SSL Client support

César Fernando Henriques cesar at alttab.com.ar
Sun May 31 03:29:16 EDT 2009 

Hi Guys, I'm working with Netty to build the client side of my
project. I need to connect t oa Grizzly based server listening on port
443 (ssl enabled).

I'm getting this error on the server side:

javax.net.ssl.SSLException: Unsupported record version Unknown-69.84
        at com.sun.net.ssl.internal.ssl.EngineInputRecord.bytesInCompletePacket(EngineInputRecord.java:97)
        at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:771)
        at com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:686)

And this is the way I have configured the SSLHandler:

            System.setProperty("javax.net.ssl.trustStore", "certs/cacerts");
            System.setProperty("javax.net.ssl.trustStorePassword", "changeit");

            SSLContext sslContext = SSLContext.getDefault();
            SSLEngine sslEngine = sslContext.createSSLEngine();
            sslEngine.setUseClientMode(true);
            pipeline.addFirst("sslHandler", new SslHandler(sslEngine, true));

and my client code:

ChannelFactory factory = new NioClientSocketChannelFactory(
                Executors.newCachedThreadPool(),
                Executors.newCachedThreadPool());

        ClientBootstrap bootstrap = new ClientBootstrap(factory);
        bootstrap.setPipelineFactory(new HttpClientPipelineFactory(
                PCConnectProperties.getInstance().isSslSupported()));

        bootstrap.setOption("tcpNoDelay", true);
        bootstrap.setOption("keepAlive", true);

        ChannelFuture future = bootstrap.connect(
                new InetSocketAddress(PCConnectProperties
                .getInstance().getServerAddress(), port));

        // Wait until the connection attempt succeeds or fails.
        Channel channel = future.awaitUninterruptibly().getChannel();
        if (!future.isSuccess()) {
            future.getCause().printStackTrace();
            factory.releaseExternalResources();
            return;
        }

        if(PCConnectProperties.getInstance().isSslSupported()) {
            ChannelFuture hf;
            try {
                hf =
channel.getPipeline().get(SslHandler.class).handshake(channel);
                hf.awaitUninterruptibly();
                if (!hf.isSuccess()) {
                    logger.log(Level.SEVERE, "Handshake failed", hf.getCause());
                }
            } catch (SSLException ex) {
                Logger.getLogger(PCConnectDaemon.class.getName())
                        .log(Level.SEVERE, null, ex);
            }
        }
        // Send the HTTP request.
        HttpRequest request = new DefaultHttpRequest(
                HttpVersion.HTTP_1_0, HttpMethod.GET, "/login/daemon");
        request.addHeader(HttpHeaders.Names.HOST, PCConnectProperties
                .getInstance().getServerAddress());

        CookieEncoder httpCookieEncoder = new CookieEncoder(false);
        httpCookieEncoder.addCookie("my-cookie", "foo");
        httpCookieEncoder.addCookie("another-cookie", "bar");
        request.addHeader(HttpHeaders.Names.COOKIE, httpCookieEncoder.encode());
        channel.write(request);

More information about the netty-users mailing list