Home.... | log in.... | Pub my question! | Sign-up....
Java-index >> Security >> Java Secure Socket Extension (JSSE)

Hello Message failure...

Hello everyone.

I'm experiencing a strange thing...

First, i'm running JDK 1.5.0_05.

I'm trying to access a webservice trough SSL (with Client authentication) using Axis 1.3.0.

The remote call works just fine when I run it from my PC,

but fails with the above code when running on a production Unix...

(this trace is obtained by setting javax.net.debug to "all")

...

[write] MD5 and SHA1 hashes: len = 73

0000: 01 00 00 45 03 01 45 C8B0 4C C5 84 70 EA A7 9C ...E..E..L..p...

0010: 02 82 E3 B5 55 6F A6 36DA A7 50 3A 6D 96 73 51 ....Uo.6..P:m.sQ

0020: FE 88 EE 49 F8 E3 00 001E 00 04 00 05 00 2F 00 ...I........../.

0030: 33 00 32 00 0A 00 16 0013 00 09 00 15 00 12 00 3.2.............

0040: 03 00 08 00 14 00 11 0100.........

http26060-Processor4, WRITE: TLSv1 Handshake, length = 73

[write] MD5 and SHA1 hashes: len = 98

0000: 01 03 01 00 39 00 00 0020 00 00 04 01 00 80 00 ....9... .......

0010: 00 05 00 00 2F 00 00 3300 00 32 00 00 0A 07 00 ..../..3..2.....

0020: C0 00 00 16 00 00 13 0000 09 06 00 40 00 00 15 ............@...

0030: 00 00 12 00 00 03 02 0080 00 00 08 00 00 14 00 ................

0040: 00 11 45 C8 B0 4C C5 8470 EA A7 9C 02 82 E3 B5 ..E..L..p.......

0050: 55 6F A6 36 DA A7 50 3A6D 96 73 51 FE 88 EE 49 Uo.6..P:m.sQ...I

0060: F8 E3 ..

http26060-Processor4, WRITE: SSLv2 client hello message, length = 98

http26060-Processor4, handling exception: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?

http26060-Processor4, SEND TLSv1 ALERT: fatal, description = unexpected_message

http26060-Processor4, WRITE: TLSv1 Alert, length = 2

Exception sending alert: java.net.SocketException: Broken pipe

http26060-Processor4, called closeSocket()

2007-02-06 17:43:56,845 [http26060-Processor4] DEBUG org.apache.axis.transport.http.HTTPSender - javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?

AxisFault

faultCode:{http://schemas.xmlsoap.org/soap/envelope/}Server.userException

faultSubcode:

faultString: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?

faultActor:

faultNode:

faultDetail:

{http://xml.apache.org/axis/}stackTrace:javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?

at com.sun.net.ssl.internal.ssl.InputRecord.b(DashoA6275)

...

Well, it seems to me that the handshake went well. So there is no problem with the server and/or client certificates...

I also feel that the problem is not due to Axis at all.

I'm quite lost on this, and it's rather urgent for me to solve this issue.

Any help is most welcome.

Thx in advance.

Message was edited by:

FatCat

[2993 byte] By [FatCata] at [2007-11-26 17:38:57]
«« AccountLocked Attribute
»» Change my page face
# 1

You got:

> http26060-Processor4, WRITE: SSLv2 client hello message, length = 98

> http26060-Processor4, handling exception: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?

You wrote:

> Well, it seems to me that the handshake went well.

Not to me! It failed at the first incoming reply to the first Hello message.

> So there is no problem with the server and/or client

certificates...

You haven't got anywhere near that yet.

Are you sure it isn't a plaintext connection as the exception is suggesting to you?

ejpa at 2007-7-9 0:07:07 > top of Java-index,Security,Java Secure Socket Extension (JSSE)...
# 2

Hello ejp and thanks for your reply.

Indeed, the handshake failed, as I found after further seeking into the SSL details...

What is not clear to me is : When does the cipher negociation take place ? It seems to me that it should be done before sending client hello message... Nothing in the trace I have details this step...

Nevertheless, the exact same code with the same certificates and same proxy settings succeeds on another machine.

Hence, I am sure that proxy settings and certificates are OK.

By other means, I am sure too that the proxy can be joined from the incrimated machine. I double checked the JRE seeking jsse.jar, and jce.jar versions, all seems the same between both machines...

Anyway, thanks for the enlightment.

FatCata at 2007-7-9 0:07:07 > top of Java-index,Security,Java Secure Socket Extension (JSSE)...
# 3

The ClientHello message is the first message sent in the handshake. It contains the cipher suites the client is prepared to use. The server's ServerHello response contains the cipher suites the server is prepared to use.

Cipher suite negotiation can obviously only happen after both sides have this information about each other.

The problem isn't with your client or its certificates. Your client is speaking SSL, and the certificates haven't come into play yet.

It is apparently that you are connecting to a plaintext server in the failure case, or at least to a server that isn't speaking SSL. Just as the exception suggests.

ejpa at 2007-7-9 0:07:07 > top of Java-index,Security,Java Secure Socket Extension (JSSE)...
# 4

Thanks for the details, It's very helpful.

At the end, I solved my problem... The proxy settings are not the same

from one machine to another, from my development machine, I am

expected to ask the 8080 proxy port for connexion, while on my

Unix machin, the port should be 80...

After having make this chaneg, everything works fine.

Thanks for your help, at least I learned a bit of SSL

FatCata at 2007-7-9 0:07:07 > top of Java-index,Security,Java Secure Socket Extension (JSSE)...
Security
Java Secure Socket Extension (JSSE)

Security New Topic

Security Hot Topic

Security

All Classified