[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AW: [iaik-ssl] SSL Demo still not working



Hello,

> I'm suspicious that the socket is being created using a default
> SSLClientContext object.

    SSLClientContext context = new SSLClientContext();
    socket = new SSLSocket(host, port, context);
    socket.startHandshake();

Yes, since you do not have configured the context, default settings are used
using any standard cipher suites except anonymous (DH_anon) and non
encrypting (RSA_WITH_NULL) ciphersuites. However, when setting up the
default context, iSaSiLk checks if any of the cipher suites is 
supported by available cryptographic engines (i.e.via method
updateCipherSuites). If you print your context to System.out you will
get a summary what cipher suites are supported by you context. My 
assumption was that none of the cipher suites you have set for your client is
supported by the Verisignserver. Now, that you write that you use the default
configuration it looks like that no cryptographic engines are 
available to support these cipher suites. From your first mail I see
that you are using JDK1.4 requiring a JCE provider to be signed which
currently is not the case for IAIK-JCE (we will sign our next version).
So the reason for your problem might be that you try to use IAIK-JCE
as crypto provider with JDK1.4 which is not possible (except for removing
sunjce_provider.jar and jce.jar from the ext directory of your JRE, which
might help). 
So you may use a JDK < 1.3 (but not together with JCE1.2.1 which requires
a signed crypto provider, too). Or you may configure iSaSiLk to get the
required crypto engines from another crypto provider (e.g. SunJCE, see
http://jcewww.iaik.at/products/isasilk/documentation/security%20provider/index.php
on how to do).

> What's missing to me is sort of a "Programmer's Guide to the iSaSiLk".
Ok, that´s true. We have written a german book http://jcewww.iaik.at/support/books/index.php
containing a usage guide for iSaSiLk, but unfortunetaly so far had no time to
translate it into English. However, together with the demo samples, Javadoc 
and info files iSaSiLk should be rather easy to use.


Regards,
Dieter






-----Ursprüngliche Nachricht-----
Von: iaik-ssl-owner@iaik.tu-graz.ac.at
[mailto:iaik-ssl-owner@iaik.tu-graz.ac.at]Im Auftrag von Marcus Olk
Gesendet: Freitag, 23. November 2001 11:27
An: iaik-ssl@iaik.at
Betreff: [iaik-ssl] SSL Demo still not working


Hi there,

to get things clear: the following code snippet is the code
I'm trying to excute to get a SSL connection to a https-URL.
It is derived from the SSLClient demo class.

--- 8< --- 8< --- 8< --- 8< --- 8< --- 8< --- 8< --- 8< --- 8< ---

package demo;

import java.io.*;
import iaik.security.ssl.*;

public class MySSLClient {
  private SSLSocket socket;

  public MySSLClient() {
  }

  /** Establish the socket connection */
  public void connect( String host, int port ) throws IOException {
    SSLClientContext context = new SSLClientContext();
    socket = new SSLSocket(host, port, context);
    socket.startHandshake();
  }

  /** Send the HTTPS request */
  public void sendRequest() throws IOException {
    OutputStream out = socket.getOutputStream();
    InputStream  in  = socket.getInputStream();
    BufferedReader reader = new BufferedReader( new InputStreamReader(
in ) );
    out.write( "GET / HTTP/1.0".getBytes() );
    String line;
    while ( (line = reader.readLine()) != null )
      System.out.println(line);
  }

  public static void main(String arg[]) {
    try {
      MySSLClient client = new MySSLClient();
      client.connect( "www.iaik.at", 443 );
      client.sendRequest();
    } catch( Exception ex ) {
      System.out.println("An exception occured:");
      ex.printStackTrace();
    }
  }
}

--- 8< --- 8< --- 8< --- 8< --- 8< --- 8< --- 8< --- 8< --- 8< ---

The result at runtime is the following exception:

An exception occured:
iaik.security.ssl.SSLException: Peer sent alert: Alert Fatal: handshake
failure
        at iaik.security.ssl.r.f(Unknown Source)
        at iaik.security.ssl.x.b(Unknown Source)
        at iaik.security.ssl.x.a(Unknown Source)
        at iaik.security.ssl.r.d(Unknown Source)
        at iaik.security.ssl.SSLTransport.startHandshake(Unknown Source)
        at iaik.security.ssl.SSLSocket.startHandshake(Unknown Source)
        at demo.MySSLClient.connect(MySSLClient.java:17)
        at demo.MySSLClient.main(MySSLClient.java:37)

That's it. Have fun trying to figure out what went wrong...

What's missing to me is sort of a "Programmer's Guide to the iSaSiLk".
I'm suspicious that the socket is being created using a default
SSLClientContext object. No ciphers, no root CA's no nothing.
Those defaults might be set by default like Sun and RSA do it in
their libs. But in comparison to those the result with the iSaSiLk
is quite frustrating...

Any comments are highly appreciated...

Marcus

--
  Marcus Olk
  m@rcus-olk.net

--
Mailinglist-archive at http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content: UNSUBSCRIBE iaik-ssl
 


--
Mailinglist-archive at http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content: UNSUBSCRIBE iaik-ssl