cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Thomas Pischulski <nephi...@googlemail.com>
Subject Re: CXF using SSL: Remote host closed connection during handshake
Date Tue, 22 May 2012 14:07:58 GMT
Hey,

when I change the port from 443 to 4443 I get
'java.lang.RuntimeException: Protocol mismatch for port 4443: engine's
protocol is http, the url protocol is https' running under windows.

I'm also using Eclipse 3.7.2. I just upgraded to JDK 1.7.04 and made
sure 1.7.04 is used by both OSGi bundles in their build-path and in
their MANIFEST.FM and I get the same exception I really don't know
what to do right now.

Here's the complete stacktrace after I invoked the webservice:
http://nopaste.info/c0108621d5.html

On 5/22/2012 3:40 PM, Colm O hEigeartaigh wrote:
> Ok that works fine for me if I change the 3 instance of "443" to 
> "4443". It also works with a clean JDK 1.7.04 install with no 
> unlimited security policies installed. What version of eclipse are
> you using? I'm using 3.7.2.
> 
> Colm.
> 
> On Tue, May 22, 2012 at 12:29 PM, Thomas Pischulski 
> <nephix0r@googlemail.com> wrote:
>> Heyho,
>> 
>> ok I put the current version I have out there: 
>> http://www1.inf.tu-dresden.de/~s9494545/ssl_minimal_example.zip
>> 
>>> What 1.7 revision are you using? Have you checked to see that
>>> the same JDK instance is being used by eclipse?
>> 
>> Not sure, where can I see my current revision? In Eclipse the JRE
>> 1.7 (C:\Program Files\Java\jre7) was running, that came by
>> installing the JDK 1.7 (C:\Program Files\Java\jdk1.7.0) I
>> configured both in Eclipse and ran the project within both 
>> environments, both failed.
>> 
>>> 
>>> Colm.
>>> 
>>> On Tue, May 22, 2012 at 11:54 AM, Thomas Pischulski 
>>> <nephix0r@googlemail.com> wrote:
>>>> I didn't change much, I just added this filter that you've
>>>> posted and I'm pretty sure it will still run properly on your
>>>> workstation. I think my java environment is wrongly
>>>> configured.
>>>> 
>>>> I just cleaned up all JREs/JDKs and reinstalled JDK 1.7 with
>>>> JRE 1.7
>>>> 
>>>> I copied
>>>> 
>>>> local_policy.jar and US_export_policy.jar
>>>> 
>>>> from the UnlimitedJCEPolicyJDK7
>>>> 
>>>> to C:\Program Files\Java\jdk1.7.0\jre\lib\security and 
>>>> C:\Program Files\Java\jre7\lib\security
>>>> 
>>>> then restarted Eclipse and ran my bundles again to get the
>>>> same SSLException and all those 'Ignoring unsupported cipher
>>>> suite' messages.
>>>> 
>>>> Cheers,
>>>> 
>>>> Thomas
>>>> 
>>>> On 5/22/2012 12:40 PM, Colm O hEigeartaigh wrote:
>>>>> What JDK are you using? As a sanity check, could you create
>>>>> a new zip that includes the AES cipher filter and changes
>>>>> the port from 443 -> 4443 (I'm using linux)? I'll try again
>>>>> to see if it works without any changes.
>>>>> 
>>>>> Colm.
>>>>> 
>>>>> On Tue, May 22, 2012 at 11:33 AM, Thomas Pischulski 
>>>>> <nephix0r@googlemail.com> wrote:
>>>>>> Heyho,
>>>>>> 
>>>>>> 
>>>>>>>> by copying all jar's into <jdk-home>/lib/security
>>>>>>> You need to copy them into <jdk.home>/jre/lib/security
>>>>>> 
>>>>>> Hm ok I did that too, still the same error :( I also
>>>>>> tried including both jar-files from JCE into my build
>>>>>> path, same results.
>>>>>> 
>>>>>>> 
>>>>>>>> Did you mean that? Does my example work on your
>>>>>>>> workstation?
>>>>>>> 
>>>>>>> Yes (with the cipher-suite changes).
>>>>>>> 
>>>>>>> Colm.
>>>>>>> 
>>>>>>> On Tue, May 22, 2012 at 11:19 AM, Thomas Pischulski 
>>>>>>> <nephix0r@googlemail.com> wrote:
>>>>>>>> I installed that: 
>>>>>>>> http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html
>>>>>>>>
>>>>>>>>
>>>>>>>> 
by copying all jar's into <jdk-home>/lib/security
>>>>>>>> 
>>>>>>>> Did you mean that? Does my example work on your
>>>>>>>> workstation?
>>>>>>>> 
>>>>>>>> On 5/22/2012 12:11 PM, Colm O hEigeartaigh wrote:
>>>>>>>>> Have you installed the unrestricted security
>>>>>>>>> policies in your JDK?
>>>>>>>>> 
>>>>>>>>> Colm.
>>>>>>>>> 
>>>>>>>>> On Tue, May 22, 2012 at 11:02 AM, Thomas
>>>>>>>>> Pischulski <nephix0r@googlemail.com> wrote:
>>>>>>>>>> Hey Colm,
>>>>>>>>>> 
>>>>>>>>>> thanks for your efforts. That's indeed simple but
>>>>>>>>>> I still get the same SSLException. Does that
>>>>>>>>>> require some third-party jar files in my 
>>>>>>>>>> java-environment? I also get a bunch of "ignoring
>>>>>>>>>> unsupported cipher suite" messages like:
>>>>>>>>>> 
>>>>>>>>>> Ignoring unsupported cipher suite:
>>>>>>>>>> TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 Ignoring
>>>>>>>>>> unsupported cipher suite:
>>>>>>>>>> TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 Ignoring
>>>>>>>>>> unsupported cipher suite:
>>>>>>>>>> TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 Ignoring
>>>>>>>>>> unsupported cipher suite:
>>>>>>>>>> TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 Ignoring
>>>>>>>>>> unsupported cipher suite:
>>>>>>>>>> TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 Ignoring
>>>>>>>>>> unsupported cipher suite:
>>>>>>>>>> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 Ignoring
>>>>>>>>>> unsupported cipher suite:
>>>>>>>>>> TLS_RSA_WITH_NULL_SHA256 Ignoring unsupported
>>>>>>>>>> cipher suite:
>>>>>>>>>> TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 Ignoring
>>>>>>>>>> unsupported cipher suite:
>>>>>>>>>> TLS_RSA_WITH_AES_256_CBC_SHA256 Ignoring
>>>>>>>>>> unsupported cipher suite:
>>>>>>>>>> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 Ignoring
>>>>>>>>>> unsupported cipher suite:
>>>>>>>>>> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 Ignoring
>>>>>>>>>> unsupported cipher suite:
>>>>>>>>>> TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 Ignoring
>>>>>>>>>> unsupported cipher suite:
>>>>>>>>>> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 Ignoring
>>>>>>>>>> unsupported cipher suite:
>>>>>>>>>> TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 Ignoring
>>>>>>>>>> unsupported cipher suite:
>>>>>>>>>> TLS_RSA_WITH_AES_128_CBC_SHA256
>>>>>>>>>> 
>>>>>>>>>> that all include "AES". Seems like I'm still
>>>>>>>>>> missing something?
>>>>>>>>>> 
>>>>>>>>>> 
>>>>>>>>>> Cheers,
>>>>>>>>>> 
>>>>>>>>>> Thomas
>>>>>>>>>> 
>>>>>>>>>> On 5/22/2012 11:54 AM, Colm O hEigeartaigh
>>>>>>>>>> wrote:
>>>>>>>>>>> Hi Thomas,
>>>>>>>>>>> 
>>>>>>>>>>> Great, I was able to reproduce the problem. The
>>>>>>>>>>> fix is quite simple, you need to add the
>>>>>>>>>>> following ciphersuite filter to both the 
>>>>>>>>>>> webservice and webservice-consumer:
>>>>>>>>>>> 
>>>>>>>>>>> filter.getInclude().add(".*_WITH_AES_.*");
>>>>>>>>>>> 
>>>>>>>>>>> JDK 1.7 does not include DES cipher suites and
>>>>>>>>>>> so you need to add AES.
>>>>>>>>>>> 
>>>>>>>>>>> Colm.
>>>>>>>>>>> 
>>>>>>>>>>> On Tue, May 22, 2012 at 9:55 AM, Thomas
>>>>>>>>>>> Pischulski <nephix0r@googlemail.com> wrote:
>>>>>>>>>>>> Hey Colm,
>>>>>>>>>>>> 
>>>>>>>>>>>> I'll try, it's quite a lot to set up. (This
>>>>>>>>>>>> is made with eclipse btw)
>>>>>>>>>>>> 
>>>>>>>>>>>> 1) Download 
>>>>>>>>>>>> http://search.maven.org/remotecontent?filepath=org/apache/cxf/dosgi/cxf-dosgi-ri-singlebundle-distribution/1.3/cxf-dosgi-ri-singlebundle-distribution-1.3.jar
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> 
2) Right-click package explorer -> Import -> Plug-ins and Fragments ->
>>>>>>>>>>>> Import From Directory where the jar is
>>>>>>>>>>>> located -> Next -> Select 
>>>>>>>>>>>> single-bundle-distribution -> Add ->
Finish
>>>>>>>>>>>> 
>>>>>>>>>>>> 3) Download & unzip 
>>>>>>>>>>>> http://www1.inf.tu-dresden.de/~s9494545/ssl_minimal_example.zip
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> 
4) Right-click package explorer -> Import -> Plug-ins and Fragments ->
>>>>>>>>>>>> Import From Directory where the extracted
>>>>>>>>>>>> directory is located -> Next -> Select
>>>>>>>>>>>> "webservice" & "webservice-consumer"
-> Add
>>>>>>>>>>>> -> Finish
>>>>>>>>>>>> 
>>>>>>>>>>>> 5) Right-click on webservice bundle ->
Run As
>>>>>>>>>>>> -> Run Configurations
>>>>>>>>>>>> 
>>>>>>>>>>>> 6) Select OSGi-Framework and click "New
>>>>>>>>>>>> Launch Configuration" on the upper left
>>>>>>>>>>>> 
>>>>>>>>>>>> 7) In the bundles-tab click "Deselect All",
>>>>>>>>>>>> select all three bundles "cxf-dosgi-*",
>>>>>>>>>>>> "webservice" and "webservice-consumer" and
>>>>>>>>>>>> make sure that Auto-start is set to "true"
in
>>>>>>>>>>>> all three.
>>>>>>>>>>>> 
>>>>>>>>>>>> 6) Click "Add required bundles"
>>>>>>>>>>>> 
>>>>>>>>>>>> 7) Go to "Arguments"-tab and add
>>>>>>>>>>>> "-Djavax.net.debug=all" to VM arguments (this
>>>>>>>>>>>> will give you a more detailled output about
>>>>>>>>>>>> the SSL stuff happening)
>>>>>>>>>>>> 
>>>>>>>>>>>> 8) Click apply and run
>>>>>>>>>>>> 
>>>>>>>>>>>> It now takes some time to start everything,
>>>>>>>>>>>> also some small GUI should popup sooner or
>>>>>>>>>>>> later for invoking the webservice.
>>>>>>>>>>>> 
>>>>>>>>>>>> You should also get some debug-output like

>>>>>>>>>>>> '[SSLWebService] Service published at
>>>>>>>>>>>> https://localhost:443/hello' If I try to
>>>>>>>>>>>> access this site I get an 'SSL connection
>>>>>>>>>>>> error'
>>>>>>>>>>>> 
>>>>>>>>>>>> If I try to invoke the webservice with the
>>>>>>>>>>>> popped up GUI and I get the 'Unrecognized
SSL
>>>>>>>>>>>> message, plaintext
>>>>>>>>>>>> connection?'-SSLException.
>>>>>>>>>>>> 
>>>>>>>>>>>> Your OSGi-Run Configuration is now still
>>>>>>>>>>>> available if you click this green "play"
>>>>>>>>>>>> button in eclipse.
>>>>>>>>>>>> 
>>>>>>>>>>>> Hope that helps
>>>>>>>>>>>> 
>>>>>>>>>>>> Cheers,
>>>>>>>>>>>> 
>>>>>>>>>>>> Thomas
>>>>>>>>>>>> 
>>>>>>>>>>>> On 5/22/2012 10:34 AM, Colm O hEigeartaigh
>>>>>>>>>>>> wrote:
>>>>>>>>>>>>> Hi Thomas,
>>>>>>>>>>>>> 
>>>>>>>>>>>>> Can you give me more detailed instructions
>>>>>>>>>>>>> about how to reproduce the error given
the
>>>>>>>>>>>>> sample? I know little about dosgi.
>>>>>>>>>>>>> 
>>>>>>>>>>>>> Colm.
>>>>>>>>>>>>> 
>>>>>>>>>>>>> On Tue, May 22, 2012 at 7:36 AM, Thomas
>>>>>>>>>>>>> Pischulski <nephix0r@googlemail.com>
>>>>>>>>>>>>> wrote:
>>>>>>>>>>>>>> Bump.
>>>>>>>>>>>>> 
>>>>>>>>>>>>> 
>>>>>>>>>>>>> 
>>>>>>>>>>> 
>>>>>>>>>>> 
>>>>>>>>>>> 
>>>>>>>>> 
>>>>>>>>> 
>>>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>> 
>>> 
>>> 
> 
> 
> 

Mime
View raw message