Two Way SSL with Sun JSSE [urgent]


D

Deepak Nayal

Hi All,

I have written the following JAVA program for two way SSL, using Sun JSSE.
/*************************/
/**
* @author Deepak Nayal
* Created on Oct 19, 2003 11:37:10 AM
*/

import java.io.*;
import java.security.*;
import java.security.cert.*;
import javax.net.ssl.*;
import com.sun.net.ssl.*;
import com.sun.net.ssl.internal.ssl.Provider;

public class SSLClient {

public static void main(String[] args) throws Exception{

final String KEYSTORE = "G:/Personal/Java/SSL/mystore";
final String KEYSTOREPASS = "mystore";
final String HOST = "localhost";
final int PORT = 7002;
final String cmd = "GET /test.jsp HTTP/1.0\r\n\r\n";
Security.addProvider(new Provider());

KeyStore ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream(KEYSTORE),KEYSTOREPASS.toCharArray());
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks,KEYSTOREPASS.toCharArray());
SSLContext sslctx = SSLContext.getInstance("SSLv3");
sslctx.init(kmf.getKeyManagers(),null,null);

SSLSocketFactory sockFactory =
(SSLSocketFactory)sslctx.getSocketFactory();
SSLSocket sock = (SSLSocket)sockFactory.createSocket(HOST,PORT);
OutputStream out = sock.getOutputStream();
out.write(cmd.getBytes());
out.flush();

BufferedReader read = new BufferedReader(new
InputStreamReader(sock.getInputStream()));

String line=null;
while((line=read.readLine()) != null)
System.out.println(line);
}
}
/*************************/

But whenever I run this example, I am getting the following error :-

/*************************/
Exception in thread "main" javax.net.ssl.SSLException: Received fatal
alert: handshake_failure (no cipher suites in common)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at om.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
at java.io_OutputStream.write(OutputStream.java:56)
at SSLClient.main(SSLClient.java:36)
/*************************/

This seems to be more of a SSL issue, but when I use Weblogic(Certicom)
JSSE, two way SSl works fine with the same KeyStore. I have not explored
much of Sun JSSE. Can anybody please let me know if I am doing something
wrong in my code. :-(

Any pointers in this direction will be highly appreciated.
Thanks in Advance.
Deepak Nayal
 
Ad

Advertisements

D

Deepak Nayal

Has nobody ever configured two-way SSL using Sun JSSE ?
I posted a message earlier also regarding a two-way SSL
issue and nobody answered. :-(

This realy is very discouraging.
 
E

EJP

How do you expect to read a line if you never write a line terminator?

Deepak said:
Has nobody ever configured two-way SSL using Sun JSSE ?
I posted a message earlier also regarding a two-way SSL
issue and nobody answered. :-(

This realy is very discouraging.

Deepak said:
Hi All,

I have written the following JAVA program for two way SSL, using Sun JSSE.
/*************************/
/**
* @author Deepak Nayal
* Created on Oct 19, 2003 11:37:10 AM
*/

import java.io.*;
import java.security.*;
import java.security.cert.*;
import javax.net.ssl.*;
import com.sun.net.ssl.*;
import com.sun.net.ssl.internal.ssl.Provider;

public class SSLClient {

public static void main(String[] args) throws Exception{

final String KEYSTORE = "G:/Personal/Java/SSL/mystore";
final String KEYSTOREPASS = "mystore";
final String HOST = "localhost";
final int PORT = 7002;
final String cmd = "GET /test.jsp HTTP/1.0\r\n\r\n";
Security.addProvider(new Provider());

KeyStore ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream(KEYSTORE),KEYSTOREPASS.toCharArray());
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks,KEYSTOREPASS.toCharArray());
SSLContext sslctx = SSLContext.getInstance("SSLv3");
sslctx.init(kmf.getKeyManagers(),null,null);

SSLSocketFactory sockFactory =
(SSLSocketFactory)sslctx.getSocketFactory();
SSLSocket sock = (SSLSocket)sockFactory.createSocket(HOST,PORT);
OutputStream out = sock.getOutputStream();
out.write(cmd.getBytes());
out.flush();

BufferedReader read = new BufferedReader(new
InputStreamReader(sock.getInputStream()));

String line=null;
while((line=read.readLine()) != null)
System.out.println(line);
}
}
/*************************/

But whenever I run this example, I am getting the following error :-

/*************************/
Exception in thread "main" javax.net.ssl.SSLException: Received fatal
alert: handshake_failure (no cipher suites in common)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at om.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
at java.io_OutputStream.write(OutputStream.java:56)
at SSLClient.main(SSLClient.java:36)
/*************************/

This seems to be more of a SSL issue, but when I use Weblogic(Certicom)
JSSE, two way SSl works fine with the same KeyStore. I have not explored
much of Sun JSSE. Can anybody please let me know if I am doing something
wrong in my code. :-(

Any pointers in this direction will be highly appreciated.
Thanks in Advance.
Deepak Nayal
 
S

soft-eng

There are some working examples on Sun site. You
should start with that. If you started with
weblogic working examples, you might have
the wrong SSL technology-set specified. For
instance, where did you get "SSLv3", and did
you check if it's supported?

Deepak Nayal said:
Has nobody ever configured two-way SSL using Sun JSSE ?
I posted a message earlier also regarding a two-way SSL
issue and nobody answered. :-(

This realy is very discouraging.


Deepak said:
Hi All,

I have written the following JAVA program for two way SSL, using Sun JSSE.
/*************************/
/**
* @author Deepak Nayal
* Created on Oct 19, 2003 11:37:10 AM
*/

import java.io.*;
import java.security.*;
import java.security.cert.*;
import javax.net.ssl.*;
import com.sun.net.ssl.*;
import com.sun.net.ssl.internal.ssl.Provider;

public class SSLClient {

public static void main(String[] args) throws Exception{

final String KEYSTORE = "G:/Personal/Java/SSL/mystore";
final String KEYSTOREPASS = "mystore";
final String HOST = "localhost";
final int PORT = 7002;
final String cmd = "GET /test.jsp HTTP/1.0\r\n\r\n";
Security.addProvider(new Provider());

KeyStore ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream(KEYSTORE),KEYSTOREPASS.toCharArray());
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks,KEYSTOREPASS.toCharArray());
SSLContext sslctx = SSLContext.getInstance("SSLv3");
sslctx.init(kmf.getKeyManagers(),null,null);

SSLSocketFactory sockFactory =
(SSLSocketFactory)sslctx.getSocketFactory();
SSLSocket sock = (SSLSocket)sockFactory.createSocket(HOST,PORT);
OutputStream out = sock.getOutputStream();
out.write(cmd.getBytes());
out.flush();

BufferedReader read = new BufferedReader(new
InputStreamReader(sock.getInputStream()));

String line=null;
while((line=read.readLine()) != null)
System.out.println(line);
}
}
/*************************/

But whenever I run this example, I am getting the following error :-

/*************************/
Exception in thread "main" javax.net.ssl.SSLException: Received fatal
alert: handshake_failure (no cipher suites in common)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at om.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
at java.io_OutputStream.write(OutputStream.java:56)
at SSLClient.main(SSLClient.java:36)
/*************************/

This seems to be more of a SSL issue, but when I use Weblogic(Certicom)
JSSE, two way SSl works fine with the same KeyStore. I have not explored
much of Sun JSSE. Can anybody please let me know if I am doing something
wrong in my code. :-(

Any pointers in this direction will be highly appreciated.
Thanks in Advance.
Deepak Nayal
 
D

Deepak Nayal

Hi soft-eng,

Thanks for getting back at it(At least someone has).
I refered to this link for my SSL program :-
http://developer.java.sun.com/developer/technicalArticles/Security/secureinternet/

Following is a snippet from it.
/**************************/
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream(keystore), keystorepass);
KeyManagerFactory kmf =
KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, keypassword);
SSLContext sslcontext =
SSLContext.getInstance("SSLv3");
sslcontext.init(kmf.getKeyManagers(), null, null);
ServerSocketFactory ssf =
sslcontext.getServerSocketFactory();
SSLServerSocket serversocket = (SSLServerSocket)
ssf.createServerSocket(HTTPS_PORT);
return serversocket;
/**************************/

Do you think this implementation is wrong? I have searched a lot on the
NET and this link is the closed I got to an example for two-way SSL.
Others were vendor specific, like Pramati, Weblogic, Borland etc.

Could you please point me to a two-way SSL example, using Sun JSSE.

Thanks again for your effort.
:)

soft-eng said:
There are some working examples on Sun site. You
should start with that. If you started with
weblogic working examples, you might have
the wrong SSL technology-set specified. For
instance, where did you get "SSLv3", and did
you check if it's supported?

Deepak Nayal said:
Has nobody ever configured two-way SSL using Sun JSSE ?
I posted a message earlier also regarding a two-way SSL
issue and nobody answered. :-(

This realy is very discouraging.


Deepak said:
Hi All,

I have written the following JAVA program for two way SSL, using Sun JSSE.
/*************************/
/**
* @author Deepak Nayal
* Created on Oct 19, 2003 11:37:10 AM
*/

import java.io.*;
import java.security.*;
import java.security.cert.*;
import javax.net.ssl.*;
import com.sun.net.ssl.*;
import com.sun.net.ssl.internal.ssl.Provider;

public class SSLClient {

public static void main(String[] args) throws Exception{

final String KEYSTORE = "G:/Personal/Java/SSL/mystore";
final String KEYSTOREPASS = "mystore";
final String HOST = "localhost";
final int PORT = 7002;
final String cmd = "GET /test.jsp HTTP/1.0\r\n\r\n";
Security.addProvider(new Provider());

KeyStore ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream(KEYSTORE),KEYSTOREPASS.toCharArray());
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks,KEYSTOREPASS.toCharArray());
SSLContext sslctx = SSLContext.getInstance("SSLv3");
sslctx.init(kmf.getKeyManagers(),null,null);

SSLSocketFactory sockFactory =
(SSLSocketFactory)sslctx.getSocketFactory();
SSLSocket sock = (SSLSocket)sockFactory.createSocket(HOST,PORT);
OutputStream out = sock.getOutputStream();
out.write(cmd.getBytes());
out.flush();

BufferedReader read = new BufferedReader(new
InputStreamReader(sock.getInputStream()));

String line=null;
while((line=read.readLine()) != null)
System.out.println(line);
}
}
/*************************/

But whenever I run this example, I am getting the following error :-

/*************************/
Exception in thread "main" javax.net.ssl.SSLException: Received fatal
alert: handshake_failure (no cipher suites in common)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at om.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
at java.io_OutputStream.write(OutputStream.java:56)
at SSLClient.main(SSLClient.java:36)
/*************************/

This seems to be more of a SSL issue, but when I use Weblogic(Certicom)
JSSE, two way SSl works fine with the same KeyStore. I have not explored
much of Sun JSSE. Can anybody please let me know if I am doing something
wrong in my code. :-(

Any pointers in this direction will be highly appreciated.
Thanks in Advance.
Deepak Nayal
 
Ad

Advertisements

S

soft-eng

Deepak Nayal said:
Hi soft-eng,

Thanks for getting back at it(At least someone has).
I refered to this link for my SSL program :-
http://developer.java.sun.com/developer/technicalArticles/Security/secureinternet/

Following is a snippet from it.
/**************************/
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream(keystore), keystorepass);
KeyManagerFactory kmf =
KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, keypassword);
SSLContext sslcontext =
SSLContext.getInstance("SSLv3");
sslcontext.init(kmf.getKeyManagers(), null, null);
ServerSocketFactory ssf =
sslcontext.getServerSocketFactory();
SSLServerSocket serversocket = (SSLServerSocket)
ssf.createServerSocket(HTTPS_PORT);
return serversocket;
/**************************/

Where are you getting all of this? I see at this URL (in Code
Sample 2), just:

SocketFactory factory = SSLSocketFactory.getDefault();
Socket s = factory.createSocket(hostname, HTTPS_PORT);

And the rest of the code is doing exactly what you seem
to want to be doing -- writing a "GET" to the port and
reading a page back.

Can you make the Code Sample 2 work as is? If it works,
and stops working when you add some of your own key-management,
that would be the point to start looking for the problem.

Also, I am not sure what's your concern about "two way".
All network connections are two way. And since many
SSL implementations exist, the development task
is an easy one -- step 1 is to get a client to work
and test it with some standard SSL website, step 2 is
to get a server to work and test with some standard browser, step 3
is to get your client and server to talk to
each other, and there you have a 2-way connection.
And if you want at that time, you can then abandon
HTTP and start your own communication protocols.
 
Ad

Advertisements

D

Deepak Nayal

soft-eng said:
Where are you getting all of this? I see at this URL (in Code
Sample 2), just:

SocketFactory factory = SSLSocketFactory.getDefault();
Socket s = factory.createSocket(hostname, HTTPS_PORT);

And the rest of the code is doing exactly what you seem
to want to be doing -- writing a "GET" to the port and
reading a page back.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top