I am trying to make connection to the mailserver using java mail api, with user loginId password and the host name. But if any one of the id fails to make connection then the following ids also fails to authorize even if they have correct credentials.
Do I've to close the store values after the loop.
sessions = Session.getDefaultInstance(properties);
store = sessions.getStore(emailAccType);
store.connect(emailHost,emailId, emailPwd);
What i need to close in finally block of try/catch.
for the following error.
javax.mail.MessagingException: Connect failed;
nested exception is:
javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
at com.sun.mail.pop3.POP3Store.protocolConnect(POP3Store.java:161)
at javax.mail.Service.connect(Service.java:288)
at javax.mail.Service.connect(Service.java:169)
at com.scheduler.utils.QuartzImplementation.<init>(QuartzImplementation.java:77)
at com.scheduler.utils.SchedulerRedirect.execute(SchedulerRedirect.java:31)
at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:529)
Caused by: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
at com.sun.net.ssl.internal.ssl.InputRecord.handleUnknownRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.AppInputStream.read(Unknown Source)
at java.io.BufferedInputStream.fill(Unknown Source)
at java.io.BufferedInputStream.read(Unknown Source)
at java.io.DataInputStream.readLine(Unknown Source)
at com.sun.mail.pop3.Protocol.simpleCommand(Protocol.java:360)
at com.sun.mail.pop3.Protocol.<init>(Protocol.java:104)
at com.sun.mail.pop3.POP3Store.getPort(POP3Store.java:214)
at com.sun.mail.pop3.POP3Store.protocolConnect(POP3Store.java:157)
for the first time it's executing but if one fails then this problem arise.
Thanks in advance
Refer the answer to this question
Please ensure you've read the java mail API FAQs completely.
Related
I have run into an issue developing a HTTP client with the use of BouncyCastle libraries.
Target versions (but the error is also reproducible in Java 1.8.0_91 with the same version of BouncyCastle.)
JRE 1.6.0_45-b06
BouncyCastle jdk15to18 167 (bcprov-jdk15to18-167.jar, bcpkix-jdk15to18-167.jar, bctls-jdk15to18-167.jar)
HTTPClient code:
String strURL = "https://www.<WEBSITE>.com";
// CODE to set default TrustStore, KeyStore to be used
// setup BC as SecurityProvider and SSLSocketFactoryProvider
/*
Security.insertProviderAt(new BouncyCastleProvider(), 1);
Security.insertProviderAt(new BouncyCastleJsseProvider(), 2);
Security.setProperty("ssl.KeyManagerFactory.algorithm", "PKIX");
Security.setProperty("ssl.TrustManagerFactory.algorithm", "PKIX");
Security.setProperty("ssl.SocketFactory.provider", "org.bouncycastle.jsse.provider.SSLSocketFactoryImpl");
System.setProperty("jdk.tls.trustNameService", "true");
*/
URL url = new URL( strURL );
HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();
conn.setDoOutput(true);
conn.setRequestMethod("GET");
InputStream is = null;
if (conn.getResponseCode() == HttpURLConnection.HTTP_OK) {
System.out.println("OK");
is = conn.getInputStream();
} else if (conn.getResponseCode() == HttpURLConnection.HTTP_INTERNAL_ERROR) {
System.out.println("ERROR");
is = conn.getErrorStream();
} else {
System.out.println( conn.getResponseCode() );
System.out.println( conn.getResponseMessage() );
}
if (is != null) {
System.out.println( readFullyAsString(is, "UTF-8") );
}
conn.disconnect();
Accessing data on a website with TLS 1.2 without client_auth works fine (there are some issues with specific sites that return handshake_failure(40), but luckily not in our case). But when client_auth is required the code fails with the following (a little cryptic) error:
nov. 27, 2020 5:23:10 PM org.bouncycastle.jsse.provider.ProvTlsClient notifyAlertRaised
WARNING: Client raised fatal(2) internal_error(80) alert: Failed to read record
java.net.SocketException: Connection reset
at java.net.SocketInputStream.read(Unknown Source)
at java.net.SocketInputStream.read(Unknown Source)
at org.bouncycastle.tls.RecordStream$Record.fillTo(RecordStream.java:429)
at org.bouncycastle.tls.RecordStream$Record.readHeader(RecordStream.java:468)
at org.bouncycastle.tls.RecordStream.readRecord(RecordStream.java:201)
at org.bouncycastle.tls.TlsProtocol.safeReadRecord(TlsProtocol.java:768)
at org.bouncycastle.tls.TlsProtocol.readApplicationData(TlsProtocol.java:731)
at org.bouncycastle.jsse.provider.ProvSSLSocketDirect$AppDataInput.read(ProvSSLSocketDirect.java:603)
at java.io.BufferedInputStream.fill(Unknown Source)
at java.io.BufferedInputStream.read1(Unknown Source)
at java.io.BufferedInputStream.read(Unknown Source)
at sun.net.www.http.HttpClient.parseHTTPHeader(Unknown Source)
at sun.net.www.http.HttpClient.parseHTTP(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
at java.net.HttpURLConnection.getResponseCode(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(Unknown Source)
at HttpsClient.main(HttpsClient.java:109)
nov. 27, 2020 5:23:10 PM org.bouncycastle.jsse.provider.ProvTlsClient notifyAlertRaised
WARNING: Client raised fatal(2) internal_error(80) alert: Failed to read record
java.net.SocketException: Connection reset
at java.net.SocketInputStream.read(Unknown Source)
at java.net.SocketInputStream.read(Unknown Source)
at org.bouncycastle.tls.RecordStream$Record.fillTo(RecordStream.java:429)
at org.bouncycastle.tls.RecordStream$Record.readHeader(RecordStream.java:468)
at org.bouncycastle.tls.RecordStream.readRecord(RecordStream.java:201)
at org.bouncycastle.tls.TlsProtocol.safeReadRecord(TlsProtocol.java:768)
at org.bouncycastle.tls.TlsProtocol.readApplicationData(TlsProtocol.java:731)
at org.bouncycastle.jsse.provider.ProvSSLSocketDirect$AppDataInput.read(ProvSSLSocketDirect.java:603)
at java.io.BufferedInputStream.fill(Unknown Source)
at java.io.BufferedInputStream.read1(Unknown Source)
at java.io.BufferedInputStream.read(Unknown Source)
at sun.net.www.http.HttpClient.parseHTTPHeader(Unknown Source)
at sun.net.www.http.HttpClient.parseHTTP(Unknown Source)
at sun.net.www.http.HttpClient.parseHTTP(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
at java.net.HttpURLConnection.getResponseCode(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(Unknown Source)
at HttpsClient.main(HttpsClient.java:109)
java.net.SocketException: Connection reset
at java.net.SocketInputStream.read(Unknown Source)
at java.net.SocketInputStream.read(Unknown Source)
at org.bouncycastle.tls.RecordStream$Record.fillTo(RecordStream.java:429)
at org.bouncycastle.tls.RecordStream$Record.readHeader(RecordStream.java:468)
at org.bouncycastle.tls.RecordStream.readRecord(RecordStream.java:201)
at org.bouncycastle.tls.TlsProtocol.safeReadRecord(TlsProtocol.java:768)
at org.bouncycastle.tls.TlsProtocol.readApplicationData(TlsProtocol.java:731)
at org.bouncycastle.jsse.provider.ProvSSLSocketDirect$AppDataInput.read(ProvSSLSocketDirect.java:603)
at java.io.BufferedInputStream.fill(Unknown Source)
at java.io.BufferedInputStream.read1(Unknown Source)
at java.io.BufferedInputStream.read(Unknown Source)
at sun.net.www.http.HttpClient.parseHTTPHeader(Unknown Source)
at sun.net.www.http.HttpClient.parseHTTP(Unknown Source)
at sun.net.www.http.HttpClient.parseHTTP(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
at java.net.HttpURLConnection.getResponseCode(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(Unknown Source)
at HttpsClient.main(HttpsClient.java:109)
As expected the code runs just fine in Java 1.8 without BC as Security Provider ... but in Java 1.6 BC is needed for TLS 1.2 support.
I looked at the packets with Wireshark, but I don't have enough knowledge to analyze what's happening (failing) with the SSL handshake operation with the server.
What am I missing here? Or it's just a known limitation of BC?
Thanks for any suggestions.
After extensive research and testing (we set up our own dev environment that replicated the endpoint, we were trying to connect to with client cert) we have found a solution (posted below) that works for us in our dev environment, but couldn't be configured on the endpoint. That's why we went to plan B - TLS termination proxy and it worked like a charm in our case, when we didn't have control of the server environment.
Solution for IIS
In our case the web service requiring client auth was running on Microsoft IIS. As stated "Unfortunately our TLS libraries do not support renegotiation (and we do not plan to add it, although there are corresponding TLS 1.3 features that we will)." in this open issue (https://github.com/bcgit/bc-java/issues/593). After reading the IIS documentation and some testing we successfully configured the environment in a way that TLS sessions could be established with BC TLS lib:
Step 1:
Create an IIS site with default settings
Run IISCrypto with the "Best practices" template:
Step 2:
Enable SSLAlwaysNegoClientCert
Save the following text to a file called "Enable_SSL_Renegotiate.js"
var vdirObj=GetObject("IIS://localhost/W3svc/1");
// replace 1 on this line with the number of the web site you wish to configure
WScript.Echo("Value of SSLAlwaysNegoClientCert Before: " + vdirObj.SSLAlwaysNegoClientCert);
vdirObj.Put("SSLAlwaysNegoClientCert", true);
vdirObj.SetInfo();
WScript.Echo("Value of SSLAlwaysNegoClientCert After: " + vdirObj.SSLAlwaysNegoClientCert);
Run the following command from an elevated / administrator command prompt:
cscript.exe enable_ssl_renegotiate.js
I posted the same answer on BouncyCastle Github - #847
I have the following Route definition:
#Override
public void configure() throws Exception {
from(String.format("direct:%s", this.connector))
.id("Route1")
.threads()
.maxPoolSize(10)
.keepAliveTime(3000)
.timeUnit(TimeUnit.MICROSECONDS)
.poolSize(1)
.rejectedPolicy(ThreadPoolRejectedPolicy.Abort)
.log("Calling WS")
.maxQueueSize(1)
.to("http://10.8.4.9:8080/service");
}
And the request snipet above:
InputStream exchange = (InputStream) template
.requestBodyAndHeaders(url, AppUtil.parse(this.body, input), this.headers);
The endpoint is intentionally unavaliable. So, I expected my request wait for 3 seconds and throws some exception as response. Insted, the following behaviour happens:
2018-08-24 16:55:55,048 DEBUG http-nio-8081-exec-2 httpclient.HttpMethodDirector:443 - Connection timed out: connect
java.net.ConnectException: Connection timed out: connect
at java.net.DualStackPlainSocketImpl.connect0(Native Method)
at java.net.DualStackPlainSocketImpl.socketConnect(Unknown Source)
at java.net.AbstractPlainSocketImpl.doConnect(Unknown Source)
at java.net.AbstractPlainSocketImpl.connectToAddress(Unknown Source)
at java.net.AbstractPlainSocketImpl.connect(Unknown Source)
at java.net.PlainSocketImpl.connect(Unknown Source)
at java.net.SocksSocketImpl.connect(Unknown Source)
... more stack...
at java.lang.Thread.run(Unknown Source)
2018-08-24 16:56:38,333 INFO http-nio-8081-exec-2 httpclient.HttpMethodDirector:445 - Retrying request
2018-08-24 16:56:38,417 DEBUG http-nio-8081-exec-2 httpclient.HttpConnection:692 - Open connection to 10.8.4.9:8080/service
Camel retries for 3 times and do not respect the timeout.
I've tried to use:
onException(ConnectException.class)
.maximumRedeliveries(0);
No success...
What I missed?
The .keepAliveTime(3000) is not for HTTP endpoints, its an API for the JVM thread pool in Java itself. You can read about this option in the Java API for thread pools, and there is also a bit of javadoc on that method in Camel DSL.
If you need HTTP connection timeout etc, then you need to set specific option on the http endpoint.
https://github.com/apache/camel/blob/master/components/camel-http4/src/main/docs/http4-component.adoc#using-client-timeout---so_timeout
im having a random error of could not send message. sometimes there's no error.
what might be the cause?? thanks.
Mar 06, 2014 6:11:13 AM org.apache.cxf.phase.PhaseInterceptorChain doDefaultLogging
WARNING: Interceptor for {XXX }SoapApiServiceHttpEndpoint#{XXX}createSession has thrown exception, unwin
ding now
org.apache.cxf.interceptor.Fault: Could not send Message.
at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:64)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:531)
Caused by: java.net.SocketException: SocketException invoking : Connection reset
at sun.reflect.GeneratedConstructorAccessor2332.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
Caused by: java.net.SocketException: Connection reset
at java.net.SocketInputStream.read(Unknown Source)
at java.net.SocketInputStream.read(Unknown Source)
at sun.security.ssl.InputRecord.readFully(Unknown Source)
Connection reset means that the client abnormally closed the connection and then cxf cannot read or write any further data to the stream. Take a look at following answers for more information:java.net.SocketException: Connection reset
I am building a project which uses Gora-hbase as backend .
Hbase is up and running . I am not using maven or ivy .
Also i have specified the following in /conf/gora.properties :
gora.datastore.default=org.apache.gora.hbase.store.HBaseStore
gora.datastore.autocreateschema=true
In my code, i am using the following piece of code to start a datastore :
datastore =
DataStoreFactory.getDataStore(long.class,UserDetails.class,new
Configuration());
I am getting the following exception at the above line :
13/02/04 23:02:26 INFO zookeeper.ClientCnxn: Session establishment complete on server localhost/127.0.0.1:2181, sessionid = 0x13ca8d9ecac000c, negotiated timeout = 40000
org.apache.gora.util.GoraException: java.lang.RuntimeException: java.net.MalformedURLException
at org.apache.gora.store.DataStoreFactory.createDataStore(DataStoreFactory.java:167)
at org.apache.gora.store.DataStoreFactory.getDataStore(DataStoreFactory.java:278)
at com.psl.gora.java.model.TestClass.init(TestClass.java:34)
at com.psl.gora.java.model.TestClass.<init>(TestClass.java:23)
at com.psl.gora.java.model.TestClass.main(TestClass.java:47)
Caused by: java.lang.RuntimeException: java.net.MalformedURLException
at org.apache.gora.hbase.store.HBaseStore.initialize(HBaseStore.java:125)
at org.apache.gora.store.DataStoreFactory.initializeDataStore(DataStoreFactory.java:102)
at org.apache.gora.store.DataStoreFactory.createDataStore(DataStoreFactory.java:161)
... 4 more
Caused by: java.net.MalformedURLException
at java.net.URL.<init>(URL.java:617)
at java.net.URL.<init>(URL.java:480)
at java.net.URL.<init>(URL.java:429)
at org.apache.xerces.impl.XMLEntityManager.setupCurrentEntity(Unknown Source)
at org.apache.xerces.impl.XMLVersionDetector.determineDocVersion(Unknown Source)
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown Source)
at org.apache.xerces.jaxp.SAXParserImpl$JAXPSAXParser.parse(Unknown Source)
at org.jdom.input.SAXBuilder.build(SAXBuilder.java:453)
at org.jdom.input.SAXBuilder.build(SAXBuilder.java:770)
at org.apache.gora.hbase.store.HBaseStore.readMapping(HBaseStore.java:524)
at org.apache.gora.hbase.store.HBaseStore.initialize(HBaseStore.java:111)
... 6 more
Caused by: java.lang.NullPointerException
at java.net.URL.<init>(URL.java:522)
... 19 more
Is there anything I am missing or am not aware of?
Any help or suggestion appreciated.
When this stacktrace is shown, probably is because gora-hbase-mapping.xml is missing.
This question is from months ago, but if other person has the same problem, maybe this would help.
From HBaseStore:524 is being called builder.build(null) and results are like in http://www.eclipse.org/forums/index.php/t/262714/
---- Other possibility ----
Try as key class String.class and check if it works. (Just checking...)
I have a trivial secure socket server-client program.
For the server certificates, I created a keystore using keytool.
When I try to connect to the server by my client I get these exceptions:
In server:
Exception in thread "main" javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
In client:
Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
If my understanding is correct, these exceptions are caused due to the fact, that I am using certificates I created.
My question is the following:
If I set in the enabled cipher suites, both in server and in client, all the *_anon* cipher suites, shouldn't this solved the problem?
I mean If I enable the *_anon_* cipher suites then no authentication would be needed hence no exceptions.
Is this correct?
Because I still get exceptions. I tried having in the enabled cipher suites all the enabled+the _anon ones. No success. I tried setting only the anon ones and got a new exception:
Exception in thread "main" java.lang.IllegalArgumentException: Name must not be null
Could someone please explain why I get these exceptions, with the anon cipher suites?
Note:
If I set on the client the system property javax.net.ssl.trustStore pointing to the keystore I created and being used by my server, the communication is fine!
The program works with no exceptions and the data are send ok, from client to server.
UPDATE:
This is the snippet I use to enable the anon ciphers (I have done this for server and client part):
String[] supported = server.getSupportedCipherSuites();
String[] anonCipherSuitesSupported = new String[supported.length];
int count = 0;
for(int i = 0; i < supported.length; i++)
{
if(supported[i].indexOf("_anon_") > 0)
{
anonCipherSuitesSupported[count++] = supported[i];
}
}
String[] oldEnabled = server.getEnabledCipherSuites();
String[] newEnabled = new String[oldEnabled.length + count];
System.arraycopy(oldEnabled, 0, newEnabled, 0, oldEnabled.length);
System.arraycopy(anonCipherSuitesSupported, 0, newEnabled, oldEnabled.length, count);
server.setEnabledCipherSuites(newEnabled);
The stack trace is on client side:
Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(Unknown Source)
at sun.nio.cs.StreamEncoder.writeBytes(Unknown Source)
at sun.nio.cs.StreamEncoder.implFlushBuffer(Unknown Source)
at sun.nio.cs.StreamEncoder.implFlush(Unknown Source)
at sun.nio.cs.StreamEncoder.flush(Unknown Source)
at java.io.OutputStreamWriter.flush(Unknown Source)
at com.client.SSLClient1.main(SSLClient1.java:58)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
... 14 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
at java.security.cert.CertPathBuilder.build(Unknown Source)
... 20 more
and on server side:
Exception in thread "main" javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.AppInputStream.read(Unknown Source)
at com.sun.net.ssl.internal.ssl.AppInputStream.read(Unknown Source)
at com.server.SecureOrderTaker.main(SecureOrderTaker.java:92)
Now if I simply do:
server.setEnabledCipherSuites(anonCipherSuitesSupported);
So that only the anon cipher suites are enabled I get:
Exception in thread "main" java.lang.IllegalArgumentException: Name must not be null
at com.sun.net.ssl.internal.ssl.CipherSuite.valueOf(Unknown Source)
at com.sun.net.ssl.internal.ssl.CipherSuiteList.<init>(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.setEnabledCipherSuites(Unknown Source)
at com.server.SecureOrderTaker.main(SecureOrderTaker.java:82)
Thank you
You are right, *_anon_* ciphers are used for a complete unauthenticated connection (both server and client are anonymous). With these cipher suites no certificate is required. I wrote a small code to test:
ServerSocketFactory sf = SSLServerSocketFactory.getDefault();
final SSLServerSocket socket = (SSLServerSocket)sf.createServerSocket(443);
System.out.println(Arrays.toString(socket.getSupportedCipherSuites()));
System.out.println(Arrays.toString(socket.getEnabledCipherSuites()));
socket.setEnabledCipherSuites(new String[] {"SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA"});
Thread t = new Thread() {
public void run() {
try {
Socket client = socket.accept();
client.getOutputStream().write("Hello World\n".getBytes("ASCII"));
client.close();
} catch (IOException ioe) {
}
}
};
t.start();
Thread.sleep(2000);
SSLSocket client = (SSLSocket) SSLSocketFactory.getDefault().createSocket("localhost", 443);
client.setEnabledCipherSuites(new String[] {"SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA"});
InputStream in = client.getInputStream();
byte[] data = new byte[1024];
int len = in.read(data);
System.out.println(new String(data, 0, len));
I know that this code is not perfect but I successfully exchange data between the client and the server. Maybe your server or client socket is not well configured. Can you give the full stacktrace you got?
Note that these ciphers are deprecated since there are vulnerable to man-in-the-middle attacks.
UPDATE : I found the issue. The anonCipherSuitesSupported array length is too long. Therefore after adding the *_anon_* the array is ending with a bunch of null values. And the implementation does not seem to accept null in the enabled cipher list.
String[] supported = server.getSupportedCipherSuites();
List<String> list= new ArrayList<String>();
for(int i = 0; i < supported.length; i++)
{
if(supported[i].indexOf("_anon_") > 0)
{
list.add(supported[i]);
}
}
String[] anonCipherSuitesSupported = list.toArray(new String[0]);
You're dealing with certificates created by you, meaning you are the Certification Authority.
Your problem is that in order for both sides to shake hands and communicate, they need to both trust each others' certificates. Trust is established by building the chain from the certificate up to the CA to see if the specific side trusts that CA (some additional steps such as checking whether the certificate hasn't been revoked might be in place as well). Most major CAs are trusted by default in Java. In your case, your custom CA is not.
That means that your server certificate should be in the trust store of your client (as you mentioned, pointing it solves the problem). That, or the CA's certificate (better choice).
Take a look here for general details on SSL/TLS.
If you're dealing with mutual trust then your server should trust the CA that issued your client certificate as well.