5 Replies Latest reply on May 16, 2006 9:09 PM by ovidiu.feodorov

Cannot get SSL remoting to work

oliverhrdz May 2, 2006 1:24 PM

I cannot get my client to communicate over SSL. The client gets the following errors repeatedly:

2006-05-02 11:58:18,849 ERROR [inbound] org.jboss.remoting.transport.socket.SocketClientInvoker.transport(SocketClientInvoker.java:310)
 Got marshalling exception, exiting

javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake

The server log shows this repeatedly:

12:02:10,351 ERROR [ServerThread] failed to process invocation.
java.io.IOException: Can not read data for version 128. Supported versions: 1,2

 at org.jboss.remoting.transport.socket.ServerThread.versionedRead(Server
Thread.java:358)
 at org.jboss.remoting.transport.socket.ServerThread.processInvocation(Se
rverThread.java:406)
 at org.jboss.remoting.transport.socket.ServerThread.dorun(ServerThread.j
ava:484)
 at org.jboss.remoting.transport.socket.ServerThread.run(ServerThread.jav
a:240)

Per the Remoting documentation, I configured an SSL connector in the
jboss-service.xml file as such:

 <!-- SSL Socket Connector. -->

 <mbean code="org.jboss.remoting.transport.Connector"
 xmbean-dd="org/jboss/remoting/transport/Connector.xml"
 name="jboss.messaging:service=Connector,transport=SSLSocket"
 display-name="SSL Socket transport Connector">
 <attribute name="Configuration">
 <config>
 <invoker transport="sslsocket">
 <attribute name="marshaller" isParam="true">org.jboss.jms.server.remoting.JMSWireFormat</attribute>
 <attribute name="unmarshaller" isParam="true">org.jboss.jms.server.remoting.JMSWireFormat</attribute>
 <attribute name="serializationtype" isParam="true">jboss</attribute>
 <attribute name="dataType" isParam="true">jms</attribute>
 <attribute name="socket.check_connection" isParam="true">false</attribute>
 <attribute name="socketTimeout" isParam="true">300000</attribute>
 <attribute name="enableTcpNoDelay" isParam="true">true</attribute>
 <attribute name="serverBindAddress">${jboss.bind.address}</attribute>
 <attribute name="serverBindPort">9000</attribute>
 </invoker>
 <handlers>
 <handler subsystem="JMS">org.jboss.jms.server.remoting.JMSServerInvocationHandler</handler>
 </handlers>
 </config>
 </attribute>
 <depends>jboss.messaging:service=NetworkRegistry</depends>
 </mbean>

For launching JBoss 4.0.3SP1, I'm setting the SSL system properties for my keystore and trustore via -D parameters to start Java. My client is using the scoped jar file included with Messaging 1.0. It additionally has the 4.0.3SP1 jboss-client.jar, jbosssx-client.jar, and jnp-client.jar files in the classpath for JNDI and security. I verified that my installation and client works with the default non-SSL connector.

TIA!

1. Re: Cannot get SSL remoting to work

ovidiu.feodorov May 2, 2006 1:30 PM (in response to oliverhrdz)

Seems to be a remoting issue. Need to replicate locally. Please, add a JIRA issue.

Even if it's indeed broken, I can't include the fix with the 1.0.1.CR1, since I started the release procedure already. I'll come with 1.0.1.CR2.
Actions
2. Re: Cannot get SSL remoting to work

oliverhrdz May 3, 2006 9:24 AM (in response to oliverhrdz)

Opened JBMESSAGING-366.
Actions
3. Re: Cannot get SSL remoting to work

ovidiu.feodorov May 3, 2006 11:23 AM (in response to oliverhrdz)

Scheduled for 1.0.1.CR2
Actions
4. Re: Cannot get SSL remoting to work

ovidiu.feodorov May 16, 2006 4:08 PM (in response to oliverhrdz)

It seems that the overall SSL failure is caused by a failing SSLServerSocketFactoryService deployment. I tracked this down to http://jira.jboss.org/jira/browse/JBAS-3226

This will probably require an AS patch. I worked around the class loading problems and SSL seems to work otherwise, but the workaround is ugly, so the AS patch is the best bet.
Actions
5. Re: Cannot get SSL remoting to work

ovidiu.feodorov May 16, 2006 9:09 PM (in response to oliverhrdz)

I've just found out that the AS service configuration bug is fixed (since 4.0.4.RC1, http://jira.jboss.org/jira/browse/JBAS-1709)

SSL works without any modification on any messaging installation higher than 4.0.3SP1. A complete example (code, configuration file and documentation) has been added under docs/examples/secure-socket. I've tested it with 4.0.4.GA. It will be available with the next release, and it is currently available in the head.

If you need to get SSL support working with 4.0.3SP1 and lower, you need to apply the patch described in http://jira.jboss.org/jira/browse/JBAS-1709 or whatever other patch based on JBAS-1709 QA came up with.
Actions

Go to original post