>>>>>>> unsupported cipher suite: >>>>>>>>>> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 Ignoring >>>>>>>>>> unsupported cipher suite: >>>>>>>>>> TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 Ignoring >>>>>>>>>> unsupported cipher suite: >>>>>>>>>> TLS_RSA_WITH_AES_128_CBC_SHA256 >>>>>>>>>> >>>>>>>>>> that all include "AES". Seems like I'm still >>>>>>>>>> missing something? >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Cheers, >>>>>>>>>> >>>>>>>>>> Thomas >>>>>>>>>> >>>>>>>>>> On 5/22/2012 11:54 AM, Colm O hEigeartaigh >>>>>>>>>> wrote: >>>>>>>>>>> Hi Thomas, >>>>>>>>>>> >>>>>>>>>>> Great, I was able to reproduce the problem. The >>>>>>>>>>> fix is quite simple, you need to add the >>>>>>>>>>> following ciphersuite filter to both the >>>>>>>>>>> webservice and webservice-consumer: >>>>>>>>>>> >>>>>>>>>>> filter.getInclude().add(".*_WITH_AES_.*"); >>>>>>>>>>> >>>>>>>>>>> JDK 1.7 does not include DES cipher suites and >>>>>>>>>>> so you need to add AES. >>>>>>>>>>> >>>>>>>>>>> Colm. >>>>>>>>>>> >>>>>>>>>>> On Tue, May 22, 2012 at 9:55 AM, Thomas >>>>>>>>>>> Pischulski <[email protected]> wrote: >>>>>>>>>>>> Hey Colm, >>>>>>>>>>>> >>>>>>>>>>>> I'll try, it's quite a lot to set up. (This >>>>>>>>>>>> is made with eclipse btw) >>>>>>>>>>>> >>>>>>>>>>>> 1) Download >>>>>>>>>>>> http://search.maven.org/remotecontent?filepath=org/apache/cxf/dosgi/cxf-dosgi-ri-singlebundle-distribution/1.3/cxf-dosgi-ri-singlebundle-distribution-1.3.jar >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> 2) Right-click package explorer -> Import -> Plug-ins and Fragments -> >>>>>>>>>>>> Import From Directory where the jar is >>>>>>>>>>>> located -> Next -> Select >>>>>>>>>>>> single-bundle-distribution -> Add -> Finish >>>>>>>>>>>> >>>>>>>>>>>> 3) Download & unzip >>>>>>>>>>>> http://www1.inf.tu-dresden.de/~s9494545/ssl_minimal_example.zip >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> 4) Right-click package explorer -> Import -> Plug-ins and Fragments -> >>>>>>>>>>>> Import From Directory where the extracted >>>>>>>>>>>> directory is located -> Next -> Select >>>>>>>>>>>> "webservice" & "webservice-consumer" -> Add >>>>>>>>>>>> -> Finish >>>>>>>>>>>> >>>>>>>>>>>> 5) Right-click on webservice bundle -> Run As >>>>>>>>>>>> -> Run Configurations >>>>>>>>>>>> >>>>>>>>>>>> 6) Select OSGi-Framework and click "New >>>>>>>>>>>> Launch Configuration" on the upper left >>>>>>>>>>>> >>>>>>>>>>>> 7) In the bundles-tab click "Deselect All", >>>>>>>>>>>> select all three bundles "cxf-dosgi-*", >>>>>>>>>>>> "webservice" and "webservice-consumer" and >>>>>>>>>>>> make sure that Auto-start is set to "true" in >>>>>>>>>>>> all three. >>>>>>>>>>>> >>>>>>>>>>>> 6) Click "Add required bundles" >>>>>>>>>>>> >>>>>>>>>>>> 7) Go to "Arguments"-tab and add >>>>>>>>>>>> "-Djavax.net.debug=all" to VM arguments (this >>>>>>>>>>>> will give you a more detailled output about >>>>>>>>>>>> the SSL stuff happening) >>>>>>>>>>>> >>>>>>>>>>>> 8) Click apply and run >>>>>>>>>>>> >>>>>>>>>>>> It now takes some time to start everything, >>>>>>>>>>>> also some small GUI should popup sooner or >>>>>>>>>>>> later for invoking the webservice. >>>>>>>>>>>> >>>>>>>>>>>> You should also get some debug-output like >>>>>>>>>>>> '[SSLWebService] Service published at >>>>>>>>>>>> https://localhost:443/hello' If I try to >>>>>>>>>>>> access this site I get an 'SSL connection >>>>>>>>>>>> error' >>>>>>>>>>>> >>>>>>>>>>>> If I try to invoke the webservice with the >>>>>>>>>>>> popped up GUI and I get the 'Unrecognized SSL >>>>>>>>>>>> message, plaintext >>>>>>>>>>>> connection?'-SSLException. >>>>>>>>>>>> >>>>>>>>>>>> Your OSGi-Run Configuration is now still >>>>>>>>>>>> available if you click this green "play" >>>>>>>>>>>> button in eclipse. >>>>>>>>>>>> >>>>>>>>>>>> Hope that helps >>>>>>>>>>>> >>>>>>>>>>>> Cheers, >>>>>>>>>>>> >>>>>>>>>>>> Thomas >>>>>>>>>>>> >>>>>>>>>>>> On 5/22/2012 10:34 AM, Colm O hEigeartaigh >>>>>>>>>>>> wrote: >>>>>>>>>>>>> Hi Thomas, >>>>>>>>>>>>> >>>>>>>>>>>>> Can you give me more detailed instructions >>>>>>>>>>>>> about how to reproduce the error given the >>>>>>>>>>>>> sample? I know little about dosgi. >>>>>>>>>>>>> >>>>>>>>>>>>> Colm. >>>>>>>>>>>>> >>>>>>>>>>>>> On Tue, May 22, 2012 at 7:36 AM, Thomas >>>>>>>>>>>>> Pischulski <[email protected]> >>>>>>>>>>>>> wrote: >>>>>>>>>>>>>> Bump. >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>> >>>>> >>>>> >>> >>> >>> > > >
