Announcement Announcement Module
Collapse
No announcement yet.
RMI SLL handshake_failure Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • RMI SLL handshake_failure

    I have simple spring client and server apps that use RMI and everything works as expected. (currently run on the same machine) Now I want to use SSL. From what I've been able to glean from various sources I have added the follow to the respective configuration files:

    Client:

    ...
    <bean id="TrustServer"
    class="org.springframework.remoting.rmi.RmiProxyFa ctoryBean"
    scope="prototype" >
    <property name="registryClientSocketFactory">
    <bean class="javax.rmi.ssl.SslRMIClientSocketFactory" />
    </property>

    <property name="serviceUrl" value="rmi://localhost:19999/TrustMediatorService"/>
    <property name="serviceInterface" value="com.co.trust.server.model.ITrustServer"></property>
    </bean>
    ...

    Server:

    ...
    <bean id="trustService" class="org.springframework.remoting.rmi.RmiService Exporter">
    <property name="serverSocketFactory">
    <bean class="javax.rmi.ssl.SslRMIServerSocketFactory" />
    </property>
    <property name="registryServerSocketFactory">
    <bean class="javax.rmi.ssl.SslRMIServerSocketFactory" />
    </property>
    <property name="clientSocketFactory">
    <bean class="javax.rmi.ssl.SslRMIClientSocketFactory" />
    </property>
    <property name="registryClientSocketFactory">
    <bean class="javax.rmi.ssl.SslRMIClientSocketFactory" />
    </property>

    <property name="service" ref="TrustServerImpl"/>
    <property name="serviceName" value="TrustMediatorService"/>
    <property name="serviceInterface" value="com.co.trust.server.model.ITrustServer"/>
    <property name="registryPort" value="19999"/>
    </bean>
    ...

    Unfortunately I'm getting the following exception:

    Error: Unable to connect to remote certificate authority : Error creating bean with name 'TrustServer' defined in class path resource [trustclient.xml]: Invocation of init method failed; nested exception is org.springframework.remoting.RemoteLookupFailureEx ception: Lookup of RMI stub failed; nested exception is java.rmi.ConnectIOException: error during JRMP connection establishment; nested exception is:
    javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

    Running with javax.net.debug=all on the server I noticed this:

    RMI TCP Connection(1)-127.0.0.1, SEND TLSv1 ALERT: fatal, description = handshake_failure
    RMI TCP Connection(1)-127.0.0.1, WRITE: TLSv1 Alert, length = 2
    [Raw write]: length = 7
    0000: 15 03 01 00 02 02 28 ......(
    RMI TCP Connection(1)-127.0.0.1, called closeSocket()
    RMI TCP Connection(1)-127.0.0.1, handling exception: javax.net.ssl.SSLHandshakeException: no cipher suites in common
    RMI TCP Connection(1)-127.0.0.1, called close()
    RMI TCP Connection(1)-127.0.0.1, called closeInternal(true)
    Finalizer, called close()
    Finalizer, called closeInternal(true)


    I must be missing something else. Some property somewhere. Something. I'm stuck as to what to do or try next. Can anyone point me in the right direction? Suggestions? Thanks in advance,

    Bill

  • #2
    Added javax.net.ssl properties

    I been reading up again on SSL. I've added the following two properties when launching both the client and the server.

    -Djavax.net.ssl.keyStore=/App/keys/keystore -Djavax.net.ssl.keyStorePassword=changeit

    They are using the same keystore with the same contents. From the javax.net.ssl debug output it looks like the ssl handshake is getting farther as I'm seeing the debug output both "ClientHello" and "ServerHello" when previously I was only seeing "ServerHello". Unfortunately, I'm now getting a different SSLHandshakeException, certificate_unknown. Huh? The keystore contents are exactly the same. A device certificate and the signing authority's certificate. It is the exact same keystore used for SSL with separate Java Spaces apps we created. No problems there.

    Stumped but not beaten. Thanks in advance for any help or suggestions.

    Bill

    Comment


    • #3
      Resolved

      Well I've resolved my issue and I have RMI running over SSL.

      Here is how:

      Ran both the client and server with the following properties:

      -Djavax.net.ssl.trustStore=keystore
      -Djavax.net.ssl.keyStore=keystore
      -Djavax.net.ssl.keyStorePassword=password

      Server spring configuration file:

      <bean id="trustService" class="org.springframework.remoting.rmi.RmiService Exporter">
      <property name="serverSocketFactory">
      <bean class="javax.rmi.ssl.SslRMIServerSocketFactory" />
      </property>
      <property name="registryServerSocketFactory">
      <bean class="javax.rmi.ssl.SslRMIServerSocketFactory" />
      </property>
      <property name="clientSocketFactory">
      <bean class="javax.rmi.ssl.SslRMIClientSocketFactory" />
      </property>
      <property name="registryClientSocketFactory">
      <bean class="javax.rmi.ssl.SslRMIClientSocketFactory" />
      </property>
      <property name="service" ref="TrustServerImpl"/>
      <property name="serviceName" value="TrustMediatorService"/>
      <property name="serviceInterface" value="com.co.trust.server.model.ITrustServer"/>
      <property name="registryPort" value="19999"/>
      </bean>

      Client spring configuration file:

      <bean id="TrustServer"
      class="org.springframework.remoting.rmi.RmiProxyFa ctoryBean"
      scope="prototype" >
      <property name="registryClientSocketFactory">
      <bean class="javax.rmi.ssl.SslRMIClientSocketFactory" />
      </property>
      <property name="serviceUrl" value="rmi://localhost:19999/TrustMediatorService"/>
      <property name="serviceInterface" value="com.co.trust.server.model.ITrustServer"></property>
      </bean>

      I don't know if this is the correct method to get RMI over SSL, but it is working.

      I hope this will help others when experiencing RMI of SSL problems.

      Bill

      Comment

      Working...
      X