1 Reply Latest reply on Jun 24, 2003 10:58 AM by Mike Toggweiler

    No Handshake with SSL

    Mike Toggweiler Newbie

      Hi

      I'm trying to establish a SSL secured connection between the client and the EJB Container. I've tried to setup the container, created the server keystore and am trying to connect to it with enabled ssl debug messages. But after sending the Hashes of my client I wether receive an answer from the server nor a timeout. The configuration files look as following:




      server.keystore
      rmi+ssl



      4445
      org.jboss.security.ssl.RMISSLClientSocketFactory
      org.jboss.security.ssl.RMISSLServerSocketFactory
      java:/jaas/RMI+SSL jboss.security:service=JaasSecurityDomain,domain=RMI+SSL
      jboss:service=TransactionManager



      in my jboss.xml I'm setting the correct security domain
      <security-domain>java:/jaas/RMI+SSL</security-domain>

      Because I've overwritten the default JRMPInvoker, I don't have to specify the invoker on each bean.

      I'm running my client application with the following properties:
      java -cp $CLASSPATH:./classes -Djava.naming.factory.initial=org.jnp.interfaces.NamingContextFactory -Djava.naming.factory.url.pkgs=org.jboss.naming:org.jnp.interfaces -Djavax.net.debug=all myTestClient

      and while trying to get the home interface it hangs on:
      main, WRITE: SSLv2 client hello message, length = 77

      Thanks for helping

        • 1. Re: No Handshake with SSL
          Mike Toggweiler Newbie

          I'v made a tcpdump on localhost while performing a lookup. The lookup looks as follow:
          Object obj = context.lookup(SimpleServiceNodeAdministrationHomeRemote.JNDI_NAME);

          Here are the last lines of the tcp dump before it's hanging:
          16:47:30.235409 dogix.chaoswg.com.37817 > dogix.chaoswg.com.37413: . ack 3008 win 32767 <nop,nop,timestamp 8211776 8211776> (DF)
          16:47:33.373959 dogix.chaoswg.com.37818 > dogix.chaoswg.com.4445: S 3170639757:3170639757(0) win 32767 <mss 16396,sackOK,timestamp 8212090 0,nop,wscale 0> (DF)
          16:47:33.374010 dogix.chaoswg.com.4445 > dogix.chaoswg.com.37818: S 3174760562:3174760562(0) ack 3170639758 win 32767 <mss 16396,sackOK,timestamp 8212090 8212090,nop,wscale 0> (DF)
          16:47:33.374050 dogix.chaoswg.com.37818 > dogix.chaoswg.com.4445: . ack 1 win 32767 <nop,nop,timestamp 8212090 8212090> (DF)
          16:47:33.488743 dogix.chaoswg.com.37818 > dogix.chaoswg.com.4445: P 1:80(79) ack 1 win 32767 <nop,nop,timestamp 8212101 8212090> (DF)
          16:47:33.488787 dogix.chaoswg.com.4445 > dogix.chaoswg.com.37818: . ack 80 win 32767 <nop,nop,timestamp 8212101 8212101> (DF)

          So, the 79 bytes the client sent to jboss was in my opinion the md5 hash, as visible in the ssl debug message:
          [write] MD5 and SHA1 hashes: len = 77


          Thanks