I'm having trouble getting an ssl client programmed in java - Openssl

This is a discussion on I'm having trouble getting an ssl client programmed in java - Openssl ; I am attempting to connect to an ssl server that isn't a web site. I have C++ client code that works and would like to get a java client working. My initial attempt fails with a Exception in thread "main" ...

+ Reply to Thread
Results 1 to 6 of 6

Thread: I'm having trouble getting an ssl client programmed in java

  1. I'm having trouble getting an ssl client programmed in java


    I am attempting to connect to an ssl server that isn't a web site. I have
    C++ client code that works and would like to get a java client working. My
    initial attempt fails with a



    Exception in thread "main" gnu.javax.net.ssl.provider.AlertException:
    ILLEGAL_PARAMETER: remotely generated; FATAL


    message. That's not surprising since it is a simple program that does
    essentially:


    SocketFactory sf = SSLSocketFactory.getDefault();
    Socket s = sf.createSocket(args[0], Integer.parseInt(args[1]));
    BufferedOutputStream bro = new
    BufferedOutputStream(s.getOutputStream());
    bro.write(buf,0,msgLen);


    And fails on the write.

    So I decided to add a context, since that's what the C++ code did.



    SSLContext sc = SSLContext.getInstance ( "SSLv3" ) ;
    sc.init (null,null,null) ;
    sc.createSSLEngine();
    SocketFactory sf = sc.getSocketFactory();


    This gives the same result. In the C++ code I specify a cipher, like:


    if (!SSL_CTX_set_cipher_list (ptrCTX, "ADH")) {
    ptrSSL = SSL_new (ptrCTX);
    int xx = SSL_set_fd (ptrSSL, fdSocket);

    But I can't find a way to set a cipher into the context. The only mention
    of ciphers in the API seem to be in the SSLEngine class and I can't find a
    way to link that class into what I'm doing, so I'm pretty well stuck at this
    point.

    So one question, is that "SSLv3" an acceptable protocol? The only examples
    I've found set that to "SSL" but in the C++ code I have:


    SSL_METHOD *method;
    method = SSLv3_client_method ();
    ptrCTX = SSL_CTX_new (method);

    I have no idea if that's the equivalent or not, I'm searching in the dark.
    I have read the "SSL and TLS" book but it like most examples assumes an http
    client which this is not.


    Another question is how do I specify a cipher and/or do I have to?



    Thanks for any pointers.


    Jim.






    --
    View this message in context: http://www.nabble.com/I%27m-having-t...p17980660.html
    Sent from the OpenSSL - User mailing list archive at Nabble.com.


  2. Re: I'm having trouble getting an ssl client programmed in java

    Your code is fine. Don't use /usr/bin/java (the gnu jvm)! Install a
    JVM from Sun or IBM or BEA or Blackdown, or Kaffe, at the very least,
    and use that instead.

    After installing a vendor's JVM, make sure you use the "java"
    executable they provide. For example:

    /opt/java/ibm-java-ppc-60/bin/java


    yours,

    Julius


    On Wed, Jun 18, 2008 at 6:07 AM, AverageGuy wrote:
    > I am attempting to connect to an ssl server that isn't a web site. I have
    > C++ client code that works and would like to get a java client working. My
    > initial attempt fails with a
    >
    > Exception in thread "main" gnu.javax.net.ssl.provider.AlertException:
    > ILLEGAL_PARAMETER: remotely generated; FATAL
    >
    > message. That's not surprising since it is a simple program that does
    > essentially:
    >
    > SocketFactory sf = SSLSocketFactory.getDefault();
    > Socket s = sf.createSocket(args[0], Integer.parseInt(args[1]));
    > BufferedOutputStream bro = new
    > BufferedOutputStream(s.getOutputStream());
    > bro.write(buf,0,msgLen);
    >
    > And fails on the write. So I decided to add a context, since that's what the
    > C++ code did.
    >
    > SSLContext sc = SSLContext.getInstance ( "SSLv3" ) ;
    > sc.init (null,null,null) ;
    > sc.createSSLEngine();
    > SocketFactory sf = sc.getSocketFactory();
    >
    > This gives the same result. In the C++ code I specify a cipher, like:
    >
    > if (!SSL_CTX_set_cipher_list (ptrCTX, "ADH")) {
    > ptrSSL = SSL_new (ptrCTX);
    > int xx = SSL_set_fd (ptrSSL, fdSocket);
    >
    > But I can't find a way to set a cipher into the context. The only mention of
    > ciphers in the API seem to be in the SSLEngine class and I can't find a way
    > to link that class into what I'm doing, so I'm pretty well stuck at this
    > point. So one question, is that "SSLv3" an acceptable protocol? The only
    > examples I've found set that to "SSL" but in the C++ code I have:
    >
    > SSL_METHOD *method;
    > method = SSLv3_client_method ();
    > ptrCTX = SSL_CTX_new (method);
    >
    > I have no idea if that's the equivalent or not, I'm searching in the dark. I
    > have read the "SSL and TLS" book but it like most examples assumes an http
    > client which this is not.
    >
    > Another question is how do I specify a cipher and/or do I have to?
    >
    > Thanks for any pointers.
    >
    > Jim.
    > ________________________________
    > View this message in context: I'm having trouble getting an ssl client
    > programmed in java
    > Sent from the OpenSSL - User mailing list archive at Nabble.com.
    >




    --
    yours,

    Julius Davies
    250-592-2284 (Home)
    250-893-4579 (Mobile)
    http://juliusdavies.ca/
    __________________________________________________ ____________________
    OpenSSL Project http://www.openssl.org
    User Support Mailing List openssl-users@openssl.org
    Automated List Manager majordomo@openssl.org


  3. Re: I'm having trouble getting an ssl client programmed in java




    Julius Davies-2 wrote:
    >
    > Your code is fine. Don't use /usr/bin/java (the gnu jvm)! Install a
    > JVM from Sun or IBM or BEA or Blackdown, or Kaffe, at the very least,
    > and use that instead.
    >
    > After installing a vendor's JVM, make sure you use the "java"
    > executable they provide. For example:
    >
    > /opt/java/ibm-java-ppc-60/bin/java
    >
    >
    > yours,
    >
    > Julius
    >


    OK
    jiml@blackie:~/java/sslSocket$ echo $JAVA_HOME
    /opt/jdk1.5.0_15/
    jim@blackie:~/java/sslSocket$ which java
    /opt/jdk1.5.0_15//bin//java

    It changed the error. I suspect it has to do with my inability to set the
    cipher as I mentioned before.

    Exception in thread "main" javax.net.ssl.SSLHandshakeException: Received
    fatal alert: handshake_failure

    Thanks,
    Jim.

    --
    View this message in context: http://www.nabble.com/I%27m-having-t...p17988839.html
    Sent from the OpenSSL - User mailing list archive at Nabble.com.

    __________________________________________________ ____________________
    OpenSSL Project http://www.openssl.org
    User Support Mailing List openssl-users@openssl.org
    Automated List Manager majordomo@openssl.org


  4. Re: I'm having trouble getting an ssl client programmed in java

    On Wed, Jun 18, 2008 at 2:14 PM, AverageGuy wrote:

    >
    >
    >
    > Julius Davies-2 wrote:
    > >
    > > Your code is fine. Don't use /usr/bin/java (the gnu jvm)! Install a
    > > JVM from Sun or IBM or BEA or Blackdown, or Kaffe, at the very least,
    > > and use that instead.
    > >
    > > After installing a vendor's JVM, make sure you use the "java"
    > > executable they provide. For example:
    > >
    > > /opt/java/ibm-java-ppc-60/bin/java
    > >
    > >
    > > yours,
    > >
    > > Julius
    > >

    >
    > OK
    > jiml@blackie:~/java/sslSocket$ echo $JAVA_HOME
    > /opt/jdk1.5.0_15/
    > jim@blackie:~/java/sslSocket$ which java
    > /opt/jdk1.5.0_15//bin//java
    >
    > It changed the error. I suspect it has to do with my inability to set the
    > cipher as I mentioned before.
    >
    > Exception in thread "main" javax.net.ssl.SSLHandshakeException: Received
    > fatal alert: handshake_failure
    >
    > Thanks,
    > Jim.



    Let me add this. This is the "guts" of the C++ program I'm trying to
    duplicate. I ripped out the non essential code such as error checking,
    debug output and statistic gathering.

    Any suggestions on how to implement this in Java would be helpful.

    SSL_library_init ();
    SSL_METHOD *method;
    method = SSLv3_client_method ();
    ptrCTX = SSL_CTX_new (method);

    if (!SSL_CTX_set_cipher_list (ptrCTX, "ADH")) {
    ptrSSL = SSL_new (ptrCTX);
    int xx = SSL_set_fd (ptrSSL, fdSocket);

    SSL_load_error_strings ();
    SSL_set_connect_state (ptrSSL);
    sbio = BIO_new_socket (fdSocket, BIO_NOCLOSE);
    SSL_set_bio (ptrSSL, sbio, sbio);

    retcode = SSL_connect (ptrSSL);
    retcode =
    SSL_write (ptrSSL, (const void *) message.c_str (),
    message.length ());
    retcode = SSL_read (ptrSSL, response, 200);

    SSL_shutdown(ptrSSL);
    SSL_free(ptrSSL);
    SSL_CTX_free(ptrCTX);

    Thanks,
    Jim.


  5. Re: I'm having trouble getting an ssl client programmed in java

    Your very first code example (without the context) should be fine!
    There is no need to set any ciphers. Java has a list of ciphers it
    will automatically try to use.

    If you like downloading jar files, here's another way:

    http://juliusdavies.ca/commons-ssl/ssl.html


    yours,

    Julius



    On Wed, Jun 18, 2008 at 11:27 AM, Jim Lynch wrote:
    >
    >
    > On Wed, Jun 18, 2008 at 2:14 PM, AverageGuy wrote:
    >>
    >>
    >>
    >> Julius Davies-2 wrote:
    >> >
    >> > Your code is fine. Don't use /usr/bin/java (the gnu jvm)! Install a
    >> > JVM from Sun or IBM or BEA or Blackdown, or Kaffe, at the very least,
    >> > and use that instead.
    >> >
    >> > After installing a vendor's JVM, make sure you use the "java"
    >> > executable they provide. For example:
    >> >
    >> > /opt/java/ibm-java-ppc-60/bin/java
    >> >
    >> >
    >> > yours,
    >> >
    >> > Julius
    >> >

    >>
    >> OK
    >> jiml@blackie:~/java/sslSocket$ echo $JAVA_HOME
    >> /opt/jdk1.5.0_15/
    >> jim@blackie:~/java/sslSocket$ which java
    >> /opt/jdk1.5.0_15//bin//java
    >>
    >> It changed the error. I suspect it has to do with my inability to set the
    >> cipher as I mentioned before.
    >>
    >> Exception in thread "main" javax.net.ssl.SSLHandshakeException: Received
    >> fatal alert: handshake_failure
    >>
    >> Thanks,
    >> Jim.

    >
    > Let me add this. This is the "guts" of the C++ program I'm trying to
    > duplicate. I ripped out the non essential code such as error checking,
    > debug output and statistic gathering.
    >
    > Any suggestions on how to implement this in Java would be helpful.
    >
    > SSL_library_init ();
    > SSL_METHOD *method;
    > method = SSLv3_client_method ();
    > ptrCTX = SSL_CTX_new (method);
    >
    > if (!SSL_CTX_set_cipher_list (ptrCTX, "ADH")) {
    > ptrSSL = SSL_new (ptrCTX);
    > int xx = SSL_set_fd (ptrSSL, fdSocket);
    >
    > SSL_load_error_strings ();
    > SSL_set_connect_state (ptrSSL);
    > sbio = BIO_new_socket (fdSocket, BIO_NOCLOSE);
    > SSL_set_bio (ptrSSL, sbio, sbio);
    >
    > retcode = SSL_connect (ptrSSL);
    > retcode =
    > SSL_write (ptrSSL, (const void *) message.c_str (),
    > message.length ());
    > retcode = SSL_read (ptrSSL, response, 200);
    >
    > SSL_shutdown(ptrSSL);
    > SSL_free(ptrSSL);
    > SSL_CTX_free(ptrCTX);
    >
    > Thanks,
    > Jim.
    >




    --
    yours,

    Julius Davies
    250-592-2284 (Home)
    250-893-4579 (Mobile)
    http://juliusdavies.ca/
    __________________________________________________ ____________________
    OpenSSL Project http://www.openssl.org
    User Support Mailing List openssl-users@openssl.org
    Automated List Manager majordomo@openssl.org


  6. Re: I'm having trouble getting an ssl client programmed in java

    On Wed, Jun 18, 2008 at 5:33 PM, Julius Davies
    wrote:

    > Your very first code example (without the context) should be fine!
    > There is no need to set any ciphers. Java has a list of ciphers it
    > will automatically try to use.
    >
    > If you like downloading jar files, here's another way:
    >
    > http://juliusdavies.ca/commons-ssl/ssl.html
    >
    >
    > yours,
    >
    > Julius
    >
    > OK I finally got something to work. This is the final working version of

    the program.

    http://fayettedigital.com/javassl.html

    Thanks for your help.

    Jim.


+ Reply to Thread