Ok now I feel like fool. Thanks a lot for all your effort Colm :-) It works now.
On 5/22/2012 4:12 PM, Colm O hEigeartaigh wrote: > There are three places you need to change 443 to 4443 - have you > changed all of them? > > Colm. > > On Tue, May 22, 2012 at 3:07 PM, Thomas Pischulski > <[email protected]> wrote: >> Hey, >> >> when I change the port from 443 to 4443 I get >> 'java.lang.RuntimeException: Protocol mismatch for port 4443: engine's >> protocol is http, the url protocol is https' running under windows. >> >> I'm also using Eclipse 3.7.2. I just upgraded to JDK 1.7.04 and made >> sure 1.7.04 is used by both OSGi bundles in their build-path and in >> their MANIFEST.FM and I get the same exception I really don't know >> what to do right now. >> >> Here's the complete stacktrace after I invoked the webservice: >> http://nopaste.info/c0108621d5.html >> >> On 5/22/2012 3:40 PM, Colm O hEigeartaigh wrote: >>> Ok that works fine for me if I change the 3 instance of "443" to >>> "4443". It also works with a clean JDK 1.7.04 install with no >>> unlimited security policies installed. What version of eclipse are >>> you using? I'm using 3.7.2. >>> >>> Colm. >>> >>> On Tue, May 22, 2012 at 12:29 PM, Thomas Pischulski >>> <[email protected]> wrote: >>>> Heyho, >>>> >>>> ok I put the current version I have out there: >>>> http://www1.inf.tu-dresden.de/~s9494545/ssl_minimal_example.zip >>>> >>>>> What 1.7 revision are you using? Have you checked to see that >>>>> the same JDK instance is being used by eclipse? >>>> >>>> Not sure, where can I see my current revision? In Eclipse the JRE >>>> 1.7 (C:\Program Files\Java\jre7) was running, that came by >>>> installing the JDK 1.7 (C:\Program Files\Java\jdk1.7.0) I >>>> configured both in Eclipse and ran the project within both >>>> environments, both failed. >>>> >>>>> >>>>> Colm. >>>>> >>>>> On Tue, May 22, 2012 at 11:54 AM, Thomas Pischulski >>>>> <[email protected]> wrote: >>>>>> I didn't change much, I just added this filter that you've >>>>>> posted and I'm pretty sure it will still run properly on your >>>>>> workstation. I think my java environment is wrongly >>>>>> configured. >>>>>> >>>>>> I just cleaned up all JREs/JDKs and reinstalled JDK 1.7 with >>>>>> JRE 1.7 >>>>>> >>>>>> I copied >>>>>> >>>>>> local_policy.jar and US_export_policy.jar >>>>>> >>>>>> from the UnlimitedJCEPolicyJDK7 >>>>>> >>>>>> to C:\Program Files\Java\jdk1.7.0\jre\lib\security and >>>>>> C:\Program Files\Java\jre7\lib\security >>>>>> >>>>>> then restarted Eclipse and ran my bundles again to get the >>>>>> same SSLException and all those 'Ignoring unsupported cipher >>>>>> suite' messages. >>>>>> >>>>>> Cheers, >>>>>> >>>>>> Thomas >>>>>> >>>>>> On 5/22/2012 12:40 PM, Colm O hEigeartaigh wrote: >>>>>>> What JDK are you using? As a sanity check, could you create >>>>>>> a new zip that includes the AES cipher filter and changes >>>>>>> the port from 443 -> 4443 (I'm using linux)? I'll try again >>>>>>> to see if it works without any changes. >>>>>>> >>>>>>> Colm. >>>>>>> >>>>>>> On Tue, May 22, 2012 at 11:33 AM, Thomas Pischulski >>>>>>> <[email protected]> wrote: >>>>>>>> Heyho, >>>>>>>> >>>>>>>> >>>>>>>>>> by copying all jar's into <jdk-home>/lib/security >>>>>>>>> You need to copy them into <jdk.home>/jre/lib/security >>>>>>>> >>>>>>>> Hm ok I did that too, still the same error :( I also >>>>>>>> tried including both jar-files from JCE into my build >>>>>>>> path, same results. >>>>>>>> >>>>>>>>> >>>>>>>>>> Did you mean that? Does my example work on your >>>>>>>>>> workstation? >>>>>>>>> >>>>>>>>> Yes (with the cipher-suite changes). >>>>>>>>> >>>>>>>>> Colm. >>>>>>>>> >>>>>>>>> On Tue, May 22, 2012 at 11:19 AM, Thomas Pischulski >>>>>>>>> <[email protected]> wrote: >>>>>>>>>> I installed that: >>>>>>>>>> http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >> by copying all jar's into <jdk-home>/lib/security >>>>>>>>>> >>>>>>>>>> Did you mean that? Does my example work on your >>>>>>>>>> workstation? >>>>>>>>>> >>>>>>>>>> On 5/22/2012 12:11 PM, Colm O hEigeartaigh wrote: >>>>>>>>>>> Have you installed the unrestricted security >>>>>>>>>>> policies in your JDK? >>>>>>>>>>> >>>>>>>>>>> Colm. >>>>>>>>>>> >>>>>>>>>>> On Tue, May 22, 2012 at 11:02 AM, Thomas >>>>>>>>>>> Pischulski <[email protected]> wrote: >>>>>>>>>>>> Hey Colm, >>>>>>>>>>>> >>>>>>>>>>>> thanks for your efforts. That's indeed simple but >>>>>>>>>>>> I still get the same SSLException. Does that >>>>>>>>>>>> require some third-party jar files in my >>>>>>>>>>>> java-environment? I also get a bunch of "ignoring >>>>>>>>>>>> unsupported cipher suite" messages like: >>>>>>>>>>>> >>>>>>>>>>>> Ignoring unsupported cipher suite: >>>>>>>>>>>> TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 Ignoring >>>>>>>>>>>> unsupported cipher suite: >>>>>>>>>>>> TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 Ignoring >>>>>>>>>>>> unsupported cipher suite: >>>>>>>>>>>> TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 Ignoring >>>>>>>>>>>> unsupported cipher suite: >>>>>>>>>>>> TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 Ignoring >>>>>>>>>>>> unsupported cipher suite: >>>>>>>>>>>> TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 Ignoring >>>>>>>>>>>> unsupported cipher suite: >>>>>>>>>>>> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 Ignoring >>>>>>>>>>>> unsupported cipher suite: >>>>>>>>>>>> TLS_RSA_WITH_NULL_SHA256 Ignoring unsupported >>>>>>>>>>>> cipher suite: >>>>>>>>>>>> TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 Ignoring >>>>>>>>>>>> unsupported cipher suite: >>>>>>>>>>>> TLS_RSA_WITH_AES_256_CBC_SHA256 Ignoring >>>>>>>>>>>> unsupported cipher suite: >>>>>>>>>>>> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 Ignoring >>>>>>>>>>>> unsupported cipher suite: >>>>>>>>>>>> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 Ignoring >>>>>>>>>>>> unsupported cipher suite: >>>>>>>>>>>> TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 Ignoring >>>>>>>>>>>> unsupported cipher suite: >>>>>>>>>>>> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 Ignoring >>>>>>>>>>>> unsupported cipher suite: >>>>>>>>>>>> TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 Ignoring >>>>>>>>>>>> unsupported cipher suite: >>>>>>>>>>>> TLS_RSA_WITH_AES_128_CBC_SHA256 >>>>>>>>>>>> >>>>>>>>>>>> that all include "AES". Seems like I'm still >>>>>>>>>>>> missing something? >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> Cheers, >>>>>>>>>>>> >>>>>>>>>>>> Thomas >>>>>>>>>>>> >>>>>>>>>>>> On 5/22/2012 11:54 AM, Colm O hEigeartaigh >>>>>>>>>>>> wrote: >>>>>>>>>>>>> Hi Thomas, >>>>>>>>>>>>> >>>>>>>>>>>>> Great, I was able to reproduce the problem. The >>>>>>>>>>>>> fix is quite simple, you need to add the >>>>>>>>>>>>> following ciphersuite filter to both the >>>>>>>>>>>>> webservice and webservice-consumer: >>>>>>>>>>>>> >>>>>>>>>>>>> filter.getInclude().add(".*_WITH_AES_.*"); >>>>>>>>>>>>> >>>>>>>>>>>>> JDK 1.7 does not include DES cipher suites and >>>>>>>>>>>>> so you need to add AES. >>>>>>>>>>>>> >>>>>>>>>>>>> Colm. >>>>>>>>>>>>> >>>>>>>>>>>>> On Tue, May 22, 2012 at 9:55 AM, Thomas >>>>>>>>>>>>> Pischulski <[email protected]> wrote: >>>>>>>>>>>>>> Hey Colm, >>>>>>>>>>>>>> >>>>>>>>>>>>>> I'll try, it's quite a lot to set up. (This >>>>>>>>>>>>>> is made with eclipse btw) >>>>>>>>>>>>>> >>>>>>>>>>>>>> 1) Download >>>>>>>>>>>>>> http://search.maven.org/remotecontent?filepath=org/apache/cxf/dosgi/cxf-dosgi-ri-singlebundle-distribution/1.3/cxf-dosgi-ri-singlebundle-distribution-1.3.jar >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >> 2) Right-click package explorer -> Import -> Plug-ins and Fragments -> >>>>>>>>>>>>>> Import From Directory where the jar is >>>>>>>>>>>>>> located -> Next -> Select >>>>>>>>>>>>>> single-bundle-distribution -> Add -> Finish >>>>>>>>>>>>>> >>>>>>>>>>>>>> 3) Download & unzip >>>>>>>>>>>>>> http://www1.inf.tu-dresden.de/~s9494545/ssl_minimal_example.zip >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >> 4) Right-click package explorer -> Import -> Plug-ins and Fragments -> >>>>>>>>>>>>>> Import From Directory where the extracted >>>>>>>>>>>>>> directory is located -> Next -> Select >>>>>>>>>>>>>> "webservice" & "webservice-consumer" -> Add >>>>>>>>>>>>>> -> Finish >>>>>>>>>>>>>> >>>>>>>>>>>>>> 5) Right-click on webservice bundle -> Run As >>>>>>>>>>>>>> -> Run Configurations >>>>>>>>>>>>>> >>>>>>>>>>>>>> 6) Select OSGi-Framework and click "New >>>>>>>>>>>>>> Launch Configuration" on the upper left >>>>>>>>>>>>>> >>>>>>>>>>>>>> 7) In the bundles-tab click "Deselect All", >>>>>>>>>>>>>> select all three bundles "cxf-dosgi-*", >>>>>>>>>>>>>> "webservice" and "webservice-consumer" and >>>>>>>>>>>>>> make sure that Auto-start is set to "true" in >>>>>>>>>>>>>> all three. >>>>>>>>>>>>>> >>>>>>>>>>>>>> 6) Click "Add required bundles" >>>>>>>>>>>>>> >>>>>>>>>>>>>> 7) Go to "Arguments"-tab and add >>>>>>>>>>>>>> "-Djavax.net.debug=all" to VM arguments (this >>>>>>>>>>>>>> will give you a more detailled output about >>>>>>>>>>>>>> the SSL stuff happening) >>>>>>>>>>>>>> >>>>>>>>>>>>>> 8) Click apply and run >>>>>>>>>>>>>> >>>>>>>>>>>>>> It now takes some time to start everything, >>>>>>>>>>>>>> also some small GUI should popup sooner or >>>>>>>>>>>>>> later for invoking the webservice. >>>>>>>>>>>>>> >>>>>>>>>>>>>> You should also get some debug-output like >>>>>>>>>>>>>> '[SSLWebService] Service published at >>>>>>>>>>>>>> https://localhost:443/hello' If I try to >>>>>>>>>>>>>> access this site I get an 'SSL connection >>>>>>>>>>>>>> error' >>>>>>>>>>>>>> >>>>>>>>>>>>>> If I try to invoke the webservice with the >>>>>>>>>>>>>> popped up GUI and I get the 'Unrecognized SSL >>>>>>>>>>>>>> message, plaintext >>>>>>>>>>>>>> connection?'-SSLException. >>>>>>>>>>>>>> >>>>>>>>>>>>>> Your OSGi-Run Configuration is now still >>>>>>>>>>>>>> available if you click this green "play" >>>>>>>>>>>>>> button in eclipse. >>>>>>>>>>>>>> >>>>>>>>>>>>>> Hope that helps >>>>>>>>>>>>>> >>>>>>>>>>>>>> Cheers, >>>>>>>>>>>>>> >>>>>>>>>>>>>> Thomas >>>>>>>>>>>>>> >>>>>>>>>>>>>> On 5/22/2012 10:34 AM, Colm O hEigeartaigh >>>>>>>>>>>>>> wrote: >>>>>>>>>>>>>>> Hi Thomas, >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Can you give me more detailed instructions >>>>>>>>>>>>>>> about how to reproduce the error given the >>>>>>>>>>>>>>> sample? I know little about dosgi. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Colm. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> On Tue, May 22, 2012 at 7:36 AM, Thomas >>>>>>>>>>>>>>> Pischulski <[email protected]> >>>>>>>>>>>>>>> wrote: >>>>>>>>>>>>>>>> Bump. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>> >>>>> >>>>> >>> >>> >>> > > >
