SOLVED: Re: SSL Client support
Jason Stevens
jstevens at pillardata.com
Wed Jun 3 11:05:44 EDT 2009
Are there any other possible causes of this error? I should note that I am using version 3.1.0.BETA3.
Thanks!
-----Original Message-----
From: netty-users-bounces at lists.jboss.org [mailto:netty-users-bounces at lists.jboss.org] On Behalf Of "??? (Trustin Lee)"
Sent: Wednesday, June 03, 2009 3:51 AM
To: netty-users at lists.jboss.org
Subject: Re: SOLVED: Re: SSL Client support
'Unsupported record version' error often occurs when a user tries to
send plaintext message in an SSL connection.
Enabling startTLS by mistake could be one possible cause because
startTLS option makes the first write request to be sent in plaintext.
Please make sure not to send a message before SSL handshake is complete.
If in doubt, please try to wiretap the connection to see if anything
is being sent in plaintext rather than ciphertext.
HTH,
Trustin
On 03-Jun-2009 08:37, César Fernando Henriques wrote:
> I was passing the value true for startTLS in the SslHandler constructor.
>
> Good luck
>
> On Tue, Jun 2, 2009 at 8:19 PM, jasons2645<jstevens at pillardata.com> wrote:
>>
>> I am running into the 'Unsupported record version' as well, but I'm not
>> seeing where I am enabling TLS in my code. What change did you have to make
>> to not use TLS?
>>
>> Thanks!
>>
>>
>> César Fernando Henriques wrote:
>>>
>>> It's done guys, some mistake I have been passing startTLS = true to
>>> SSLHandler.
>>>
>>> Thanks anyway!
>>>
>>> cesar
>>>
>>> 2009/5/31 César Fernando Henriques<cesar at alttab.com.ar>:
>>>> Hi guys, I have attached the server output, with ssl verbose.
>>>>
>>>> Any help will be really appreciated!
>>>>
>>>> One thing I'm seeing is that when I connect to the server from Firefox
>>>> the handshake negotiate to use TLS_DHE_RSA_WITH_AES_128_CBC_SHA
>>>> cyphersuite and using netty client the server show
>>>> SSL_RSA_WITH_RC4_128_MD5 cypher. I don't know, maybe it helps.
>>>>
>>>> thanks!
>>>> Cesar.-
>>>>
>>>>
>>>> 2009/5/31 César Fernando Henriques<cesar at alttab.com.ar>:
>>>>> Sorry guys, I made a mistake with gmail ;-)
>>>>>
>>>>> I will copy again my client code in clean mode..
>>>>>
>>>>> ChannelFactory factory = new NioClientSocketChannelFactory(
>>>>> Executors.newCachedThreadPool(),
>>>>> Executors.newCachedThreadPool());
>>>>>
>>>>> ClientBootstrap bootstrap = new ClientBootstrap(factory);
>>>>> bootstrap.setPipelineFactory(new
>>>>> HttpClientPipelineFactory(true));
>>>>>
>>>>> bootstrap.setOption("tcpNoDelay", true);
>>>>> bootstrap.setOption("keepAlive", true);
>>>>>
>>>>> ChannelFuture future = bootstrap.connect(
>>>>> new InetSocketAddress("10.1.0.100", 443));
>>>>>
>>>>> // Wait until the connection attempt succeeds or fails.
>>>>> Channel channel = future.awaitUninterruptibly().getChannel();
>>>>> if (!future.isSuccess()) {
>>>>> future.getCause().printStackTrace();
>>>>> factory.releaseExternalResources();
>>>>> return;
>>>>> }
>>>>>
>>>>> ChannelFuture hf;
>>>>> try {
>>>>> hf =
>>>>> channel.getPipeline().get(SslHandler.class).handshake(channel);
>>>>> hf.awaitUninterruptibly();
>>>>> if (!hf.isSuccess()) {
>>>>> logger.log(Level.SEVERE, "Handshake failed",
>>>>> hf.getCause());
>>>>> }
>>>>> } catch (SSLException ex) {
>>>>> Logger.getLogger(PCConnectDaemon.class.getName())
>>>>> .log(Level.SEVERE, null, ex);
>>>>> }
>>>>>
>>>>> // Send the HTTP request.
>>>>> HttpRequest request = new DefaultHttpRequest(
>>>>> HttpVersion.HTTP_1_0, HttpMethod.GET, "/login/daemon");
>>>>> request.addHeader(HttpHeaders.Names.HOST, 10.1.0.100);
>>>>>
>>>>> CookieEncoder httpCookieEncoder = new CookieEncoder(false);
>>>>> httpCookieEncoder.addCookie("my-cookie", "foo");
>>>>> httpCookieEncoder.addCookie("another-cookie", "bar");
>>>>> request.addHeader(HttpHeaders.Names.COOKIE,
>>>>> httpCookieEncoder.encode());
>>>>> channel.write(request);
>>>>>
>>>>> I see the server logging the error after channel.write.
>>>>>
>>>>> Any idea?
>>>>>
>>>>> Thanks!
>>>>>
>>>>> Cesar.-
>>>>>
>>>>>
>>>>> 2009/5/31 César Fernando Henriques<cesar at alttab.com.ar>:
>>>>>> Hi Guys, I'm working with Netty to build the client side of my
>>>>>> project. I need to connect t oa Grizzly based server listening on port
>>>>>> 443 (ssl enabled).
>>>>>>
>>>>>> I'm getting this error on the server side:
>>>>>>
>>>>>> javax.net.ssl.SSLException: Unsupported record version Unknown-69.84
>>>>>> at
>>>>>> com.sun.net.ssl.internal.ssl.EngineInputRecord.bytesInCompletePacket(EngineInputRecord.java:97)
>>>>>> at
>>>>>> com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:771)
>>>>>> at
>>>>>> com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:686)
>>>>>>
>>>>>> And this is the way I have configured the SSLHandler:
>>>>>>
>>>>>> System.setProperty("javax.net.ssl.trustStore",
>>>>>> "certs/cacerts");
>>>>>> System.setProperty("javax.net.ssl.trustStorePassword",
>>>>>> "changeit");
>>>>>>
>>>>>> SSLContext sslContext = SSLContext.getDefault();
>>>>>> SSLEngine sslEngine = sslContext.createSSLEngine();
>>>>>> sslEngine.setUseClientMode(true);
>>>>>> pipeline.addFirst("sslHandler", new SslHandler(sslEngine,
>>>>>> true));
>>>>>>
>>>>>> and my client code:
>>>>>>
>>>>>> ChannelFactory factory = new NioClientSocketChannelFactory(
>>>>>> Executors.newCachedThreadPool(),
>>>>>> Executors.newCachedThreadPool());
>>>>>>
>>>>>> ClientBootstrap bootstrap = new ClientBootstrap(factory);
>>>>>> bootstrap.setPipelineFactory(new HttpClientPipelineFactory(
>>>>>> PCConnectProperties.getInstance().isSslSupported()));
>>>>>>
>>>>>> bootstrap.setOption("tcpNoDelay", true);
>>>>>> bootstrap.setOption("keepAlive", true);
>>>>>>
>>>>>> ChannelFuture future = bootstrap.connect(
>>>>>> new InetSocketAddress(PCConnectProperties
>>>>>> .getInstance().getServerAddress(), port));
>>>>>>
>>>>>> // Wait until the connection attempt succeeds or fails.
>>>>>> Channel channel = future.awaitUninterruptibly().getChannel();
>>>>>> if (!future.isSuccess()) {
>>>>>> future.getCause().printStackTrace();
>>>>>> factory.releaseExternalResources();
>>>>>> return;
>>>>>> }
>>>>>>
>>>>>> if(PCConnectProperties.getInstance().isSslSupported()) {
>>>>>> ChannelFuture hf;
>>>>>> try {
>>>>>> hf =
>>>>>> channel.getPipeline().get(SslHandler.class).handshake(channel);
>>>>>> hf.awaitUninterruptibly();
>>>>>> if (!hf.isSuccess()) {
>>>>>> logger.log(Level.SEVERE, "Handshake failed",
>>>>>> hf.getCause());
>>>>>> }
>>>>>> } catch (SSLException ex) {
>>>>>> Logger.getLogger(PCConnectDaemon.class.getName())
>>>>>> .log(Level.SEVERE, null, ex);
>>>>>> }
>>>>>> }
>>>>>> // Send the HTTP request.
>>>>>> HttpRequest request = new DefaultHttpRequest(
>>>>>> HttpVersion.HTTP_1_0, HttpMethod.GET, "/login/daemon");
>>>>>> request.addHeader(HttpHeaders.Names.HOST, PCConnectProperties
>>>>>> .getInstance().getServerAddress());
>>>>>>
>>>>>> CookieEncoder httpCookieEncoder = new CookieEncoder(false);
>>>>>> httpCookieEncoder.addCookie("my-cookie", "foo");
>>>>>> httpCookieEncoder.addCookie("another-cookie", "bar");
>>>>>> request.addHeader(HttpHeaders.Names.COOKIE,
>>>>>> httpCookieEncoder.encode());
>>>>>> channel.write(request);
>>>>>>
>>>>>
>>>>
>>>
>>
>
--
- Trustin Lee, http://gleamynode.net/
_______________________________________________
netty-users mailing list
netty-users at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/netty-users
More information about the netty-users
mailing list