activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Timothy Bish <tabish...@gmail.com>
Subject Re: setting up c++ client app using CMS using SSL client certificate auth
Date Mon, 09 Sep 2013 15:22:08 GMT
On 09/09/2013 11:03 AM, yuanbatou wrote:
> Yes, I made that mistake before. I received a message like:
>     "Server Certificate Name doesn't match the URI Host Name value."
> But I corrected this, and still get the error mentioned in the previous
> post:
>
>     client side:
>
> Error: Error occurred while accessing an OpenSSL library method:
> error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal
> error
>
>     and, server side (with "-Djava.net.debug=ssl"):
>
> Allow unsafe renegotiation: false
> Allow legacy hello messages: true
> Is initial handshake: true
> Is secure renegotiation: false
> ActiveMQ BrokerService[localhost] Task-1, setSoTimeout(0) called
> ActiveMQ Transport: ssl:///192.168.209.1:8111, READ: TLSv1 Handshake, length
> = 313
> *** ClientHello, Unknown-3.3
> RandomCookie:  GMT: 1378660337 bytes = { 163, 110, 155, 37, 22, 114, 230,
> 253, 182, 199, 3, 53, 54, 148, 241, 94, 233, 246, 128, 212, 169, 90, 240,
> 106, 115, 37, 246, 86 }
> Session ID:  {}
> Cipher Suites: [Unknown 0xc0:0x30, Unknown 0xc0:0x2c, Unknown 0xc0:0x28,
> Unknown 0xc0:0x24, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, Unknown 0xc0:0x22, Unknown 0xc0:0x21,
> Unknown 0x0:0xa3, Unknown 0x0:0x9f, Unknown 0x0:0x6b, Unknown 0x0:0x6a,
> TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, Unknown
> 0x0:0x88, Unknown 0x0:0x87, TLS_ECDH_anon_WITH_AES_256_CBC_SHA, Unknown
> 0xc0:0x20, Unknown 0xc0:0x32, Unknown 0xc0:0x2e, Unknown 0xc0:0x2a, Unknown
> 0xc0:0x26, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
> TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, Unknown 0x0:0x9d, Unknown 0x0:0x3d,
> TLS_RSA_WITH_AES_256_CBC_SHA, Unknown 0x0:0x84,
> TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
> Unknown 0xc0:0x1c, Unknown 0xc0:0x1b, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
> SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA,
> Unknown 0xc0:0x1a, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
> TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, Unknown
> 0xc0:0x2f, Unknown 0xc0:0x2b, Unknown 0xc0:0x27, Unknown 0xc0:0x23,
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
> Unknown 0xc0:0x1f, Unknown 0xc0:0x1e, Unknown 0x0:0xa2, Unknown 0x0:0x9e,
> Unknown 0x0:0x67, Unknown 0x0:0x40, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
> TLS_DHE_DSS_WITH_AES_128_CBC_SHA, Unknown 0x0:0x9a, Unknown 0x0:0x99,
> Unknown 0x0:0x45, Unknown 0x0:0x44, TLS_ECDH_anon_WITH_AES_128_CBC_SHA,
> Unknown 0xc0:0x1d, Unknown 0xc0:0x31, Unknown 0xc0:0x2d, Unknown 0xc0:0x29,
> Unknown 0xc0:0x25, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
> TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, Unknown 0x0:0x9c, Unknown 0x0:0x3c,
> TLS_RSA_WITH_AES_128_CBC_SHA, Unknown 0x0:0x96, Unknown 0x0:0x41,
> SSL_RSA_WITH_IDEA_CBC_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA,
> TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_anon_WITH_RC4_128_SHA,
> TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
> SSL_RSA_WITH_RC4_128_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
> Compression Methods:  { 1, 0 }
> Extension ec_point_formats, formats: [uncompressed,
> ansiX962_compressed_prime, ansiX962_compressed_char2]
> Extension elliptic_curves, curve names: {sect571r1, sect571k1, secp521r1,
> sect409k1, sect409r1, secp384r1, sect283k1, sect283r1, secp256k1, secp256r1,
> sect239k1, sect233k1, sect233r1, secp224k1, secp224r1, sect193r1, sect193r2,
> secp192k1, secp192r1, sect163k1, sect163r1, sect163r2, secp160k1, secp160r1,
> secp160r2}
> Unsupported extension type_35, data:
> Unsupported extension signature_algorithms, data:
> 00:20:06:01:06:02:06:03:05:01:05:02:05:03:04:01:04:02:04:03:03:01:03:02:03:03:02:01:02:02:02:03:01:01
> Unsupported extension type_15, data: 01
> ***
> ActiveMQ Transport: ssl:///192.168.209.1:8111, handling exception:
> java.security.ProviderException:
> sun.security.pkcs11.wrapper.PKCS11Exception: CKR_DOMAIN_PARAMS_INVALID
> ActiveMQ Transport: ssl:///192.168.209.1:8111, SEND TLSv1 ALERT:  fatal,
> description = internal_error
> ActiveMQ Transport: ssl:///192.168.209.1:8111, WRITE: TLSv1 Alert, length =
> 2
> ActiveMQ Transport: ssl:///192.168.209.1:8111, called closeSocket()
>   WARN | Transport Connection to: tcp://192.168.209.1:8111 failed:
> javax.net.ssl.SSLException: java.security.ProviderException:
> sun.security.pkcs11.wrapper.PKCS11Exception: CKR_DOMAIN_PARAMS_INVALID
> ActiveMQ Task-1, called close()
> ActiveMQ Task-1, called closeInternal(true)
> ERROR | Could not accept connection from tcp://192.168.209.1:8111:
> javax.net.ssl.SSLException: Connection has been shutdown:
> javax.net.ssl.SSLException: java.security.ProviderException:
> sun.security.pkcs11.wrapper.PKCS11Exception: CKR_DOMAIN_PARAMS_INVALID
>
> Is it because of that ssl protoype or implementation in activeMQ are
> different for Windows and Ubuntu? As can be seen from the error log, it
> seems that server cannot recognise the hand shake message send from client.
>
>
>
>
>
> --
> View this message in context: http://activemq.2283324.n4.nabble.com/setting-up-c-client-app-using-CMS-using-SSL-client-certificate-auth-tp4664686p4671303.html
> Sent from the ActiveMQ - User mailing list archive at Nabble.com.
>
Probably need to ensure that the cipher suites enabled on the VM match 
those on your Ubuntu machine, could be one is using a different JVM.  
There are some changes in 1.7 that cause some troubles.

-- 
Tim Bish
Sr Software Engineer | RedHat Inc.
tim.bish@redhat.com | www.fusesource.com | www.redhat.com
skype: tabish121 | twitter: @tabish121
blog: http://timbish.blogspot.com/


Mime
View raw message