I have written the following JAVA program for two way SSL, using Sun JSSE.
/*************************/
/**
* @author Deepak Nayal
* Created on Oct 19, 2003 11:37:10 AM
*/
import java.io.*;
import java.security.*;
import java.security.cert.*;
import javax.net.ssl.*;
import com.sun.net.ssl.*;
import com.sun.net.ssl.internal.ssl.Provider;
public class SSLClient {
public static void main(String[] args) throws Exception{
final String KEYSTORE = "G:/Personal/Java/SSL/mystore";
final String KEYSTOREPASS = "mystore";
final String HOST = "localhost";
final int PORT = 7002;
final String cmd = "GET /test.jsp HTTP/1.0\r\n\r\n";
Security.addProvider(new Provider());
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream(KEYSTORE),KEYSTOREPASS.toCharArray());
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks,KEYSTOREPASS.toCharArray());
SSLContext sslctx = SSLContext.getInstance("SSLv3");
sslctx.init(kmf.getKeyManagers(),null,null);
SSLSocketFactory sockFactory =
(SSLSocketFactory)sslctx.getSocketFactory();
SSLSocket sock = (SSLSocket)sockFactory.createSocket(HOST,PORT);
OutputStream out = sock.getOutputStream();
out.write(cmd.getBytes());
out.flush();
BufferedReader read = new BufferedReader(new
InputStreamReader(sock.getInputStream()));
String line=null;
while((line=read.readLine()) != null)
System.out.println(line);
}
}
/*************************/
But whenever I run this example, I am getting the following error :-
/*************************/
Exception in thread "main" javax.net.ssl.SSLException: Received fatal
alert: handshake_failure (no cipher suites in common)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at om.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
at java.io.OutputStream.write(OutputStream.java:56)
at SSLClient.main(SSLClient.java:36)
/*************************/
This seems to be more of a SSL issue, but when I use Weblogic(Certicom)
JSSE, two way SSl works fine with the same KeyStore. I have not explored
much of Sun JSSE. Can anybody please let me know if I am doing something
wrong in my code. :-(
Any pointers in this direction will be highly appreciated.
Thanks in Advance.
Deepak Nayal
This realy is very discouraging.
Deepak Nayal <deepa...@indiatimes.com> wrote in message news:<bn1ugs$s3kij$1...@ID-191020.news.uni-berlin.de>...
Thanks for getting back at it(At least someone has).
I refered to this link for my SSL program :-
http://developer.java.sun.com/developer/technicalArticles/Security/secureinternet/
Following is a snippet from it.
/**************************/
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream(keystore), keystorepass);
KeyManagerFactory kmf =
KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, keypassword);
SSLContext sslcontext =
SSLContext.getInstance("SSLv3");
sslcontext.init(kmf.getKeyManagers(), null, null);
ServerSocketFactory ssf =
sslcontext.getServerSocketFactory();
SSLServerSocket serversocket = (SSLServerSocket)
ssf.createServerSocket(HTTPS_PORT);
return serversocket;
/**************************/
Do you think this implementation is wrong? I have searched a lot on the
NET and this link is the closed I got to an example for two-way SSL.
Others were vendor specific, like Pramati, Weblogic, Borland etc.
Could you please point me to a two-way SSL example, using Sun JSSE.
Thanks again for your effort.
:-)
In most likelyhood, you have a certificate signing algorithm mismatch
(RSA vs. DSA) between the client and server. Refer to
http://www.j2ee-security.net/phpBB2/viewtopic.php?t=9 for discussion
around a similar problem.
Pankaj Kumar
http://www.j2ee-security.net
Where are you getting all of this? I see at this URL (in Code
Sample 2), just:
SocketFactory factory = SSLSocketFactory.getDefault();
Socket s = factory.createSocket(hostname, HTTPS_PORT);
And the rest of the code is doing exactly what you seem
to want to be doing -- writing a "GET" to the port and
reading a page back.
Can you make the Code Sample 2 work as is? If it works,
and stops working when you add some of your own key-management,
that would be the point to start looking for the problem.
Also, I am not sure what's your concern about "two way".
All network connections are two way. And since many
SSL implementations exist, the development task
is an easy one -- step 1 is to get a client to work
and test it with some standard SSL website, step 2 is
to get a server to work and test with some standard browser, step 3
is to get your client and server to talk to
each other, and there you have a 2-way connection.
And if you want at that time, you can then abandon
HTTP and start your own communication protocols.
---------------------------------------------------------
The one that I am using is given at Code Sample 2.
---------------------------------------------------------
>
> Can you make the Code Sample 2 work as is? If it works,
> and stops working when you add some of your own key-management,
> that would be the point to start looking for the problem.
---------------------------------------------------------
Didn't quite get that.
Do you think the Code Sample 2 will not work.
---------------------------------------------------------