| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| Problems initiating SSL handshake using JMS |
« View previous topic :: View next topic » |
| Author |
Message
|
| sslproblem |
 Posted: Thu Jan 26, 2006 12:51 am Post subject: Problems initiating SSL handshake using JMS |
 |
|
Newbie
Joined: 26 Jan 2006
Posts: 2
Location: Munich, Germany
|
Hi there,
I have a problem initiating SSL over MQ. I have been using MQ without SSL without any problems.
Some basics about the setup: MQ 6.0, access via JMS, server runs on RedHat Linux.
So my client code looks like this:
| Code: |
System.setProperty("javax.net.ssl.trustStore",System.getProperty("user.dir")+File.separator+"ISHkey.jks");
System.out.println("Pfad: "+System.getProperty("javax.net.ssl.trustStore"));
System.setProperty("javax.net.ssl.trustStorePassword","password");
System.setProperty("javax.net.debug","ssl"); // switch on debugging
try{
qcf = new MQQueueConnectionFactory();
qcf.setHostName("1.2.3.4");
qcf.setPort(1414);
qcf.setQueueManager("DefaultQMR");
qcf.setChannel("SERVERCONN");
qcf.setTransportType(JMSC.MQJMS_TP_CLIENT_MQ_TCPIP);
qcf.setSSLCipherSuite("SSL_RSA_WITH_NULL_MD5");
queueCon = qcf.createQueueConnection();
queueSession = queueCon.createQueueSession(false, Session.AUTO_ACKNOWLEDGE);
queueSend = queueSession.createQueue("TEST.QUEUE");
queueReceive = queueSession.createQueue("TEST.QUEUE");
queueSender = queueSession.createSender(queueSend);
queueReceiver = queueSession.createReceiver(queueRecieve);
}catch(Exception e){
e.printStackTrace();
} |
This is leading to the first part of the SSL handshake, where the client has sent the hello message (including the random cookie) to the server - but the server doesn't answer!
| Code: |
keyStore is :
keyStore type is : jks
init keystore
init keymanager of type SunX509
trustStore is: No File Available, using empty keystore.
trustStore type is : jks
init truststore
init context
trigger seeding of SecureRandom
done seeding SecureRandom
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1121358033 bytes = { 47, 186, 39, 42, 163, 124, 30, 202, 215, 171, 37, 32, 85, 177, 71, 142, 101, 48, 174, 244, 72, 40, 176, 67, 241, 61, 237, 246 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_NULL_MD5]
Compression Methods: { 0 }
***
main, WRITE: TLSv1 Handshake, length = 45
main, WRITE: SSLv2 client hello message, length = 44
main, received EOFException: error
main, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
main, SEND TLSv1 ALERT: fatal, description = handshake_failure
main, WRITE: TLSv1 Alert, length = 2
main, called closeSocket()
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1121358033 bytes = { 151, 101, 141, 186, 34, 105, 254, 215, 117, 29, 41, 192, 208, 12, 12, 51, 12, 4, 157, 208, 207, 91, 25, 146, 131, 3, 109, 109 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_NULL_MD5]
Compression Methods: { 0 }
***
main, WRITE: TLSv1 Handshake, length = 45
main, WRITE: SSLv2 client hello message, length = 44
main, received EOFException: error
main, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
main, SEND TLSv1 ALERT: fatal, description = handshake_failure
main, WRITE: TLSv1 Alert, length = 2
main, called closeSocket()
javax.jms.JMSException: MQJMS2005: Fehler beim Erstellen von MQQueueManager für '1.2.3.4:DefaultQMR'
|
Funny thing about this one: This is only failing on one particular host. We tried successfully setting up SSL for MQ on another machine without any problems.
We also switched on SSL tracing on the server, but our SSL trace looks truly empty:
| Code: |
[xxx@yyy trace]$ dspmqtrc AMQ.SSL.TRC
Timestamp Process.Thread Trace Data
===========================================
===========================================
[xxx@yyy trace]$ |
Also, the error log doesn't show a single thing about this communication attempt.
So, looks like a firewall/proxy issue, doesn't it? We thought the same, so we started the client on the server machine giving 127.0.0.1 as host. This led to the same result. 
Any ideas?
Thanks in advance,
Gunter
_________________
Gunter Schichl, IBM BCS |
|
| Back to top |
|
 |
| sslproblem |
| Posted: Thu Jan 26, 2006 5:10 am Post subject: Problem caused by not-running gsk? |
|
|
Newbie
Joined: 26 Jan 2006
Posts: 2
Location: Munich, Germany
|
Hi again,
in another posting on this forum somebody told to check
or similar. Frankly, I have no idea what lslpp does, so I tried
which showed a lot of running processes on the test machine which allows SSL over MQ, but nothing on the machine I am trying to fix.
So, let me ask you some true beginner questions:
- What on earth is this gsk doing for the MQ server? Is this one implementing the low-level handshake?
- How can I get my gsk running? The installation looks o.k. to me:
| Code: |
[xxx@yyy]$ rpm -qa | grep gsk*
e2fsprogs-1.32-15.1
perl-HTML-Tagset-3.03-28
gsk7bas_295-7.0-1.16
gsk7bas-7.0-3.15
|
Again, your comments are highly appreciated.
Thanks,
Gunter
_________________
Gunter Schichl, IBM BCS |
|
| Back to top |
|
|
| mvic |
| Posted: Thu Jan 26, 2006 7:08 am Post subject: Re: Problem caused by not-running gsk? |
|
|
Jedi
Joined: 09 Mar 2004
Posts: 2080
|
| sslproblem wrote: |
| Frankly, I have no idea what lslpp does |
It's easy to find out. Use Google or read the manual pages. It's an AIX thing.
| Quote: |
| What on earth is this gsk doing for the MQ server? Is this one implementing the low-level handshake? |
Yes
| Quote: |
| How can I get my gsk running? |
It's a piece of code used internally by WebSphere MQ and other IBM products that use SSL. As far as I know, it doesn't have any runtime processes of its own, its DLLs / shared-libraries are loaded into MQ channel processes - including any client apps that are using SSL. |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
