stackoom
  简体   繁体   中英

sslengine cypher suite with no encryption

 原文  2010-12-06 05:48:28       java/ security/ ssl/ netty/ sslengine

Question


I have a small problem in using SSLEngine of Java. I used it for creating SSL connection between client and server. This is not a web based application.

I'm creating a framework for developers of my product to communicate between client and server. Based on their configuration, I have to create the connection. If encryption is required, I have to create an encrypted channel and give it to them; if not, I just have to create an SSL channel with no encryption but with message digests, so the cypher suite which I need to enable is SSL_RSA_WITH_NULL_MD5 . If encryption is required, I will use SSL_RSA_WITH_<some encryption algo>_SHA/MD5 .

I'm able to configure the second… but not able to configure SSL_RSA_WITH_NULL_MD5 . It is giving me an exception with message No cypher suites in common . The framework I used for developing this is Netty(jboss-netty).

Can any one help me regarding this ??

code :: 

public static ChannelFuture doHandshake(Channel channel,boolean isServer){
    if (isServer) {
        SSLEngine engine = SslContextFactory.getServerContext().createSSLEngine();
        engine.setUseClientMode(false);
        //engine.setWantClientAuth(true);
        engine.setNeedClientAuth(true);

        System.setProperty("sun.security.ssl.allowUnsafeRenegotiation", "true");

        String[] enabledSuites = engine.getEnabledCipherSuites();
        //String[] sdf = engine.getSupportedCipherSuites();
        engine.setEnabledCipherSuites(getWantedCyphers(enabledSuites, true));
        engine.setEnableSessionCreation(true);
        channel.getPipeline().addFirst(SSL_SERVER_HANDLER_NAME, new SslHandler(engine));

        SslHandler sslHandler = (SslHandler) channel.getPipeline().get(SSL_SERVER_HANDLER_NAME);

        sslHandler.setEnableRenegotiation(true);
        return sslHandler.handshake();
    } else {
        SSLEngine engine = SslContextFactory.getClientContext().createSSLEngine();
        engine.setUseClientMode(true);
        engine.setEnableSessionCreation(true);
        //engine.setWantClientAuth(true);
        //engine.setNeedClientAuth(true);

        System.setProperty("sun.security.ssl.allowUnsafeRenegotiation", "true");

        String[] enabledSuites=engine.getEnabledCipherSuites();
        //String[] sdf=engine.getSupportedCipherSuites();
        engine.setEnabledCipherSuites(getWantedCyphers(enabledSuites,true));
        channel.getPipeline().addFirst(SSL_CLIENT_HANDLER_NAME, new SslHandler(engine));

        SslHandler sslHandler = (SslHandler) channel.getPipeline().get(SSL_CLIENT_HANDLER_NAME);

        sslHandler.setEnableRenegotiation(true);
        return sslHandler.handshake();
    }
}

public static String[] getWantedCyphers(String[] enabledSuites,boolean isEnabled) {
    List<String> wantedCyphers = new LinkedList<String>();
    String[] finalEnabledCyphers = null;
    if (!isEnabled) {
        finalEnabledCyphers = new String[1];
        finalEnabledCyphers[0] = "SSL_RSA_WITH_NULL_MD5";
        return finalEnabledCyphers;
    }
    String configFilePath = TestConstants.CONFIG_FILE;
    ConfigSAXParser configParser = new ConfigSAXParser();
    <OurOwnConfigClass>config = null;
    try {
        config = (<OurOwnConfigClass>(configParser.parseFile(configFilePath));
    } catch (SAXParserException spe){
    }
    <ourOwnConfigSubClass> communicationConfig = config.getCommunicationConfig();
    String[] requestedCyphers = communicationConfig.getEncryptionAlgorithms();
    for (int i=0;i<requestedCyphers.length;i++){
        requestedCyphers[i] = "SSL_RSA_WITH_"+requestedCyphers[i]+"_SHA";
    }
    List<String> stList = new LinkedList<String>();
    for (int i=0;i<enabledSuites.length;i++) {
        stList.add(enabledSuites[i]);
    }
    for (int j=0;j<requestedCyphers.length;j++) {
        if (stList.contains(requestedCyphers[j])) {
            wantedCyphers.add(requestedCyphers[j]);
        }
    }

    Object[] strings = wantedCyphers.toArray();
    finalEnabledCyphers = new String[strings.length];
    for (int k=0;k<strings.length;k++) {
        finalEnabledCyphers[k] = (String)strings[k];
    }
    return finalEnabledCyphers;
}

2 answers

solution1
 1  2010-12-06 05:50:54

您是否已将其添加到已启用的密码套件中?

solution2
 1  2010-12-06 05:55:53

The "no cipher suites in common" message is an indication of the fact that the server does not accept any of the cipher suites in the Client Hello message. This is more so because you're attempting to use the null cipher suite that does not perform any encryption of the data. Most servers do not support the null cipher suite by default, and you will have to enable this explicitly.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question SSLEngine and close SSLEngine Shutdown Implementation of SSLEngine for JDK 1.4? Proxying JSSE/SSLContext/SSLEngine? java SSLHandshakeException General SSLEngine Java SSLEngine example SSLEngine but without delegated task SSLEngine with blocking IO how to Store english characters in an array without duplicating (trying to solve Play Fair Cypher encryption)? (Java) Difference of getHandShakeStatus() in SSLEngine and SSLEngineResults in java
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM