java - getCipherSuite() returns SSL_NULL_WITH_NULL_NULL -
i'm trying create https server on android programmatically generated self signed certificate. sense i'm pretty close still can't connect https server. when effort connect server openssl following:
openssl s_client -connect 192.168.1.97:8888 connected(00000003) 2895:error:14077410:ssl routines:ssl23_get_server_hello:sslv3 alert handshake failure:/sourcecache/openssl098/openssl098-50/src/ssl/s23_clnt.c:602: the code following:
public class httpshello { private static string domainname = "localhost"; static { security.addprovider(new bouncycastleprovider()); } public static void test(string[] args) { seek { keypairgenerator keypairgenerator = keypairgenerator.getinstance("rsa"); keypairgenerator.initialize(1024); keypair kpair = keypairgenerator.generatekeypair(); x509v3certificategenerator v3certgen = new x509v3certificategenerator(); int ran = new securerandom().nextint(); if (ran < 0) ran = ran * -1; biginteger serialnumber = biginteger.valueof(ran); v3certgen.setserialnumber(serialnumber); v3certgen.setissuerdn(new x509principal("cn=" + domainname + ", ou=none, o=none l=none, c=none")); v3certgen.setnotbefore(new date(system.currenttimemillis() - 1000l * 60 * 60 * 24 * 30)); v3certgen.setnotafter(new date(system.currenttimemillis() + (1000l * 60 * 60 * 24 * 365 * 10))); v3certgen.setsubjectdn(new x509principal("cn=" + domainname + ", ou=none, o=none l=none, c=none")); v3certgen.setpublickey(kpair.getpublic()); // v3certgen.setsignaturealgorithm("md5withrsaencryption"); v3certgen.setsignaturealgorithm("sha1withrsaencryption"); x509certificate pkcert = v3certgen.generatex509certificate(kpair.getprivate()); // fileoutputstream fos = new fileoutputstream("/path/to/testcert.cert"); // fos.write(pkcert.getencoded()); // fos.close(); bytearrayinputstream cert = new bytearrayinputstream(pkcert.getencoded()); keystore ks = keystore.getinstance(keystore.getdefaulttype()); ks.load(null); ks.setcertificateentry("localhost", pkcert); // ks.load(cert,null); keymanagerfactory kmf = keymanagerfactory.getinstance("x509"); kmf.init(ks, null); sslcontext sc = sslcontext.getinstance("tls"); sc.init(kmf.getkeymanagers(), null, null); sslserversocketfactory ssf = sc.getserversocketfactory(); sslserversocket s = (sslserversocket) ssf.createserversocket(8888); s.setenabledciphersuites(s.getsupportedciphersuites()); // s.setenabledciphersuites(new string[]{"ssl_dh_anon_with_rc4_128_md5"}); // s.setenabledciphersuites(new string[]{"sha1withrsaencryption"}); system.out.println("server started:"); printserversocketinfo(s); // listening port sslsocket c = (sslsocket) s.accept(); printsocketinfo(c); bufferedwriter w = new bufferedwriter( new outputstreamwriter(c.getoutputstream())); bufferedreader r = new bufferedreader( new inputstreamreader(c.getinputstream())); string m = r.readline(); w.write("http/1.0 200 ok"); w.newline(); w.write("content-type: text/html"); w.newline(); w.newline(); w.write("<html><body>hello world!</body></html>"); w.newline(); w.flush(); w.close(); r.close(); c.close(); } grab (exception e) { e.printstacktrace(); } } private static void printsocketinfo(sslsocket s) { system.out.println("socket class: " + s.getclass()); system.out.println(" remote address = " + s.getinetaddress().tostring()); system.out.println(" remote port = " + s.getport()); system.out.println(" local socket address = " + s.getlocalsocketaddress().tostring()); system.out.println(" local address = " + s.getlocaladdress().tostring()); system.out.println(" local port = " + s.getlocalport()); system.out.println(" need client authentication = " + s.getneedclientauth()); sslsession ss = s.getsession(); system.out.println(" cipher suite = " + ss.getciphersuite()); system.out.println(" protocol = " + ss.getprotocol()); } private static void printserversocketinfo(sslserversocket s) { system.out.println("server socket class: " + s.getclass()); system.out.println(" socker address = " + s.getinetaddress().tostring()); system.out.println(" socker port = " + s.getlocalport()); system.out.println(" need client authentication = " + s.getneedclientauth()); system.out.println(" want client authentication = " + s.getwantclientauth()); system.out.println(" utilize client mode = " + s.getuseclientmode()); } } thank you.
edit: looked @ 2 keytool generated keystores, 1 worked , 1 didn't. 1 keystore works has entry in there privatekeyentry 1 doesn't work has trustedcertentry. changed code print out entry "localhost" alias , below got, i'm guessing issue is trusted certificate entry , not private key entry. how alter that?
trusted certificate entry: [0] version: 3 serialnumber: 752445443 issuerdn: cn=localhost,ou=none,o=none l,c=none start date: mon may 26 09:17:01 cdt 2014 final date: sat jun 22 09:17:01 cdt 2024 subjectdn: cn=localhost,ou=none,o=none l,c=none public key: rsa public key modulus: b75870cd29db79f8c015d440a27cc1e81c9dd829268efa2ce48efc596b33e9c60e1d1621e10aba34472b6f7890b16392db021c0358e665b1bf58a426fbc47e7c135da583e4cd6bb9c69668ee4ff1e05b1de8e7f5fb5604044a1087ac0181ba09f61ab5345d9be5d930889b7c328329d0d18cf53f4c5af6bff1f0e488744ea1fb public exponent: 10001 signature algorithm: sha1withrsa signature: 83df0e761e9df2e61d5354ca58379975e0d97fcd 5201f8904b695d7bdbe08c5dfdfb8bcd6447657c 19740797a66314b2547a45985166c11ebadc16c6 c24b8e1d3c5de83ec1ac2c1c1092c3d06ed33408 4cf2811c5f9dba8a9d3ef0dcb8fef760e4d1d704 8fbb60eaa83eec23426fb9d8589e859a21a5ecce 951901f8e16ab6cd
s.setenabledciphersuites(s.getsupportedciphersuites());
remove line.
java android ssl bouncycastle
No comments:
Post a Comment