Return-Path: Delivered-To: apmail-qpid-users-archive@www.apache.org Received: (qmail 19684 invoked from network); 7 Feb 2011 10:58:27 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 7 Feb 2011 10:58:27 -0000 Received: (qmail 93889 invoked by uid 500); 7 Feb 2011 10:58:27 -0000 Delivered-To: apmail-qpid-users-archive@qpid.apache.org Received: (qmail 93608 invoked by uid 500); 7 Feb 2011 10:58:24 -0000 Mailing-List: contact users-help@qpid.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@qpid.apache.org Delivered-To: mailing list users@qpid.apache.org Received: (qmail 93600 invoked by uid 99); 7 Feb 2011 10:58:23 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 07 Feb 2011 10:58:23 +0000 X-ASF-Spam-Status: No, hits=2.2 required=5.0 tests=HTML_MESSAGE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of rajika@wso2.com designates 209.85.220.170 as permitted sender) Received: from [209.85.220.170] (HELO mail-vx0-f170.google.com) (209.85.220.170) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 07 Feb 2011 10:58:18 +0000 Received: by vxc38 with SMTP id 38so1623453vxc.15 for ; Mon, 07 Feb 2011 02:57:57 -0800 (PST) MIME-Version: 1.0 Received: by 10.220.192.193 with SMTP id dr1mr4043000vcb.100.1297076276886; Mon, 07 Feb 2011 02:57:56 -0800 (PST) Received: by 10.220.181.139 with HTTP; Mon, 7 Feb 2011 02:57:56 -0800 (PST) In-Reply-To: References: Date: Mon, 7 Feb 2011 16:27:56 +0530 Message-ID: Subject: Re: Timed out occurs when connecting to Java broker over SSL From: Rajika Kumarasiri To: users@qpid.apache.org Content-Type: multipart/alternative; boundary=90e6ba308eeabafe07049baf1ada --90e6ba308eeabafe07049baf1ada Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable FYI, Here are the javax.net.debug out put for client and server respectively. I= t seems the client hasn't received the response send by the server for Hello (although the server has responded with it). I am going to take a look at the source. Rajika *** trigger seeding of SecureRandom done seeding SecureRandom Using SSLEngineImpl. %% No cached client session *** ClientHello, TLSv1 RandomCookie: GMT: 1297010140 bytes =3D { 210, 134, 23, 64, 22, 110, 36, 1= 86, 176, 47, 47, 126, 40, 148, 193, 61, 218, 147, 10, 72, 114, 176, 157, 104, 159, 94, 115, 98 } Session ID: {} Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA] Compression Methods: { 0 } *** main, WRITE: TLSv1 Handshake, length =3D 79 main, WRITE: SSLv2 client hello message, length =3D 107 ---------------------------------------------------------------------------= ----- adding as trusted cert: Subject: CN=3Dhostname, OU=3DOrgUnit, O=3DOrg, L=3DCity, C=3DUS Issuer: CN=3Dhostname, OU=3DOrgUnit, O=3DOrg, L=3DCity, C=3DUS Algorithm: RSA; Serial number: 0x4d4fcc9f Valid from Mon Feb 07 16:12:39 IST 2011 until Tue Feb 07 16:12:39 IST 201= 2 *** found key for : qpidbroker chain [0] =3D [ [ Version: V3 Subject: CN=3Dhostname, OU=3DOrgUnit, O=3DOrg, L=3DCity, C=3DUS Signature Algorithm: SHA1withRSA, OID =3D 1.2.840.113549.1.1.5 Key: Sun RSA public key, 1024 bits modulus: 902020104958131298013556965521475513192180909331865125451519700060238336091= 949396126897937757406361251480384502655400041408601167892971321697105928645= 506406611587349668815414164876929733170541411802290081402214054180795549447= 042685575607274219736755806168822626918227115735481780591112044543212153710= 14260577 public exponent: 65537 Validity: [From: Mon Feb 07 16:12:39 IST 2011, To: Tue Feb 07 16:12:39 IST 2012] Issuer: CN=3Dhostname, OU=3DOrgUnit, O=3DOrg, L=3DCity, C=3DUS SerialNumber: [ 4d4fcc9f] ] Algorithm: [SHA1withRSA] Signature: 0000: 41 C9 5C 53 30 AA 06 34 11 79 66 32 27 C1 91 77 A.\S0..4.yf2'..w 0010: E8 65 21 AF 56 63 9F 86 C4 CC 84 4F E0 AD DE 4F .e!.Vc.....O...O 0020: 06 7F C7 3B EB DA C9 78 E9 DC 4D AC 56 DD 92 BE ...;...x..M.V... 0030: D4 DD 3A 09 D1 C5 46 C8 73 12 6A E5 D6 98 AC E9 ..:...F.s.j..... 0040: 16 95 5B 51 29 E8 97 1B 27 95 6E 0B 90 B9 3C 3C ..[Q)...'.n...<< 0050: 4D 69 5F B8 D6 01 D1 97 75 17 EF B2 75 12 8B 48 Mi_.....u...u..H 0060: 1D C5 DE 83 F9 FD FD 35 83 DF E4 5E 68 5E 65 09 .......5...^h^e. 0070: 43 47 73 B8 27 D2 BB 8C 8F 16 EE 0A D3 68 90 96 CGs.'........h.. ] *** trigger seeding of SecureRandom done seeding SecureRandom On Sun, Feb 6, 2011 at 8:06 PM, Rajika Kumarasiri wrote: > I have configured a sample Java Qpid client talk to Qpid java broker ( 0.= 9) > over SSL. I have provided the required keystore/truststore files and the > required passwords correctly. When the client tries to connect to the bro= ker > it receives the following timed out error. I try increasing the time out = ( > by increasing the a value to the system property qpid.ssl_timeout) of the > SSLSender but that didn't help. Any help is greatly appreciated. I am > looking into the javax.net.debug logs right now, if you think that'll he= lp > I can post them as well. > Is there any other kind of logging that I can enable to get more > information ? > > BTW, I also notice that the keystore file and the keystore password given > through the connection url actually transmitted into the truststore > file+password combination, so I had to pass keystore file and the passwor= d > as system properties. > > Rajika > > > [2011-02-06 20:02:56,327] ERROR > {org.apache.axis2.transport.base.threads.NativeWorkerPool} - Uncaught > exception > org.apache.axis2.transport.jms.AxisJMSException: Error acquiring a JMS > connection to : QueueConnectionFactory using JNDI properties : > {java.naming.factory.initial=3Dorg.apache.qpid.jndi.PropertiesFileInitial= ContextFactory, > transport.jms.Password=3Dadmin, > java.naming.provider.url=3Drepository/conf/csg-qpid.properties, > transport.jms.ConnectionFactory=3DSimpleStockQuoteServiceQueueConnectionF= actory, > transport.jms.UserName=3Dadmin, transport.jms.ConnectionFactoryType=3Dque= ue, > ServiceClass=3Dsamples.services.SimpleStockQuoteService} > at > org.apache.axis2.transport.jms.ServiceTaskManager.handleException(Service= TaskManager.java:980) > at > org.apache.axis2.transport.jms.ServiceTaskManager.access$700(ServiceTaskM= anager.java:50) > at > org.apache.axis2.transport.jms.ServiceTaskManager$MessageListenerTask.cre= ateConnection(ServiceTaskManager.java:815) > at > org.apache.axis2.transport.jms.ServiceTaskManager$MessageListenerTask.get= Connection(ServiceTaskManager.java:686) > at > org.apache.axis2.transport.jms.ServiceTaskManager$MessageListenerTask.rec= eiveMessage(ServiceTaskManager.java:484) > at > org.apache.axis2.transport.jms.ServiceTaskManager$MessageListenerTask.run= (ServiceTaskManager.java:412) > at > org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWork= erPool.java:173) > at > java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor= .java:886) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.jav= a:908) > at java.lang.Thread.run(Thread.java:619) > Caused by: javax.jms.JMSException: Error creating connection: SSL Engine > timed out waiting for a response.To get more info,run with > -Djavax.net.debug=3Dssl > at > org.apache.qpid.client.AMQConnectionFactory.createConnection(AMQConnectio= nFactory.java:326) > at > org.apache.qpid.client.AMQConnectionFactory.createConnection(AMQConnectio= nFactory.java:297) > at > org.apache.axis2.transport.jms.JMSUtils.createConnection(JMSUtils.java:55= 2) > at > org.apache.axis2.transport.jms.ServiceTaskManager$MessageListenerTask.cre= ateConnection(ServiceTaskManager.java:804) > ... 7 more > Caused by: org.apache.qpid.AMQConnectionFailureException: SSL Engine time= d > out waiting for a response.To get more info,run with -Djavax.net.debug=3D= ssl > at org.apache.qpid.client.AMQConnection.(AMQConnection.java:620= ) > at > org.apache.qpid.client.AMQConnectionFactory.createConnection(AMQConnectio= nFactory.java:317) > ... 10 more > Caused by: org.apache.qpid.transport.SenderException: SSL Engine timed ou= t > waiting for a response.To get more info,run with -Djavax.net.debug=3Dssl > at > org.apache.qpid.transport.network.security.ssl.SSLSender.send(SSLSender.j= ava:227) > at > org.apache.qpid.transport.network.security.ssl.SSLSender.send(SSLSender.j= ava:36) > at > org.apache.qpid.transport.network.Disassembler.init(Disassembler.java:158= ) > at > org.apache.qpid.transport.network.Disassembler.init(Disassembler.java:49) > at > org.apache.qpid.transport.ProtocolHeader.delegate(ProtocolHeader.java:105= ) > at > org.apache.qpid.transport.network.Disassembler.send(Disassembler.java:81) > at > org.apache.qpid.transport.network.Disassembler.send(Disassembler.java:49) > at org.apache.qpid.transport.Connection.send(Connection.java:360) > at org.apache.qpid.transport.Connection.connect(Connection.java:238) > at > org.apache.qpid.client.AMQConnectionDelegate_0_10.makeBrokerConnection(AM= QConnectionDelegate_0_10.java:164) > at > org.apache.qpid.client.AMQConnection.makeBrokerConnection(AMQConnection.j= ava:761) > at org.apache.qpid.client.AMQConnection.(AMQConnection.java:547= ) > ... 11 more > > > > --90e6ba308eeabafe07049baf1ada--