cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Thomas Pischulski <nephi...@googlemail.com>
Subject Re: CXF using SSL: Remote host closed connection during handshake
Date Tue, 22 May 2012 10:02:41 GMT
Hey Colm,

thanks for your efforts. That's indeed simple but I still get the same
SSLException. Does that require some third-party jar files in my
java-environment? I also get a bunch of "ignoring unsupported cipher
suite" messages like:

Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_RSA_WITH_NULL_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256

that all include "AES". Seems like I'm still missing something?


Cheers,

Thomas

On 5/22/2012 11:54 AM, Colm O hEigeartaigh wrote:
> Hi Thomas,
> 
> Great, I was able to reproduce the problem. The fix is quite simple,
> you need to add the following ciphersuite filter to both the
> webservice and webservice-consumer:
> 
> filter.getInclude().add(".*_WITH_AES_.*");
> 
> JDK 1.7 does not include DES cipher suites and so you need to add AES.
> 
> Colm.
> 
> On Tue, May 22, 2012 at 9:55 AM, Thomas Pischulski
> <nephix0r@googlemail.com> wrote:
>> Hey Colm,
>>
>> I'll try, it's quite a lot to set up. (This is made with eclipse btw)
>>
>> 1) Download
>> http://search.maven.org/remotecontent?filepath=org/apache/cxf/dosgi/cxf-dosgi-ri-singlebundle-distribution/1.3/cxf-dosgi-ri-singlebundle-distribution-1.3.jar
>>
>> 2) Right-click package explorer -> Import -> Plug-ins and Fragments ->
>> Import From Directory where the jar is located -> Next -> Select
>> single-bundle-distribution -> Add -> Finish
>>
>> 3) Download & unzip
>> http://www1.inf.tu-dresden.de/~s9494545/ssl_minimal_example.zip
>>
>> 4) Right-click package explorer -> Import -> Plug-ins and Fragments ->
>> Import From Directory where the extracted directory is located -> Next
>> -> Select "webservice" & "webservice-consumer" -> Add -> Finish
>>
>> 5) Right-click on webservice bundle -> Run As -> Run Configurations
>>
>> 6) Select OSGi-Framework and click "New Launch Configuration" on the
>> upper left
>>
>> 7) In the bundles-tab click "Deselect All", select all three bundles
>> "cxf-dosgi-*", "webservice" and "webservice-consumer" and make sure that
>> Auto-start is set to "true" in all three.
>>
>> 6) Click "Add required bundles"
>>
>> 7) Go to "Arguments"-tab and add "-Djavax.net.debug=all" to VM arguments
>> (this will give you a more detailled output about the SSL stuff happening)
>>
>> 8) Click apply and run
>>
>> It now takes some time to start everything, also some small GUI should
>> popup sooner or later for invoking the webservice.
>>
>> You should also get some debug-output like
>> '[SSLWebService] Service published at https://localhost:443/hello'
>> If I try to access this site I get an 'SSL connection error'
>>
>> If I try to invoke the webservice with the popped up GUI and I get the
>> 'Unrecognized SSL message, plaintext connection?'-SSLException.
>>
>> Your OSGi-Run Configuration is now still available if you click this
>> green "play" button in eclipse.
>>
>> Hope that helps
>>
>> Cheers,
>>
>> Thomas
>>
>> On 5/22/2012 10:34 AM, Colm O hEigeartaigh wrote:
>>> Hi Thomas,
>>>
>>> Can you give me more detailed instructions about how to reproduce the
>>> error given the sample? I know little about dosgi.
>>>
>>> Colm.
>>>
>>> On Tue, May 22, 2012 at 7:36 AM, Thomas Pischulski
>>> <nephix0r@googlemail.com> wrote:
>>>> Bump.
>>>
>>>
>>>
> 
> 
> 

Mime
View raw message