SOLVED: Re: SSL Client support
jasons2645
jstevens at pillardata.com
Tue Jun 2 19:19:43 EDT 2009
I am running into the 'Unsupported record version' as well, but I'm not
seeing where I am enabling TLS in my code. What change did you have to make
to not use TLS?
Thanks!
César Fernando Henriques wrote:
>
> It's done guys, some mistake I have been passing startTLS = true to
> SSLHandler.
>
> Thanks anyway!
>
> cesar
>
> 2009/5/31 César Fernando Henriques <cesar at alttab.com.ar>:
>> Hi guys, I have attached the server output, with ssl verbose.
>>
>> Any help will be really appreciated!
>>
>> One thing I'm seeing is that when I connect to the server from Firefox
>> the handshake negotiate to use TLS_DHE_RSA_WITH_AES_128_CBC_SHA
>> cyphersuite and using netty client the server show
>> SSL_RSA_WITH_RC4_128_MD5 cypher. I don't know, maybe it helps.
>>
>> thanks!
>> Cesar.-
>>
>>
>> 2009/5/31 César Fernando Henriques <cesar at alttab.com.ar>:
>>> Sorry guys, I made a mistake with gmail ;-)
>>>
>>> I will copy again my client code in clean mode..
>>>
>>> ChannelFactory factory = new NioClientSocketChannelFactory(
>>> Executors.newCachedThreadPool(),
>>> Executors.newCachedThreadPool());
>>>
>>> ClientBootstrap bootstrap = new ClientBootstrap(factory);
>>> bootstrap.setPipelineFactory(new
>>> HttpClientPipelineFactory(true));
>>>
>>> bootstrap.setOption("tcpNoDelay", true);
>>> bootstrap.setOption("keepAlive", true);
>>>
>>> ChannelFuture future = bootstrap.connect(
>>> new InetSocketAddress("10.1.0.100", 443));
>>>
>>> // Wait until the connection attempt succeeds or fails.
>>> Channel channel = future.awaitUninterruptibly().getChannel();
>>> if (!future.isSuccess()) {
>>> future.getCause().printStackTrace();
>>> factory.releaseExternalResources();
>>> return;
>>> }
>>>
>>> ChannelFuture hf;
>>> try {
>>> hf =
>>> channel.getPipeline().get(SslHandler.class).handshake(channel);
>>> hf.awaitUninterruptibly();
>>> if (!hf.isSuccess()) {
>>> logger.log(Level.SEVERE, "Handshake failed",
>>> hf.getCause());
>>> }
>>> } catch (SSLException ex) {
>>> Logger.getLogger(PCConnectDaemon.class.getName())
>>> .log(Level.SEVERE, null, ex);
>>> }
>>>
>>> // Send the HTTP request.
>>> HttpRequest request = new DefaultHttpRequest(
>>> HttpVersion.HTTP_1_0, HttpMethod.GET, "/login/daemon");
>>> request.addHeader(HttpHeaders.Names.HOST, 10.1.0.100);
>>>
>>> CookieEncoder httpCookieEncoder = new CookieEncoder(false);
>>> httpCookieEncoder.addCookie("my-cookie", "foo");
>>> httpCookieEncoder.addCookie("another-cookie", "bar");
>>> request.addHeader(HttpHeaders.Names.COOKIE,
>>> httpCookieEncoder.encode());
>>> channel.write(request);
>>>
>>> I see the server logging the error after channel.write.
>>>
>>> Any idea?
>>>
>>> Thanks!
>>>
>>> Cesar.-
>>>
>>>
>>> 2009/5/31 César Fernando Henriques <cesar at alttab.com.ar>:
>>>> Hi Guys, I'm working with Netty to build the client side of my
>>>> project. I need to connect t oa Grizzly based server listening on port
>>>> 443 (ssl enabled).
>>>>
>>>> I'm getting this error on the server side:
>>>>
>>>> javax.net.ssl.SSLException: Unsupported record version Unknown-69.84
>>>> at
>>>> com.sun.net.ssl.internal.ssl.EngineInputRecord.bytesInCompletePacket(EngineInputRecord.java:97)
>>>> at
>>>> com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:771)
>>>> at
>>>> com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:686)
>>>>
>>>> And this is the way I have configured the SSLHandler:
>>>>
>>>> System.setProperty("javax.net.ssl.trustStore",
>>>> "certs/cacerts");
>>>> System.setProperty("javax.net.ssl.trustStorePassword",
>>>> "changeit");
>>>>
>>>> SSLContext sslContext = SSLContext.getDefault();
>>>> SSLEngine sslEngine = sslContext.createSSLEngine();
>>>> sslEngine.setUseClientMode(true);
>>>> pipeline.addFirst("sslHandler", new SslHandler(sslEngine,
>>>> true));
>>>>
>>>> and my client code:
>>>>
>>>> ChannelFactory factory = new NioClientSocketChannelFactory(
>>>> Executors.newCachedThreadPool(),
>>>> Executors.newCachedThreadPool());
>>>>
>>>> ClientBootstrap bootstrap = new ClientBootstrap(factory);
>>>> bootstrap.setPipelineFactory(new HttpClientPipelineFactory(
>>>> PCConnectProperties.getInstance().isSslSupported()));
>>>>
>>>> bootstrap.setOption("tcpNoDelay", true);
>>>> bootstrap.setOption("keepAlive", true);
>>>>
>>>> ChannelFuture future = bootstrap.connect(
>>>> new InetSocketAddress(PCConnectProperties
>>>> .getInstance().getServerAddress(), port));
>>>>
>>>> // Wait until the connection attempt succeeds or fails.
>>>> Channel channel = future.awaitUninterruptibly().getChannel();
>>>> if (!future.isSuccess()) {
>>>> future.getCause().printStackTrace();
>>>> factory.releaseExternalResources();
>>>> return;
>>>> }
>>>>
>>>> if(PCConnectProperties.getInstance().isSslSupported()) {
>>>> ChannelFuture hf;
>>>> try {
>>>> hf =
>>>> channel.getPipeline().get(SslHandler.class).handshake(channel);
>>>> hf.awaitUninterruptibly();
>>>> if (!hf.isSuccess()) {
>>>> logger.log(Level.SEVERE, "Handshake failed",
>>>> hf.getCause());
>>>> }
>>>> } catch (SSLException ex) {
>>>> Logger.getLogger(PCConnectDaemon.class.getName())
>>>> .log(Level.SEVERE, null, ex);
>>>> }
>>>> }
>>>> // Send the HTTP request.
>>>> HttpRequest request = new DefaultHttpRequest(
>>>> HttpVersion.HTTP_1_0, HttpMethod.GET, "/login/daemon");
>>>> request.addHeader(HttpHeaders.Names.HOST, PCConnectProperties
>>>> .getInstance().getServerAddress());
>>>>
>>>> CookieEncoder httpCookieEncoder = new CookieEncoder(false);
>>>> httpCookieEncoder.addCookie("my-cookie", "foo");
>>>> httpCookieEncoder.addCookie("another-cookie", "bar");
>>>> request.addHeader(HttpHeaders.Names.COOKIE,
>>>> httpCookieEncoder.encode());
>>>> channel.write(request);
>>>>
>>>
>>
>
> _______________________________________________
> netty-users mailing list
> netty-users at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/netty-users
>
>
--
View this message in context: http://n2.nabble.com/SOLVED%3A-Re%3A-SSL-Client-support-tp3003014p3015406.html
Sent from the Netty User Group mailing list archive at Nabble.com.
More information about the netty-users
mailing list