AppletTalk.com Java discussions newsgroups   Archives   FAQ   Search   Memberlist   Usergroups   Register   Profile   Log in to check your private messages   Log in  SSLException using TLS with OpenSSL server          AppletTalk.com Forum Index -> Security and Java View previous topic :: View next topic   Author Message dan Guest Posted: Tue Dec 20, 2005 3:58 pm    Post subject: SSLException using TLS with OpenSSL server I've written a Java applet which is attempting to communicate over TLS with a server written in C and using OpenSSL. When a handshake is attempted the client successfully sends its ClientHello message, and the server sends its ServerHello message containing its Hello, its certificate, the certificate request, and the Hello Done. My applet throws an exception upon receiving those messages: javax.net.ssl.SSLException: Unsupported record version Unknown-11.0 Here's the client code: --- begin code --- ssl_context = SSLContext.getInstance("TLSv1"); /* FakeTM is a temp implementation of X509TrustManager that accepts any certificate * as valid */ ssl_context.init(null, new TrustManager[] {new FakeTM()}, null); ssl_socket_factory = (SSLSocketFactory)ssl_context.getSocketFactory(); /* create a new SSLSocket from the existing cleartext socket */ ssl_socket = (SSLSocket)ssl_socket_factory.createSocket(socket, targetHost, serverPort, false); ssl_socket.setEnabledProtocols(new String[] {new String("TLSv1")}); ssl_socket.setEnabledCipherSuites(ssl_socket_factory.getSupportedCipherSuites()); --- end code --- and here's what gets written to the Java console: --- begin console output --- Thread-12, handling exception: javax.net.ssl.SSLException: Unsupported record version Unknown-11.0 Thread-12, SEND TLSv1 ALERT: fatal, description = unexpected_message Thread-12, WRITE: TLSv1 Alert, length = 2 Thread-12, called closeSocket() IO thread shutting down due to an IOException: Connection has been shutdown: javax.net.ssl.SSLException: Unsupported record version Unknown-11.0 --- end console output --- 0x11 does appear in the ServerHello message; according to the RFC (and my Ethereal output), it specifies a handshake type of 'Certificate'. When I set the SSL_VERIFY_NONE property on my server using SSL_CTX_set_verify(), the server doesn't send a certificate request message anymore (which is correct), but now the exception thrown by Java reads "Unsupported record version Unknown-13.0". 0x13 is the "Server Hello Done" message. Is Java expecting only the server Hello and Certificate messages for some reason, and then throwing an exception if anything else is read? Can I change this behavior somehow, either in the client or the server? thanks in advance for any help. Back to top Display posts from previous: All Posts1 Day7 Days2 Weeks1 Month3 Months6 Months1 Year Oldest FirstNewest First         AppletTalk.com Forum Index -> Security and Java All times are GMT Page 1 of 1   Jump to: Select a forum Java Newsgroups----------------Java DiscussionsWeb-based java games comp.lang.java 3D Graphics API's for Java Java: Support and criticism Java System Announcements comp.lang.java.api JavaBeans Java and CORBA Java and Databases comp.lang.java.developer Java GUI Toolkits Java Help comp.lang.java.javascript JVM, native methods and hardware comp.lang.java.misc Java Language Programming Security and Java comp.lang.java.setup Java Software Tools comp.lang.java.tech ibm.software.java.linux  Non-English Java Newsgroups----------------Java Language (German)Language Java (Français)Java (Italian)  You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum Powered by phpBB © 2001, 2006 phpBB Group SEO toolkit © 2004-2006 webmedic.