Uploaded image for project: 'MINA'
  1. MINA
  2. DIRMINA-1132

TLSv1.3 - MINA randomly fails in reading the message sent by client

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Critical
    • Resolution: Fixed
    • 2.0.21
    • 2.2.2
    • Core, SSL
    • None
    • Operating System: Windows 10 1903
      Java Version: jdk-11.0.7, jdk-12.0.2
    • Important
    • Mina Sprint 2.2.0

    Description

      While trying to Implement TLSv1.3 in our systems, we found an issue with Mina Core dependency. For TLSv1.2 we never had the issue. But with TLSv1.3, randomly the message sent by the client is discarded. In such scenarios, the server waits for session to pass idle timeout and closes the session. Please find the sample code below:

      import org.apache.mina.core.service.IoHandlerAdapter;
import org.apache.mina.core.session.IdleStatus;
import org.apache.mina.core.session.IoSession;
import org.apache.mina.filter.ssl.SslFilter;
import org.apache.mina.transport.socket.SocketAcceptor;
import org.apache.mina.transport.socket.nio.NioSocketAcceptor;

import javax.net.ssl.*;
import java.io.*;
import java.net.InetSocketAddress;
import java.security.KeyStore;

public class Main {

   public static void main(String[] args) throws Exception {

      System.setProperty("javax.net.debug","all");

      KeyManagerFactory keyManagerFactory;
      try(FileInputStream fis = new FileInputStream("keyStore.pfx")) {
         keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
         KeyStore keyStore = KeyStore.getInstance("PKCS12");
         keyStore.load(fis, "passphrase".toCharArray());
         keyManagerFactory.init(keyStore, "passphrase".toCharArray());
      }

      TrustManagerFactory trustManagerFactory;
      try(FileInputStream fis = new FileInputStream("trustStore.pfx")){
         trustManagerFactory = TrustManagerFactory.getInstance("SunX509");
         KeyStore trustStore = KeyStore.getInstance("PKCS12");
         trustStore.load(fis, "passphrase".toCharArray());
         trustManagerFactory.init(trustStore);
      }

      SSLContext context = SSLContext.getInstance("TLSv1.3");
      context.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);

      SslFilter filter = new SslFilter(context);
      filter.setEnabledProtocols(new String[]{"TLSv1.3"});
      filter.setEnabledCipherSuites(new String[]{"TLS_AES_128_GCM_SHA256", "TLS_AES_256_GCM_SHA384"});

      SocketAcceptor acceptor = new NioSocketAcceptor();
      acceptor.setReuseAddress(true);
      acceptor.getFilterChain().addLast("sslFilter", filter);
      acceptor.setHandler( new ServerHandler());
      acceptor.bind(new InetSocketAddress(53001));
      System.out.println("Server started on Port : 53001");
      System.out.println("Start sending data using cUrl below:");
      System.out.println("-> curl --location --insecure --tlsv1.3 --ipv4 'https://localhost:53001' --data-raw 'Sample Text'");
   }
}

class ServerHandler extends IoHandlerAdapter {

   @Override
   public void sessionCreated(IoSession session) {
      System.out.println( "\nSession created : " + session);
   }

   @Override
   public void sessionOpened(IoSession session) {
      System.out.println( "Session opened : " + session);
      session.getConfig().setIdleTime(IdleStatus.BOTH_IDLE,  60);
   }

   @Override
   public void sessionClosed(IoSession session) {
      System.out.println( "Session closed : " + session);
      session.closeNow();
   }

   @Override
   public void sessionIdle(IoSession session, IdleStatus status) {
      System.out.println( "==========================" );
      System.out.println( "Session is idle for 60 secs hence closing session: " + session.getRemoteAddress());
      System.out.println( "==========================" );
      session.closeNow();
   }

   @Override
   public void exceptionCaught(IoSession session, Throwable cause) {
      System.out.println("Exception :\n");
      cause.printStackTrace();
      session.closeNow();
   }

   @Override
   public void messageReceived(IoSession session, Object message) {
      System.out.println("Message Received!!!");

      //do further processing on @param{message}

      session.closeOnFlush();
   }

}

      Note: Try sending the request multiple times and randomly the sent message is some have not properly read. Observe that the session id 0x00000003 fails with the error.

      Console Output:

> java.exe -cp * Main

Server started on Port : 53001
Start sending data using cUrl below:
-> curl --location --insecure --tlsv1.3 --ipv4 'https://localhost:53001' --data-raw 'Sample Text'
Session created : (0x00000001: nio socket, server, /127.0.0.1:56639 => /127.0.0.1:53001)
Session opened : (0x00000001: nio socket, server, /127.0.0.1:56639 => /127.0.0.1:53001)
Message Received!!!
Session closed : (0x00000001: nio socket, server, null => 0.0.0.0/0.0.0.0:53001)Session created : (0x00000002: nio socket, server, /127.0.0.1:56651 => /127.0.0.1:53001)
Session opened : (0x00000002: nio socket, server, /127.0.0.1:56651 => /127.0.0.1:53001)
Message Received!!!
Session closed : (0x00000002: nio socket, server, null => 0.0.0.0/0.0.0.0:53001)Session created : (0x00000003: nio socket, server, /127.0.0.1:56656 => /127.0.0.1:53001)
Session opened : (0x00000003: nio socket, server, /127.0.0.1:56656 => /127.0.0.1:53001)
==========================
Session is idle for 60 secs hence closing session: /127.0.0.1:56656
==========================
Session closed : (0x00000003: nio socket, server, null => 0.0.0.0/0.0.0.0:53001)Session created : (0x00000004: nio socket, server, /127.0.0.1:56849 => /127.0.0.1:53001)
Session opened : (0x00000004: nio socket, server, /127.0.0.1:56849 => /127.0.0.1:53001)
Message Received!!!
Session closed : (0x00000004: nio socket, server, null => 0.0.0.0/0.0.0.0:53001)Session created : (0x00000005: nio socket, server, /127.0.0.1:56860 => /127.0.0.1:53001)
Session opened : (0x00000005: nio socket, server, /127.0.0.1:56860 => /127.0.0.1:53001)
Message Received!!!
Session closed : (0x00000005: nio socket, server, null => 0.0.0.0/0.0.0.0:53001)

      Attachments

        1. console.log
          183 kB
          Venkata Kishore Tavva
        2. example-project.zip
          18 kB
          Jonathan Valliere
        3. keyStore.pfx
          2 kB
          Venkata Kishore Tavva
        4. trustStore.pfx
          1.0 kB
          Venkata Kishore Tavva

        Issue Links

          causes

          Bug - A problem which impairs or prevents the functions of the product. DIRMINA-1145 Mina Server is losing messages

          • Major - Major loss of function.
          • Resolved
          incorporates

          Bug - A problem which impairs or prevents the functions of the product. DIRMINA-1146 TLS enabled session got disconnected when outbound messages add up to the value of maxscheduledwriterequests

          • Blocker - Blocks development and/or testing work, production could not run
          • Open

          Bug - A problem which impairs or prevents the functions of the product. DIRMINA-1119 Deadlock when using SSL and proxy

          • Critical - Crashes, loss of data, severe memory leak.
          • Open

          Bug - A problem which impairs or prevents the functions of the product. DIRMINA-1144 Deadlock with SSL + Proxy

          • Critical - Crashes, loss of data, severe memory leak.
          • Open

          Bug - A problem which impairs or prevents the functions of the product. DIRMINA-782 Combination of SslFilter & FileRegionWriteFilter causes messageSent events to be lost

          • Major - Major loss of function.
          • Open

          Bug - A problem which impairs or prevents the functions of the product. DIRMINA-1082 SSLHandler calling wrap method after closeOutBound() on SSLEngine

          • Major - Major loss of function.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. DIRMINA-1118 NPE in SslHandler.checkStatus

          • Major - Major loss of function.
          • Resolved

          Improvement - An improvement or enhancement to an existing feature or task. DIRMINA-1105 SSLHandler buffer handling

          • Major - Major loss of function.
          • Resolved

          Improvement - An improvement or enhancement to an existing feature or task. DIRMINA-1122 Add support for endpoint identification algorithm

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved
          is related to

          Improvement - An improvement or enhancement to an existing feature or task. DIRAPI-375 Add TLSv1.3 to default protocols

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              johnnyv Jonathan Valliere
              Kishore Tavva Venkata Kishore Tavva
              Votes:
              0 Vote for this issue
              Watchers:
              11 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: