Hi- I’ve done all of the above, AFAICT, but the handshake is failing. Enabling ssl debug for handshake, I’m seeing:
[Server side]
trigger seeding of SecureRandom
done seeding SecureRandom
Using SSLEngineImpl.
SocketAcceptorIoProcessor-0.0, READ: SSL v2, contentType = Handshake, translated length = 73
*** ClientHello, TLSv1
[…]
SocketAcceptorIoProcessor-0.0, fatal error: 80: problem unwrapping net record
java.lang.RuntimeException: Delegated task threw Exception/Error
SocketAcceptorIoProcessor-0.0, SEND TLSv1 ALERT: fatal, description = internal_error
SocketAcceptorIoProcessor-0.0, WRITE: TLSv1 Alert, length = 2
java.lang.RuntimeException: Delegated task threw Exception/Error
at com.sun.net.ssl.internal.ssl.Handshaker.checkThrown(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.checkTaskThrown(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(Unknown Source)
at javax.net.ssl.SSLEngine.unwrap(Unknown Source)
[…]
Caused by: java.lang.NullPointerException
at com.sun.net.ssl.internal.ssl.HandshakeMessage$CertificateRequest.(Unknown Source)
at com.sun.net.ssl.internal.ssl.ServerHandshaker.clientHello(Unknown Source)
at com.sun.net.ssl.internal.ssl.ServerHandshaker.processMessage(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.net.ssl.internal.ssl.Handshaker$DelegatedTask.run(Unknown Source)
at org.apache.mina.filter.support.SSLHandler.doTasks(SSLHandler.java:686)
at org.apache.mina.filter.support.SSLHandler.handshake(SSLHandler.java:486)
… 16 more
[Client Side]
Spark> tail logs/output.log
Smack Packet Reader (0), setSoTimeout(0) called
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1219913857 bytes = { 213, 152, 250, 91, 14, 240, 132, 158, 156, 243, 23, 155, 234, 123, 46, 230, 225, 60, 26, 197, 253, 114, 22, 102, 109, 240, 169, 27 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
Smack Packet Reader (0), WRITE: TLSv1 Handshake, length = 73
Smack Packet Reader (0), WRITE: SSLv2 client hello message, length = 98
Then both sides are waiting, and eventually timeout.
I’ve tried setting JVM params in Spark via System properties (-D): javax.net.ssl.keyStore and javax.net.ssl.keyStorePassword (tried xmpp. variants), but i can get no farther.
The CA is installed both in ~/.keystore for the user, and in client.truststore on the server (I put it in truststore, too, just to be safe) with -trustcacerts, and so forth. I see no mention of the client cert being provided to the server, but I can’t figure out if that’s because something isn’t set right or it’s just a handshake issue and it doesn’t get that far.
/tmp/spark/Spark/jre/bin/java -client -Djavax.net.debug=ssl
-Dhttps.protocols=TLSv1,SSLv3
-Djavax.net.ssl.keyStore=~/.keystore
-Djavax.net.ssl.keyStorePassword=[***]
-Dxmpp.socket.ssl.keystore=~/.keystore
-Dxmpp.socket.ssl.keypass=[***] -Dinstall4j.jvmDir=/tmp/spark/Spark/jre
-Dexe4j.moduleName=/tmp/spark/Spark/Spark -Dappdir=/tmp/spark/Spark/
-Dsun.java2d.noddraw=true -Djava.library.path=/tmp/spark/Spark/\lib\windows
-classpath
Any ideas?