General Interests & Hobbies > Java Programming

fkn SSL

Pages: (1/2) >>>

RuneAgent:

I have a java application that I want to implement ssl for

I already installed the certificate

implementation:

--- Code: ---            KeyServer server = new KeyServer(port);
            String STORETYPE = "JKS";
            String KEYSTORE = "keystore";
            String STOREPASSWORD = "thestorepassword";
            String KEYPASSWORD = "thepassword";

            KeyStore ks = KeyStore.getInstance(STORETYPE);
            File kf = new File(KEYSTORE);
            ks.load(new FileInputStream(kf), STOREPASSWORD.toCharArray());

            KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory
                    .getDefaultAlgorithm());
            kmf.init(ks, KEYPASSWORD.toCharArray());
            TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            tmf.init(ks);
            SSLContext sslContext = null;
            sslContext = SSLContext.getInstance("TLS");
            System.out.println(kmf.getAlgorithm());
            sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);

            server.setWebSocketFactory(new DefaultSSLWebSocketServerFactory(sslContext));
            server.start();


--- End code ---



the debug i receive:

--- Code: ---
Using SSLEngineImpl.
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.1
[Raw read]: length = 5
0000: 16 03 01 00 AF                                     .....
[Raw read]: length = 175
0000: 01 00 00 AB 03 03 C5 94   27 48 55 3A 26 CC 19 D9  ........'HU:&...
0010: 66 E4 1E D0 3B F5 FD 52   01 92 99 03 76 AB 47 BA  f...;..R....v.G.
0020: F9 0E 4A B9 44 AF 00 00   28 C0 2B C0 2F 00 9E CC  ..J.D...(.+./...
0030: 14 CC 13 C0 0A C0 09 C0   13 C0 14 C0 07 C0 11 00  ................
0040: 33 00 32 00 39 00 9C 00   2F 00 35 00 0A 00 05 00  3.2.9.../.5.....
0050: 04 01 00 00 5A 00 00 00   14 00 12 00 00 0F 63 72  ....Z.........cr
0060: 79 70 74 6F 73 70 6F 75   74 2E 63 6F 6D FF 01 00  yptospout.com...
0070: 01 00 00 0A 00 08 00 06   00 17 00 18 00 19 00 0B  ................
0080: 00 02 01 00 00 23 00 00   75 50 00 00 00 05 00 05  .....#..uP......
0090: 01 00 00 00 00 00 12 00   00 00 0D 00 12 00 10 04  ................
00A0: 01 05 01 02 01 04 03 05   03 02 03 04 02 02 02     ...............
WebsocketSelector13, READ: TLSv1 Handshake, length = 175
*** ClientHello, TLSv1.2
RandomCookie:  GMT: -996923576 bytes = { 85, 58, 38, 204, 25, 217, 102, 228, 30, 208, 59, 245, 253, 82, 1, 146, 153, 3, 118, 171, 71, 186, 249, 14, 74, 185, 68, 175 }
Session ID:  {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, Unknown 0xcc:0x14, Unknown 0xcc:0x13, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5]
Compression Methods:  { 0 }
Extension server_name, server_name: [host_name: cryptospout.com]
Extension renegotiation_info, renegotiated_connection: <empty>
Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1}
Extension ec_point_formats, formats: [uncompressed]
Unsupported extension type_35, data:
Unsupported extension type_30032, data:
Unsupported extension status_request, data: 01:00:00:00:00
Unsupported extension type_18, data:
Extension signature_algorithms, signature_algorithms: SHA256withRSA, SHA384withRSA, SHA1withRSA, SHA256withECDSA, SHA384withECDSA, SHA1withECDSA, Unknown (hash:0x4, signature:0x2), SHA1withDSA
***
[read] MD5 and SHA1 hashes:  len = 175
0000: 01 00 00 AB 03 03 C5 94   27 48 55 3A 26 CC 19 D9  ........'HU:&...
0010: 66 E4 1E D0 3B F5 FD 52   01 92 99 03 76 AB 47 BA  f...;..R....v.G.
0020: F9 0E 4A B9 44 AF 00 00   28 C0 2B C0 2F 00 9E CC  ..J.D...(.+./...
0030: 14 CC 13 C0 0A C0 09 C0   13 C0 14 C0 07 C0 11 00  ................
0040: 33 00 32 00 39 00 9C 00   2F 00 35 00 0A 00 05 00  3.2.9.../.5.....
0050: 04 01 00 00 5A 00 00 00   14 00 12 00 00 0F 63 72  ....Z.........cr
0060: 79 70 74 6F 73 70 6F 75   74 2E 63 6F 6D FF 01 00  yptospout.com...
0070: 01 00 00 0A 00 08 00 06   00 17 00 18 00 19 00 0B  ................
0080: 00 02 01 00 00 23 00 00   75 50 00 00 00 05 00 05  .....#..uP......
0090: 01 00 00 00 00 00 12 00   00 00 0D 00 12 00 10 04  ................
00A0: 01 05 01 02 01 04 03 05   03 02 03 04 02 02 02     ...............
%% Initialized:  [Session-1, SSL_NULL_WITH_NULL_NULL]
pool-1-thread-1, fatal error: 40: no cipher suites in common
javax.net.ssl.SSLHandshakeException: no cipher suites in common
%% Invalidated:  [Session-1, SSL_NULL_WITH_NULL_NULL]
pool-1-thread-1, SEND TLSv1.2 ALERT:  fatal, description = handshake_failure
pool-1-thread-1, WRITE: TLSv1.2 Alert, length = 2
WebsocketSelector13, fatal: engine already closed.  Rethrowing javax.net.ssl.SSLHandshakeException: no cipher suites in common


--- End code ---

I've searched around on stackoverflow and found: https://stackoverflow.com/questions/15076820/java-sslhandshakeexception-no-cipher-suites-in-common

however my sslcontext is not initiated with null so it does not apply to this error. Anyone have experience with this nightmare?

sini:

bamp

Pure_:

http://www.herongyang.com/JDK/SSL-java-net-ssl-SSLContext-Class-Test.html

TLS    Supports some version of TLS; may support other versions
TLSv1    Supports RFC 2246: TLS version 1.0 ; may support other versions
TLSv1.1    Supports RFC 4346: TLS version 1.1 ; may support other versions
TLSv1.2    Supports RFC 5246: TLS version 1.2 ; may support other versions


tldr 'TLS' is kind of ambiguous I think may be the issue.

RuneAgent:

As usual the issue was due to my inferior female brain trying to do things other than cook or clean.

I was creating the CSR in openssl and then importing the certs into the keystore.


This is not how you do things in the java universe, you MUST create the CSR with the keytool on the machine you plan to use the cert, you then import the certificates into the keystore that the keytool generates when creating the csr. Be sure to use the same alias you use when creating the csr for importing the sites ssl certificate.

t4:

should have used gnutls ;)

Pages: (1/2) >>>

Go to full version