cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alpin, Luba" <Luba.Al...@lsi.com>
Subject RE: Client can't communicate with CXE Server when using SSl (used ServerFactoryBean/ClientProxyFactoryBean) jetty container, java configuration
Date Sun, 30 Mar 2008 13:51:21 GMT
I added following code to set Cipher Suites Filter, but nothing
changing. 

        TLSClientParameters tlsParams = new TLSClientParameters(); //8
        tlsParams.setTrustManagers(tlsParams.getTrustManagers());
        FiltersType filters = new FiltersType();
        filters.getInclude().add(".*_EXPORT_.*");
        filters.getInclude().add(".*_EXPORT1024_.*");
        filters.getInclude().add(".*_WITH_DES_.*");
        filters.getInclude().add(".*_WITH_NULL_.*");
        filters.getInclude().add(".*_DH_anon_.*");
        filters.getInclude().add("SSL_RSA_WITH_RC4_128_MD5");
        filters.getInclude().add("SSL_RSA_WITH_RC4_128_SHA");

        tlsParams.setCipherSuitesFilter(filters);


Mar 30, 2008 3:49:43 PM org.apache.cxf.transport.https.SSLUtils
getCiphersuites
INFO: The cipher suites have not been configured, falling back to cipher
suite filters.
Mar 30, 2008 3:49:43 PM org.apache.cxf.transport.https.SSLUtils
getCiphersFromList
INFO: The cipher suites have been set to SSL_RSA_WITH_RC4_128_MD5,
SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_DES_CBC_SHA,
SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA,
SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA,
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, SSL_RSA_WITH_NULL_MD5,
SSL_RSA_WITH_NULL_SHA, SSL_DH_anon_WITH_RC4_128_MD5,
TLS_DH_anon_WITH_AES_128_CBC_SHA, SSL_DH_anon_WITH_3DES_EDE_CBC_SHA,
SSL_DH_anon_WITH_DES_CBC_SHA, SSL_DH_anon_EXPORT_WITH_RC4_40_MD5,
SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA, TLS_KRB5_WITH_DES_CBC_SHA,
TLS_KRB5_WITH_DES_CBC_MD5, TLS_KRB5_EXPORT_WITH_RC4_40_SHA,
TLS_KRB5_EXPORT_WITH_RC4_40_MD5, TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA,
TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5.  
Mar 30, 2008 3:49:45 PM org.apache.cxf.phase.PhaseInterceptorChain
doIntercept
INFO: Interceptor has thrown exception, unwinding now
org.apache.cxf.interceptor.Fault: Connection refused: connect
	at
org.apache.cxf.interceptor.AbstractOutDatabindingInterceptor.writeParts(
AbstractOutDatabindingInterceptor.java:75)
	at
org.apache.cxf.interceptor.BareOutInterceptor.handleMessage(BareOutInter
ceptor.java:68)
	at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorC
hain.java:220)
	at
org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:276)
	at
org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:222)
	at
org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
	at
org.apache.cxf.frontend.ClientProxy.invoke(ClientProxy.java:68)
	at $Proxy15.sayHi(Unknown Source)
	at
cxf_client.TestFromSSLClientExample.TestClient(TestFromSSLClientExample.
java:107)
	at
cxf_client.TestFromSSLClientExample.main(TestFromSSLClientExample.java:3
2)
Caused by: com.ctc.wstx.exc.WstxIOException: Connection refused: connect
	at
com.ctc.wstx.sw.BaseStreamWriter.flush(BaseStreamWriter.java:313)
	at
org.apache.cxf.interceptor.AbstractOutDatabindingInterceptor.writeParts(
AbstractOutDatabindingInterceptor.java:73)
	... 9 more
Caused by: java.net.ConnectException: Connection refused: connect
	at java.net.PlainSocketImpl.socketConnect(Native Method)
	at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:333)
	at
java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:195)
	at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:182)
	at java.net.Socket.connect(Socket.java:507)
	at sun.net.NetworkClient.doConnect(NetworkClient.java:152)
	at sun.net.www.http.HttpClient.openServer(HttpClient.java:365)
	at sun.net.www.http.HttpClient.openServer(HttpClient.java:477)
	at
sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:280)
	at
sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:337)
	at
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttp
Client(AbstractDelegateHttpsURLConnection.java:176)
	at
sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnecti
on.java:744)
	at
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Ab
stractDelegateHttpsURLConnection.java:162)
	at
sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConne
ction.java:836)
	at
sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsU
RLConnectionImpl.java:230)
	at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHead
ersTrustCaching(HTTPConduit.java:1787)
	at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWri
te(HTTPConduit.java:1755)
	at
org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutpu
tStream.java:42)
	at com.ctc.wstx.io.UTF8Writer.flush(UTF8Writer.java:96)
	at
com.ctc.wstx.sw.BufferingXmlWriter.flush(BufferingXmlWriter.java:214)
	at
com.ctc.wstx.sw.BaseStreamWriter.flush(BaseStreamWriter.java:311)
	... 10 more
Hit uncaught exception org.apache.cxf.interceptor.Fault

-----Original Message-----
From: Daniel Kulp [mailto:dkulp@apache.org] 
Sent: Saturday, March 29, 2008 12:02 AM
To: cxf-user@incubator.apache.org
Cc: Alpin, Luba
Subject: Re: Client can't communicate with CXE Server when using SSl
(used ServerFactoryBean/ClientProxyFactoryBean) jetty container, java
configuration



Looking at the cipher suites, it looks like only the export grade suites

are being selected (thus, none of the 128bit suites).  The service may 
be requiring one of those.   You could configure the cipher suites on 
the client to add in all the other suites.

The other option would be to test it with the 2.0.5 build.
http://people.apache.org/~dkulp/stage_cxf/2.0.5-incubator/
2.0.5 sets up a much more sensible set of ciphers.

Dan



On Thursday 27 March 2008, Alpin, Luba wrote:
> Any help will be very appreciated.
>
> This is an exception:
>
> Mar 27, 2008 11:28:21 AM org.apache.cxf.transport.https.SSLUtils
> getCiphersuites
>
> INFO: The cipher suites have not been configured, falling back to
> cipher suite filters.
>
> Mar 27, 2008 11:28:21 AM org.apache.cxf.transport.https.SSLUtils
> getCiphersuites
>
> INFO: The cipher suite filters have not been configured, falling back
> to default filters.
>
> Mar 27, 2008 11:28:21 AM org.apache.cxf.transport.https.SSLUtils
> getCiphersFromList
>
> INFO: The cipher suites have been set to SSL_RSA_WITH_DES_CBC_SHA,
> SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA,
> SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA,
> SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
> SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, SSL_RSA_WITH_NULL_MD5,
> SSL_RSA_WITH_NULL_SHA, SSL_DH_anon_WITH_DES_CBC_SHA,
> SSL_DH_anon_EXPORT_WITH_RC4_40_MD5,
> SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA, TLS_KRB5_WITH_DES_CBC_SHA,
> TLS_KRB5_WITH_DES_CBC_MD5, TLS_KRB5_EXPORT_WITH_RC4_40_SHA,
> TLS_KRB5_EXPORT_WITH_RC4_40_MD5, TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA,
> TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5.
>
> Mar 27, 2008 11:28:21 AM org.apache.cxf.transport.http.HTTPConduit
> prepare
>
> INFO: AutoRedirect is turned on.
>
> Mar 27, 2008 11:28:25 AM org.apache.cxf.phase.PhaseInterceptorChain
> doIntercept
>
> INFO: Interceptor has thrown exception, unwinding now
>
> org.apache.cxf.interceptor.Fault: Could not send Message.
>
>             at
> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndin
>gI nterceptor.handleMessage(MessageSenderInterceptor.java:64)
>
>             at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseIntercepto
>rC hain.java:208)
>
>             at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:276)
>
>             at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:222)
>
>             at
> org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
>
>             at
> org.apache.cxf.frontend.ClientProxy.invoke(ClientProxy.java:68)
>
>             at $Proxy15.sayHi1(Unknown Source)
>
>             at cxf_client.TestClient.testSSL(TestClient.java:677)
>
>             at cxf_client.TestClient.main(TestClient.java:131)
>
> Caused by: java.io.IOException: Not Found
>
>             at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleRe
>sp onse(HTTPConduit.java:1888)
>
>             at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HT
>TP Conduit.java:1791)
>
>             at
> org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:66
>)
>
>             at
> org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:575)
>
>             at
> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndin
>gI nterceptor.handleMessage(MessageSenderInterceptor.java:62)
>
>             ... 8 more
>
> Hit uncaught exception org.apache.cxf.interceptor.Fault



-- 
J. Daniel Kulp
Principal Engineer, IONA
dkulp@apache.org
http://www.dankulp.com/blog

Mime
View raw message