Is SSLHandler.handshake() required?
chudak
meadandale at gmail.com
Fri Jan 7 11:02:50 EST 2011
I'm trying to configure SSL support between my client and server, which are
both running Netty. I followed the secure chat examples and setup a dummy
manager and keystore and added the handshake calls inside my existing
handlers on each end. The client is the one that sends the first message so
he invokes handshake and then if it is successful he sends his application
authentiation message to start the data session.
I've found that nothing happens when I configure things this way. I see the
connections open on both ends but the client never sends anything and the
server eventually times out the client and disconnects him.
I noticed in the SSLEngine documention the following:
http://download.oracle.com/javase/1.5.0/docs/api/javax/net/ssl/SSLEngine.html#beginHandshake%28%29
"Initiates handshaking (initial or renegotiation) on this SSLEngine.
This method is not needed for the initial handshake, as the wrap() and
unwrap() methods will implicitly call this method if handshaking has not
already begun."
(emphasis mine)
So, I tried removing the handshake calls on each end and simply added the
sslhandler in the pipeline on each end and viola they started communicating.
Sniffing the packets in wireshark shows that the data is in fact being
encrypted.
So my question is: if the explicit handshake using the handler is not
necessary (it happens automatically in the engine when you start trying to
wrap/unwrap data) then why do all the examples show this approach and more
importantly why does it work for everyone else but not for me?
I should mention that my client is running on Android (in an emulator as
this point). I did notice that I encountered what is probably a bug in
Harmony/Android even though it is supposedly already fixed:
http://code.google.com/p/android/issues/detail?id=4914#c0
If I set the host and port fields to what they really are when I construct
the SSLEngine the first connection succeeds and then I start to sporadically
get errors from the client's attempt to renogotiate the connection (which I
don't want). I've worked around that by just putting in a dummy random
hostname everytime using the UUID class. I let the client and server run
overnight and they messaged every couple of minutes the whole time.
Thanks in advance for any insights...
Charles
--
View this message in context: http://netty-forums-and-mailing-lists.685743.n2.nabble.com/Is-SSLHandler-handshake-required-tp5899737p5899737.html
Sent from the Netty User Group mailing list archive at Nabble.com.
More information about the netty-users
mailing list