Uploaded image for project: 'MINA'
  1. MINA
  2. DIRMINA-1132

TLSv1.3 - MINA randomly fails in reading the message sent by client

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Reopened
    • Priority: Critical
    • Resolution: Unresolved
    • Affects Version/s: 2.0.21
    • Fix Version/s: None
    • Component/s: Core, SSL
    • Labels:
      None
    • Environment:
      Operating System: Windows 10 1903
      Java Version: jdk-11.0.7, jdk-12.0.2
    • Flags:
      Important

      Description

      While trying to Implement TLSv1.3 in our systems, we found an issue with Mina Core dependency. For TLSv1.2 we never had the issue. But with TLSv1.3, randomly the message sent by the client is discarded. In such scenarios, the server waits for session to pass idle timeout and closes the session. Please find the sample code below:

      import org.apache.mina.core.service.IoHandlerAdapter;
      import org.apache.mina.core.session.IdleStatus;
      import org.apache.mina.core.session.IoSession;
      import org.apache.mina.filter.ssl.SslFilter;
      import org.apache.mina.transport.socket.SocketAcceptor;
      import org.apache.mina.transport.socket.nio.NioSocketAcceptor;
      
      import javax.net.ssl.*;
      import java.io.*;
      import java.net.InetSocketAddress;
      import java.security.KeyStore;
      
      public class Main {
      
         public static void main(String[] args) throws Exception {
      
            System.setProperty("javax.net.debug","all");
      
            KeyManagerFactory keyManagerFactory;
            try(FileInputStream fis = new FileInputStream("keyStore.pfx")) {
               keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
               KeyStore keyStore = KeyStore.getInstance("PKCS12");
               keyStore.load(fis, "passphrase".toCharArray());
               keyManagerFactory.init(keyStore, "passphrase".toCharArray());
            }
      
            TrustManagerFactory trustManagerFactory;
            try(FileInputStream fis = new FileInputStream("trustStore.pfx")){
               trustManagerFactory = TrustManagerFactory.getInstance("SunX509");
               KeyStore trustStore = KeyStore.getInstance("PKCS12");
               trustStore.load(fis, "passphrase".toCharArray());
               trustManagerFactory.init(trustStore);
            }
      
            SSLContext context = SSLContext.getInstance("TLSv1.3");
            context.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
      
            SslFilter filter = new SslFilter(context);
            filter.setEnabledProtocols(new String[]{"TLSv1.3"});
            filter.setEnabledCipherSuites(new String[]{"TLS_AES_128_GCM_SHA256", "TLS_AES_256_GCM_SHA384"});
      
            SocketAcceptor acceptor = new NioSocketAcceptor();
            acceptor.setReuseAddress(true);
            acceptor.getFilterChain().addLast("sslFilter", filter);
            acceptor.setHandler( new ServerHandler());
            acceptor.bind(new InetSocketAddress(53001));
            System.out.println("Server started on Port : 53001");
            System.out.println("Start sending data using cUrl below:");
            System.out.println("-> curl --location --insecure --tlsv1.3 --ipv4 'https://localhost:53001' --data-raw 'Sample Text'");
         }
      }
      
      class ServerHandler extends IoHandlerAdapter {
      
         @Override
         public void sessionCreated(IoSession session) {
            System.out.println( "\nSession created : " + session);
         }
      
         @Override
         public void sessionOpened(IoSession session) {
            System.out.println( "Session opened : " + session);
            session.getConfig().setIdleTime(IdleStatus.BOTH_IDLE,  60);
         }
      
         @Override
         public void sessionClosed(IoSession session) {
            System.out.println( "Session closed : " + session);
            session.closeNow();
         }
      
         @Override
         public void sessionIdle(IoSession session, IdleStatus status) {
            System.out.println( "==========================" );
            System.out.println( "Session is idle for 60 secs hence closing session: " + session.getRemoteAddress());
            System.out.println( "==========================" );
            session.closeNow();
         }
      
         @Override
         public void exceptionCaught(IoSession session, Throwable cause) {
            System.out.println("Exception :\n");
            cause.printStackTrace();
            session.closeNow();
         }
      
         @Override
         public void messageReceived(IoSession session, Object message) {
            System.out.println("Message Received!!!");
      
            //do further processing on @param{message}
      
            session.closeOnFlush();
         }
      
      }
      

      Note: Try sending the request multiple times and randomly the sent message is some have not properly read. Observe that the session id 0x00000003 fails with the error.

      Console Output:
      
      > java.exe -cp * Main
      
      Server started on Port : 53001
      Start sending data using cUrl below:
      -> curl --location --insecure --tlsv1.3 --ipv4 'https://localhost:53001' --data-raw 'Sample Text'
      Session created : (0x00000001: nio socket, server, /127.0.0.1:56639 => /127.0.0.1:53001)
      Session opened : (0x00000001: nio socket, server, /127.0.0.1:56639 => /127.0.0.1:53001)
      Message Received!!!
      Session closed : (0x00000001: nio socket, server, null => 0.0.0.0/0.0.0.0:53001)Session created : (0x00000002: nio socket, server, /127.0.0.1:56651 => /127.0.0.1:53001)
      Session opened : (0x00000002: nio socket, server, /127.0.0.1:56651 => /127.0.0.1:53001)
      Message Received!!!
      Session closed : (0x00000002: nio socket, server, null => 0.0.0.0/0.0.0.0:53001)Session created : (0x00000003: nio socket, server, /127.0.0.1:56656 => /127.0.0.1:53001)
      Session opened : (0x00000003: nio socket, server, /127.0.0.1:56656 => /127.0.0.1:53001)
      ==========================
      Session is idle for 60 secs hence closing session: /127.0.0.1:56656
      ==========================
      Session closed : (0x00000003: nio socket, server, null => 0.0.0.0/0.0.0.0:53001)Session created : (0x00000004: nio socket, server, /127.0.0.1:56849 => /127.0.0.1:53001)
      Session opened : (0x00000004: nio socket, server, /127.0.0.1:56849 => /127.0.0.1:53001)
      Message Received!!!
      Session closed : (0x00000004: nio socket, server, null => 0.0.0.0/0.0.0.0:53001)Session created : (0x00000005: nio socket, server, /127.0.0.1:56860 => /127.0.0.1:53001)
      Session opened : (0x00000005: nio socket, server, /127.0.0.1:56860 => /127.0.0.1:53001)
      Message Received!!!
      Session closed : (0x00000005: nio socket, server, null => 0.0.0.0/0.0.0.0:53001)
      
      

        Attachments

        1. example-project.zip
          18 kB
          Jonathan Valliere
        2. trustStore.pfx
          1.0 kB
          Venkata Kishore Tavva
        3. keyStore.pfx
          2 kB
          Venkata Kishore Tavva
        4. console.log
          183 kB
          Venkata Kishore Tavva

          Activity

            People

            • Assignee:
              johnnyv Jonathan Valliere
              Reporter:
              Kishore Tavva Venkata Kishore Tavva
            • Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated: