java ssl socket server handshake aborted
I have an android app which is listening for socket connections and can read httpheaders (send by a browser(works all good!)). Now I wont to switch to SSL sockets but I can't get it done.
things I got working:
- Keystore
- ServerSocketFactory
things I not got working (and where I need help):
- Client accept part
code:
public void run() {
try {
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(service.getBaseContext().getResources().openRawResource(R.raw.keystore),"password".toCharArray());
ServerSocketFactory socketFactory = SSLServerSocketFactory
.getDefault();
SSLServerSocket mServerSocket = (SSLServerSocket) socketFactory
.createServerSocket(8080);
while (!mServerSocket.isClosed()) {
mServerSocket.setEnabledCipherSuites(mServerSocket.getSupportedCipherSuites());
mServerSocket.setEnabledProtocols(mServerSocket.getSupportedProtocols());
System.out.println("waiting");
SSLSocket client = (SSLSocket) mServerSocket.accept();
client.addHandshakeCompletedListener(new HandshakeCompletedListener(){
public void handshakeCompleted(HandshakeCompletedEvent arg0) {
System.out.println("handshakeCompleted");
}
});
client.startHandshake(); //MultiThreadWebServer.java:136
client.getOutputStream().flush();
client.close();
}
} catch (Exception e) {
e.printStackTrace();
}
}
Exception:
11-29 11:15:01.046: W/System.err(29941): javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x4fec3da8: Failure in SSL library, usually a protocol error
11-29 11:15:01.046: W/System.err(29941): error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher (external/openssl/ssl/s3_srvr.c:1365 0x41b1e7f8:0x00000000)
11-29 11:15:01.046: W/System.err(29941): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:436)
11-29 11:15:01.046: W/System.err(29941): at at.aichinger.mario.aws.MultiThreadWebServer.run(MultiThreadWebServer.java:136)
to connect to the server I use google cheome and access "https://192.168.0.25:8080" if I do so the Exception gets throwen.
Code in line MultiThreadWebServer.java:136:
client.startHandshake();
aichingm2 Answers
First of all, these two lines do not make any sense. If you want to restrict supported cipher suites and protocols, define them specifically. But you have to be careful about that not all cipher suites are supported by browsers.
mServerSocket.setEnabledCipherSuites(mServerSocket.getSupportedCipherSuites());
mServerSocket.setEnabledProtocols(mServerSocket.getSupportedProtocols());
The problem in your code is that you are not using your keystore. Try this:
public void run() {
try {
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(service.getBaseContext().getResources().openRawResource(R.raw.keystore),
"password".toCharArray());
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keyStore, "password".toCharArray());
SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(keyManagerFactory.getKeyManagers(), null, null);
ServerSocketFactory socketFactory = sslContext.getServerSocketFactory();
SSLServerSocket mServerSocket = (SSLServerSocket) socketFactory.createServerSocket(8080);
while (!mServerSocket.isClosed()) {
System.out.println("waiting");
SSLSocket client = (SSLSocket) mServerSocket.accept();
client.addHandshakeCompletedListener(new HandshakeCompletedListener() {
public void handshakeCompleted(HandshakeCompletedEvent arg0) {
System.out.println("handshakeCompleted");
}
});
client.startHandshake(); // MultiThreadWebServer.java:136
client.getOutputStream().flush();
client.close();
}
} catch (Exception e) {
e.printStackTrace();
}
}
AkdenizInstead of using keystore as default type, always define the type of keystore which you will use in your application. Otherwise There may be the chance where keystore mismatch will happen between server and client.
Ambuj KumarUser contributions licensed under CC BY-SA 3.0