java - Extended server_name (SNI Extension) not sent with jdk1.8.0 but send with jdk1.7.0 -


i have implemented jax-ws client using apachecxf (v3.0.4) , works problem comes when want use secure connection (ssl/tls) java 8 (jdk1.8.0_25).

i see following exception in log (-djavax.net.debug=all):

main, handling exception: java.net.socketexception: connection reset main, send tlsv1.2 alert:  fatal, description =    unexpected_message main, write: tlsv1.2 alert, length = 2 main, exception sending alert: java.net.socketexception: connection reset peer: socket write error

after depeer analysis have observed problem caused because java 8 server_name (sni) not sent java 7 sent , web service invocation works successfully.

java 8 log (-djavax.net.debug=all): missing "extension server_name"

[...] compression methods:  { 0 } extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1} extension ec_point_formats, formats: [uncompressed] extension signature_algorithms, signature_algorithms: sha512withecdsa, sha512withrsa, sha384withecdsa, sha384withrsa, sha256withecdsa, sha256withrsa, sha224withecdsa, sha224withrsa, sha1withecdsa, sha1withrsa, sha1withdsa, md5withrsa *** [...]

java 7 log (-djavax.net.debug=all) (works): "extension server_name" set

[...] compression methods:  { 0 } extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1} extension ec_point_formats, formats: [uncompressed] extension signature_algorithms, signature_algorithms: sha512withecdsa, sha512withrsa, sha384withecdsa, sha384withrsa, sha256withecdsa, sha256withrsa, sha224withecdsa, sha224withrsa, sha1withecdsa, sha1withrsa, sha1withdsa, md5withrsa extension server_name, server_name: [host_name: testeo.hostname.es] *** [...]

it observed java 7 extension server_name, server_name: [host_name: testeo.hostname.es] set , web service invocation works successfully.

why didn't java 8 set server_name java 7 did? java configuration issue?

as mentioned, cause related jdk bug using sethostnameverifier() breaks sni (extension server_name). https://bugs.openjdk.java.net/browse/jdk-8144566

our workaround: after testing found setting connection's sslsocketfactory default seems fix issue.

this not work: httpsurlconnection.setsslsocketfactory((sslsocketfactory) sslsocketfactory.getdefault());

this work: httpsurlconnection.setsslsocketfactory(new sslsocketfactoryfacade());

so, fix jax-ws client, this: bindingprovider.getrequestcontext().put("com.sun.xml.internal.ws.transport.https.client.sslsocketfactory", new sslsocketfactoryfacade());

our sslsocketfactory facade: (note doesn't anything)

public class sslsocketfactoryfacade extends sslsocketfactory {      sslsocketfactory sslsf;      public sslsocketfactoryfacade() {         sslsf = (sslsocketfactory) sslsocketfactory.getdefault();;     }      @override     public string[] getdefaultciphersuites() {         return sslsf.getdefaultciphersuites();     }      @override     public string[] getsupportedciphersuites() {         return sslsf.getsupportedciphersuites();     }      @override     public socket createsocket(socket socket, string s, int i, boolean b) throws ioexception {         return sslsf.createsocket(socket, s, i, b);     }      @override     public socket createsocket(string s, int i) throws ioexception, unknownhostexception {         return sslsf.createsocket(s, i);     }      @override     public socket createsocket(string s, int i, inetaddress inetaddress, int i1) throws ioexception, unknownhostexception {         return sslsf.createsocket(s, i, inetaddress, i1);     }      @override     public socket createsocket(inetaddress inetaddress, int i) throws ioexception {         return createsocket(inetaddress, i);     }      @override     public socket createsocket(inetaddress inetaddress, int i, inetaddress inetaddress1, int i1) throws ioexception {         return createsocket(inetaddress, i, inetaddress1, i1);     } }

-

Comments

Post a Comment

Popular posts from this blog

facebook - android ACTION_SEND to share with specific application only -

in android application have 4 buttons facebook , viber , telegram , whatsapp , want share different content based on each button. for example if user clicks on viber button want user action_send share content viber only. i found this explains how facebook , twitter seems it's calling specific class name of application don't know applications wanna use except facebook. all android apps have unique id, first have check if these apps installed in user's device , can pass unique id via intent sharing. according below: unique ids different apps : viber : com.viber.voip telegram : org.telegram.messenger whatsapp : com.whatsapp check if these apps installed , if installed send messages through intent. private void sendmessage(context context,string message, string appids) { final boolean isappinstalled =isappavailable(context, appids); if (isappinstalled) { intent myintent = new intent(intent.action_send); myintent.settype("text/p...
Read more

python - Creating a new virtualenv gives a permissions error -

i'm getting following output when running virtualenv newvenv . traceback (most recent call last): file "/usr/local/bin/virtualenv", line 5, in <module> pkg_resources import load_entry_point file "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 2727, in <module> add_activation_listener(lambda dist: dist.activate()) file "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 700, in subscribe callback(dist) file "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 2727, in <lambda> add_activation_listener(lambda dist: dist.activate()) file "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 2227, in activate self.insert_on(path) file "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 2334, in insert_on self.check_version_conflict() file "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 2373, in check_version_conflict...
Read more

javascript - cocos2d-js draw circle not instantly -

i wondering how draw circles (or other shapes also) not instantly. so far tried drawcircle(args...) in ccdrawnode.js , drawcircle(args...) in cc.drawingprimitivecanvas class, , draw circles popping out instantly on screen. what if want achieve effect circular progressive bar, completes circle based on percentage of initialization? or more generally, if want draw circle respect prolonged period? thinking there drawcircle function elapsed time argument fail find any. or have implement own? thanks suggestions, far out of ideas. i think have implement own. think can achieve update circle drawing on each time update() function called.
Read more