Uploaded image for project: 'MINA'
  1. MINA
  2. DIRMINA-805

No cipher suites and protocols in SslFilter

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.0.0-M6
    • Fix Version/s: 2.0.8
    • Component/s: Filter
    • Labels:
      None
    • Environment:
      Windows Xp, jdk1.5.0_05

      Description

      When try to getEnabledProtocols and getEnabledCipherSuites from SslFilter it returns null. SslFilter allows set setEnabledProtocols and setEnabledCipherSuites. but at the run time it gives the following exceptions.
      This may caused because of Mina SslFilter doesn't implement the functionality as SSLServerSocket.

      org.apache.mina.util.DefaultExceptionMonitor exceptionCaught
      WARNING: Unexpected exception.
      org.apache.mina.core.filterchain.IoFilterLifeCycleException: onPreAdd(): ssl:SslFilter in (0x00000002: nio socket, server,
      at org.apache.mina.core.filterchain.DefaultIoFilterChain.register(DefaultIoFilterChain.java:279)
      at org.apache.mina.core.filterchain.DefaultIoFilterChain.addLast(DefaultIoFilterChain.java:174)
      at org.apache.mina.core.filterchain.DefaultIoFilterChainBuilder.buildFilterChain(DefaultIoFilterChainBuilder.java:452)
      at org.apache.mina.core.polling.AbstractPollingIoProcessor.addNow(AbstractPollingIoProcessor.java:530)
      at org.apache.mina.core.polling.AbstractPollingIoProcessor.handleNewSessions(AbstractPollingIoProcessor.java:503)
      at org.apache.mina.core.polling.AbstractPollingIoProcessor.access$300(AbstractPollingIoProcessor.java:64)
      at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:1109)
      at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)
      Caused by: java.lang.IllegalArgumentException: TLSv1.1
      at com.sun.net.ssl.internal.ssl.ProtocolVersion.valueOf(ProtocolVersion.java:114)
      at com.sun.net.ssl.internal.ssl.ProtocolList.<init>(ProtocolList.java:36)
      at com.sun.net.ssl.internal.ssl.SSLEngineImpl.setEnabledProtocols(SSLEngineImpl.java:1719)
      at org.apache.mina.filter.ssl.SslHandler.init(SslHandler.java:170)
      at org.apache.mina.filter.ssl.SslFilter.onPreAdd(SslFilter.java:417)
      at org.apache.mina.core.filterchain.DefaultIoFilterChain.register(DefaultIoFilterChain.java:277)

        Activity

        Hide
        elecharny Emmanuel Lecharny added a comment -

        can you check with MINA 2.0.1 please ?

        Show
        elecharny Emmanuel Lecharny added a comment - can you check with MINA 2.0.1 please ?
        Hide
        elecharny Emmanuel Lecharny added a comment -

        Again, test it with MNA 2.0.1, and do not set the target version. If it's really a bug, it's very likely we will fix it in 2.0.2.

        Thanks.

        Show
        elecharny Emmanuel Lecharny added a comment - Again, test it with MNA 2.0.1, and do not set the target version. If it's really a bug, it's very likely we will fix it in 2.0.2. Thanks.
        Hide
        vicnov Victor N added a comment -

        I found a workaround in our code - when adding SSLFilter, do the following:

        sslFilter.setEnabledCipherSuites(sslContext.getSupportedSSLParameters().getCipherSuites());

        (sslContext is javax.net.ssl.SSLContext instance). Or you can prepare an array of suite names manually and pass it without using SSLContext

        Show
        vicnov Victor N added a comment - I found a workaround in our code - when adding SSLFilter, do the following: sslFilter.setEnabledCipherSuites(sslContext.getSupportedSSLParameters().getCipherSuites()); (sslContext is javax.net.ssl.SSLContext instance). Or you can prepare an array of suite names manually and pass it without using SSLContext
        Hide
        chathura06 Chathura Randika added a comment -

        I tested it using the mina 2.0.0-M6, the issue is getEnabledCipherSuites andgetEnabledProtocols. But we can set the cipher suits and protocols manually and it is working. Thanks Victor for your help.

        Show
        chathura06 Chathura Randika added a comment - I tested it using the mina 2.0.0-M6, the issue is getEnabledCipherSuites andgetEnabledProtocols. But we can set the cipher suits and protocols manually and it is working. Thanks Victor for your help.
        Hide
        vicnov Victor N added a comment -

        I think it would be better to fix it in mina code, so it will work "out of the box".

        Show
        vicnov Victor N added a comment - I think it would be better to fix it in mina code, so it will work "out of the box".
        Hide
        elecharny Emmanuel Lecharny added a comment -

        I have added the injection of the support cipher suite in the SSLFilter init() phase. That should solve the issue you have.

        Show
        elecharny Emmanuel Lecharny added a comment - I have added the injection of the support cipher suite in the SSLFilter init() phase. That should solve the issue you have.

          People

          • Assignee:
            Unassigned
            Reporter:
            chathura06 Chathura Randika
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Time Tracking

              Estimated:
              Original Estimate - 48h
              48h
              Remaining:
              Remaining Estimate - 48h
              48h
              Logged:
              Time Spent - Not Specified
              Not Specified

                Development