Welcome! Log In Create A New Profile

Advanced

Re: Force SSL redirection to target service host for all protocols

July 14, 2020 09:55AM
Extremely sorry, I mentioned the wrong port in that post.. Actually I am using the correct port number..

Client (Windows + non SSL):8091 ==> Nginx host (ubuntu vm+ SSL redirection) ==> TCP server (Windows + SSL enabled)

TCP server listening on 8091
Nginx Server listening on 8091
Client makes call to Nginx on 8091

I modified my server code for additional debugging as below

#################
ServerSocketFactory ssf = SSLServerSocketFactory.getDefault();
int port = 8091;
ServerSocket ss = ssf.createServerSocket(port);

while (true) {

try {
Socket sock = ss.accept();
System.out.println("Timeout set is " + sock.getSoTimeout());
System.out.println("New client connected");

PrintWriter pw = new PrintWriter(sock.getOutputStream());
pw.println(new Date().toString() + " from port: "+port);
System.out.println("Data ready to sent to client");
pw.flush();
//pw.close();
System.out.println("Data sent to client");

System.out.println("Ready to read client data");
BufferedReader br = new BufferedReader(new InputStreamReader(sock.getInputStream()));
String data = br.readLine();
System.out.println("Data received from Client: "+ data);
//br.close();

sock.close();
System.out.println("Socket closed");
########################

Output from the server when client initiated the connection is..
#####################
Timeout set is 0
New client connected
Data ready to sent to client
Data sent to client
Ready to read client data
I/O error: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: no cipher suites in common
Exception in thread "main" javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: no cipher suites in common
at sun.security.ssl.SSLSocketImpl.checkEOF(Unknown Source)
at sun.security.ssl.AppInputStream.read(Unknown Source)
at sun.nio.cs.StreamDecoder.readBytes(Unknown Source)
at sun.nio.cs.StreamDecoder.implRead(Unknown Source)
at sun.nio.cs.StreamDecoder.read(Unknown Source)
at java.io.InputStreamReader.read(Unknown Source)
at java.io.BufferedReader.fill(Unknown Source)
at java.io.BufferedReader.readLine(Unknown Source)
at java.io.BufferedReader.readLine(Unknown Source)
at com.att.tcp.server.TCPSServer.main(TCPSServer.java:37)
Caused by: javax.net.ssl.SSLHandshakeException: no cipher suites in common
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.ServerHandshaker.chooseCipherSuite(Unknown Source)
at sun.security.ssl.ServerHandshaker.clientHello(Unknown Source)
at sun.security.ssl.ServerHandshaker.processMessage(Unknown Source)
at sun.security.ssl.Handshaker.processLoop(Unknown Source)
at sun.security.ssl.Handshaker.process_record(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.writeRecord(Unknown Source)
at sun.security.ssl.AppOutputStream.write(Unknown Source)
at sun.nio.cs.StreamEncoder.writeBytes(Unknown Source)
at sun.nio.cs.StreamEncoder.implFlushBuffer(Unknown Source)
at sun.nio.cs.StreamEncoder.implFlush(Unknown Source)
at sun.nio.cs.StreamEncoder.flush(Unknown Source)
at java.io.OutputStreamWriter.flush(Unknown Source)
at java.io.BufferedWriter.flush(Unknown Source)
at java.io.PrintWriter.flush(Unknown Source)
at com.att.tcp.server.TCPSServer.main(TCPSServer.java:31)

Error was thrown on the line "pw.flush();" in the above code

####################################


Output from the client is
#####################

I/O error: Connection reset
Exception in thread "main" java.net.SocketException: Connection reset
at java.net.SocketInputStream.read(Unknown Source)
at java.net.SocketInputStream.read(Unknown Source)
at sun.security.ssl.InputRecord.readFully(Unknown Source)
at sun.security.ssl.InputRecord.read(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at com.att.client.tcp.TimeClient.main(TimeClient.java:34)

Error is thrown on the client code " socket.startHandshake(); "
##########################

> When my client is "nc", and my server is "openssl s_server -port 12345",
> things seem to work for me. Anything I write on one end is shown on the
> other, with nginx handling the ssl/no-ssl translation.

Are you able to run a similar configuration?

May be I would have done something wrong on SSL settings or on self-signed certificate. Let me start things from scratch again..
Subject Author Posted

Force SSL redirection to target service host for all protocols

siva.pannier July 03, 2020 09:12AM

Re: Force SSL redirection to target service host for all protocols

siva.pannier July 06, 2020 12:15AM

Re: Force SSL redirection to target service host for all protocols

Francis Daly July 08, 2020 03:56AM

Re: Force SSL redirection to target service host for all protocols

siva.pannier July 10, 2020 10:49AM

Re: Force SSL redirection to target service host for all protocols

siva.pannier July 13, 2020 02:57PM

Re: Force SSL redirection to target service host for all protocols

Francis Daly July 14, 2020 09:18AM

Re: Force SSL redirection to target service host for all protocols

siva.pannier July 14, 2020 09:55AM

Re: Force SSL redirection to target service host for all protocols

Francis Daly July 14, 2020 10:02AM

Re: Force SSL redirection to target service host for all protocols

siva.pannier July 15, 2020 09:16AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 73
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready