Two Way SSL with Sun JSSE [urgent]

Discussion in 'Java' started by Deepak Nayal, Oct 20, 2003.

  1. Deepak Nayal

    Deepak Nayal Guest

    Hi All,

    I have written the following JAVA program for two way SSL, using Sun JSSE.
    /*************************/
    /**
    * @author Deepak Nayal
    * Created on Oct 19, 2003 11:37:10 AM
    */

    import java.io.*;
    import java.security.*;
    import java.security.cert.*;
    import javax.net.ssl.*;
    import com.sun.net.ssl.*;
    import com.sun.net.ssl.internal.ssl.Provider;

    public class SSLClient {

    public static void main(String[] args) throws Exception{

    final String KEYSTORE = "G:/Personal/Java/SSL/mystore";
    final String KEYSTOREPASS = "mystore";
    final String HOST = "localhost";
    final int PORT = 7002;
    final String cmd = "GET /test.jsp HTTP/1.0\r\n\r\n";
    Security.addProvider(new Provider());

    KeyStore ks = KeyStore.getInstance("JKS");
    ks.load(new FileInputStream(KEYSTORE),KEYSTOREPASS.toCharArray());
    KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
    kmf.init(ks,KEYSTOREPASS.toCharArray());
    SSLContext sslctx = SSLContext.getInstance("SSLv3");
    sslctx.init(kmf.getKeyManagers(),null,null);

    SSLSocketFactory sockFactory =
    (SSLSocketFactory)sslctx.getSocketFactory();
    SSLSocket sock = (SSLSocket)sockFactory.createSocket(HOST,PORT);
    OutputStream out = sock.getOutputStream();
    out.write(cmd.getBytes());
    out.flush();

    BufferedReader read = new BufferedReader(new
    InputStreamReader(sock.getInputStream()));

    String line=null;
    while((line=read.readLine()) != null)
    System.out.println(line);
    }
    }
    /*************************/

    But whenever I run this example, I am getting the following error :-

    /*************************/
    Exception in thread "main" javax.net.ssl.SSLException: Received fatal
    alert: handshake_failure (no cipher suites in common)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA6275)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
    at om.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
    at java.io_OutputStream.write(OutputStream.java:56)
    at SSLClient.main(SSLClient.java:36)
    /*************************/

    This seems to be more of a SSL issue, but when I use Weblogic(Certicom)
    JSSE, two way SSl works fine with the same KeyStore. I have not explored
    much of Sun JSSE. Can anybody please let me know if I am doing something
    wrong in my code. :-(

    Any pointers in this direction will be highly appreciated.
    Thanks in Advance.
    Deepak Nayal
    Deepak Nayal, Oct 20, 2003
    #1
    1. Advertising

  2. Deepak Nayal

    Deepak Nayal Guest

    Has nobody ever configured two-way SSL using Sun JSSE ?
    I posted a message earlier also regarding a two-way SSL
    issue and nobody answered. :-(

    This realy is very discouraging.


    Deepak Nayal wrote:
    > Hi All,
    >
    > I have written the following JAVA program for two way SSL, using Sun JSSE.
    > /*************************/
    > /**
    > * @author Deepak Nayal
    > * Created on Oct 19, 2003 11:37:10 AM
    > */
    >
    > import java.io.*;
    > import java.security.*;
    > import java.security.cert.*;
    > import javax.net.ssl.*;
    > import com.sun.net.ssl.*;
    > import com.sun.net.ssl.internal.ssl.Provider;
    >
    > public class SSLClient {
    >
    > public static void main(String[] args) throws Exception{
    >
    > final String KEYSTORE = "G:/Personal/Java/SSL/mystore";
    > final String KEYSTOREPASS = "mystore";
    > final String HOST = "localhost";
    > final int PORT = 7002;
    > final String cmd = "GET /test.jsp HTTP/1.0\r\n\r\n";
    > Security.addProvider(new Provider());
    >
    > KeyStore ks = KeyStore.getInstance("JKS");
    > ks.load(new FileInputStream(KEYSTORE),KEYSTOREPASS.toCharArray());
    > KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
    > kmf.init(ks,KEYSTOREPASS.toCharArray());
    > SSLContext sslctx = SSLContext.getInstance("SSLv3");
    > sslctx.init(kmf.getKeyManagers(),null,null);
    >
    > SSLSocketFactory sockFactory =
    > (SSLSocketFactory)sslctx.getSocketFactory();
    > SSLSocket sock = (SSLSocket)sockFactory.createSocket(HOST,PORT);
    > OutputStream out = sock.getOutputStream();
    > out.write(cmd.getBytes());
    > out.flush();
    >
    > BufferedReader read = new BufferedReader(new
    > InputStreamReader(sock.getInputStream()));
    >
    > String line=null;
    > while((line=read.readLine()) != null)
    > System.out.println(line);
    > }
    > }
    > /*************************/
    >
    > But whenever I run this example, I am getting the following error :-
    >
    > /*************************/
    > Exception in thread "main" javax.net.ssl.SSLException: Received fatal
    > alert: handshake_failure (no cipher suites in common)
    > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA6275)
    > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
    > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
    > at om.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
    > at java.io_OutputStream.write(OutputStream.java:56)
    > at SSLClient.main(SSLClient.java:36)
    > /*************************/
    >
    > This seems to be more of a SSL issue, but when I use Weblogic(Certicom)
    > JSSE, two way SSl works fine with the same KeyStore. I have not explored
    > much of Sun JSSE. Can anybody please let me know if I am doing something
    > wrong in my code. :-(
    >
    > Any pointers in this direction will be highly appreciated.
    > Thanks in Advance.
    > Deepak Nayal
    >
    >
    Deepak Nayal, Oct 21, 2003
    #2
    1. Advertising

  3. Deepak Nayal

    EJP Guest

    How do you expect to read a line if you never write a line terminator?

    Deepak Nayal wrote:
    >
    > Has nobody ever configured two-way SSL using Sun JSSE ?
    > I posted a message earlier also regarding a two-way SSL
    > issue and nobody answered. :-(
    >
    > This realy is very discouraging.
    >
    > Deepak Nayal wrote:
    > > Hi All,
    > >
    > > I have written the following JAVA program for two way SSL, using Sun JSSE.
    > > /*************************/
    > > /**
    > > * @author Deepak Nayal
    > > * Created on Oct 19, 2003 11:37:10 AM
    > > */
    > >
    > > import java.io.*;
    > > import java.security.*;
    > > import java.security.cert.*;
    > > import javax.net.ssl.*;
    > > import com.sun.net.ssl.*;
    > > import com.sun.net.ssl.internal.ssl.Provider;
    > >
    > > public class SSLClient {
    > >
    > > public static void main(String[] args) throws Exception{
    > >
    > > final String KEYSTORE = "G:/Personal/Java/SSL/mystore";
    > > final String KEYSTOREPASS = "mystore";
    > > final String HOST = "localhost";
    > > final int PORT = 7002;
    > > final String cmd = "GET /test.jsp HTTP/1.0\r\n\r\n";
    > > Security.addProvider(new Provider());
    > >
    > > KeyStore ks = KeyStore.getInstance("JKS");
    > > ks.load(new FileInputStream(KEYSTORE),KEYSTOREPASS.toCharArray());
    > > KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
    > > kmf.init(ks,KEYSTOREPASS.toCharArray());
    > > SSLContext sslctx = SSLContext.getInstance("SSLv3");
    > > sslctx.init(kmf.getKeyManagers(),null,null);
    > >
    > > SSLSocketFactory sockFactory =
    > > (SSLSocketFactory)sslctx.getSocketFactory();
    > > SSLSocket sock = (SSLSocket)sockFactory.createSocket(HOST,PORT);
    > > OutputStream out = sock.getOutputStream();
    > > out.write(cmd.getBytes());
    > > out.flush();
    > >
    > > BufferedReader read = new BufferedReader(new
    > > InputStreamReader(sock.getInputStream()));
    > >
    > > String line=null;
    > > while((line=read.readLine()) != null)
    > > System.out.println(line);
    > > }
    > > }
    > > /*************************/
    > >
    > > But whenever I run this example, I am getting the following error :-
    > >
    > > /*************************/
    > > Exception in thread "main" javax.net.ssl.SSLException: Received fatal
    > > alert: handshake_failure (no cipher suites in common)
    > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA6275)
    > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
    > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
    > > at om.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
    > > at java.io_OutputStream.write(OutputStream.java:56)
    > > at SSLClient.main(SSLClient.java:36)
    > > /*************************/
    > >
    > > This seems to be more of a SSL issue, but when I use Weblogic(Certicom)
    > > JSSE, two way SSl works fine with the same KeyStore. I have not explored
    > > much of Sun JSSE. Can anybody please let me know if I am doing something
    > > wrong in my code. :-(
    > >
    > > Any pointers in this direction will be highly appreciated.
    > > Thanks in Advance.
    > > Deepak Nayal
    > >
    > >
    EJP, Oct 21, 2003
    #3
  4. Deepak Nayal

    soft-eng Guest

    There are some working examples on Sun site. You
    should start with that. If you started with
    weblogic working examples, you might have
    the wrong SSL technology-set specified. For
    instance, where did you get "SSLv3", and did
    you check if it's supported?

    Deepak Nayal <> wrote in message news:<bn1ugs$s3kij$-berlin.de>...
    > Has nobody ever configured two-way SSL using Sun JSSE ?
    > I posted a message earlier also regarding a two-way SSL
    > issue and nobody answered. :-(
    >
    > This realy is very discouraging.
    >
    >
    > Deepak Nayal wrote:
    > > Hi All,
    > >
    > > I have written the following JAVA program for two way SSL, using Sun JSSE.
    > > /*************************/
    > > /**
    > > * @author Deepak Nayal
    > > * Created on Oct 19, 2003 11:37:10 AM
    > > */
    > >
    > > import java.io.*;
    > > import java.security.*;
    > > import java.security.cert.*;
    > > import javax.net.ssl.*;
    > > import com.sun.net.ssl.*;
    > > import com.sun.net.ssl.internal.ssl.Provider;
    > >
    > > public class SSLClient {
    > >
    > > public static void main(String[] args) throws Exception{
    > >
    > > final String KEYSTORE = "G:/Personal/Java/SSL/mystore";
    > > final String KEYSTOREPASS = "mystore";
    > > final String HOST = "localhost";
    > > final int PORT = 7002;
    > > final String cmd = "GET /test.jsp HTTP/1.0\r\n\r\n";
    > > Security.addProvider(new Provider());
    > >
    > > KeyStore ks = KeyStore.getInstance("JKS");
    > > ks.load(new FileInputStream(KEYSTORE),KEYSTOREPASS.toCharArray());
    > > KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
    > > kmf.init(ks,KEYSTOREPASS.toCharArray());
    > > SSLContext sslctx = SSLContext.getInstance("SSLv3");
    > > sslctx.init(kmf.getKeyManagers(),null,null);
    > >
    > > SSLSocketFactory sockFactory =
    > > (SSLSocketFactory)sslctx.getSocketFactory();
    > > SSLSocket sock = (SSLSocket)sockFactory.createSocket(HOST,PORT);
    > > OutputStream out = sock.getOutputStream();
    > > out.write(cmd.getBytes());
    > > out.flush();
    > >
    > > BufferedReader read = new BufferedReader(new
    > > InputStreamReader(sock.getInputStream()));
    > >
    > > String line=null;
    > > while((line=read.readLine()) != null)
    > > System.out.println(line);
    > > }
    > > }
    > > /*************************/
    > >
    > > But whenever I run this example, I am getting the following error :-
    > >
    > > /*************************/
    > > Exception in thread "main" javax.net.ssl.SSLException: Received fatal
    > > alert: handshake_failure (no cipher suites in common)
    > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA6275)
    > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
    > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
    > > at om.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
    > > at java.io_OutputStream.write(OutputStream.java:56)
    > > at SSLClient.main(SSLClient.java:36)
    > > /*************************/
    > >
    > > This seems to be more of a SSL issue, but when I use Weblogic(Certicom)
    > > JSSE, two way SSl works fine with the same KeyStore. I have not explored
    > > much of Sun JSSE. Can anybody please let me know if I am doing something
    > > wrong in my code. :-(
    > >
    > > Any pointers in this direction will be highly appreciated.
    > > Thanks in Advance.
    > > Deepak Nayal
    > >
    > >
    soft-eng, Oct 21, 2003
    #4
  5. Deepak Nayal

    Deepak Nayal Guest

    Hi soft-eng,

    Thanks for getting back at it(At least someone has).
    I refered to this link for my SSL program :-
    http://developer.java.sun.com/developer/technicalArticles/Security/secureinternet/

    Following is a snippet from it.
    /**************************/
    KeyStore ks = KeyStore.getInstance("JKS");
    ks.load(new FileInputStream(keystore), keystorepass);
    KeyManagerFactory kmf =
    KeyManagerFactory.getInstance("SunX509");
    kmf.init(ks, keypassword);
    SSLContext sslcontext =
    SSLContext.getInstance("SSLv3");
    sslcontext.init(kmf.getKeyManagers(), null, null);
    ServerSocketFactory ssf =
    sslcontext.getServerSocketFactory();
    SSLServerSocket serversocket = (SSLServerSocket)
    ssf.createServerSocket(HTTPS_PORT);
    return serversocket;
    /**************************/

    Do you think this implementation is wrong? I have searched a lot on the
    NET and this link is the closed I got to an example for two-way SSL.
    Others were vendor specific, like Pramati, Weblogic, Borland etc.

    Could you please point me to a two-way SSL example, using Sun JSSE.

    Thanks again for your effort.
    :)

    soft-eng wrote:
    > There are some working examples on Sun site. You
    > should start with that. If you started with
    > weblogic working examples, you might have
    > the wrong SSL technology-set specified. For
    > instance, where did you get "SSLv3", and did
    > you check if it's supported?
    >
    > Deepak Nayal <> wrote in message news:<bn1ugs$s3kij$-berlin.de>...
    >
    >>Has nobody ever configured two-way SSL using Sun JSSE ?
    >>I posted a message earlier also regarding a two-way SSL
    >>issue and nobody answered. :-(
    >>
    >>This realy is very discouraging.
    >>
    >>
    >>Deepak Nayal wrote:
    >>
    >>>Hi All,
    >>>
    >>>I have written the following JAVA program for two way SSL, using Sun JSSE.
    >>>/*************************/
    >>>/**
    >>> * @author Deepak Nayal
    >>> * Created on Oct 19, 2003 11:37:10 AM
    >>> */
    >>>
    >>>import java.io.*;
    >>>import java.security.*;
    >>>import java.security.cert.*;
    >>>import javax.net.ssl.*;
    >>>import com.sun.net.ssl.*;
    >>>import com.sun.net.ssl.internal.ssl.Provider;
    >>>
    >>>public class SSLClient {
    >>>
    >>> public static void main(String[] args) throws Exception{
    >>>
    >>> final String KEYSTORE = "G:/Personal/Java/SSL/mystore";
    >>> final String KEYSTOREPASS = "mystore";
    >>> final String HOST = "localhost";
    >>> final int PORT = 7002;
    >>> final String cmd = "GET /test.jsp HTTP/1.0\r\n\r\n";
    >>> Security.addProvider(new Provider());
    >>>
    >>> KeyStore ks = KeyStore.getInstance("JKS");
    >>> ks.load(new FileInputStream(KEYSTORE),KEYSTOREPASS.toCharArray());
    >>> KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
    >>> kmf.init(ks,KEYSTOREPASS.toCharArray());
    >>> SSLContext sslctx = SSLContext.getInstance("SSLv3");
    >>> sslctx.init(kmf.getKeyManagers(),null,null);
    >>>
    >>> SSLSocketFactory sockFactory =
    >>>(SSLSocketFactory)sslctx.getSocketFactory();
    >>> SSLSocket sock = (SSLSocket)sockFactory.createSocket(HOST,PORT);
    >>> OutputStream out = sock.getOutputStream();
    >>> out.write(cmd.getBytes());
    >>> out.flush();
    >>>
    >>> BufferedReader read = new BufferedReader(new
    >>>InputStreamReader(sock.getInputStream()));
    >>>
    >>> String line=null;
    >>> while((line=read.readLine()) != null)
    >>> System.out.println(line);
    >>> }
    >>>}
    >>>/*************************/
    >>>
    >>>But whenever I run this example, I am getting the following error :-
    >>>
    >>>/*************************/
    >>>Exception in thread "main" javax.net.ssl.SSLException: Received fatal
    >>>alert: handshake_failure (no cipher suites in common)
    >>> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA6275)
    >>> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
    >>> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
    >>> at om.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
    >>> at java.io_OutputStream.write(OutputStream.java:56)
    >>> at SSLClient.main(SSLClient.java:36)
    >>>/*************************/
    >>>
    >>>This seems to be more of a SSL issue, but when I use Weblogic(Certicom)
    >>>JSSE, two way SSl works fine with the same KeyStore. I have not explored
    >>>much of Sun JSSE. Can anybody please let me know if I am doing something
    >>> wrong in my code. :-(
    >>>
    >>>Any pointers in this direction will be highly appreciated.
    >>>Thanks in Advance.
    >>>Deepak Nayal
    >>>
    >>>
    Deepak Nayal, Oct 21, 2003
    #5
  6. Deepak Nayal

    Pankaj Kumar Guest

    Pankaj Kumar, Oct 21, 2003
    #6
  7. Deepak Nayal

    soft-eng Guest

    Deepak Nayal <> wrote in message news:<bn49bo$togtm$-berlin.de>...
    > Hi soft-eng,
    >
    > Thanks for getting back at it(At least someone has).
    > I refered to this link for my SSL program :-
    > http://developer.java.sun.com/developer/technicalArticles/Security/secureinternet/
    >
    > Following is a snippet from it.
    > /**************************/
    > KeyStore ks = KeyStore.getInstance("JKS");
    > ks.load(new FileInputStream(keystore), keystorepass);
    > KeyManagerFactory kmf =
    > KeyManagerFactory.getInstance("SunX509");
    > kmf.init(ks, keypassword);
    > SSLContext sslcontext =
    > SSLContext.getInstance("SSLv3");
    > sslcontext.init(kmf.getKeyManagers(), null, null);
    > ServerSocketFactory ssf =
    > sslcontext.getServerSocketFactory();
    > SSLServerSocket serversocket = (SSLServerSocket)
    > ssf.createServerSocket(HTTPS_PORT);
    > return serversocket;
    > /**************************/


    Where are you getting all of this? I see at this URL (in Code
    Sample 2), just:

    SocketFactory factory = SSLSocketFactory.getDefault();
    Socket s = factory.createSocket(hostname, HTTPS_PORT);

    And the rest of the code is doing exactly what you seem
    to want to be doing -- writing a "GET" to the port and
    reading a page back.

    Can you make the Code Sample 2 work as is? If it works,
    and stops working when you add some of your own key-management,
    that would be the point to start looking for the problem.

    Also, I am not sure what's your concern about "two way".
    All network connections are two way. And since many
    SSL implementations exist, the development task
    is an easy one -- step 1 is to get a client to work
    and test it with some standard SSL website, step 2 is
    to get a server to work and test with some standard browser, step 3
    is to get your client and server to talk to
    each other, and there you have a 2-way connection.
    And if you want at that time, you can then abandon
    HTTP and start your own communication protocols.
    soft-eng, Oct 22, 2003
    #7
  8. Deepak Nayal

    Deepak Nayal Guest

    soft-eng wrote:
    > Deepak Nayal <> wrote in message news:<bn49bo$togtm$-berlin.de>...
    >
    >>Hi soft-eng,
    >>
    >>Thanks for getting back at it(At least someone has).
    >>I refered to this link for my SSL program :-
    >>http://developer.java.sun.com/developer/technicalArticles/Security/secureinternet/
    >>
    >>Following is a snippet from it.
    >>/**************************/
    >>KeyStore ks = KeyStore.getInstance("JKS");
    >> ks.load(new FileInputStream(keystore), keystorepass);
    >> KeyManagerFactory kmf =
    >> KeyManagerFactory.getInstance("SunX509");
    >> kmf.init(ks, keypassword);
    >> SSLContext sslcontext =
    >> SSLContext.getInstance("SSLv3");
    >> sslcontext.init(kmf.getKeyManagers(), null, null);
    >> ServerSocketFactory ssf =
    >> sslcontext.getServerSocketFactory();
    >> SSLServerSocket serversocket = (SSLServerSocket)
    >> ssf.createServerSocket(HTTPS_PORT);
    >> return serversocket;
    >>/**************************/

    >
    >
    > Where are you getting all of this? I see at this URL (in Code
    > Sample 2), just:
    >
    > SocketFactory factory = SSLSocketFactory.getDefault();
    > Socket s = factory.createSocket(hostname, HTTPS_PORT);
    >
    > And the rest of the code is doing exactly what you seem
    > to want to be doing -- writing a "GET" to the port and
    > reading a page back.


    ---------------------------------------------------------
    The one that I am using is given at Code Sample 2.
    ---------------------------------------------------------

    >
    > Can you make the Code Sample 2 work as is? If it works,
    > and stops working when you add some of your own key-management,
    > that would be the point to start looking for the problem.


    ---------------------------------------------------------
    Didn't quite get that.

    Do you think the Code Sample 2 will not work.
    ---------------------------------------------------------

    > Also, I am not sure what's your concern about "two way".
    > All network connections are two way. And since many
    > SSL implementations exist, the development task
    > is an easy one -- step 1 is to get a client to work
    > and test it with some standard SSL website, step 2 is
    > to get a server to work and test with some standard browser, step 3
    > is to get your client and server to talk to
    > each other, and there you have a 2-way connection.
    > And if you want at that time, you can then abandon
    > HTTP and start your own communication protocols.
    Deepak Nayal, Oct 22, 2003
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. John Salvo
    Replies:
    3
    Views:
    4,753
    John Salvo
    Sep 9, 2003
  2. Brian J. Sayatovic

    Help me understand SSL/JSSE!

    Brian J. Sayatovic, Oct 3, 2003, in forum: Java
    Replies:
    0
    Views:
    437
    Brian J. Sayatovic
    Oct 3, 2003
  3. Neill
    Replies:
    0
    Views:
    2,304
    Neill
    Jun 7, 2005
  4. Neill
    Replies:
    0
    Views:
    1,176
    Neill
    Jun 7, 2005
  5. Replies:
    2
    Views:
    618
Loading...

Share This Page