There are three places you need to change 443 to 4443 - have you changed all of them?
Colm. On Tue, May 22, 2012 at 3:07 PM, Thomas Pischulski <[email protected]> wrote: > Hey, > > when I change the port from 443 to 4443 I get > 'java.lang.RuntimeException: Protocol mismatch for port 4443: engine's > protocol is http, the url protocol is https' running under windows. > > I'm also using Eclipse 3.7.2. I just upgraded to JDK 1.7.04 and made > sure 1.7.04 is used by both OSGi bundles in their build-path and in > their MANIFEST.FM and I get the same exception I really don't know > what to do right now. > > Here's the complete stacktrace after I invoked the webservice: > http://nopaste.info/c0108621d5.html > > On 5/22/2012 3:40 PM, Colm O hEigeartaigh wrote: >> Ok that works fine for me if I change the 3 instance of "443" to >> "4443". It also works with a clean JDK 1.7.04 install with no >> unlimited security policies installed. What version of eclipse are >> you using? I'm using 3.7.2. >> >> Colm. >> >> On Tue, May 22, 2012 at 12:29 PM, Thomas Pischulski >> <[email protected]> wrote: >>> Heyho, >>> >>> ok I put the current version I have out there: >>> http://www1.inf.tu-dresden.de/~s9494545/ssl_minimal_example.zip >>> >>>> What 1.7 revision are you using? Have you checked to see that >>>> the same JDK instance is being used by eclipse? >>> >>> Not sure, where can I see my current revision? In Eclipse the JRE >>> 1.7 (C:\Program Files\Java\jre7) was running, that came by >>> installing the JDK 1.7 (C:\Program Files\Java\jdk1.7.0) I >>> configured both in Eclipse and ran the project within both >>> environments, both failed. >>> >>>> >>>> Colm. >>>> >>>> On Tue, May 22, 2012 at 11:54 AM, Thomas Pischulski >>>> <[email protected]> wrote: >>>>> I didn't change much, I just added this filter that you've >>>>> posted and I'm pretty sure it will still run properly on your >>>>> workstation. I think my java environment is wrongly >>>>> configured. >>>>> >>>>> I just cleaned up all JREs/JDKs and reinstalled JDK 1.7 with >>>>> JRE 1.7 >>>>> >>>>> I copied >>>>> >>>>> local_policy.jar and US_export_policy.jar >>>>> >>>>> from the UnlimitedJCEPolicyJDK7 >>>>> >>>>> to C:\Program Files\Java\jdk1.7.0\jre\lib\security and >>>>> C:\Program Files\Java\jre7\lib\security >>>>> >>>>> then restarted Eclipse and ran my bundles again to get the >>>>> same SSLException and all those 'Ignoring unsupported cipher >>>>> suite' messages. >>>>> >>>>> Cheers, >>>>> >>>>> Thomas >>>>> >>>>> On 5/22/2012 12:40 PM, Colm O hEigeartaigh wrote: >>>>>> What JDK are you using? As a sanity check, could you create >>>>>> a new zip that includes the AES cipher filter and changes >>>>>> the port from 443 -> 4443 (I'm using linux)? I'll try again >>>>>> to see if it works without any changes. >>>>>> >>>>>> Colm. >>>>>> >>>>>> On Tue, May 22, 2012 at 11:33 AM, Thomas Pischulski >>>>>> <[email protected]> wrote: >>>>>>> Heyho, >>>>>>> >>>>>>> >>>>>>>>> by copying all jar's into <jdk-home>/lib/security >>>>>>>> You need to copy them into <jdk.home>/jre/lib/security >>>>>>> >>>>>>> Hm ok I did that too, still the same error :( I also >>>>>>> tried including both jar-files from JCE into my build >>>>>>> path, same results. >>>>>>> >>>>>>>> >>>>>>>>> Did you mean that? Does my example work on your >>>>>>>>> workstation? >>>>>>>> >>>>>>>> Yes (with the cipher-suite changes). >>>>>>>> >>>>>>>> Colm. >>>>>>>> >>>>>>>> On Tue, May 22, 2012 at 11:19 AM, Thomas Pischulski >>>>>>>> <[email protected]> wrote: >>>>>>>>> I installed that: >>>>>>>>> http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html >>>>>>>>> >>>>>>>>> >>>>>>>>> > by copying all jar's into <jdk-home>/lib/security >>>>>>>>> >>>>>>>>> Did you mean that? Does my example work on your >>>>>>>>> workstation? >>>>>>>>> >>>>>>>>> On 5/22/2012 12:11 PM, Colm O hEigeartaigh wrote: >>>>>>>>>> Have you installed the unrestricted security >>>>>>>>>> policies in your JDK? >>>>>>>>>> >>>>>>>>>> Colm. >>>>>>>>>> >>>>>>>>>> On Tue, May 22, 2012 at 11:02 AM, Thomas >>>>>>>>>> Pischulski <[email protected]> wrote: >>>>>>>>>>> Hey Colm, >>>>>>>>>>> >>>>>>>>>>> thanks for your efforts. That's indeed simple but >>>>>>>>>>> I still get the same SSLException. Does that >>>>>>>>>>> require some third-party jar files in my >>>>>>>>>>> java-environment? I also get a bunch of "ignoring >>>>>>>>>>> unsupported cipher suite" messages like: >>>>>>>>>>> >>>>>>>>>>> Ignoring unsupported cipher suite: >>>>>>>>>>> TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 Ignoring >>>>>>>>>>> unsupported cipher suite: >>>>>>>>>>> TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 Ignoring >>>>>>>>>>> unsupported cipher suite: >>>>>>>>>>> TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 Ignoring >>>>>>>>>>> unsupported cipher suite: >>>>>>>>>>> TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 Ignoring >>>>>>>>>>> unsupported cipher suite: >>>>>>>>>>> TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 Ignoring >>>>>>>>>>> unsupported cipher suite: >>>>>>>>>>> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 Ignoring >>>>>>>>>>> unsupported cipher suite: >>>>>>>>>>> TLS_RSA_WITH_NULL_SHA256 Ignoring unsupported >>>>>>>>>>> cipher suite: >>>>>>>>>>> TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 Ignoring >>>>>>>>>>> unsupported cipher suite: >>>>>>>>>>> TLS_RSA_WITH_AES_256_CBC_SHA256 Ignoring >>>>>>>>>>> unsupported cipher suite: >>>>>>>>>>> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 Ignoring >>>>>>>>>>> unsupported cipher suite: >>>>>>>>>>> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 Ignoring >>>>>>>>>>> unsupported cipher suite: >>>>>>>>>>> TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 Ignoring >>>>>>>>>>> unsupported cipher suite: >>>>>>>>>>> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 Ignoring >>>>>>>>>>> unsupported cipher suite: >>>>>>>>>>> TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 Ignoring >>>>>>>>>>> unsupported cipher suite: >>>>>>>>>>> TLS_RSA_WITH_AES_128_CBC_SHA256 >>>>>>>>>>> >>>>>>>>>>> that all include "AES". Seems like I'm still >>>>>>>>>>> missing something? >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Cheers, >>>>>>>>>>> >>>>>>>>>>> Thomas >>>>>>>>>>> >>>>>>>>>>> On 5/22/2012 11:54 AM, Colm O hEigeartaigh >>>>>>>>>>> wrote: >>>>>>>>>>>> Hi Thomas, >>>>>>>>>>>> >>>>>>>>>>>> Great, I was able to reproduce the problem. The >>>>>>>>>>>> fix is quite simple, you need to add the >>>>>>>>>>>> following ciphersuite filter to both the >>>>>>>>>>>> webservice and webservice-consumer: >>>>>>>>>>>> >>>>>>>>>>>> filter.getInclude().add(".*_WITH_AES_.*"); >>>>>>>>>>>> >>>>>>>>>>>> JDK 1.7 does not include DES cipher suites and >>>>>>>>>>>> so you need to add AES. >>>>>>>>>>>> >>>>>>>>>>>> Colm. >>>>>>>>>>>> >>>>>>>>>>>> On Tue, May 22, 2012 at 9:55 AM, Thomas >>>>>>>>>>>> Pischulski <[email protected]> wrote: >>>>>>>>>>>>> Hey Colm, >>>>>>>>>>>>> >>>>>>>>>>>>> I'll try, it's quite a lot to set up. (This >>>>>>>>>>>>> is made with eclipse btw) >>>>>>>>>>>>> >>>>>>>>>>>>> 1) Download >>>>>>>>>>>>> http://search.maven.org/remotecontent?filepath=org/apache/cxf/dosgi/cxf-dosgi-ri-singlebundle-distribution/1.3/cxf-dosgi-ri-singlebundle-distribution-1.3.jar >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> > 2) Right-click package explorer -> Import -> Plug-ins and Fragments -> >>>>>>>>>>>>> Import From Directory where the jar is >>>>>>>>>>>>> located -> Next -> Select >>>>>>>>>>>>> single-bundle-distribution -> Add -> Finish >>>>>>>>>>>>> >>>>>>>>>>>>> 3) Download & unzip >>>>>>>>>>>>> http://www1.inf.tu-dresden.de/~s9494545/ssl_minimal_example.zip >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> > 4) Right-click package explorer -> Import -> Plug-ins and Fragments -> >>>>>>>>>>>>> Import From Directory where the extracted >>>>>>>>>>>>> directory is located -> Next -> Select >>>>>>>>>>>>> "webservice" & "webservice-consumer" -> Add >>>>>>>>>>>>> -> Finish >>>>>>>>>>>>> >>>>>>>>>>>>> 5) Right-click on webservice bundle -> Run As >>>>>>>>>>>>> -> Run Configurations >>>>>>>>>>>>> >>>>>>>>>>>>> 6) Select OSGi-Framework and click "New >>>>>>>>>>>>> Launch Configuration" on the upper left >>>>>>>>>>>>> >>>>>>>>>>>>> 7) In the bundles-tab click "Deselect All", >>>>>>>>>>>>> select all three bundles "cxf-dosgi-*", >>>>>>>>>>>>> "webservice" and "webservice-consumer" and >>>>>>>>>>>>> make sure that Auto-start is set to "true" in >>>>>>>>>>>>> all three. >>>>>>>>>>>>> >>>>>>>>>>>>> 6) Click "Add required bundles" >>>>>>>>>>>>> >>>>>>>>>>>>> 7) Go to "Arguments"-tab and add >>>>>>>>>>>>> "-Djavax.net.debug=all" to VM arguments (this >>>>>>>>>>>>> will give you a more detailled output about >>>>>>>>>>>>> the SSL stuff happening) >>>>>>>>>>>>> >>>>>>>>>>>>> 8) Click apply and run >>>>>>>>>>>>> >>>>>>>>>>>>> It now takes some time to start everything, >>>>>>>>>>>>> also some small GUI should popup sooner or >>>>>>>>>>>>> later for invoking the webservice. >>>>>>>>>>>>> >>>>>>>>>>>>> You should also get some debug-output like >>>>>>>>>>>>> '[SSLWebService] Service published at >>>>>>>>>>>>> https://localhost:443/hello' If I try to >>>>>>>>>>>>> access this site I get an 'SSL connection >>>>>>>>>>>>> error' >>>>>>>>>>>>> >>>>>>>>>>>>> If I try to invoke the webservice with the >>>>>>>>>>>>> popped up GUI and I get the 'Unrecognized SSL >>>>>>>>>>>>> message, plaintext >>>>>>>>>>>>> connection?'-SSLException. >>>>>>>>>>>>> >>>>>>>>>>>>> Your OSGi-Run Configuration is now still >>>>>>>>>>>>> available if you click this green "play" >>>>>>>>>>>>> button in eclipse. >>>>>>>>>>>>> >>>>>>>>>>>>> Hope that helps >>>>>>>>>>>>> >>>>>>>>>>>>> Cheers, >>>>>>>>>>>>> >>>>>>>>>>>>> Thomas >>>>>>>>>>>>> >>>>>>>>>>>>> On 5/22/2012 10:34 AM, Colm O hEigeartaigh >>>>>>>>>>>>> wrote: >>>>>>>>>>>>>> Hi Thomas, >>>>>>>>>>>>>> >>>>>>>>>>>>>> Can you give me more detailed instructions >>>>>>>>>>>>>> about how to reproduce the error given the >>>>>>>>>>>>>> sample? I know little about dosgi. >>>>>>>>>>>>>> >>>>>>>>>>>>>> Colm. >>>>>>>>>>>>>> >>>>>>>>>>>>>> On Tue, May 22, 2012 at 7:36 AM, Thomas >>>>>>>>>>>>>> Pischulski <[email protected]> >>>>>>>>>>>>>> wrote: >>>>>>>>>>>>>>> Bump. >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>> >>>>>> >>>>>> >>>> >>>> >>>> >> >> >> -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
