Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Two Way SSL with Sun JSSE [urgent]

4 views
Skip to first unread message

Deepak Nayal

unread,
Oct 20, 2003, 1:53:45 AM10/20/03
to
Hi All,

I have written the following JAVA program for two way SSL, using Sun JSSE.
/*************************/
/**
* @author Deepak Nayal
* Created on Oct 19, 2003 11:37:10 AM
*/

import java.io.*;
import java.security.*;
import java.security.cert.*;
import javax.net.ssl.*;
import com.sun.net.ssl.*;
import com.sun.net.ssl.internal.ssl.Provider;

public class SSLClient {

public static void main(String[] args) throws Exception{

final String KEYSTORE = "G:/Personal/Java/SSL/mystore";
final String KEYSTOREPASS = "mystore";
final String HOST = "localhost";
final int PORT = 7002;
final String cmd = "GET /test.jsp HTTP/1.0\r\n\r\n";
Security.addProvider(new Provider());

KeyStore ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream(KEYSTORE),KEYSTOREPASS.toCharArray());
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks,KEYSTOREPASS.toCharArray());
SSLContext sslctx = SSLContext.getInstance("SSLv3");
sslctx.init(kmf.getKeyManagers(),null,null);

SSLSocketFactory sockFactory =
(SSLSocketFactory)sslctx.getSocketFactory();
SSLSocket sock = (SSLSocket)sockFactory.createSocket(HOST,PORT);
OutputStream out = sock.getOutputStream();
out.write(cmd.getBytes());
out.flush();

BufferedReader read = new BufferedReader(new
InputStreamReader(sock.getInputStream()));

String line=null;
while((line=read.readLine()) != null)
System.out.println(line);
}
}
/*************************/

But whenever I run this example, I am getting the following error :-

/*************************/
Exception in thread "main" javax.net.ssl.SSLException: Received fatal
alert: handshake_failure (no cipher suites in common)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at om.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
at java.io.OutputStream.write(OutputStream.java:56)
at SSLClient.main(SSLClient.java:36)
/*************************/

This seems to be more of a SSL issue, but when I use Weblogic(Certicom)
JSSE, two way SSl works fine with the same KeyStore. I have not explored
much of Sun JSSE. Can anybody please let me know if I am doing something
wrong in my code. :-(

Any pointers in this direction will be highly appreciated.
Thanks in Advance.
Deepak Nayal


Deepak Nayal

unread,
Oct 20, 2003, 8:27:12 PM10/20/03
to

Has nobody ever configured two-way SSL using Sun JSSE ?
I posted a message earlier also regarding a two-way SSL
issue and nobody answered. :-(

This realy is very discouraging.

EJP

unread,
Oct 21, 2003, 5:00:35 AM10/21/03
to
How do you expect to read a line if you never write a line terminator?

soft-eng

unread,
Oct 21, 2003, 10:38:15 AM10/21/03
to
There are some working examples on Sun site. You
should start with that. If you started with
weblogic working examples, you might have
the wrong SSL technology-set specified. For
instance, where did you get "SSLv3", and did
you check if it's supported?

Deepak Nayal <deepa...@indiatimes.com> wrote in message news:<bn1ugs$s3kij$1...@ID-191020.news.uni-berlin.de>...

Deepak Nayal

unread,
Oct 21, 2003, 5:44:31 PM10/21/03
to

Hi soft-eng,

Thanks for getting back at it(At least someone has).
I refered to this link for my SSL program :-
http://developer.java.sun.com/developer/technicalArticles/Security/secureinternet/

Following is a snippet from it.
/**************************/


KeyStore ks = KeyStore.getInstance("JKS");

ks.load(new FileInputStream(keystore), keystorepass);


KeyManagerFactory kmf =
KeyManagerFactory.getInstance("SunX509");

kmf.init(ks, keypassword);
SSLContext sslcontext =
SSLContext.getInstance("SSLv3");
sslcontext.init(kmf.getKeyManagers(), null, null);
ServerSocketFactory ssf =
sslcontext.getServerSocketFactory();
SSLServerSocket serversocket = (SSLServerSocket)
ssf.createServerSocket(HTTPS_PORT);
return serversocket;
/**************************/

Do you think this implementation is wrong? I have searched a lot on the
NET and this link is the closed I got to an example for two-way SSL.
Others were vendor specific, like Pramati, Weblogic, Borland etc.

Could you please point me to a two-way SSL example, using Sun JSSE.

Thanks again for your effort.
:-)

Pankaj Kumar

unread,
Oct 21, 2003, 6:12:27 PM10/21/03
to
Hello Deepak,

In most likelyhood, you have a certificate signing algorithm mismatch
(RSA vs. DSA) between the client and server. Refer to
http://www.j2ee-security.net/phpBB2/viewtopic.php?t=9 for discussion
around a similar problem.

Pankaj Kumar
http://www.j2ee-security.net

soft-eng

unread,
Oct 22, 2003, 9:45:14 AM10/22/03
to
Deepak Nayal <deepa...@indiatimes.com> wrote in message news:<bn49bo$togtm$1...@ID-191020.news.uni-berlin.de>...

> Hi soft-eng,
>
> Thanks for getting back at it(At least someone has).
> I refered to this link for my SSL program :-
> http://developer.java.sun.com/developer/technicalArticles/Security/secureinternet/
>
> Following is a snippet from it.
> /**************************/
> KeyStore ks = KeyStore.getInstance("JKS");
> ks.load(new FileInputStream(keystore), keystorepass);
> KeyManagerFactory kmf =
> KeyManagerFactory.getInstance("SunX509");
> kmf.init(ks, keypassword);
> SSLContext sslcontext =
> SSLContext.getInstance("SSLv3");
> sslcontext.init(kmf.getKeyManagers(), null, null);
> ServerSocketFactory ssf =
> sslcontext.getServerSocketFactory();
> SSLServerSocket serversocket = (SSLServerSocket)
> ssf.createServerSocket(HTTPS_PORT);
> return serversocket;
> /**************************/

Where are you getting all of this? I see at this URL (in Code
Sample 2), just:

SocketFactory factory = SSLSocketFactory.getDefault();
Socket s = factory.createSocket(hostname, HTTPS_PORT);

And the rest of the code is doing exactly what you seem
to want to be doing -- writing a "GET" to the port and
reading a page back.

Can you make the Code Sample 2 work as is? If it works,
and stops working when you add some of your own key-management,
that would be the point to start looking for the problem.

Also, I am not sure what's your concern about "two way".
All network connections are two way. And since many
SSL implementations exist, the development task
is an easy one -- step 1 is to get a client to work
and test it with some standard SSL website, step 2 is
to get a server to work and test with some standard browser, step 3
is to get your client and server to talk to
each other, and there you have a 2-way connection.
And if you want at that time, you can then abandon
HTTP and start your own communication protocols.

Deepak Nayal

unread,
Oct 22, 2003, 6:35:11 PM10/22/03
to

---------------------------------------------------------
The one that I am using is given at Code Sample 2.
---------------------------------------------------------

>
> Can you make the Code Sample 2 work as is? If it works,
> and stops working when you add some of your own key-management,
> that would be the point to start looking for the problem.

---------------------------------------------------------
Didn't quite get that.

Do you think the Code Sample 2 will not work.
---------------------------------------------------------

0 new messages