Two Way SSL with Sun JSSE [urgent]

[Deepak Nayal]

Hi All,

I have written the following JAVA program for two way SSL, using Sun JSSE.
/*************************/
/**
* @author Deepak Nayal
* Created on Oct 19, 2003 11:37:10 AM
*/

import java.io.*;
import java.security.*;
import java.security.cert.*;
import javax.net.ssl.*;
import com.sun.net.ssl.*;
import com.sun.net.ssl.internal.ssl.Provider;

public class SSLClient {

public static void main(String[] args) throws Exception{

final String KEYSTORE = "G:/Personal/Java/SSL/mystore";
final String KEYSTOREPASS = "mystore";
final String HOST = "localhost";
final int PORT = 7002;
final String cmd = "GET /test.jsp HTTP/1.0\r\n\r\n";
Security.addProvider(new Provider());

KeyStore ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream(KEYSTORE),KEYSTOREPASS.toCharArray());
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks,KEYSTOREPASS.toCharArray());
SSLContext sslctx = SSLContext.getInstance("SSLv3");
sslctx.init(kmf.getKeyManagers(),null,null);

SSLSocketFactory sockFactory =
(SSLSocketFactory)sslctx.getSocketFactory();
SSLSocket sock = (SSLSocket)sockFactory.createSocket(HOST,PORT);
OutputStream out = sock.getOutputStream();
out.write(cmd.getBytes());
out.flush();

BufferedReader read = new BufferedReader(new
InputStreamReader(sock.getInputStream()));

String line=null;
while((line=read.readLine()) != null)
System.out.println(line);
}
}
/*************************/

But whenever I run this example, I am getting the following error :-

/*************************/
Exception in thread "main" javax.net.ssl.SSLException: Received fatal
alert: handshake_failure (no cipher suites in common)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at om.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
at java.iutputStream.write(OutputStream.java:56)
at SSLClient.main(SSLClient.java:36)
/*************************/

This seems to be more of a SSL issue, but when I use Weblogic(Certicom)
JSSE, two way SSl works fine with the same KeyStore. I have not explored
much of Sun JSSE. Can anybody please let me know if I am doing something
wrong in my code. :-(

Any pointers in this direction will be highly appreciated.
Thanks in Advance.
Deepak Nayal

 

[Deepak Nayal]

Has nobody ever configured two-way SSL using Sun JSSE ?
I posted a message earlier also regarding a two-way SSL
issue and nobody answered. :-(

This realy is very discouraging.

 

[EJP]

How do you expect to read a line if you never write a line terminator?

Has nobody ever configured two-way SSL using Sun JSSE ?
I posted a message earlier also regarding a two-way SSL
issue and nobody answered. :-(

This realy is very discouraging.

Hi All,

I have written the following JAVA program for two way SSL, using Sun JSSE.
/*************************/
/**
* @author Deepak Nayal
* Created on Oct 19, 2003 11:37:10 AM
*/

import java.io.*;
import java.security.*;
import java.security.cert.*;
import javax.net.ssl.*;
import com.sun.net.ssl.*;
import com.sun.net.ssl.internal.ssl.Provider;

public class SSLClient {

public static void main(String[] args) throws Exception{

final String KEYSTORE = "G:/Personal/Java/SSL/mystore";
final String KEYSTOREPASS = "mystore";
final String HOST = "localhost";
final int PORT = 7002;
final String cmd = "GET /test.jsp HTTP/1.0\r\n\r\n";
Security.addProvider(new Provider());

KeyStore ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream(KEYSTORE),KEYSTOREPASS.toCharArray());
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks,KEYSTOREPASS.toCharArray());
SSLContext sslctx = SSLContext.getInstance("SSLv3");
sslctx.init(kmf.getKeyManagers(),null,null);

SSLSocketFactory sockFactory =
(SSLSocketFactory)sslctx.getSocketFactory();
SSLSocket sock = (SSLSocket)sockFactory.createSocket(HOST,PORT);
OutputStream out = sock.getOutputStream();
out.write(cmd.getBytes());
out.flush();

BufferedReader read = new BufferedReader(new
InputStreamReader(sock.getInputStream()));

String line=null;
while((line=read.readLine()) != null)
System.out.println(line);
}
}
/*************************/

But whenever I run this example, I am getting the following error :-

/*************************/
Exception in thread "main" javax.net.ssl.SSLException: Received fatal
alert: handshake_failure (no cipher suites in common)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at om.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
at java.iutputStream.write(OutputStream.java:56)
at SSLClient.main(SSLClient.java:36)
/*************************/

This seems to be more of a SSL issue, but when I use Weblogic(Certicom)
JSSE, two way SSl works fine with the same KeyStore. I have not explored
much of Sun JSSE. Can anybody please let me know if I am doing something
wrong in my code. :-(

Any pointers in this direction will be highly appreciated.
Thanks in Advance.
Deepak Nayal

 

[soft-eng]

There are some working examples on Sun site. You
should start with that. If you started with
weblogic working examples, you might have
the wrong SSL technology-set specified. For
instance, where did you get "SSLv3", and did
you check if it's supported?

Has nobody ever configured two-way SSL using Sun JSSE ?
I posted a message earlier also regarding a two-way SSL
issue and nobody answered. :-(

This realy is very discouraging.

Hi All,

I have written the following JAVA program for two way SSL, using Sun JSSE.
/*************************/
/**
* @author Deepak Nayal
* Created on Oct 19, 2003 11:37:10 AM
*/

import java.io.*;
import java.security.*;
import java.security.cert.*;
import javax.net.ssl.*;
import com.sun.net.ssl.*;
import com.sun.net.ssl.internal.ssl.Provider;

public class SSLClient {

public static void main(String[] args) throws Exception{

final String KEYSTORE = "G:/Personal/Java/SSL/mystore";
final String KEYSTOREPASS = "mystore";
final String HOST = "localhost";
final int PORT = 7002;
final String cmd = "GET /test.jsp HTTP/1.0\r\n\r\n";
Security.addProvider(new Provider());

KeyStore ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream(KEYSTORE),KEYSTOREPASS.toCharArray());
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks,KEYSTOREPASS.toCharArray());
SSLContext sslctx = SSLContext.getInstance("SSLv3");
sslctx.init(kmf.getKeyManagers(),null,null);

SSLSocketFactory sockFactory =
(SSLSocketFactory)sslctx.getSocketFactory();
SSLSocket sock = (SSLSocket)sockFactory.createSocket(HOST,PORT);
OutputStream out = sock.getOutputStream();
out.write(cmd.getBytes());
out.flush();

BufferedReader read = new BufferedReader(new
InputStreamReader(sock.getInputStream()));

String line=null;
while((line=read.readLine()) != null)
System.out.println(line);
}
}
/*************************/

But whenever I run this example, I am getting the following error :-

/*************************/
Exception in thread "main" javax.net.ssl.SSLException: Received fatal
alert: handshake_failure (no cipher suites in common)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at om.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
at java.iutputStream.write(OutputStream.java:56)
at SSLClient.main(SSLClient.java:36)
/*************************/

This seems to be more of a SSL issue, but when I use Weblogic(Certicom)
JSSE, two way SSl works fine with the same KeyStore. I have not explored
much of Sun JSSE. Can anybody please let me know if I am doing something
wrong in my code. :-(

Any pointers in this direction will be highly appreciated.
Thanks in Advance.
Deepak Nayal

 

[Deepak Nayal]

Hi soft-eng,

Thanks for getting back at it(At least someone has).
I refered to this link for my SSL program :-
http://developer.java.sun.com/developer/technicalArticles/Security/secureinternet/

Following is a snippet from it.
/**************************/
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream(keystore), keystorepass);
KeyManagerFactory kmf =
KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, keypassword);
SSLContext sslcontext =
SSLContext.getInstance("SSLv3");
sslcontext.init(kmf.getKeyManagers(), null, null);
ServerSocketFactory ssf =
sslcontext.getServerSocketFactory();
SSLServerSocket serversocket = (SSLServerSocket)
ssf.createServerSocket(HTTPS_PORT);
return serversocket;
/**************************/

Do you think this implementation is wrong? I have searched a lot on the
NET and this link is the closed I got to an example for two-way SSL.
Others were vendor specific, like Pramati, Weblogic, Borland etc.

Could you please point me to a two-way SSL example, using Sun JSSE.

Thanks again for your effort.

There are some working examples on Sun site. You
should start with that. If you started with
weblogic working examples, you might have
the wrong SSL technology-set specified. For
instance, where did you get "SSLv3", and did
you check if it's supported?

Has nobody ever configured two-way SSL using Sun JSSE ?
I posted a message earlier also regarding a two-way SSL
issue and nobody answered. :-(

This realy is very discouraging.

Hi All,

I have written the following JAVA program for two way SSL, using Sun JSSE.
/*************************/
/**
* @author Deepak Nayal
* Created on Oct 19, 2003 11:37:10 AM
*/

import java.io.*;
import java.security.*;
import java.security.cert.*;
import javax.net.ssl.*;
import com.sun.net.ssl.*;
import com.sun.net.ssl.internal.ssl.Provider;

public class SSLClient {

public static void main(String[] args) throws Exception{

final String KEYSTORE = "G:/Personal/Java/SSL/mystore";
final String KEYSTOREPASS = "mystore";
final String HOST = "localhost";
final int PORT = 7002;
final String cmd = "GET /test.jsp HTTP/1.0\r\n\r\n";
Security.addProvider(new Provider());

KeyStore ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream(KEYSTORE),KEYSTOREPASS.toCharArray());
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks,KEYSTOREPASS.toCharArray());
SSLContext sslctx = SSLContext.getInstance("SSLv3");
sslctx.init(kmf.getKeyManagers(),null,null);

SSLSocketFactory sockFactory =
(SSLSocketFactory)sslctx.getSocketFactory();
SSLSocket sock = (SSLSocket)sockFactory.createSocket(HOST,PORT);
OutputStream out = sock.getOutputStream();
out.write(cmd.getBytes());
out.flush();

BufferedReader read = new BufferedReader(new
InputStreamReader(sock.getInputStream()));

String line=null;
while((line=read.readLine()) != null)
System.out.println(line);
}
}
/*************************/

But whenever I run this example, I am getting the following error :-

/*************************/
Exception in thread "main" javax.net.ssl.SSLException: Received fatal
alert: handshake_failure (no cipher suites in common)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at om.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
at java.iutputStream.write(OutputStream.java:56)
at SSLClient.main(SSLClient.java:36)
/*************************/

This seems to be more of a SSL issue, but when I use Weblogic(Certicom)
JSSE, two way SSl works fine with the same KeyStore. I have not explored
much of Sun JSSE. Can anybody please let me know if I am doing something
wrong in my code. :-(

Any pointers in this direction will be highly appreciated.
Thanks in Advance.
Deepak Nayal

 

[Pankaj Kumar]

Hello Deepak,

In most likelyhood, you have a certificate signing algorithm mismatch
(RSA vs. DSA) between the client and server. Refer to
http://www.j2ee-security.net/phpBB2/viewtopic.php?t=9 for discussion
around a similar problem.

Pankaj Kumar
http://www.j2ee-security.net

 

[soft-eng]

Hi soft-eng,

Thanks for getting back at it(At least someone has).
I refered to this link for my SSL program :-
http://developer.java.sun.com/developer/technicalArticles/Security/secureinternet/

Following is a snippet from it.
/**************************/
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream(keystore), keystorepass);
KeyManagerFactory kmf =
KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, keypassword);
SSLContext sslcontext =
SSLContext.getInstance("SSLv3");
sslcontext.init(kmf.getKeyManagers(), null, null);
ServerSocketFactory ssf =
sslcontext.getServerSocketFactory();
SSLServerSocket serversocket = (SSLServerSocket)
ssf.createServerSocket(HTTPS_PORT);
return serversocket;
/**************************/

Where are you getting all of this? I see at this URL (in Code
Sample 2), just:

SocketFactory factory = SSLSocketFactory.getDefault();
Socket s = factory.createSocket(hostname, HTTPS_PORT);

And the rest of the code is doing exactly what you seem
to want to be doing -- writing a "GET" to the port and
reading a page back.

Can you make the Code Sample 2 work as is? If it works,
and stops working when you add some of your own key-management,
that would be the point to start looking for the problem.

Also, I am not sure what's your concern about "two way".
All network connections are two way. And since many
SSL implementations exist, the development task
is an easy one -- step 1 is to get a client to work
and test it with some standard SSL website, step 2 is
to get a server to work and test with some standard browser, step 3
is to get your client and server to talk to
each other, and there you have a 2-way connection.
And if you want at that time, you can then abandon
HTTP and start your own communication protocols.

 

[Deepak Nayal]

Where are you getting all of this? I see at this URL (in Code
Sample 2), just:

SocketFactory factory = SSLSocketFactory.getDefault();
Socket s = factory.createSocket(hostname, HTTPS_PORT);

And the rest of the code is doing exactly what you seem
to want to be doing -- writing a "GET" to the port and
reading a page back.