Return-Path: Delivered-To: apmail-cxf-users-archive@www.apache.org Received: (qmail 66280 invoked from network); 1 Apr 2010 18:55:07 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 1 Apr 2010 18:55:07 -0000 Received: (qmail 55162 invoked by uid 500); 1 Apr 2010 18:55:03 -0000 Delivered-To: apmail-cxf-users-archive@cxf.apache.org Received: (qmail 55116 invoked by uid 500); 1 Apr 2010 18:55:03 -0000 Mailing-List: contact users-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@cxf.apache.org Delivered-To: mailing list users@cxf.apache.org Received: (qmail 55092 invoked by uid 99); 1 Apr 2010 18:55:03 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 01 Apr 2010 18:55:03 +0000 X-ASF-Spam-Status: No, hits=-2.3 required=10.0 tests=RCVD_IN_DNSWL_MED,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of manoj.r.purohit@citi.com designates 216.82.250.67 as permitted sender) Received: from [216.82.250.67] (HELO mail109.messagelabs.com) (216.82.250.67) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 01 Apr 2010 18:54:54 +0000 X-VirusChecked: Checked X-Env-Sender: manoj.r.purohit@citi.com X-Msg-Ref: server-13.tower-109.messagelabs.com!1270148070!69969240!1 X-StarScan-Version: 6.2.4; banners=-,-,- X-Originating-IP: [192.193.219.200] Received: (qmail 7785 invoked from network); 1 Apr 2010 18:54:30 -0000 Received: from mail.citigroup.com (HELO mail.citigroup.com) (192.193.219.200) by server-13.tower-109.messagelabs.com with AES256-SHA encrypted SMTP; 1 Apr 2010 18:54:30 -0000 Received: from imbhub-gt01.nam.nsroot.net (imbhub-gt01.nam.nsroot.net [169.171.119.171]) by imbdmz-sw06.namdmz.dmzroot.net (Switch-3.4.1/Switch-3.4.1) with ESMTP id o31IsULK032020 for ; Thu, 1 Apr 2010 18:54:30 GMT Received: from exnjiht03.nam.nsroot.net (EXNJIHT03.nam.nsroot.net [150.110.165.229]) by imbhub-gt01.nam.nsroot.net (Switch-3.4.1/Switch-3.4.1) with ESMTP id o31IqP2L012857 for ; Thu, 1 Apr 2010 18:54:29 GMT Received: from exnjht06.nam.nsroot.net (150.110.165.226) by exnjiht03.nam.nsroot.net (150.110.165.229) with Microsoft SMTP Server (TLS) id 8.1.393.2; Thu, 1 Apr 2010 14:54:23 -0400 Received: from extxht03.nam.nsroot.net (165.203.255.112) by exnjht06.nam.nsroot.net (150.110.165.226) with Microsoft SMTP Server (TLS) id 8.1.393.2; Thu, 1 Apr 2010 14:54:23 -0400 Received: from extxmb35.nam.nsroot.net ([165.203.255.105]) by extxht03.nam.nsroot.net ([165.203.255.112]) with mapi; Thu, 1 Apr 2010 13:54:22 -0500 From: "Purohit, Manoj R " To: "users@cxf.apache.org" Date: Thu, 1 Apr 2010 13:54:22 -0500 Subject: SSL client 2 way authentication throws exception while plain jsse operation works Thread-Topic: SSL client 2 way authentication throws exception while plain jsse operation works Thread-Index: AcrRzL2g2VgzEAA6SYaYmyIph62pnQ== Message-ID: <4969F4E54725764F9C5FBB0A0E4FC3ED01731434F7@extxmb35.nam.nsroot.net> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-WiganSS: 01000000010017exnjht06.nam.nsroot.net ID0044<4969F4E54725764F9C5FBB0A0E4FC3ED01731434F7@extxmb35.nam.nsroot.net> Hello, I have tried same truststore and keystore with plain jsse example and I am = able to get response back. Handshake works fine. However same keystore and truststore I use with CXF webservice client it th= rows following exception .. RECV TLSv1 ALERT: fatal, handshake_failure which means client unable to ne= gotiate the security parameters with server. I have tried various sec:cipherSuitesFilters .*_EXPORT_.* .*_EXPORT1024_.* .*_WITH_DES_.* .*_WITH_NULL_.* .*_DH_anon_.*And many more none of them helped. As my connection works fine with plain jsse client is this qualify bug ? I = am Using CXF 2.1.5 and can't upgrade. Would appreciate any guidance or pointer to resolve this. Thanks, Manoj [Raw read]: length =3D 5 0000: 15 03 01 00 02 ..... [Raw read]: length =3D 2 0000: 02 28 .( main, READ: TLSv1 Alert, length =3D 2 main, RECV TLSv1 ALERT: fatal, handshake_failure main, called closeSocket() main, handling exception: javax.net.ssl.SSLHandshakeException: Received fat= al alert: handshake_failure Apr 1, 2010 2:38:55 PM org.apache.cxf.phase.PhaseInterceptorChain doInterce= pt INFO: Interceptor has thrown exception, unwinding now org.apache.cxf.interceptor.Fault: Could not send Message. at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSende= rEndingInterceptor.handleMessage(MessageSenderInterceptor.java:64) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInte= rceptorChain.java:226) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:469) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:299) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:251) at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:= 73) at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.ja= va:124) at $Proxy44.getFMODetailsByExpenseCode(Unknown Source) at src.WFPProfileInfoServiceClientForFMO.main(WFPProfileInfoService= ClientForFMO.java:110) Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: hands= hake_failure at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:= 150) at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:= 117) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketIm= pl.java:1584) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketI= mpl.java:866) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandsha= ke(SSLSocketImpl.java:1030) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSoc= ketImpl.java:1057) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSoc= ketImpl.java:1041) at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.= java:402) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.co= nnect(AbstractDelegateHttpsURLConnection.java:170) at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Http= URLConnection.java:861) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStrea= m(HttpsURLConnectionImpl.java:230) at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.ha= ndleHeadersTrustCaching(HTTPConduit.java:1904) at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.on= FirstWrite(HTTPConduit.java:1859) at org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrap= pedOutputStream.java:42) at org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractTh= resholdOutputStream.java:69) at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.cl= ose(HTTPConduit.java:1922) at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.j= ava:66) at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java= :626) at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSende= rEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62) ... 8 more javax.xml.ws.soap.SOAPFaultException: Could not send Message. at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.ja= va:145) at $Proxy44.getFMODetailsByExpenseCode(Unknown Source) at src.WFPProfileInfoServiceClientForFMO.main(WFPProfileInfoService= ClientForFMO.java:110) Caused by: org.apache.cxf.interceptor.Fault: Could not send Message. at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSende= rEndingInterceptor.handleMessage(MessageSenderInterceptor.java:64) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInte= rceptorChain.java:226) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:469) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:299) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:251) at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:= 73) at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.ja= va:124) ... 2 more Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: hands= hake_failure at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:= 150) at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:= 117) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketIm= pl.java:1584) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketI= mpl.java:866) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandsha= ke(SSLSocketImpl.java:1030) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSoc= ketImpl.java:1057) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSoc= ketImpl.java:1041) at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.= java:402) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.co= nnect(AbstractDelegateHttpsURLConnection.java:170) at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Http= URLConnection.java:861) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStrea= m(HttpsURLConnectionImpl.java:230) at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.ha= ndleHeadersTrustCaching(HTTPConduit.java:1904) at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.on= FirstWrite(HTTPConduit.java:1859) at org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrap= pedOutputStream.java:42) at org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractTh= resholdOutputStream.java:69) at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.cl= ose(HTTPConduit.java:1922) at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.j= ava:66) at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java= :626) at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSende= rEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62) ... 8 more